Business

Securelist has published extensive research on BlackEnergy. Initially a DDoS crimeware, it turned into a huge collection of various tools currently used in various APT-type activities, including some “significant geopolitical operations”.

1 in 8 people don’t believe that cyberthreats are real. The threat may go away if you turn your back to it in a dream, but that won’t work in reality.

Kaspersky Lab has just announced the discovery of an alarming APT campaign codenamed “Darkhotel,” targeted mainly at business executives staying at certain hotels in Asia. Luxury hotels offer not just places to stay, but also comfort and privacy. However, their cybersecurity occasionally fails.

Today’s software packages have become so huge and complex that stacks of patches issued one after the other are increasingly common. This has consequences for system administrators.

Car hacking is a topic that resurfaces regularly. Still, a remote takeover of a car’s system is not a reality – yet. It may become a reality without the proper approach to the security of a car’s on-board systems.

Internal and external threats may be quite different in nature, but they demand equal attention from the IT staff in order for the protection to be complete.

Brian Donohue reflects on Kaspersky Government Cybersecurity Forum discussions about cyber-resiliency. We all know what resilience means. Technically speaking though, what does it take to be resilient on the network level?

We’re taking a look at the security features in the new version of Mac OS X – Yosemite. Apple makes a decent effort.

Kaspersky Lab has launched public beta-testing of its enterprise security solution, Kaspersky Endpoint Security 10 Service Pack 1. Take a look at the screenshots showcasing the new features.

Many organizations—especially government agencies or heavily regulated businesses—are nervous about sharing this data, for fear of reprisals if information about successful attacks becomes public. And politicians and security experts say this is an issue that needs to be solved if businesses are going to have the chance to succeed.

Hotels offer not just free WiFi but occasionally even free use of devices such as iPads these days. While it is really nice, a misconfigured device like this may store just a bit too much personal data, easily retrievable by the next visitor…

Every fifth Android-based device protected by Kaspersky Lab security solutions was attacked by malware at least once in 2013-2014. In 60% of the registered attacks the malware used had a “financial” nature. While there’s seemingly nothing unexpected a certain twist is present…

A critical civilian system goes down – it’s a scenario that evokes some apocalyptic pictures of destruction and mayhem; remember, for instance, “Die Hard 4.0”? Actually this could happen with any corporate infrastructure, since all of them have certain critical systems of their own.

Linux bugs may affect or directly threaten entire virtualization infrastructures: Whatever OS is used on VMs, an attack on a hypervisor is possible from both the outside and inside, and exploitation of the dreaded Shellshock vulnerability on Linux-based hypervisors is a possibility, too.

A data access policy becomes an issue for any company as soon as it accumulates a considerable amount of valuable and sensitive data. That doesn’t mean the policy is always in place when it should be, or that it’s implemented properly.

Can a business be “partially” prepared to ward off cyberthreats? That’s up for debate, but it seems there is little difference between “partial protection” and no protection at all.

Vulnerabilities vary. Some are considered critical, some – less problematic; their severity is determined by a few well-known factors such as ease of exploitability and popularity of software. But, no matter their differences they all require serious attention at a constant level, so that when the next Shellshock-like incident occurs, it won’t take cybersecurity world by surprise.

The recent developments with “big bugs” such as Heartbleed and Shellshock created a global security strain, with many questions emerging. Both bugs were open-source software-related, but indirectly they would constitute a threat to Windows-based infrastructure. In this post we review a few scenarios of an attack on mostly Windows-based network with Linux servers at certain points.

APT is a term often mentioned in cybersecurity bulletins. Here’s what you need to know to understand it.

IT workers routinely set up limited privileges for all users for security sake. However, the users are extremely suspicious about these sorts of limitations, assuming (sometimes reasonably) that it will affect the workflow. Is there a way to mitigate these contradictions?

Interpol just released an alert regarding cyber-attacks targeting multiple ATMs around the world. During the course of a forensic investigation performed by Kaspersky Lab, researchers discovered a piece of malware infecting ATMs that allowed attackers to empty the cash machines via direct manipulation, stealing millions of dollars.