Jump to content

Search the Community

Showing results for tags 'kaspersky'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Informatii generale
    • Anunturi importante
    • Bine ai venit
    • Proiecte RST
  • Sectiunea tehnica
    • Exploituri
    • Challenges (CTF)
    • Bug Bounty
    • Programare
    • Securitate web
    • Reverse engineering & exploit development
    • Mobile security
    • Sisteme de operare si discutii hardware
    • Electronica
    • Wireless Pentesting
    • Black SEO & monetizare
  • Tutoriale
    • Tutoriale in romana
    • Tutoriale in engleza
    • Tutoriale video
  • Programe
    • Programe hacking
    • Programe securitate
    • Programe utile
    • Free stuff
  • Discutii generale
    • RST Market
    • Off-topic
    • Discutii incepatori
    • Stiri securitate
    • Linkuri
    • Cosul de gunoi
  • Club Test's Topics
  • Clubul saraciei absolute's Topics
  • Chernobyl Hackers's Topics
  • Programming & Fun's Jokes / Funny pictures (programming related!)
  • Programming & Fun's Programming
  • Programming & Fun's Programming challenges
  • Bani pă net's Topics
  • Cumparaturi online's Topics
  • Web Development's Forum
  • 3D Print's Topics

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Yahoo


Jabber


Skype


Location


Interests


Biography


Location


Interests


Occupation

Found 17 results

  1. Pe scurt: Kaspersky a lansat o versiune gratuita a solutiei lor de securitate... Nu are chestiile de genul parental control si VPN care oricum cred ca nu interesau pe mare parte din utilizatori. Protectia ar trebui sa fie comparabila cu cea din versiunea platita dar lipsesc cateva module. Download:https://free.kaspersky.com/ Sursa.
  2. Kaspersky has been in the news quite a lot recently, primarily because of US concerns over links to the Russian government. The security company also hit the headlines when it filed an antitrust case against Microsoft because Windows 10 disabled Kaspersky antivirus software. But now there's a new reason to be in the news -- and this time it's a good one. The Russian company is launching Kaspersky Free, a free antivirus tool available globally. Company founder Eugene Kaspersky announced that the US, Canada and numerous Asia Pacific countries have access to the software immediately, and the global rollout will continue over the coming months (although it already seems to be downloadable in the UK). The launch coincides with Kaspersky Labs' 20th birthday, and the company says that the increased user-base that will almost certainly come about will help to increase security for everyone thanks to the information that can be gathered for machine learning. Announcing the launch of Kaspersky Free, the company founder couldn't resist making a little dig at Microsoft: This is not -- of course -- going to compete with Kaspersky's paid-for security tools, and it only covers the "bare essentials": email and web antivirus, automatic updates, self-defense, quarantine, and so on, as Kaspersky explains. The software is built on the same technology as its paid-for predecessors, and the company promises that it is lighter on resources. There's also the promise that there will be no advertising, or tracking of user behavior and activity. The release schedule for the software is as follows: You can download Kaspersky Free direct from the company website. Via betanews.com
  3. During incident response, a team of security specialists needs to follow the artefacts that attackers have left in the network. Artefacts are stored in logs, memories and hard drives. Unfortunately, each of these storage media has a limited timeframe when the required data is available. One reboot of an attacked computer will make memory acquisition useless. Several months after an attack the analysis of logs becomes a gamble because they are rotated over time. Hard drives store a lot of needed data and, depending on its activity, forensic specialists may extract data up to a year after an incident. That’s why attackers are using anti-forensic techniques (or simply SDELETE) and memory-based malware to hide their activity during data acquisition. A good example of the implementation of such techniques is Duqu2. After dropping on the hard drive and starting its malicious MSI package it removes the package from the hard drive with file renaming and leaves part of itself in the memory with a payload. That’s why memory forensics is critical to the analysis of malware and its functions. Another important part of an attack are the tunnels that are going to be installed in the network by attackers. Cybercriminals (like Carbanak or GCMAN) may use PLINK for that. Duqu2 used a special driver for that. Now you may understand why we were very excited and impressed when, during an incident response, we found that memory-based malware and tunnelling were implemented by attackers using Windows standard utilities like “SC” and “NETSH“. Read more: https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/
  4. Salut , am dat un reset din fabrica la telefonsi numai am nimic , ma refer la poze muzica , contacte ...inainte de asta nustiu cum am umblat prin kaspersky si mi-a ascuns/sters contactele si pozele nu mi se mai vedeau...si am zis sa dau un reset factory ..mentionez detin un samsung s4
  5. Kaspersky Total Security 2015 delivers ultimate security for computers & mobile devices. It protects your privacy, finances, identity, photos and children against Internet threats – so no aspect of your digital security is left to chance. One product – with one license – safeguards your ‘digital life’, across your PC, Mac and Android devices. Get it now! Free Kaspersky Total Security 2015 (100% discount) - SharewareOnSale
  6. Kaspersky malware probers have uncovered a new 'operating system'-like platform that was developed and used by the National Security Agency (NSA) in its Equation spying arsenal. The EquationDrug or Equestre platform is used to deploy 116 modules to target computers that can siphon data and spy on victims. "It's important to note that EquationDrug is not just a trojan, but a full espionage platform, which includes a framework for conducting cyberespionage activities by deploying specific modules on the machines of selected victims," Kaspersky researchers say in a report. "Other threat actors known to use such sophisticated platforms include Regin and Epic Turla. "The architecture of the whole framework resembles a mini-operating system with kernel-mode and user-mode components carefully interacting with each other via a custom message-passing interface." The platform is part of the NSA's possibly ongoing campaign to infect hard disk firmware. It replaces the older EquationLaser and is itself superseded by the GrayFish platform. Kaspersky says the newly-identified wares are as "sophisticated as a space station" thanks to the sheer number of included espionage tools. Extra modules can be added through a custom encrypted file system containing dozens of executables that together baffle most security bods. Most of the unique identifiers and codenames tied to modules is encrypted and obfuscated. Some modules capabilities can be determined with unique identification numbers. Others are dependent on other plugins to function. Each plugin has a unique ID and version number that defines a set of functions it can provide. Some of the plugins depend on others and might not work unless dependencies are resolved. Kaspersky bods have found 30 of the 116 modules estimated to exist. "The plugins we discovered probably represent just a fraction of the attackers' potential," the researchers say. Executable timestamps reveal NSA developers likely work hardest on the platform on Tuesdays to Fridays, perhaps having late starts to Monday. Modules detected in the tool include code for: Network traffic interception for stealing or re-routing Reverse DNS resolution (DNS PTR records) Computer management Start/stop processes Load drivers and libraries Manage files and directories System information gathering OS version detection Computer name detection User name detection Locale detection Keyboard layout detection Timezone detection Process list Browsing network resources and enumerating and accessing shares WMI information gathering Collection of cached passwords Enumeration of processes and other system objects Monitoring LIVE user activity in web browsers Low-level NTFS filesystem access based on the popular Sleuthkit framework Monitoring removable storage drives Passive network backdoor (runs Equation shellcode from raw traffic) HDD and SSD firmware manipulation Keylogging and clipboard monitoring Browser history, cached passwords and form auto-fill data collection. Source
  7. Guest

