Threat Category: Cybersecurity

Kaspersky experts discuss the Model Context Protocol used for AI integration. We describe the MCP’s architecture, attack vectors and follow a proof of concept to see how it can be abused.

Kaspersky experts explain the different types of cookies, how to configure them correctly, and how to protect yourself from session hijacking attacks.

We analyze the built-in protection mechanisms in macOS: how they work, how threat actors can attack them or deceive users, and how to detect such attacks.

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.

Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain.

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Cybersecurity

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers

Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it

How attackers adapt to built-in macOS protection

Forensic journey: Breaking down the UserAssist artifact structure

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

Host-based logs, container-based threats: How to tell where an attack began

Using a Mythic agent to optimize penetration testing

Outlaw cybergang attacking targets worldwide

Streamlining detection engineering in security operation centers

A journey into forgotten Null Session and MS-RPC interfaces, part 2

One policy to rule them all

Mercedes-Benz Head Unit security research report

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Approach to mainframe penetration testing on z/OS

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails