Secure blogging

26 Oct 2004

minute read

Authors

Costin Raiu

Finally, we’re here! A weblog from the international antivirus lab at Kaspersky, with news, interesting details, top level security information and from time to time, even pictures! 🙂

While on the subject of blogging, I have to say that posting to this weblog is probably one of the most complex (and secure!) online processes I’ve seen. IP-based authentication, public/secret key pairs, passwords plus a few other extra security protocols which I cannot disclose. Just the way a proper security product should be. (grin)

Speaking of security and weblogs, there’s a new popular exploit on the internet targetting WordPress, maybe the most powerful weblogging software out there. This vulnerability is fixed by the WordPress 1.2.1 release, so if you are an WordPress user, make sure you run the latest update.

Authors

Costin Raiu

Secure blogging

Latest Posts

Latest Webinars

Reports

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

While hunting for less common Deathstalker intrusions, we identified a new Janicab variant used in targeting legal entities in the Middle East throughout 2020.

Secure blogging

GReAT Ideas. Balalaika Edition

GReAT Ideas. Green Tea Edition

GReAT Ideas. Powered by SAS: malware attribution and next-gen IoT honeypots

GReAT Ideas. Powered by SAS: threat actors advance on new fronts

GReAT Ideas. Powered by SAS: threat hunting and new techniques

TOP 10 unattributed APT mysteries

Applied YARA training Q&A

PuzzleMaker attacks with Chrome zero-day exploit chain

Looking at Big Threats Using Code Similarity. Part 1

YARA webinar follow up

The state of stalkerware in 2022

Good, Perfect, Best: how the analyst can enhance penetration testing results

Web beacons on websites and in e-mail

Main phishing and scamming trends and techniques

Indicators of compromise (IOCs): how we collect and use them

Latest Posts

The state of stalkerware in 2022

The mobile malware threat landscape in 2022

Spam and phishing in 2022

IoC detection experiments with ChatGPT

Latest Webinars

ChatGPT – good or evil? AI impact on cybersecurity

Crimeware and financial predictions for 2023

Advanced persistent threat predictions for 2023

Reversing mobile threats in 2022

Reports

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

BlueNoroff introduces new methods bypassing MoTW

Ransomware and wiper signed with stolen certificates

DeathStalker targets legal entities with new Janicab variant

Subscribe to our weekly e-mails