Kaspersky ICS CERT has identified a series of attacks targeting, among others, organizations in various industrial sectors. Victims include suppliers of equipment and software for industrial enterprises.

EXECUTIVE SUMMARY The RagnarLocker ransomware first appeared in the wild at the end of December 2019 as part of a... The post RagnarLocker Ransomware Threatens to Release Confidential Information...

There are number of ways scammers use to target personal information and, currently, one example is, they are taking advantage... The post OneDrive Phishing Awareness appeared first on McAfee Blog.

Kent and Jordan are back to continue their journey to make the world a better place. This time around, they will be reviewing a series of tools commonly used on […] The post Webcast: A Blue Team’s...

Intro The last few months I’ve been studying Chrome’s v8 internals and exploits with the focus of finding a type confusion bug. The good news is that I found one, so the fuzzing and analysis...

Vulnerabilities that can lead to unsanctioned account access or remote code execution.

Kaspersky ICS CERT has discovered vulnerabilities that may allow threat actors to modify configuration files, execute arbitrary code remotely or access user passwords.

On May 28, 2020, the NSA released a cybersecurity advisory on Russian APT group Sandworm exploiting CVE-2019-10149, a vulnerability in Exim Mail Transfer Agent (MTA) software. An unauthenticated...

Intro Last year I wrote how to weaponize CVE-2018-19204. This blog post will continue and elaborate on the finding and analysis of two additional vulnerabilities that were discovered during the...

Victims included a railway stock manufacturer, an electric utility company and a steel producer. One incident brought operations to a halt

Missing Authentication in Emerson OpenEnterprise SCADA versions before 3.3.4 might lead to arbitrary code execution. The affected components may allow an attacker to run an arbitrary commands with...

Inadequate Encryption Strength in Emerson OpenEnterprise SCADA versions before 3.3.4.

Improper Ownership Management in Emerson OpenEnterprise SCADA versions before 3.3.4.

Introduction This blog describes how McAfee ATP (Adaptive Threat Protection) rules are used within McAfee Endpoint Security products. It will... The post How To Use McAfee ATP to Protect Against...

As part of our preparations for our upcoming RingZer0 “Q Division” Training, I have been working on making a software image for the FriendlyArm NanoPi R1S Single Board Computer (SBC) that we’ll be...

Ransomware protection and incident response is a constant battle for IT, security engineers and analysts under normal circumstances, but with... The post ENS 10.7 Rolls Back the Curtain on...

The COVID-19 pandemic has prompted many companies to enable their employees to work remotely and, in a large number of... The post Cybercriminals Actively Exploiting RDP to Target Remote...

Special thanks to Prajwala Rao, Oliver Devane, Shannon Cole, Ankit Goel and members of Malware Research for their contribution and... The post COVID-19 – Malware Makes Hay During a Pandemic...

PrefaceHey there! After quite some time the second part will be finally published :) !Sorry for the delay, real life can be overwhelming..Last time I have introduced this series by covering Data...

NCSC technical paper about the privacy and security design of the NHS contact tracing app developed to help slow the spread of coronavirus.

Co-authored by Marc RiveroLopez. In collaboration with Northwave As we highlighted previously across two blogs, targeted ransomware attacks have increased... The post Tales From the Trenches; a...

Do security issues associated with working remotely affect critical infrastructure enterprises? Should organizations take additional protective measures? A view of regulators in the area of...

The vulnerabilities could allow attackers to remotely compromise hosts, cause denial-of-service conditions or elevate their privileges

Israeli authorities have warned of possible attacks on SCADA systems of wastewater treatment, water pumping and sewerage facilities

The attackers use PoetRAT, a new RAT Trojan distributed via Microsoft Word documents

On the 27th of April 2020 SensePost created a CTF challenge (https://challenge.sensepost.com) for the public. The names of those who managed to capture flags would be placed in a draw for a seat...

The statistical data presented in the report was received from ICS computers protected by Kaspersky products that Kaspersky ICS CERT categorizes as part of the industrial infrastructure at organizations.

This section presents an overview of threats related to ransomware activity against municipal institutions, industrial enterprises and critical infrastructure facilities.

Overview of APT attacks on industrial enterprises information on which was published in 2019.

The analysis of vulnerabilities was performed based on vendor advisories, publicly available information from open vulnerability databases (US ICS-CERT, CVE, Siemens Product CERT), as well as the...