    Kaspersky free 3 luni.

    http://www.kaspersky.com/fr/antivirus-trial-3months
  8. Kaspersky Lab a organizat o dezbatere despre cyberbullying in cadrul Mobile World Congress 2015 Un studiu realizat de Kaspersky Lab in parteneriat cu B2B International arata ca aproximativ 22% dintre parinti nu verifica tipul de continut virtual pe care il acceseaza copiii lor, iar 48% dintre acestia sunt ingrijorati cu privire la agresiunile cibernetice la care pot fi expusi cei mici. Kaspersky Lab a organizat o dezbatere in cadrul evenimentului Mobile World Congress 2015, pentru a analiza aceasta situatie. Initiativa face parte parte dintr-o campanie globala pentru educarea si asistarea copiilor si a parintilor in lupta impotriva cyberbullying-ului (agresiunilor din mediul cibernetic). „Internetul are multe beneficii, insa, din pacate, ofera posibilitatea unor utilizatori sa-si expuna trasaturile daunatoare, iar cyberbullying-ul a devenit o problema la scara larga,” a avertizat Eugene Kaspersky, Chairman si CEO Kaspersky Lab. „Pentru victime, impactul psihologic poate fi serios si durabil. Probabil ca nu exista o solutie strict tehnologica, insa trebuie sa discutam despre toate aceste lucruri si sa-i informam atat pe parinti, cat si pe copii, pentru a le permite sa se bucure de toate lucrurile bune pe care le ofera internetul,” a declarant Eugene Kaspersky. „Cyberbullying-ul si, in general, toate tipurile de agresiuni afecteaza copiii si trebuie sa fie abordate dintr-o perspectiva holistica, implicand in discutie atat copiii si adolescentii, cat si parintii si profesorii,” a comentat Janice Richardson, Senior Advisor in cadrul European Schoolnet si Co-fondator Insafe. „Problema de baza este ca instrumentele noastre de comunicare au evoluat mult in ultimele decenii, insa tehnicile de utilizare nu au progresat in aceeasi masura,” a avertizat Janice Richardson. Cercetarea Kaspersky Lab arata si ca intentiile bine intentionate ale adultilor de a oferi spatiu privat copiilor pot, de fapt, sa ii faca pe acestia mai vulnerabili la hartuirile si abuzurile din mediul online. De exemplu, doar 19% dintre parinti afirma ca ii au pe cei mici in listele de prieteni sau ca ii urmaresc pe retelele sociale si doar 39% monitorizeaza activitatile online ale celor mici. 38% dintre parinti au discutat cu copiii despre amenintarile din mediul virtual, procent care poate reflecta o lipsa de incredere si intelegere. Studiul arata ca cei mici sunt reticenti in a marturisi ca sunt victime ale agresiunilor online: 25% dintre parintii ai caror copii au fost agresati in mediul virtual spun ca au aflat acest lucru dupa mult timp. Datele sunt ingrijoratoare deoarece abuzul in mediul virtual se poate extinde rapid si in viata reala, dupa cum au descoperit 26% dintre parintii afectati. Impactul emotional pe termen lung poate fi semnificativ, iar parintii trebuie sa fie informati pentru a face demersurile necesare ca sa opreasca cyberbullying-ul. Studiul Kaspersky Lab arata ca 44% dintre parintii care au aflat ca cei mici sunt agresati au intervenit – in timp ce peste jumatate dintre parinti nu au luat masuri. Poate fi dificil sa previi cyberbullying-ul, insa exista masuri simple care pot fi adoptate pentru a proteja copiii impotriva actiunilor de hartuire virtuala si de consecintele acestora. De exemplu, setarile de confidentialitate din retelele sociale permit adultilor sa ii ajute pe cei mici sa controleze care sunt utilizatorii care le pot urmari postarile sau trimite mesaje private. Setarile de control parental integrate in aplicatii si in solutiile de securitate asigura protectie si un plus de liniste. De asemenea, este important ca parintii sa comunice cu copiii lor si sa le explice importanta protejarii informatiilor confidentiale precum adresa, numarul de telefon, scoala sau numarul cardului de credit. In plus, copiii trebuie sa inteleaga ca este important sa stabileasca ce continut distribuie caror utilizatori si unde pot cere ajutorul in cazul in care sunt agresati sau hartuiti. Mai multe informatii despre cyberbullying si sfaturi cu privire la protectia copiilor pe internet se gasesc pe portalul educational Kaspersky Lab: kids.kaspersky.com. -> Sursa: Kaspersky Lab a organizat o dezbatere despre cyberbullying in cadrul Mobile World Congress 2015
