Unlock your creativity!

We run online contest with $5000 prize fund!

The goal of this online contest is to gather ideas about how to explain to businesses the dangers they may face when they re-open their physical premises – and what they can do to avoid them. We at Kaspersky and The Community Creatives believe that this is a good opportunity to make a change in the attitude of businesses to their information security practices, which may affect their customers, including you and us. We invite all of the creative professionals and amateurs to join us in our quest to make the world safer – and better.

Read more and register here:
 

T6vaLMN0JzoPookPlUK0P2yyok5gTKNa.png?w=270&s=d44d90ad1b056bade43161ac54218702Unlock your creativity: “Getting back to business cyber-safely” Ideathon...
Read more...
0
CVE-2020-1350: Vulnerability in Windows DNS servers

CVE-2020-1350: Vulnerability in Windows DNS servers

Microsoft has reported the vulnerability CVE-2020-1350 in Windows DNS server. Bad news: The vulnerability scored 10 on the CVSS scale, which means it’s critical. Good news: Cybercriminals can exploit it only if the system is running in DNS server mode; in other words, the number of potentially vulnerable computers is relatively small. Moreover, the company has already released patches and a workaround.

What is the vulnerability, and how is it dangerous?

CVE-2020-1350 lets a malefactor force DNS servers running Windows Server to execute malicious code remotely. In other words, the vulnerability belongs to the RCE class. To exploit...

Read more...
About Kaspersky Lab
0
Making YouTube a child-safe zone

Making YouTube a child-safe zone

Children love watching online videos. Nothing wrong with that — and, after all, YouTube has plenty of useful and interesting stuff to offer. However, in addition to harmless edutainment, lots of less-innocent videos are out there.

Curious teenagers often watch anything that pops up, from music videos and documentaries to the drunken adventures of vloggers. Worse, looking at other people’s exploits, they may be tempted to copy them. In our recent survey, 14% of parents said that their children had watched improper content online encouraging them to carry out inappropriate actions.

How YouTube handles unsavory content

In theory, YouTube allows you to...

Read more...
About Kaspersky Lab
0
Why businesses need to back up

Why businesses need to back up

For almost any business, information is critical: documents, contacts, contracts, correspondence, accounts, and so on. Modern technologies help not only to manage business-critical data, but also to lose it in the blink of an eye. For most companies, losing access to data means the suspension of all business processes, inevitably leading to lost profit, damage to reputation, and recovery costs.

Rest assured, there is no shortage of data loss scenarios out there waiting to happen — and almost none of them has anything to do with the quality of your equipment. Here are just a few.

Ransomware

An employee might click a malicious file downloaded from the...

Read more...
About Kaspersky Lab
0
Quantum computers and cryptography for dummies

Quantum computers and cryptography for dummies

Quantum computers are capable of very quickly solving very complex problems, such that even a supercomputer would be stumped for a long time. True, most of these problems are currently somewhat removed from real life, and quantum systems themselves are largely limited. But progress does not stand still, and this technology could one day take over the world. Here’s how that affects you and your data.

Data encryption at the heart of Internet security

At the heart of protecting data on computers and online lies encryption. Encrypting means using certain rules and a character set known as a key to transform the information one wants to send into...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 7: 1997 (Me Lab founded).

Cyber-yesteryear – pt. 7: 1997 (Me Lab founded).

Back with more K cyber-nostalgia – this post takes us back to a very special year for the company – the year of its founding! And as you can see from the date on our company registration certificate – that founding took place on June 26, 1997:

GfZcSbJuwA_812u5sc1ODmizbIDR5h4p.jpg?s=252b1e117eb00cea1d0fb52439e9f555

And that’s why we have our yearly mega-birthday-bash every June July (don’t ask; what’s a month among friends?!) – only not this year: the first time we’ve ever not had one. Shame. But what can you do?

I remember our first birthday party the following year in 1998, in a fairly rough bowling alley. Not too impressed with such a setting, we made amends the following year – already branching out...

Read more...
On The Road Again
0
Easing back to (a new) normal.

Easing back to (a new) normal.

