About Kaspersky Lab
Interesting news, information and useful information about KL products
Members
3339
Category
Entertainment
The hunt for Office 365 accounts

The hunt for Office 365 accounts

The current surge in remote working has raised cybercriminal interest in Office 365, one of the most common cloud collaboration platforms.

The basic scheme is simple: Cybercriminals lure a company employee to a fake Office 365 login page and persuade them to enter credentials. In other words, it is phishing. The specific methods by which the attackers try to get usernames and passwords differ, but here are the most common tricks of the trade.

Fake Teams messages

As a rule, when attackers send an e-mail message meant to look like a Microsoft Teams notification, they stress urgency, hoping the recipient won’t take a minute to note any irregularities. So,...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 149

Transatlantic Cable podcast, episode 149

For the 149th installment of the Kaspersky Transatlantic Cable podcast, Jeff and I look at how (and why) the Israeli government has saw fit to use fish to help fend off cyber-security attacks. We also tackle the thorny issue of TikTok privacy and how they were caught with their hand in the cookie jar, again.

From there we move to more interesting news as it seems in the near future, Google will pay for you to read pay-walled news. Also on the podcast this week is a more serious look at why and how Facebook hacked into Tails, a privacy and security-focused operating system, which to no surprise — a lot of people aren’t happy about.

If you like what...

Read more...
About Kaspersky Lab
0
Simple defense against complex attacks

Simple defense against complex attacks

As logic suggests, an attack on a company makes sense only if the potential profit outweighs the organizational cost. Until fairly recently, cybercriminals guarded their know-how from each other like trade secrets. Tools for advanced attacks, if sold on the darknet at all, were not generally available — and then only at exorbitant prices. Truly sophisticated attacks were aimed only at major enterprises or government agencies. Therefore, for SMBs, protection against mass threats was enough.

Trends have changed. Tools for complex attacks now periodically pop up — if not in the public domain, then on the open market; malware authors are increasingly...

Read more...
About Kaspersky Lab
0
4 ways to royally leak your company data

4 ways to royally leak your company data

If you post pics of concert tickets on Instagram without hiding the barcode, someone could get to see your favorite band instead of you. The same can happen even if you do hide the barcode, but with the wrong tool.

That said, remembering to conceal the barcode properly before bragging about tickets isn’t so difficult. It’s a totally different matter when you post a photo online without noticing a ticket or, say, a sticky note with passwords accidentally in frame. Here are several cases when people published confidential data online without realizing it.

1. Posting photos against a password backdrop

Photos and videos taken in offices and other...

Read more...
About Kaspersky Lab
0
What are App Clips and Instant Apps?

What are App Clips and Instant Apps?

A few days ago, at its worldwide developer conference (WWDC 2020, held in full virtual mode because of the coronavirus outbreak), Apple unveiled the next version of iOS. One of its innovations is App Clips, mini apps that can begin running on the device without having to be installed.

Apple requires these programs to be no more than 10MB so they can load and run instantly. If the app seems useful, the user will have the option to download the full version at any time and switch to it.

In addition, Apple recommends that App Clips be used in conjunction with the Sign In with Apple feature and, of course, Apple Pay. This eliminates another two painful...

Read more...
About Kaspersky Lab
0
How to secure DevOps

How to secure DevOps

Last month, IT news websites reported that RubyGems, the official channel for distributing libraries for the Ruby programming language, had been poisoned. An attacker uploaded fake packages containing a malicious script, so all programmers who used the code in their projects unwittingly infected users’ computers with malware that changed cryptocurrency wallet addresses.

Of course, it was not the first supply-chain attack to exploit a public repository. But this type of scenario seems to be gaining popularity, which is no surprise; one successful attack can compromise tens or hundreds of thousands of users. It all depends on the popularity of the software developed...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 148

Transatlantic Cable podcast, episode 148

We kick off this week’s Kaspersky Transatlantic Cable podcast with an interesting topic.