  9. Luand in considerare evolutia conceptului de Internet of Things si dezvoltarea unui alt concept – Internet of Us, Kaspersky Lab colaboreaza cu comunitatea suedeza de bio-hacking, BioNyfiken, pentru a analiza procesul de utilizare a corpurilor umane pentru accesarea internetului. In trecut, acest proces a fost subiectul filmelor de Hollywood si al romanelor stiintifico-fantastice, insa, in 2015, numarul oamenilor hibrizi se afla intr-o continua crestere. Luand in considerare directia inventiilor tehnologice si adoptarea in masa a dispozitivelor precum stimulatoarele cardiace, pompele pentru insulina, aparatele auditive si sistemele de stimulare a proceselor cognitive, tot mai multi oameni pot fi considerati partial roboti. Informatii recente descriu un nou tip de oameni hibrizi – utilizatorii care isi implanteaza cipuri nu din motive medicale, ci pentru eficientizarea activitatilor zilnice precum controlul incuietorilor usilor, achizitiile online si accesarea computerelor printr-o miscare a mainii. Astfel, capacitatea de stocare a datelor personale prin intermediul implanturilor ridica noi probleme de securitate. BioNyfiken, o comunitate suedeza de bio-hacking, ia masuri pentru normalizarea acestui fenomen pentru a-l implementa la scara larga. Comunitatea BioNyfiken considera ca un implant nu este diferit de cercei sau de tatuaje si este de parere ca din ce in ce mai multi utilizatori vor opta pentru implanturi cu compatibilitate NFC (Near Field Communication) pentru a stoca serii de informatii. „Conceptul Internet of Things presupune dezvoltarea de produse pentru a le pune rapid pe piata,” spune Patrick Mylund Nielsen, Senior Security Researcher la Kaspersky Lab. „Utilizatorii fie se gandesc tarziu la securitatea dispozitivelor, fie nu se gandesc deloc. Desi bio-hacking-ul a fost un subiect al romanelor stiintifico-fantastic pentru o perioada indelungata, acestea nu au analizat si implicatiile: Ce se intampla atunci cand informatiile confidentiale sunt stocate pe un cip implantat? Poate cineva deveni o copie a noastra daca ne atinge? Am putea fi urmariti unde mergem? Cuvantul „nyfiken” inseamna curios si noi suntem curiosi sa aflam raspunsurile la aceste intrebari,” incheie Patrick Mylund Nielsen. „Tehnologia se intampla acum,” spune Hannes Sjoblad, unul dintre fondatorii BioNyfiken. „Observam cresterea comunitatii de utilizatori care experimenteaza prin implanturi care le permit sa indeplineasca anumite cerinte zilnice rapid si usor – accesul in cladiri, deblocarea dispozitivelor personale fara a introduce un cod PIN si accesul la numeroase date stocate. „Consider ca evolutia acestei tehnologii este un alt moment important in istoria interactiunii dintre oameni si computere, similar lansarii primelor computere cu Windows sau primelor ecrane cu tehnologie screen. Fiecare dispozitiv cu care ne identificam, fie ca este o cheie sau o cartela electronica, este inca un lucru care ne influenteaza vietile,” incheie Hannes Sjoblad. „Consideram ca este important sa lucram cu experti de top in securitate cibernetica pentru ca inteleg tehnologia si ne ajuta sa identificam riscurile. Kaspersky Lab este un partener de cercetare ideal pentru BioNyfiken. Expertii Kaspersky Lab nu doar ca au pregatire de top, ci au fost si initiatorii cercetarilor inovatoare cu privire la tehnologiile noi,” mai adauga Hannes Sjoblad. „Abia asteptam sa lucram cu expertii Kaspersky Lab intr-un proiect deschis de cercetare care sa exploreze vulnerabilitatile acestor cipuri in activitatile zilnice ale utilizatorilor, pentru a putea identifica modalitati de rezolvare in cazul in care acestea exista.” In plus fata de cercetarea in parteneriat cu BioNyfiken, Kaspersky Lab va organiza evenimente impreuna cu comunitatea de bio-hacking in Suedia si pe teritoriul Europei pentru a discuta aspectele referitoare la securitatea cibernetica si la spatiul privat. Exista numeroase cladiri hi-tech in Suedia, precum Epicenter care dezvolta business-uri care utilizeaza implanturi NFC in mod regulat pentru activitati variate, inlocuind alte dispozitive. „Eu prefer sa nu imi implantez un cip,” spune Eugene Kaspersky, Chairman si CEO la Kaspersky Lab. „Insa, inteleg evolutia tehnologiei si cred ca vor exista utilizatori care isi vor asuma riscuri, vor testa limitele tehnologiei si vor experimenta pe propriile corpuri. Mi-ar placea sa faca asta constienti de implicatii si sa tina cont de siguranta inainte, nu dupa ce s-a intamplat ceva, cum este cazul de cele mai multe ori,” comenteaza Eugene Kaspersky. „Imi pare foarte bine ca BioNyfiken a ales sa lucreze cu noi pentru a analiza implicatiile de securitate legate de utilizarea corpurilor umane pentru accesarea internetului. Poate ca expertii Kaspersky Lab nu vor descoperi nicio vulnerabilitate, insa, daca oamenii vor avea cipuri NFC in corpuri, as vrea sa ma asigur ca am analizat atent orice posbilititate,” mai adauga Eugene Kaspersky. -> Sursa: Telefoane conectate, case conectate, masini conectate… oameni conectati
