vulnerabilitiesLogoFAIL attack: using image files to attack computers
A serious vulnerability in UEFI firmware relevant to a large number of modern computers, and even servers.
Business
1278 articles
scamHacked hotel accounts on Booking.com
Attackers are hijacking hotel accounts on Booking.com, and stealing their clients’ banking data through its internal messaging system.
fingerprintHow reliable is biometric security on laptops?
Researchers used a hardware hack to bypass Windows Hello biometric authentication on three different devices. Can you trust this login method?
Money for Nothing
During the pre-holiday period, attackers are sending invoices to companies for the delivery of non-existent documents.
How cybercriminals disguise URLs
Methods used by attackers to redirect victims to malicious and phishing sites from seemingly safe URLs.
RATRemcos RAT via Discord
Cybercriminals send the Remcos remote-access trojan under the guise of letters from a new client.
WordPress security issues
Typical security issues of WordPress, and how they can be addressed to protect your website or online store from cybercriminals.
Outdated Cisco equipment under threat from firmware
Espionage operations to hack corporate routers are now commonplace — and all organizations need to be aware of this.
Reptar: a vulnerability in Intel processors
How a recently discovered bug in Intel processors threatens cloud providers.
extensionsMalware that steals Facebook accounts
How attackers use infected archives and malicious browser extensions to steal Facebook Business accounts.
What is a compromise assessment service?
SOC Experts Victor Sergeev and Ahmed Khlief demonstrate the differences between compromise assessment, incident response, penetration testing, and MDR.
How “zero-clicks” work, and how to defend against them
We discuss what zero-click attacks are, why they’re dangerous, and how to protect your company from them.
Four ways to lock your screen on Windows and macOS
Four handy ways to lock your screen on Windows and macOS.
strategyThe top-10 mistakes made when configuring enterprise IT systems
Mistakes commonly found in almost every large organization. What should the inforsec team look out for, and what protective measures should they take?
Myths and reality regarding Cyber Immune technologies
We explore some common misconceptions about the development and application of Cyber Immune products based on KasperskyOS.
Security Analyst Summit 2023: key research
Four major studies presented by our experts at the SAS 2023 international conference.
A good reason to update Confluence
It’s time to update Confluence Data Center and Confluence Server: they contain a serious vulnerability that allows unauthorized creation of administrator accounts.
Side Eye: eavesdropping using a smartphone’s video camera
How and why did American researchers try to extract sound from a video signal, and was it worth it?
Container security from A to Z
We take an in-depth look at securing and configuring containerization systems.
passwordsA how-not-to guide to password policies
Examples of password policies that will have users tearing their hair out — and why you shouldn’t employ them.
Kaspersky calls for ethical use of AI in cybersecurity
We propose six principles of ethical use of AI in the cybersecurity industry — to be presented at the global Internet Governance Forum.