Sandbox for experts

The creators of mass Trojans go to great lengths to execute their malicious code on victims’ computers. However, the masterminds behind complex threats and APT attacks spend no less effort on developing mechanisms not to execute their code. That way, they can bypass security technologies — in particular, sandboxes. Sandboxes and evasion techniques...

1d

Crack me if you can

If you think that your Steam or Origin account with its handful of purchases and achievements is of no interest to cybercriminals, we have bad news. Every year, scammers indiscriminately steal hundreds of thousands of gaming accounts and sell them on the black market. The first barrier that protects your account from this fate is your password. We explain...

5d

The hunt for Office 365 accounts

The current surge in remote working has raised cybercriminal interest in Office 365, one of the most common cloud collaboration platforms. The basic scheme is simple: Cybercriminals lure a company employee to a fake Office 365 login page and persuade them to enter credentials. In other words, it is phishing. The specific methods by which the attackers...

6d

Transatlantic Cable podcast, episode 149

For the 149th installment of the Kaspersky Transatlantic Cable podcast, Jeff and I look at how (and why) the Israeli government has saw fit to use fish to help fend off cyber-security attacks. We also tackle the thorny issue of TikTok privacy and how they were caught with their hand in the cookie jar, again. From there we move to more interesting news...

1w

Simple defense against complex attacks

As logic suggests, an attack on a company makes sense only if the potential profit outweighs the organizational cost. Until fairly recently, cybercriminals guarded their know-how from each other like trade secrets. Tools for advanced attacks, if sold on the darknet at all, were not generally available — and then only at exorbitant prices. Truly sophisticated...

2w

4 ways to royally leak your company data

If you post pics of concert tickets on Instagram without hiding the barcode, someone could get to see your favorite band instead of you. The same can happen even if you do hide the barcode, but with the wrong tool. That said, remembering to conceal the barcode properly before bragging about tickets isn’t so difficult. It’s a totally different matter...

2w

What are App Clips and Instant Apps?

A few days ago, at its worldwide developer conference (WWDC 2020, held in full virtual mode because of the coronavirus outbreak), Apple unveiled the next version of iOS. One of its innovations is App Clips, mini apps that can begin running on the device without having to be installed. Apple requires these programs to be no more than 10MB so they can...

2w

How to secure DevOps

Last month, IT news websites reported that RubyGems, the official channel for distributing libraries for the Ruby programming language, had been poisoned. An attacker uploaded fake packages containing a malicious script, so all programmers who used the code in their projects unwittingly infected users’ computers with malware that changed cryptocurrency...

2w

Transatlantic Cable podcast, episode 148

We kick off this week’s Kaspersky Transatlantic Cable podcast with an interesting topic. Those of you who have been on Instagram, Twitter, or other social media sites have probably heard of OnlyFans. For those who are unaware, OnlyFans is a site where users can pay a content producer for exclusive or private videos. In many cases, the images or videos...

2w

Zoom 5 moves toward security

Not so long ago, we explained how to configure Zoom to make it safer to use. However, technologies can develop very rapidly, especially those in the spotlight. One such case is Zoom, whose developers have, as promised, given the app a data-protection makeover. As a result, version 5.0 has changed a lot from precoronavirus Zoom. The change in security...

3w