We’d just started getting used to – even comfortable with – working from home every day and to ‘social’ distancing (wouldn’t ‘physical’ distancing have been a better term?:). Our partner conferences and other events had only just got back up to pre-lockdown scale in terms of the number of folks taking part – albeit online. I’d just gotten used to 10/15/20 kilometers of running of a morning before breakfast. In short, everything was going in one direction. But then the other day, out of the blue, suddenly things seemed to slam into reverse when I was asked, via the good K folks in our PR department, to do an interview – ‘on camera, in the office – tomorrow...

Read more...
On The Road Again
0
Transatlantic Cable podcast, episode 150

Transatlantic Cable podcast, episode 150

For the 150th episode of the Kaspersky Transatlantic Cable podcast, Dave and I start with a look at how EU authorities were able to crack into an encrypted communications platform used by criminals. The joint operation by multiple law enforcement organizations saw more than 700 arrests tied to criminal activities.

From there, we head to India and talk about the geopolitical tension between that country and China. In this instance, the collateral damage is influencers, more specifically those who tie their living to TikTok, which has been banned by the Indian government.

For our third story, we stay in the influencer space, where Ramon Olorunwa...

Read more...
About Kaspersky Lab
0
Ali Baba and the forty cyberthreats

Ali Baba and the forty cyberthreats

As we never tire of saying, fairy tales are thinly veiled reports on information security. And it wasn’t only the European storytellers who tried to warn their descendants about cyberthreats — they were equally prescient in the East. For example, Scheherazade, the protagonist of the classic 1001 Nights, kept what can only be described as a daily infosec blog with video podcasts. True, he had an ulterior motive for doing so …

… but today we’re looking at some cases added to Scheherazade’s blog much later, in the 18th century: in particular, the incident known as Ali Baba and the Forty Thieves. Even those who don’t know the story are surely familiar with...

Read more...
About Kaspersky Lab
0
Exploring Russia: Tourism ÷ lockdown × accelerator = winners’ podium!

Exploring Russia: Tourism ÷ lockdown × accelerator = winners’ podium!

Mid-spring this year, at the very peak of the everyone-at-home period, it became obvious that things were looking very bleak for the world, and would stay bleak for a long time. Business would be hard hit, to put it mildly, while the tourism industry would be fairly devastated, with many a business within it not pulling through the crisis. So we at K did what we often always do – put our thinking caps on – and decided… to help out this most badly affected of industries.

Early May I announced that the ‘Kaspersky Exploring Russia’ tourism accelerator had started accepting applications. But I never guessed that more than...

Read more...
On The Road Again
0
Sandbox for experts

Sandbox for experts

The creators of mass Trojans go to great lengths to execute their malicious code on victims’ computers. However, the masterminds behind complex threats and APT attacks spend no less effort on developing mechanisms not to execute their code. That way, they can bypass security technologies — in particular, sandboxes.

Sandboxes and evasion techniques

One of the basic tools for identifying malicious activity is the so-called sandbox. Essentially, it is a controlled, isolated environment. Security solutions can execute suspicious code in this environment and analyze all of its actions with no harm to the system. If a solution detects any malicious activity, it blocks...

Read more...
About Kaspersky Lab
0
Cyber-tales from the dark side: unexpected vulnerabilities, hacking-as-a-service, and space-OS.

Cyber-tales from the dark side: unexpected vulnerabilities, hacking-as-a-service, and space-OS.

Our first month of summer in lockdown – done. And though the world seems to be opening up steadily, we at K decided to take no chances – remaining practically fully working-from-home. But that doesn’t mean we’re working any less effectively: just as well, since the cybercriminals sure haven’t been furloughed. Still, there’ve been no major changes to the global picture of threats of late. All the same, those cyberbaddies, as always, have been pulling cybertricks out of their hats that fairly astonish. So here are a few of them from last month.

A zero-day in ‘super-secure’ Linux Tails 

Facebook...

Read more...
On The Road Again
0
Crack me if you can

Crack me if you can

If you think that your Steam or Origin account with its handful of purchases and achievements is of no interest to cybercriminals, we have bad news. Every year, scammers indiscriminately steal hundreds of thousands of gaming accounts and sell them on the black market. The first barrier that protects your account from this fate is your password. We explain how to make it as strong as possible.

