Unlock your creativity!

We run online contest with $5000 prize fund!

The goal of this online contest is to gather ideas about how to explain to businesses the dangers they may face when they re-open their physical premises – and what they can do to avoid them. We at Kaspersky and The Community Creatives believe that this is a good opportunity to make a change in the attitude of businesses to their information security practices, which may affect their customers, including you and us. We invite all of the creative professionals and amateurs to join us in our quest to make the world safer – and better.

Read more and register here:
 

T6vaLMN0JzoPookPlUK0P2yyok5gTKNa.png?w=270&s=d44d90ad1b056bade43161ac54218702Unlock your creativity: “Getting back to business cyber-safely” Ideathon...
Read more...
0
Crack me if you can

Crack me if you can

If you think that your Steam or Origin account with its handful of purchases and achievements is of no interest to cybercriminals, we have bad news. Every year, scammers indiscriminately steal hundreds of thousands of gaming accounts and sell them on the black market. The first barrier that protects your account from this fate is your password. We explain how to make it as strong as possible.

Why an attacker wants your gaming account

Account stealing is similar to carjacking: if an account is valuable enough, they sell it whole, otherwise they strip it for spare parts. This means in-game items, payment card details, or e-mail addresses for spammers to top up their...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 6: talking to the media.

Cyber-yesteryear – pt. 6: talking to the media.

Last week I realized I’d been in lockdown-isolation-quarantine for a full quarter-year. Three months sat at home, with only a couple of brief trips to the deserted office, plus every weekend at the dacha with the similarly isolated family. Like for everyone – a very extraordinary daily existence. For me – no planes/airports, no hotels, no meetings or speeches: in short – very little travel.

However, everything’s relative: in three months we’ve all traveled 230+ million kilometers (a quarter of a full orbit of Earth around the sun)! And that’s without taking into account the fact that the Solar System itself travels at some crazy speed. One...

Read more...
On The Road Again
0
The hunt for Office 365 accounts

The hunt for Office 365 accounts

The current surge in remote working has raised cybercriminal interest in Office 365, one of the most common cloud collaboration platforms.

The basic scheme is simple: Cybercriminals lure a company employee to a fake Office 365 login page and persuade them to enter credentials. In other words, it is phishing. The specific methods by which the attackers try to get usernames and passwords differ, but here are the most common tricks of the trade.

Fake Teams messages

As a rule, when attackers send an e-mail message meant to look like a Microsoft Teams notification, they stress urgency, hoping the recipient won’t take a minute to note any irregularities. So,...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 149

Transatlantic Cable podcast, episode 149

For the 149th installment of the Kaspersky Transatlantic Cable podcast, Jeff and I look at how (and why) the Israeli government has saw fit to use fish to help fend off cyber-security attacks. We also tackle the thorny issue of TikTok privacy and how they were caught with their hand in the cookie jar, again.

From there we move to more interesting news as it seems in the near future, Google will pay for you to read pay-walled news. Also on the podcast this week is a more serious look at why and how Facebook hacked into Tails, a privacy and security-focused operating system, which to no surprise — a lot of people aren’t happy about.

If you like what...

Read more...
About Kaspersky Lab
0
Cyber hygiene: essential for fighting supply chain attacks.

Cyber hygiene: essential for fighting supply chain attacks.

Hi folks!

Quite often, technical matters that are as clear as day to techie-professionals are somewhat tricky to explain to non-techie-folks. Still, I’m going to have a go at doing just that here today. Why? Because it’s a darn exciting and amazingly interesting world! And who knows – maybe this read could inspire you to become a cybersecurity professional?!…

Let’s say you need to build a house. And not just a standard-format house, but something unique – custom-built to satisfy all your whims and wishes. First you need an architect who’ll draw up the design based on what you tell them; the design is eventually decided upon and...

Read more...
On The Road Again
0
Simple defense against complex attacks

Simple defense against complex attacks

As logic suggests, an attack on a company makes sense only if the potential profit outweighs the organizational cost. Until fairly recently, cybercriminals guarded their know-how from each other like trade secrets. Tools for advanced attacks, if sold on the darknet at all, were not generally available — and then only at exorbitant prices. Truly sophisticated attacks were aimed only at major enterprises or government agencies. Therefore, for SMBs, protection against mass threats was enough.