  10. Kaspersky Lab’s global research and analysis team uncovered what they claim is the most sophisticated advanced persistent threat group yet known. Known as the Equation Group, researchers led by GReAT director Costin Raiu say the threat actors have been operating for 15 years or more and are known to have intercepted and maliciously modified hardware and CDs. Beyond that, the Equation Group is known to have had access to a pair of zero-day vulnerabilities that would eventually be used in the infamous Stuxnet attacks. We caught up with Kaspersky Lab principal security researcher Vitaly Kamluk at the company’s Security Analyst Summit in Cancun, Mexico. Source
  11. Compania rusa de securitate cibernetica Kaspersky a descoperit un program de spionaj american pus in HDD-urile Seagate si Western Digital. In ultimii 5 ani piata HDD-urilor a vazut cateva modificari importante si numarul a scazut de la 3 producatori la 2. Din acest motiv umbla cateva suspiciuni. In prezent avem doi mari producatori americani: Seagate si WD. La randul lor acestia au preluat si alte divizii precum Hitachi, Samsung, Toshiba sau HGST. Potrivit Kaspersky, agentia americana de supraveghere cibernetica NSA a introdus in HDD-uri un cod de spionaj. Acesta executa datele primare, fisierele la nivel inalt, sistemul de operare sau chiar utilizarea HDD-ului. Kasperky a gasit in PC-uri din peste 30 de tari acest program de spionaj, iar cele mai multe au fost in Iran, Rusia, Pakistan, Afganistan, China, Mali, Siria, Yemen si Algeria. Ha! Seagate si WD au negat partajarea codului cu sursa firmware-ului cu orice agentie guvernamentala si au sustinut ca firmware-ul lor este proiectat pentru a preveni sustragerea datelor pe o cale nefireasca. kaspersky a afirmat ca este destul de usor pentru agentii sa obtina codul sursa al software-ulu dandu-se drept un dezvoltator de software. Guvernul poate solicita codul sursa prin simpla rugaminte a unui producator care are nevoie pentru a inspecta codul pentru a se asigura ca este curat, inainte de a putea cumpara PC-uri care ruleaz HDD-urile lor. Ceea ce este surprinzator este modul în care a fost violat firmware-ul HDD-urilor si cum a ajuns raspandit atat de repede. Seagate si WD au facilitati de productie în tari precum Thailanda si China, situate în zone de înalta securitate pentru a preveni furtul de proprietate intelectuala sau sabotaj. Nu ne putem imagina firmware modificat fara o colaborare a companiilor. Source
  12. Full Title: Expertii Kaspersky Lab au descoperit predecesorul programelor Stuxnet si Flame – cel mai periculos malware ca tehnici si instrumente utilizate Expertii Kaspersky Lab din cadrul echipei Global Research and Analysis Team (GReAT) monitorizeaza cu atentie, de ani de zile, peste 60 de grupuri de atacatori responsabile de multe dintre amenintarile cibernetice avansate la nivel global. Insa, abia acum, cercetatorii Kaspersky Lab pot confirma ca au descoperit o grupare mult mai evoluata decat tot ce a fost descoperit anterior – Equation Group, care este activa de aproape doua decenii. Incepand cu 2001, Equation Group a infectat mii sau zeci de mii de victime din peste 30 de tari la nivel global, vizand tinte din urmatoarele sectoare: institutii guvernamentale si diplomatice, telecomunicatii, industria aeronautica, energie, cercetare nucleara, industria de petrol si gaze, armata, industria nanotehnologiei, activisti si studenti islamici, presa, transporturi, institutii financiare si companii care dezvolta tehnologii de criptare. Grupul Equation utilizeaza o infrastructura complexa de comanda si control (C&C) care include peste 300 de domenii si peste 100 de servere. Serverele sunt gazduite in mai multe tari, printre care se numara: SUA, Marea Britanie, Italia, Germania, Olanda, Panama, Costa Rica, Malaesia, Columbia si Republica Ceha. In prezent, expertii Kaspersky Lab au preluat controlul asupra a catorva zeci de servere de comanda si control (C&C) din cele 300 descoperite. Pentru a infecta victimele, infractorii cibernetici utilizeaza un arsenal puternic de malware. Echipa GReAT a recuperat doua module care permit atacatorilor sa reprogrameze firmware-ul din hard disk-urile mai multor dezvoltatori cunoscuti. Acesta este probabil cel mai puternic instrument utilizat de grupul Equation, fiind primul malware care poate infecta hard disk-uri. Prin reprogramarea firmware-ului de pe HDD (rescrierea sistemului de operare intern al hard disk-ului), grupul Equation atinge doua obiective: Dobandirea de acces persistent, nefiind influentat de formatarea hard disk-ului sau de reinstalarea sistemului de operare. Daca malware-ul infecteaza firmware-ul, poate fi activ la infinit si poate preveni stergerea unui anumit segment al