Why an attacker wants your gaming account

Account stealing is similar to carjacking: if an account is valuable enough, they sell it whole, otherwise they strip it for spare parts. This means in-game items, payment card details, or e-mail addresses for spammers to top up their...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 6: talking to the media.

Cyber-yesteryear – pt. 6: talking to the media.

Last week I realized I’d been in lockdown-isolation-quarantine for a full quarter-year. Three months sat at home, with only a couple of brief trips to the deserted office, plus every weekend at the dacha with the similarly isolated family. Like for everyone – a very extraordinary daily existence. For me – no planes/airports, no hotels, no meetings or speeches: in short – very little travel.

However, everything’s relative: in three months we’ve all traveled 230+ million kilometers (a quarter of a full orbit of Earth around the sun)! And that’s without taking into account the fact that the Solar System itself travels at some crazy speed. One...

Read more...
On The Road Again
0
The hunt for Office 365 accounts

The hunt for Office 365 accounts

The current surge in remote working has raised cybercriminal interest in Office 365, one of the most common cloud collaboration platforms.

The basic scheme is simple: Cybercriminals lure a company employee to a fake Office 365 login page and persuade them to enter credentials. In other words, it is phishing. The specific methods by which the attackers try to get usernames and passwords differ, but here are the most common tricks of the trade.

Fake Teams messages

As a rule, when attackers send an e-mail message meant to look like a Microsoft Teams notification, they stress urgency, hoping the recipient won’t take a minute to note any irregularities. So,...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 149

Transatlantic Cable podcast, episode 149

For the 149th installment of the Kaspersky Transatlantic Cable podcast, Jeff and I look at how (and why) the Israeli government has saw fit to use fish to help fend off cyber-security attacks. We also tackle the thorny issue of TikTok privacy and how they were caught with their hand in the cookie jar, again.

From there we move to more interesting news as it seems in the near future, Google will pay for you to read pay-walled news. Also on the podcast this week is a more serious look at why and how Facebook hacked into Tails, a privacy and security-focused operating system, which to no surprise — a lot of people aren’t happy about.

If you like what...

Read more...
About Kaspersky Lab
0
Cyber hygiene: essential for fighting supply chain attacks.

Cyber hygiene: essential for fighting supply chain attacks.

Hi folks!

Quite often, technical matters that are as clear as day to techie-professionals are somewhat tricky to explain to non-techie-folks. Still, I’m going to have a go at doing just that here today. Why? Because it’s a darn exciting and amazingly interesting world! And who knows – maybe this read could inspire you to become a cybersecurity professional?!…

Let’s say you need to build a house. And not just a standard-format house, but something unique – custom-built to satisfy all your whims and wishes. First you need an architect who’ll draw up the design based on what you tell them; the design is eventually decided upon and...

Read more...
On The Road Again
0
Simple defense against complex attacks

Simple defense against complex attacks

As logic suggests, an attack on a company makes sense only if the potential profit outweighs the organizational cost. Until fairly recently, cybercriminals guarded their know-how from each other like trade secrets. Tools for advanced attacks, if sold on the darknet at all, were not generally available — and then only at exorbitant prices. Truly sophisticated attacks were aimed only at major enterprises or government agencies. Therefore, for SMBs, protection against mass threats was enough.

Trends have changed. Tools for complex attacks now periodically pop up — if not in the public domain, then on the open market; malware authors are increasingly...

Read more...
About Kaspersky Lab
0
4 ways to royally leak your company data

4 ways to royally leak your company data

If you post pics of concert tickets on Instagram without hiding the barcode, someone could get to see your favorite band instead of you. The same can happen even if you do hide the barcode, but with the wrong tool.

That said, remembering to conceal the barcode properly before bragging about tickets isn’t so difficult. It’s a totally different matter when you post a photo online without noticing a ticket or, say, a sticky note with passwords accidentally in frame. Here are several cases when people published confidential data online without realizing it.

1. Posting photos against a password backdrop

Photos and videos taken in offices and other...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 5: 1996 (game-changer year).

Cyber-yesteryear – pt. 5: 1996 (game-changer year).

