Threat Category: Cybersecurity | Page 2

We analyze the built-in protection mechanisms in macOS: how they work, how threat actors can attack them or deceive users, and how to detect such attacks.

A Kaspersky GERT expert describes the UserAssist Windows artifact, including previously undocumented binary data structure, and shares a useful parsing tool.

We have explored the RACF security package in z/OS and developed a utility to interact with its database. Now, we are assessing RACF configuration security for penetration testing.

Kaspersky expert shares insights on how to determine whether an attack was first launched in a container or on the host itself when an organization’s logs lack container visibility.

Kaspersky experts discuss optimizing penetration testing with an agent for the Mythic framework and object files for Cobalt Strike.

The Kaspersky Global Emergency Response Team (GERT) detected an Outlaw mining botnet in a customer incident. In this article, we share insights into this botnet’s SSH-based infection chain.

A proper detection engineering program can help improve SOC operations. In this article we’ll discuss potential SOC issues, the necessary components of a detection engineering program and some useful metrics for evaluating its efficiency.

Kaspersky expert dissects the MS-RPC security mechanism and provides a step-by-step analysis of calling a function from the Netlogon interface.

How cyberattackers exploit group policies, what risks attacks like these pose, and what measures can be taken to protect against such threats.

Kaspersky experts analyzed the Mercedes-Benz head unit, its IPC protocols and firmware, and found new vulnerabilities via physical access.

Kaspersky experts analyze cyberdefense weak points, including patch management, policy violations and MSSP issues, and real-world cases where compromise assessment helped detect and mitigate incidents.

We explain how mainframes work, potential attack vectors, and what to focus on when pentesting such systems.

How a SOC can efficiently manage priorities when writing detection logic for various MITRE ATT&CK techniques and what tools can help.

Kaspersky experts conducted a study of password resistance to attacks that use brute force and smart guessing techniques.

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration.

Reports

Kaspersky researchers uncovered malicious wheel packages in PyPI that targeted both Windows and Linux and contained a dropper delivering malware dubbed ZiChatBot. We attribute this activity to OceanLotus APT.

The Silver Fox group is targeting companies in Russia and India by impersonating tax authorities to distribute ValleyRAT and the new ABCDoor backdoor.

Kaspersky researchers analyze updated CoolClient backdoor and new tools and scripts used in HoneyMyte (aka Mustang Panda or Bronze President) APT campaigns, including three variants of a browser data stealer.

Kaspersky discloses a 2025 HoneyMyte (aka Mustang Panda or Bronze President) APT campaign, which uses a kernel-mode rootkit to deliver and protect a ToneShell backdoor.

Cybersecurity

How attackers adapt to built-in macOS protection

Forensic journey: Breaking down the UserAssist artifact structure

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

Host-based logs, container-based threats: How to tell where an attack began

Using a Mythic agent to optimize penetration testing

Outlaw cybergang attacking targets worldwide

Streamlining detection engineering in security operation centers

A journey into forgotten Null Session and MS-RPC interfaces, part 2

One policy to rule them all

Mercedes-Benz Head Unit security research report

Risk reduction redefined: How compromise assessment helps strengthen cyberdefenses

Approach to mainframe penetration testing on z/OS

Developing and prioritizing a detection engineering backlog based on MITRE ATT&CK

Analysis of user password strength

A journey into forgotten Null Session and MS-RPC interfaces

Reports

OceanLotus suspected of using PyPI to deliver ZiChatBot malware

Silver Fox uses the new ABCDoor backdoor to target organizations in Russia and India

HoneyMyte updates CoolClient and deploys multiple stealers in recent campaigns

The HoneyMyte APT evolves with a kernel-mode rootkit and a ToneShell backdoor

Subscribe to our weekly e-mails