disk-ului sau il poate inlocui cu un segment periculos in timpul pornirii sistemului. „Atunci cand hard disk-ul este infectat cu acest malware, este imposibil ca aceasta infectie a firmware-ului sa fie identificata,” a declarat Costin Raiu, Director Global Research and Analysis Team din cadrul Kaspersky Lab. „Pe scurt, pentru cele mai multe hard disk-uri exista mecanisme care pot scrie in zona firmware-ului, dar nu exista mecanisme care le pot citi. Acest lucru inseamna ca suntem practic orbi si nu putem detecta hard disk-urile infectate cu acest malware,” a explicat Costin Raiu. Abilitatea de a dezvolta o zona invizibila pe hard disk, care sa fie utilizata pentru a stoca informatii confidentiale, pe care atacatorii le pot extrage ulterior. De asemenea, in anumite situatii, aceasta zona invizibila poate ajuta gruparea de atacatori sa captureze parola folosita de utilizator pentru criptareea HDD-ului. „Luand in considerare faptul ca implantul GrayFish este activ inca din momentul de boot al sistemului, infractorii cibernetici au posibilitatea sa intercepteze parola folosita pentru criptare si sa o salveze in aceasta zona invizibila,” a avertizat Costin Raiu. Pe langa acestea, atacatorii din gruparea Equation se evidentiaza prin utilizarea viermelui Fanny. Acesta are capabilitatea de a cartografia structura retelelor air-gapped, si anume deconectate de la internet, folosite de obicei in infrastructuri critice, cu scopul final de a le permite atacatorilor executia de comenzi pe aceste sisteme critice. Astfel, gruparea de atacatori utiliza un mecanism unic de control si comanda care le permitea sa faca schimb de date cu aceste retele izolate. In plus, atacatorii utilizau stick-uri USB infectate care aveau un segment invizibil pentru stocare, pentru a colecta informatii de baza despre sistem de la computerele care nu erau conectate la internet. Ulterior, datele erau trimise la sistemul de comanda si control atunci cand stick-ul USB era conectat la un computer infectat cu Fanny si cu acces la internet. In cazul in care atacatorii intentionau sa ruleze comenzi in retelele fara conexiune la internet, ei le puteau stoca in zona invizibila a stick-ului USB. In momentul in care stick-ul era conectat la computerul fara conexiune la internet, malware-ul Fanny recunostea comenzile respective si le executa. Mai mult, expertii Kaspersky Lab au descoperit informatii care indica faptul ca grupul Equation interactiona cu alte grupari periculoase, precum operatorii Stuxnet si Flame. Grupul Equation avea acces la exploit-urile de tip zero-day inainte ca acestea sa fie utilizate de Stuxnet si Flame si le impartasea cu alte grupuri de atacatori. De exemplu, in 2008, Fanny utiliza deja doua exploit-uri zero-day, integrate in Stuxnet abia in iunie 2009 si in martie 2010. Unul dintre aceste exploit-uri zero-day era de fapt un modul Flame care exploata aceeasi vulnerabilitate si care a fost preluat direct din platforma Flame pentru a fi integrat in Stuxnet. Expertii Kaspersky Lab au observat sapte exploit-uri utilizate de grupul Equation, dintre care cel putin patru au fost utilizate ca exploit-uri zero-day. In plus, expertii Kaspersky Lab au observat si utilizarea unor exploit-uri necunoscute, posibil de tip zero-day, folosite impotriva Firefox 17 folosit in Tor Browser Bundle. In timpul procesului de infectare, grupul putea utiliza pana la zece exploit-uri in lant. Totusi, expertii Kaspersky Lab au observat ca atacatorii nu folosesc de obicei mai mult de trei exploit-uri: daca primul nu are succes, atacatorii incearca al doilea si al treilea exploit. Daca toate esueaza, sistemul nu va mai fi infectat. Produsele Kaspersky Lab au detectat mai multe tentative de atac asupra utilizatorilor sai, iar multe dintre acestea au fost blocate cu succes de tehnologia Automatic Exploit Prevention care detecteaza si blocheaza exploatarea vulnerabilitatilor necunoscute in aplicatii software. Viermele Fanny, compilat in 2008, a fost detectat si inclus in baza de date Kaspersky Lab in decembrie 2008. Mai multe informatii despre grupul Equation puteti citi pe Securelist.com. -> Sursa: Expertii Kaspersky Lab au descoperit predecesorul programelor Stuxnet si Flame – cel mai periculos malware ca tehnici si instrumente utilizate