Those of you who have been on Instagram, Twitter, or other social media sites have probably heard of OnlyFans. For those who are unaware, OnlyFans is a site where users can pay a content producer for exclusive or private videos. In many cases, the images or videos are of an adult nature. However, as with many subscription services, an illicit market lurks nearby.

From there, we dive deeper, and into the online World of Warcraft, for a look at the bot mafias wreaking havoc in the community.

Yeah, I seriously typed “bot mafia” — that is not lost on me.

 

The...

Read more...
About Kaspersky Lab
0
Zoom 5 moves toward security

Zoom 5 moves toward security

Not so long ago, we explained how to configure Zoom to make it safer to use. However, technologies can develop very rapidly, especially those in the spotlight. One such case is Zoom, whose developers have, as promised, given the app a data-protection makeover. As a result, version 5.0 has changed a lot from precoronavirus Zoom.

The change in security focus quickly bore fruit. Previously, large companies and institutions turned their noses up at Zoom, but it now has the seal of approval of New York’s attorney general and is back in NYC schools, and version 5 brings with it some useful features.

Conveniently located security settings

Starting with Zoom 5, all...

Read more...
About Kaspersky Lab
0
Google Analytics as a data exfiltration channel

Google Analytics as a data exfiltration channel

Web skimming, a fairly common method of getting cardholder data from visitors of online stores, is a time-honored cybercriminal practice. Recently, however, our experts discovered a rather dangerous innovation involving the use of Google Analytics to exfiltrate stolen data. Let’s explore why this is dangerous and how to deal with it.

How Web skimming works

The basic idea is that attackers inject malicious code into pages on the target website. How they do it is a separate topic. Sometimes they brute-force (or steal) an administrator account password; sometimes they exploit vulnerabilities in the content management system (CMS) or in one of...

Read more...
About Kaspersky Lab
0
Car autopilot security

Car autopilot security

Today, many companies are experimenting to the max with autopilots of varying complexity. Some are trying to build devices that actually take control of the vehicle out of human hands, while others are developing advanced driver-assistance systems (ADAS). The main issue that autopilot manufacturers must address is guaranteeing reliability and safety. After all, people’s lives depend on the proper functioning of the system.

Automakers can draw from the aviation industry experience in some measure; aviators have been using similar systems for more than a century. But creating an automatic control system for a car is far more complex, and not only because there are...

Read more...
About Kaspersky Lab
0
Ripple20: Vulnerabilities in millions of IoT devices

Ripple20: Vulnerabilities in millions of IoT devices

Experts at Israeli company JSOF have discovered 19 zero-day vulnerabilities, some critical, affecting hundreds of millions of Internet of Things (IoT) devices. The worst part is that some devices will never receive updates. All of the vulnerabilities were found in the TCP/IP library of Treck Inc., which the company has been developing for more than two decades. The set of vulnerabilities is named Ripple20.

How does it affect you?

You may never have heard of Treck or its TCP/IP library, but given the number of affected devices and vendors, your corporate network probably includes at least one. The library is present in all kinds of IoT...

Read more...
About Kaspersky Lab
0
How scammers hook SMBs

How scammers hook SMBs

Online scammers are forever trying to trick not only unsuspecting users, but also company employees. Sure, it’s usually far harder to dupe a business than a retiree, but the potential rate of return is far higher in the former case. Therefore, attempts to get SMBs to swallow the bait continue unabated.

Numerous techniques exist, but because scammers are generally a lazy bunch, most cases involve variations on tried-and-true themes. Here are the most common schemes in use.

Types of bait

It’s important for cybercriminals that you not only read their messages, but also react to them: click on a link, open an attachment, pay a bill. To get you to do that, they need to...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 147

Transatlantic Cable podcast, episode 147

This installment of the Kaspersky Transatlantic Cable podcast has a fairly strong law-and-order feel.

To kick things off, Dave and I look to the United Kingdom. Similar to Singapore’s COVID-19 app, the NHS has some work to do on its app before rollout. Another popular (prepandemic) story from 2020 — US cities hit with ransomware — continues, with the city of Knoxville, Tennessee.