Trends have changed. Tools for complex attacks now periodically pop up — if not in the public domain, then on the open market; malware authors are increasingly...

Read more...
About Kaspersky Lab
0
4 ways to royally leak your company data

4 ways to royally leak your company data

If you post pics of concert tickets on Instagram without hiding the barcode, someone could get to see your favorite band instead of you. The same can happen even if you do hide the barcode, but with the wrong tool.

That said, remembering to conceal the barcode properly before bragging about tickets isn’t so difficult. It’s a totally different matter when you post a photo online without noticing a ticket or, say, a sticky note with passwords accidentally in frame. Here are several cases when people published confidential data online without realizing it.

1. Posting photos against a password backdrop

Photos and videos taken in offices and other...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 5: 1996 (game-changer year).

Cyber-yesteryear – pt. 5: 1996 (game-changer year).

Herewith, more tales from back in the day about how our company went from humble beginnings to what we are today. And this cyber-yesteryear series – it’s all thanks to… lockdown! I’d have never found the time for such meanderings down cyber-memory lane otherwise…

Just in case you missed them, here are the previous installments:

Part 1
Part 2
Part 3
Part 4

All righty. Part 5: 1996. Truly a fateful, watershed year…

First, at KAMI, where I was still working, the owners decided to break away. As a result KAMI was split up into several independent organizations. And in the following year – 1997 – we broke away too.

Second, we signed an OEM...

Read more...
On The Road Again
0
What are App Clips and Instant Apps?

What are App Clips and Instant Apps?

A few days ago, at its worldwide developer conference (WWDC 2020, held in full virtual mode because of the coronavirus outbreak), Apple unveiled the next version of iOS. One of its innovations is App Clips, mini apps that can begin running on the device without having to be installed.

Apple requires these programs to be no more than 10MB so they can load and run instantly. If the app seems useful, the user will have the option to download the full version at any time and switch to it.

In addition, Apple recommends that App Clips be used in conjunction with the Sign In with Apple feature and, of course, Apple Pay. This eliminates another two painful...

Read more...
About Kaspersky Lab
0
How to secure DevOps

How to secure DevOps

Last month, IT news websites reported that RubyGems, the official channel for distributing libraries for the Ruby programming language, had been poisoned. An attacker uploaded fake packages containing a malicious script, so all programmers who used the code in their projects unwittingly infected users’ computers with malware that changed cryptocurrency wallet addresses.

Of course, it was not the first supply-chain attack to exploit a public repository. But this type of scenario seems to be gaining popularity, which is no surprise; one successful attack can compromise tens or hundreds of thousands of users. It all depends on the popularity of the software developed...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 148

Transatlantic Cable podcast, episode 148

We kick off this week’s Kaspersky Transatlantic Cable podcast with an interesting topic.

Those of you who have been on Instagram, Twitter, or other social media sites have probably heard of OnlyFans. For those who are unaware, OnlyFans is a site where users can pay a content producer for exclusive or private videos. In many cases, the images or videos are of an adult nature. However, as with many subscription services, an illicit market lurks nearby.

From there, we dive deeper, and into the online World of Warcraft, for a look at the bot mafias wreaking havoc in the community.

Yeah, I seriously typed “bot mafia” — that is not lost on me.

 

The...

Read more...
About Kaspersky Lab
0
Zoom 5 moves toward security

Zoom 5 moves toward security

Not so long ago, we explained how to configure Zoom to make it safer to use. However, technologies can develop very rapidly, especially those in the spotlight. One such case is Zoom, whose developers have, as promised, given the app a data-protection makeover. As a result, version 5.0 has changed a lot from precoronavirus Zoom.

The change in security focus quickly bore fruit. Previously, large companies and institutions turned their noses up at Zoom, but it now has the seal of approval of New York’s attorney general and is back in NYC schools, and version 5 brings with it some useful features.