  13. A cyber mercenary group, codenamed Desert Falcons, has infected thousands of government departments and businesses with malware, according to Kaspersky Lab. The security firm revealed the campaign at its Security Analyst Summit, revealing that it has already detected 3,000 confirmed Desert Falcons infections on Android and Windows devices. Victims include military and government bodies, media outlets, financial firms, research institutions, political activists, energy companies and physical security providers in Egypt, Palestine, Israel and Jordan. "The Desert Falcons cyber criminals are native Arabic speakers, and it is believed to be the first known Arab group to develop and run a full cyber espionage operation," read the report. "Desert Falcons began its operations in 2011, with the first infections taking place in 2013. The group became very active in late 2014/early 2015." The group is believed to have around 30 members split into three teams, and focuses mainly on stealing political and military intelligence. Kaspersky estimated that the hackers managed to steal more than one million files and documents containing sensitive information before being discovered. Dmitry Bestuzhev, security expert at Kaspersky Lab's Great team, said the Desert Falcons target victims with tailored campaigns which include a prolonged period of surveillance. "The individuals behind this threat are highly determined, active and with good technical, political and cultural insight," he explained. "Using only phishing emails, social engineering and homemade tools and backdoors, Desert Falcons was able to infect hundreds of sensitive and important victims." The campaign used a variety of malware types, and is one of the first to attempt to spread malware using Facebook chat. "The attackers created authentic Facebook accounts and then interacted with chosen victims through common Facebook pages until they had gained their trust. Then they sent Trojan files in the chat hidden as an image or similar," read the paper. "The Desert Falcons depends on two different backdoors to spy on victims. Both are homemade and are under continuous development. We were able to identify and collect more than 100 malware samples used by the Desert Falcons." The selection of tools gives the hackers a variety of powers, including key-logging and the ability to upload and download files to command and control servers owned by the group. Other powers include the ability to view information on all the .doc and .xls files on the victim's hard disk or connected USB devices, steal passwords and record audio files using infected machines. Kaspersky has managed to identify some Desert Falcon members, but expects the group to continue operating. "We were able to track and identify the full profile of some of the attackers, including Facebook and Twitter accounts, private blogs and websites," read the paper. "[but] we expect their operations to carry on developing more trojans and using more advanced techniques." Desert Falcons was one of many high-profile threat campaigns revealed during Kaspersky's security conference. Kaspersky researchers reported on Tuesday that they had uncovered a widespread Equation attack infecting hard drive operating systems with malware. The team also reported a Carbanak campaign which is believed to have stolen over $1bn from financial institutions. Source
  14. Expertii Kaspersky Lab din cadrul echipei Global Research and Analysis Team (GReAT) monitorizeaza cu atentie, de ani de zile, peste 60 de grupuri de atacatori responsabile de multe dintre amenintarile cibernetice avansate la nivel global. Abia acum, insa, cercetatorii Kaspersky Lab pot confirma ca au descoperit o grupare mult mai evoluata decat tot ce a fost descoperit anterior – Equation Group, care este activa de aproape doua decenii. Incepand cu 2001, Equation Group a infectat mii sau zeci de mii de victime din peste 30 de tari la nivel global, vizand tinte din urmatoarele sectoare: institutii guvernamentale si diplomatice, telecomunicatii, industria aeronautica, energie, cercetare nucleara, industria de petrol si gaze, armata, industria nanotehnologiei, activisti si studenti islamici, presa, transporturi, institutii financiare si companii care dezvolta tehnologii de criptare. Grupul Equation utilizeaza o infrastructura complexa de comanda si control (C&C) care include peste 300 de domenii si peste 100 de servere. Serverele sunt gazduite in mai multe tari, printre care se numara: SUA, Marea Britanie, Italia, Germania, Olanda, Panama, Costa Rica, Malaesia, Columbia si Republica Ceha. In prezent, expertii Kaspersky Lab au preluat controlul asupra a catorva zeci de servere de comanda si control (C&C) din cele 300 descoperite, se arata intr-un comunicat de presa al Kaspersky Lab. Pentru a infecta victimele, infractorii cibernetici utilizeaza un arsenal puternic de malware. Echipa GReAT a recuperat doua module care permit atacatorilor sa reprogrameze firmware-ul din hard disk-urile mai multor dezvoltatori cunoscuti. Acesta este probabil cel mai puternic instrument utilizat de grupul Equation, fiind primul malware care poate infecta hard disk-uri. Potrivit specialistilor de la Kaspersky, prin reprogramarea firmware-ului de pe HDD, grupul Equation poate atinge doua obiective. Primul ar fi dobandirea de acces persistent, nefiind influentat de formatarea hard disk-ului sau de reinstalarea sistemului de operare. Al doilea obiectiv este abilitatea de a dezvolta o zona invizibila pe hard disk, care sa fie utilizata pentru a stoca informatii confidentiale, pe care atacatorii le pot extrage ulterior. Cititi mai mult pe SecureList.com Sursa: Hit.ro - Stiri IT, Jocuri, Gadgeturi, Download programe
