Business

We discuss the recently discovered Nearest Neighbor attack method, which enables attackers to compromise a Wi-Fi network from the other side of the world.

What IT and cybersecurity leaders need to know about implementing network detection and response.

Detection of tactics involving malicious DLL registration and other Kaspersky SIEM improvements in Q4 2024.

The patch that fixes CVE-2024-49040 in Microsoft Exchange is temporarily unavailable. We’ve implemented heuristics that detect attempts to exploit it.

Malicious packages for AI integration containing infostealer malware were found in the Python Package Index repository.

A vulnerability that permits bypassing authentication has been found in a popular security hardening plugin for WordPress.

Exploitation of vulnerability CVE-2024-43451 allows an attacker to steal an NTLMv2 hash with minimal interaction from the victim.

Analyzing incidents and drawing lessons from them should be an integral part of the incident response process. This can help improve the overall security level of a company.

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

Rules for detecting atypical behavior in container infrastructure at the data collection stage, and other updates to our SIEM system.

Hackers continue to target developers: during a fake job interview, they ask “potential employees” to run a script from GitHub that hides a backdoor.

We share our experience on the optimal use of AI models in the SOC of our Kaspersky MDR service.

AI has dozens of applications in cybersecurity. Which ones are the most effective?

Phishers have adopted another trick: they send emails pretending to be from Docusign with a fake link to a document that the recipient must sign.

Why international standards are important, and how Kaspersky contributes to IoT standardization.

Why cybersecurity in education is critical, and how to protect schools from attacks.

We explore the root causes of the talent crisis in the cybersecurity industry and look for possible solutions.

This phishing campaign incorporates ghost spoofing, embedded text in images, a PDF file, a QR code, DocuSign imitation, and Cloudflare verification — yet it still completely misses the mark.

Our developments, products, research, patents and expert teams harnessed for AI.

An Office 365 security alert as bait in a phishing email.

Where and why quantum-resistant cryptography has already been implemented, and what compatibility issues it caused.