Conveniently located security settings

Starting with Zoom 5, all...

Read more...
About Kaspersky Lab
0
Cyber-yesteryear – pt. 4: CeBIT.

Cyber-yesteryear – pt. 4: CeBIT.

Finally, summer’s arrived. Took it’s time! But I’m not sure it’s the blessing it normally is, since we’re all still sat at home working remotely. Sure, there have been ‘easings’ here and there around the world, but we here at K are in no rush to… rush things. I think that goes for other IT companies too that will be working from home till at least fall, while some have signaled they’re on for staying home until the end of the year. And of course business trips are still being cancelled, as are exhibitions and conferences and Olympic Games and Cannes Festival and a whole load of other large-scale events. Some countries still have closed borders too.

So...

Read more...
On The Road Again
0
Google Analytics as a data exfiltration channel

Google Analytics as a data exfiltration channel

Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Let’s explore why this is dangerous and how to deal with it.

How Web skimming works

The basic idea is that attackers inject malicious code into pages on the target website. How they do it is a separate topic. Sometimes they brute-force (or steal) an administrator account password; sometimes they exploit vulnerabilities in the content management system (CMS) or in one of...

Read more...
About Kaspersky Lab
0
Car autopilot security

Car autopilot security

Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). The main issue that autopilot manufacturers must address is guaranteeing reliability and safety. After all, people’s lives depend on the proper functioning of the system.

Automakers can draw from the aviation industry experience in some measure; aviators have been using similar systems for more than a century. But creating an automatic control system for a car is far more complex, and not only because there are...

Read more...
About Kaspersky Lab
0
Ripple20: Vulnerabilities in millions of IoT devices

Ripple20: Vulnerabilities in millions of IoT devices

Experts at Israeli company JSOF have discovered 19 zero-day vulnerabilities, some critical, affecting hundreds of millions of Internet of Things (IoT) devices. The worst part is that some devices will never receive updates. All of the vulnerabilities were found in the TCP/IP library of Treck Inc., which the company has been developing for more than two decades. The set of vulnerabilities is named Ripple20.

How does it affect you?

You may never have heard of Treck or its TCP/IP library, but given the number of affected devices and vendors, your corporate network probably includes at least one. The library is present in all kinds of IoT...

Read more...
About Kaspersky Lab
0
How scammers hook SMBs

How scammers hook SMBs

Online scammers are forever trying to trick not only unsuspecting users, but also company employees. Sure, it’s usually far harder to dupe a business than a retiree, but the potential rate of return is far higher in the former case. Therefore, attempts to get SMBs to swallow the bait continue unabated.

Numerous techniques exist, but because scammers are generally a lazy bunch, most cases involve variations on tried-and-true themes. Here are the most common schemes in use.

Types of bait

It’s important for cybercriminals that you not only read their messages, but also react to them: click on a link, open an attachment, pay a bill. To get you to do that, they need to...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 147

Transatlantic Cable podcast, episode 147

This installment of the Kaspersky Transatlantic Cable podcast has a fairly strong law-and-order feel.

To kick things off, Dave and I look to the United Kingdom. Similar to Singapore’s COVID-19 app, the NHS has some work to do on its app before rollout. Another popular (prepandemic) story from 2020 — US cities hit with ransomware — continues, with the city of Knoxville, Tennessee.

For the third story, we take a look at facial recognition. This week, the controversy swings from the facial recognition itself to tech heavyweights no longer selling the technology to certain entities.

Following that discussion, we head to the world of cryptocurrency....

Read more...
About Kaspersky Lab
0
How Trojans steal gaming accounts

How Trojans steal gaming accounts

We often talk about the online threats gamers face, including malware in pirated copies, mods, and cheats, not to mention phishing and all kinds of scams when buying or exchanging in-game items. And not long ago, we looked at problems with buying accounts. Fortunately, it’s easy to avoid those threats if you know about them.

But here’s another problem you need to know about and defend against: password stealers. When our security solutions catch them, they’re usually designated Trojan-PSW.(something). They are Trojans designed to steal accounts — either username/password combinations or session tokens.