  15. Hackers stole from 100 banks and rigged ATMs to spew cash Hackers have stolen approximately $1 billion in what could be one of the largest bank heists ever, according to a new report from the Internet security firm Kaspersky Lab. Kaspersky said Sunday it has uncovered how hackers surreptitiously installed spying software on bank computers, eventually learned how to mimic bank employee workflows and used the knowledge to make transfers into bank accounts they had created for this theft. More than 100 banks were hit, Kaspersky said, and based on the hackers' practice of stealing between $2.5 million and $10 million from each bank, it estimated "total financial losses could be as a high as $1 billion, making this by far the most successful criminal cyber campaign we have ever seen." Kaspersky did not name the banks but said they are institutions located in 25 countries, including the United States. It also said the "attacks remain active," and provided tips for bank officials to determine if their computers are vulnerable. The thieves were Russian, Ukranian, Chinese and European, Kaspersky said. The individual thefts involved no more than $10 million apiece. Related: Congress wants banks to admit they've been hacked Kaspersky called the malware "Carbanak" and said it provided the hackers the ability to watch bank employees conduct their business. "This allowed them to see and record everything that happened on the screens of staff who serviced the cash transfer systems," Kaspersky said. "In this way the fraudsters got to know every last detail of the bank clerks' work and were able to mimic staff activity in order to transfer money and cash out." After penetrating a bank's computer systems, the hackers lurked for "two to four months" before striking in one of several ways, like changing an account balance, then transferring the excess funds into their own accounts. They also spewed cash out of ATMs when "one of the gang's henchmen was waiting beside the machine" to collect the money. An industry cybersecurity group has "disseminated intelligence on this attack to the members," according to The New York Times, which first covered the report. The Financial Services Information Sharing and Analysis Center told the Times that "some briefings were also provided by law enforcement entities." Hackers stole from 100 banks and rigged ATMs to spew cash - Feb. 15, 2015
  16. Cresterea recenta a numarului de utilizatori de dispozitive Apple a determinat infractorii cibernetici sa acorde mai multa atentie sistemelor de operare OS X si iOS, utilizatorii riscand sa-si piarda datele confidentiale si banii. Rezultatele unui studiu Kaspersky Lab, realizat in colaborare cu B2B International, arata ca unul din patru utilizatori de desktop-uri Mac a fost vizat de un program malware in ultimul an. Studiul indica si ca 21% dintre aceste atacuri cibernetice au cauzat pierderi financiare, incluzand costurile achizitionarii de software nou pentru a restabili sistemul sau costurile pentru specialistii IT angajati sa dezinfecteze dispozitivul. Wirelurker, un troian recent descoperit este un exemplu de malware dezvoltat special pentru a ataca utilizatorii Apple. In cele sase luni anterioare detectarii, malware-ul a fost descarcat de peste 356.000 de ori dintr-un magazin de aplicatii alternativ, infectand, astfel, un numar semnificativ de computere. Wirelurker este unic datorita faptului ca exploata vulnerabilitati necunoscute pentru a infecta toate dispozitivele Apple iOS conectate la computerul compromis. Troianul putea infecta si dispozitivele care nu erau „jail-broken” dar care puteau descarca aplicatii din terte surse. Astfel, utilizatorii de OS X, un sistem de operare considerat sigur, au infectat dispozitivele care rulau iOS, un alt sistem de operare considerat sigur. Totusi, virusii si alte tipuri de malware nu sunt singurele amenintari care vizeaza dispozitivele Mac. Atacurile impotriva retelelor si fraudele online nu necesita instalarea unui software periculos pe dispozitivul victimei. Atacurile de tip phishing se incadreaza, de asemenea, in aceasta categorie. Procentul utilizatorilor de OS X care s-au confruntat cu amenintari financiare este mai mare decat procentul atacurilor care au vizat numarul total de utilizatori. 