vulnerabilitiesCVE-2024-43451 and other reasons to update ASAP
Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.
Latest
incident responseHow to learn from a cybersecurity incident
Analyzing incidents and drawing lessons from them should be an integral part of the incident response process. This can help improve the overall security level of a company.
backupHow to save web pages for posterity
Web pages often disappear, move, or change content. How to keep them the way you want, or easily locate a web archive?
How (not) to play tanks and catch a backdoor
Cybercriminals have devised a new ruse: luring gamers to a modish crypto tank-game to gain full access to their computers.
TORTor Browser and anonymity: what you need to know
The Tor Browser is a bastion of online anonymity, yet even this tool can’t ensure complete privacy — and here’s why.
passwordsPassword standards: 2024 requirements
Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.
How to set up security and privacy in ASICS Runkeeper
A detailed guide to configuring privacy settings in the ASICS Runkeeper running app.
SIEMKaspersky SIEM: early threat detection and other improvements
Rules for detecting atypical behavior in container infrastructure at the data collection stage, and other updates to our SIEM system.
Malware in developer coding tests
Hackers continue to target developers: during a fake job interview, they ask “potential employees” to run a script from GitHub that hides a backdoor.
Gamers
gamersHow scammers attack young gamers
Autumn is here, kids are going back to school and also meeting up with friends in their favorite online games. With that in mind, we have just carried out one of our biggest ever studies of the threats young gamers are most likely to encounter.
Live hack: Apex Legends esports tournament scandal
Hackers have long been engaging with the gaming world: from cracking games and creating cheats, to, more recently, attacking esports players live during an Apex Legends tournament. Regarding the latter, we break down what happened and how it could have been avoided.
Mario Forever, malware too: a free game with a miner and Trojans inside
Malicious versions of the free-to-download game Super Mario 3: Mario Forever plant a miner and a stealer on gamers’ machines.
Minecraft players under attack
Minecraft mods downloaded from several popular gaming websites contain dangerous malware. What we know so far.
The Phantom Menace: how gamers of different ages are being attacked
Why scammers are more likely to target kids than hardcore gamers, how they do it, and what they want to steal
The true cost of gaming
Our research reveals gamers’ attitudes toward computer performance — and the ethics of winning and losing.
Business
Will AI replace SOC analysts?
We share our experience on the optimal use of AI models in the SOC of our Kaspersky MDR service.
AI in cybersecurity automation
AI has dozens of applications in cybersecurity. Which ones are the most effective?
Phishing emails and Docusign electronic signature
Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.
Why standardization matters: from convenience to saving lives
Why international standards are important, and how Kaspersky contributes to IoT standardization.
School and cyberthreats
Why cybersecurity in education is critical, and how to protect schools from attacks.
I firmly believe that the concept of cybersecurity will soon become obsolete, and cyberimmunity will take its place.
Eugene Kaspersky
Business
Popular
Critical vulnerability in Apache Log4j library
Researchers discovered a critical vulnerability in Apache Log4j library, which scores perfect 10 out of 10 in CVSS. Here’s how to protect against it.
Case study: fake hardware cryptowallet
Full review of a fake cryptowallet incident. It looks and feels like a Trezor wallet, but puts all your crypto-investments into the hands of criminals.
Five things to update ASAP
Prioritize updating the apps that keep your devices and personal data safe from cyberattacks.
Update iOS, there is a dangerous vulnerability in WebKit
Dangerous vulnerability in WebKit (CVE-2022-22620) is believed to be actively exploited by hackers. Update your iOS devices as soon as possible!
What to do if you lose your phone with an authenticator app
Can’t sign in to an account because your authenticator app is on a lost phone? Here’s what to do.
Infected Android app store
The APKPure app store has been infected by a malicious module that downloads Trojans to Android devices.
Follina: office documents as an entrance
New vulnerability CVE-2022-30190, aka Follina, allows exploitation of Windows Support Diagnostic Tool via MS Office files.
Tips
How to travel safely
Going on vacation? We’ve compiled a traveler’s guide to help you have an enjoyable safe time and completely get away from the routine.
Don’t forget about Recall, because Recall won’t forget about you
The new AI function in Microsoft Windows has already been dubbed a “security nightmare” on the internet. What risks does it carry, and how to stay safe?
Setting up both security and privacy in WhatsApp
We discuss key aspects of WhatsApp’s security and privacy, and how to configure this messenger to enhance protection.
The incognito myth: how private browsing really works
How to use private browsing mode, what it doesn’t protect against, and why Google is deleting five billion dollars’ worth of user data.