You may have read about Steam stealers — Trojans...

Read more...
About Kaspersky Lab
0
Can cybercriminals jump your air gap?

Can cybercriminals jump your air gap?

Internet equals troubles. That’s why one of the most radical ways to secure a computer storing extremely valuable information or controlling a critical process is never to connect it to the Internet, or maybe not to connect it to any network at all, even a local one. Such physical isolation is known as an air gap.

No connection, no problem, right? Unfortunately, that is not entirely true — some cunning ways exist to exfiltrate data even from an air-gapped device. A group of researchers at Israel’s Ben-Gurion University, headed by Mordechai Guri, specializes in such data-theft methods. We explain what they’ve found and whether you (and we) need to...

Read more...
About Kaspersky Lab
0
How to make Kaspersky Internet Security get along with Steam

How to make Kaspersky Internet Security get along with Steam

Some gamers have little love for antivirus programs. Every once in a while, you’ll see someone in an in-game chat complaining that their favorite shooter keeps lagging, to which someone else responds with the usual pearl of wisdom: Turn off your antivirus.

In fact, that’s a terrible idea. Lots of malicious programs are after Steam accounts — not to mention, it is really easy to download something nasty to an unprotected device. If your computer does get infected, that is when the lag, not to mention other troubles, begins. And then, are you sure you will not forget to turn the antivirus back on after you are done gaming?

Modern...

Read more...
About Kaspersky Lab
0
Whether still locked-down at home or free – must-read books, part 3!

Whether still locked-down at home or free – must-read books, part 3!

Looks like I’m just in time with the third and final part of my bookrecommendations series: stay-at-home restrictions are easing seemingly everywhere. Still, staying home looks like what many will continue to do anyway, so this part-three isn’t too late really. But, even during ‘normal’ times, reading is totally must-do, surely? It’s not like these recommendations have an expiry date! Ok, enough intro; here are my recommendations – category: science fiction!

Yes, I’m a science fiction buff, and have been since I was a kid. I remember looking forward to our regular visits to some friends of my parents who had a really...

Read more...
On The Road Again
0
Lockdown or not – read these books, you ought! Part 2.

Lockdown or not – read these books, you ought! Part 2.

I hope you liked the first part of the ‘greatest hits’ on my bookshelves – business books. Time now to turn to another category: about how the world ‘ticks’: the history, societies and governments of human beings, and more…

On China, by Henry Kissinger

For those who find a few Wikipedia pages ok but insufficient on detail to satisfy their curiosity and quest for learning more about China – this is the book to go for. In it you’ll learn all sorts about the country’s ancient history, its economy and more. There’s the estimation that the GDP of mediaeval China was something like a third of world GDP (!), there’s all the treachery of the...

Read more...
On The Road Again
0
Transatlantic Cable podcast, episode 146

Transatlantic Cable podcast, episode 146

On this week’s episode of the Kaspersky Transatlantic Cable podcast, Dave and I talk about a wide array of stories and also end on a lighter note than usual.

For our first story, we look to Japan and the world of automobiles. Now, we aren’t talking smart cars or car hacking, but rather, classic infosec. It appears Honda is currently under attack by Snake ransomware.

Hopping over to the UK, we look at the state of IoT appliances and also what the term “lifetime updates” really means.

Leaving the kitchen, we move over to the claims that Google violated US wiretap laws with its “incognito” browsing. Our fourth story takes us back to Asia, and...

Read more...
About Kaspersky Lab
1
oleg: I liked this one
Which hacker group is attacking your corporate network? Don’t guess, check!

Which hacker group is attacking your corporate network? Don’t guess, check!

About four years ago, cybersecurity became a pawn in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyberespionage operations, while at the same time — seemingly without irony — enlarging their own countries’ offensive cyberweaponstools. And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, which have the ability, and the nerve, to uncover this very dangerous tomfoolery.

But, why? It’s all very simple.

First, “cyber” is and has been a cool/romantic/sci-fi/Hollywood/glamorous term since its...

Read more...
About Kaspersky Lab
0