For the third story, we take a look at facial recognition. This week, the controversy swings from the facial recognition itself to tech heavyweights no longer selling the technology to certain entities.

Following that discussion, we head to the world of cryptocurrency....

Read more...
About Kaspersky Lab
0
How Trojans steal gaming accounts

How Trojans steal gaming accounts

We often talk about the online threats gamers face, including malware in pirated copies, mods, and cheats, not to mention phishing and all kinds of scams when buying or exchanging in-game items. And not long ago, we looked at problems with buying accounts. Fortunately, it’s easy to avoid those threats if you know about them.

But here’s another problem you need to know about and defend against: password stealers. When our security solutions catch them, they’re usually designated Trojan-PSW.(something). They are Trojans designed to steal accounts — either username/password combinations or session tokens.

You may have read about Steam stealers — Trojans...

Read more...
About Kaspersky Lab
0
Can cybercriminals jump your air gap?

Can cybercriminals jump your air gap?

Internet equals troubles. That’s why one of the most radical ways to secure a computer storing extremely valuable information or controlling a critical process is never to connect it to the Internet, or maybe not to connect it to any network at all, even a local one. Such physical isolation is known as an air gap.

No connection, no problem, right? Unfortunately, that is not entirely true — some cunning ways exist to exfiltrate data even from an air-gapped device. A group of researchers at Israel’s Ben-Gurion University, headed by Mordechai Guri, specializes in such data-theft methods. We explain what they’ve found and whether you (and we) need to...

Read more...
About Kaspersky Lab
0
How to make Kaspersky Internet Security get along with Steam

How to make Kaspersky Internet Security get along with Steam

Some gamers have little love for antivirus programs. Every once in a while, you’ll see someone in an in-game chat complaining that their favorite shooter keeps lagging, to which someone else responds with the usual pearl of wisdom: Turn off your antivirus.

In fact, that’s a terrible idea. Lots of malicious programs are after Steam accounts — not to mention, it is really easy to download something nasty to an unprotected device. If your computer does get infected, that is when the lag, not to mention other troubles, begins. And then, are you sure you will not forget to turn the antivirus back on after you are done gaming?

Modern...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 146

Transatlantic Cable podcast, episode 146

On this week’s episode of the Kaspersky Transatlantic Cable podcast, Dave and I talk about a wide array of stories and also end on a lighter note than usual.

For our first story, we look to Japan and the world of automobiles. Now, we aren’t talking smart cars or car hacking, but rather, classic infosec. It appears Honda is currently under attack by Snake ransomware.

Hopping over to the UK, we look at the state of IoT appliances and also what the term “lifetime updates” really means.

Leaving the kitchen, we move over to the claims that Google violated US wiretap laws with its “incognito” browsing. Our fourth story takes us back to Asia, and...

Read more...
About Kaspersky Lab
1
oleg: I liked this one
Which hacker group is attacking your corporate network? Don’t guess, check!

Which hacker group is attacking your corporate network? Don’t guess, check!

About four years ago, cybersecurity became a pawn in geopolitical games of chess. Politicians of all stripes and nationalities wag fingers at and blame each other for hostile cyberespionage operations, while at the same time — seemingly without irony — enlarging their own countries’ offensive cyberweaponstools. And caught in the crossfire of geopolitical shenanigans are independent cybersecurity companies, which have the ability, and the nerve, to uncover this very dangerous tomfoolery.

But, why? It’s all very simple.

First, “cyber” is and has been a cool/romantic/sci-fi/Hollywood/glamorous term since its...

Read more...
About Kaspersky Lab
0
Passwords for work applications

Passwords for work applications

Along with their clear benefits, online collaboration tools also carry well-documented risks. Namely, in addition to the risks that are largely specific to collaboration tools, they also increase an older, well-known risk: credential leaks. That is simply because all of these services require a password to log in, thus increasing the total number of passwords any given employee needs.