Herewith, more tales from back in the day about how our company went from humble beginnings to what we are today. And this cyber-yesteryear series – it’s all thanks to… lockdown! I’d have never found the time for such meanderings down cyber-memory lane otherwise…

Just in case you missed them, here are the previous installments:

Part 1
Part 2
Part 3
Part 4

All righty. Part 5: 1996. Truly a fateful, watershed year…

First, at KAMI, where I was still working, the owners decided to break away. As a result KAMI was split up into several independent organizations. And in the following year – 1997 – we broke away too.

Second, we signed an OEM...

Read more...
On The Road Again
0
What are App Clips and Instant Apps?

What are App Clips and Instant Apps?

A few days ago, at its worldwide developer conference (WWDC 2020, held in full virtual mode because of the coronavirus outbreak), Apple unveiled the next version of iOS. One of its innovations is App Clips, mini apps that can begin running on the device without having to be installed.

Apple requires these programs to be no more than 10MB so they can load and run instantly. If the app seems useful, the user will have the option to download the full version at any time and switch to it.

In addition, Apple recommends that App Clips be used in conjunction with the Sign In with Apple feature and, of course, Apple Pay. This eliminates another two painful...

Read more...
About Kaspersky Lab
0
How to secure DevOps

How to secure DevOps

Last month, IT news websites reported that RubyGems, the official channel for distributing libraries for the Ruby programming language, had been poisoned. An attacker uploaded fake packages containing a malicious script, so all programmers who used the code in their projects unwittingly infected users’ computers with malware that changed cryptocurrency wallet addresses.

Of course, it was not the first supply-chain attack to exploit a public repository. But this type of scenario seems to be gaining popularity, which is no surprise; one successful attack can compromise tens or hundreds of thousands of users. It all depends on the popularity of the software developed...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 148

Transatlantic Cable podcast, episode 148

We kick off this week’s Kaspersky Transatlantic Cable podcast with an interesting topic.

Those of you who have been on Instagram, Twitter, or other social media sites have probably heard of OnlyFans. For those who are unaware, OnlyFans is a site where users can pay a content producer for exclusive or private videos. In many cases, the images or videos are of an adult nature. However, as with many subscription services, an illicit market lurks nearby.

From there, we dive deeper, and into the online World of Warcraft, for a look at the bot mafias wreaking havoc in the community.

Yeah, I seriously typed “bot mafia” — that is not lost on me.

 

The...

Read more...
About Kaspersky Lab
0
Zoom 5 moves toward security

Zoom 5 moves toward security

Not so long ago, we explained how to configure Zoom to make it safer to use. However, technologies can develop very rapidly, especially those in the spotlight. One such case is Zoom, whose developers have, as promised, given the app a data-protection makeover. As a result, version 5.0 has changed a lot from precoronavirus Zoom.

The change in security focus quickly bore fruit. Previously, large companies and institutions turned their noses up at Zoom, but it now has the seal of approval of New York’s attorney general and is back in NYC schools, and version 5 brings with it some useful features.

Conveniently located security settings

Starting with Zoom 5, all...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 4: CeBIT.

Cyber-yesteryear – pt. 4: CeBIT.

Finally, summer’s arrived. Took it’s time! But I’m not sure it’s the blessing it normally is, since we’re all still sat at home working remotely. Sure, there have been ‘easings’ here and there around the world, but we here at K are in no rush to… rush things. I think that goes for other IT companies too that will be working from home till at least fall, while some have signaled they’re on for staying home until the end of the year. And of course business trips are still being cancelled, as are exhibitions and conferences and Olympic Games and Cannes Festival and a whole load of other large-scale events. Some countries still have closed borders too.

So...

Read more...
On The Road Again
0
Google Analytics as a data exfiltration channel

Google Analytics as a data exfiltration channel

Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Let’s explore why this is dangerous and how to deal with it.

How Web skimming works

The basic idea is that attackers inject malicious code into pages on the target website. How they do it is a separate topic. Sometimes they brute-force (or steal) an administrator account password; sometimes they exploit vulnerabilities in the content management system (CMS) or in one of...

Read more...
About Kaspersky Lab
0