51% dintre utilizatorii de computere care rulau OS X au afirmat ca s-au confruntat cu amenintari cibernetice financiare in ultimul an, comparativ cu un procent de 43% de utilizatori in general. Aceste statistici sunt preluate din platforma Kaspersky Security Network si includ detectiile effectuate de produsele Kaspersky Lab din noiembrie 2013 pana in octombrie 2014. Astfel, potrivit acestor date, din numarul total de atacuri in alte sisteme de operare, procentul phishing-ului financiar a fost de 26%. Utilizatorii de OS X trebuie sa fie atenti si la vulnerabilitatile din software-urile instalate pe dispozitivele lor. De exemplu, vulnerabilitatea ShellShock anuntata in septembrie 2014 permite unui infractor cibernetic sa execute orice cod pe un computer, inclusiv un cod periculos. In cazul in care infractorii cibernetici descopera aceste brese de securitate inainte ca producatorul sa poata repara vulnerabilitatea, acestia pot profita de situatie pentru a-si atinge scopurile. Cu alte cuvinte, niciun sistem nu poate fi considerat in totalitate protejat impotriva amenintarilor cibernetice; instrumente aditionale sunt necesare pentru a asigura securitatea online. Kaspersky Internet Security for Mac, integrat in Kaspersky Internet Security – multi device 2015 protejeaza eficient impotriva malware-ului, blocheaza atacurile de retea si tentativele de phishing. Despre Kaspersky Lab: Kaspersky Lab este cel mai mare producator privat de solutii de securitate endpoint din lume, fiind inclus in topul primilor patru producatori de solu?ii pentru protectie endpoint la nivel mondial*. Pe parcursul celor 17 ani de existenta, Kaspersky Lab a ramas o companie inovatoare in domeniul securitatii informatice si ofera suite de protectie IT pentru utilizatori individuali, SMB ?i companii mari. Compania este prezenta in aproximativ 200 de tari si protejeaza peste 400 de milioane de utilizatori din intreaga lume. Pentru mai multe informatii, vizitati Kaspersky Lab: Antivirus software. *Compania a fost pozi?ionata pe locul patru in clasamentul IDC „Worldwide Endpoint Security Revenue by Vendor, 2010”. Clasamentul a fost publicat in raportul IDC „Worldwide IT Security Products 2013-2017 Forecast and 2012 Vendor Shares (IDC #242618, August 2013). Criteriile de clasificare s-au bazat pe veniturile obtinute din vanzarile de solutii de securitate endpoint in 2012. -> Sursa: http://www.faravirusi.com/2015/01/12/infractorii-cibernetici-ataca-utilizatorii-de-mac/
  17. Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique The cyber Security Analyst 'Ebrahim Hegazy' (@Zigoo0) Consultant at Q-CERT has found an "Unvalidated Redirection Vulnerability" in the website of the giant security solutions vendor "Kaspersky". Ebrahim, who found a SQL Injection in "Avira" website last month, this time he found a Unvalidated Redirection Vulnerability that could be exploited for various purposes such as: Cloned websites (Phishing pages) It could also be used by Black Hats for Malware spreading In the specific case what is very striking is that the link usable for the attacks is originated by a security firm like Kaspersky with serious consequences. Would you trust a link from your security vendor? Absolutely Yes! But imagine your security vendor is asking you to download a malware! To explain how dangerous the situation is when your security vendor is vulnerable, Ebrahim Hegazy sent me a video explaining the malware spreading scenario to simulate a Black Hat's exploiting Unvalidated Redirection Vulnerability in Kaspersky website to serve a malware. explained Ebrahim Hegazy.After the researcher reported the vulnerability to Kaspersky team, it took about 2 months to fix the vulnerability, it is really a long time considering that if a hacker had found this flaw before Hagazy he could spread links using Kaspersky.com. The consequences of unfixing of such vulnerability are critical Wide infection - since the redirection is coming from a trusted source especially if the attacker registered a domain name similar to Kaspersky.com Very bad reputation for Kaspersky company. Your most trusted resource "Your Antivirus" will be your worst enemy! Would you trust anything else! And many other consequences. The vulnerability was reported to Kaspersky web-team and is now fixed. Via: Hacker reported vulnerability in Kaspersky website; Demonstrated malware spreading technique - The Hacker News
×
×
  • Create New...