These days, each team member needs access to corporate e-mail, an instant messaging program, and a project management system — at the least. Some employees need access to website administration tools and corporate social media accounts, of which there is usually more than...

Read more...
About Kaspersky Lab
0
Encrypting the encrypted: Zorab Trojan in STOP decryptor

Encrypting the encrypted: Zorab Trojan in STOP decryptor

What do people do if they discover that ransomware has encrypted their files?  First panic, probably, then worry, then look for ways to recover data without paying any ransom to the attackers (which would be pointless, anyway). In other words, they go online to Google a solution or ask for advice on social networks. That is exactly what the creators of the Zorab Trojan want, having embedded the malware into a tool that purports to help STOP/Djvu victims.

Fake STOP decryptor as bait

In fact, the cybercriminals have decided to exacerbate the problems already facing the victims of the STOP/Djvu ransomware, which encrypts data and,...

Read more...
About Kaspersky Lab
0
Easy money pandemic: Welfare as bait

Easy money pandemic: Welfare as bait

The coronavirus pandemic has dealt a major blow to the global economy. Restrictive measures have forced many companies to suspend operations, and workers to take time off at their own expense. Attempting to mitigate the effects of the pandemic, governments worldwide are taking steps to support businesses and citizens through tax breaks, compensation schemes, stimulus checks, and the like.

In other words, money almost literally falling from the sky doesn’t necessarily sound like fantasy this year. However, if you receive an e-mail stating that you can claim a tidy sum as some sort of pandemic-related relief, don’t rush to celebrate. Governments are not...

Read more...
About Kaspersky Lab
0
Are collaboration tools secure?

Are collaboration tools secure?

Smaller businesses rarely invest in high-cost collaboration tools, opting instead for cheaper — or, better still, free — utilities. For better or worse, they have plenty of choices. However, failure to consider the security implications of using such tools can end up costing SMBs far more.

Document collaboration tools

Many services allow small teams to edit documents simultaneously. They’re not just text tools, though; using them, team members can jointly develop graphical interfaces, diagrams, source code, and much more as well. It is handy, after all. However, before using such a service, it is worth understanding exactly how it works: how it stores your...

Read more...
About Kaspersky Lab
0
Transatlantic Cable podcast, episode 145

Transatlantic Cable podcast, episode 145

Dave and I kick off this week’s edition of the Kaspersky Transatlantic Cable podcast with a discussion of disinformation in the US.

Speaking of current events in the States, we highlight the need for those educating themselves to make sure they are getting solid information from reputable sources. A lot of misinformation is being distributed, so we kindly ask you to think before sharing. If something sounds a bit off, make sure that you are looking at reputable sources — don’t be a source of disinformation.

Did someone say disinformation? Despite public reports, Troy Hunt thinks the alleged hacking of the Minneapolis Police Department may not be...

Read more...
About Kaspersky Lab
0
Adaptive cybersecurity training

Adaptive cybersecurity training

In developing our cybersecurity awareness programs, we naturally devote a lot of time to analyzing their effectiveness in search of the “perfect scenario.” Why is it after taking the exact same course, some employees successfully apply the acquired know-how in practice, and others forget it the very next day? The answer to this question is not as simple as it seems — multiple factors are at play. But the main reason is basically that people are different.

And it’s not just that different people have different background knowledge. Some can hear something once and remember it forever; others absorb it only after a detailed explanation. Still others need...

Read more...
About Kaspersky Lab
0
How to keep track of little ones on the loose

How to keep track of little ones on the loose

With some kids, it takes just a few seconds of distraction while the whole family is at the mall. If your child pops out of view, they’ll usually be right back in just as few blinks of the eye. You can’t help but worry, though.

Then, when they’re mature enough to come home alone from school but not really mindful of the time, you still probably have no need for panic if they’re 15 minutes late. Friends can be distracting, after all. So can strangers, though.

It’s hard not to worry when you don’t know where your child is. These days, however, there is a solution (or several) to this age-old problem: location-tracking devices for kids. Here, we...

Read more...
About Kaspersky Lab
0