Security News

The VHD ransomware family that emerged earlier this year is the work of North Korea-linked threat actor Lazarus, Kaspersky's security researchers reveal. Several malware families have been attributed to Lazarus over the past several months, including new Mac malware families and the cross-platform malware framework MATA. Now, Kaspersky reveals that the threat actor is also operating the VHD ransomware, which has been observed in two campaigns in March and May 2020.

Kaspersky this week released a threat intelligence solution designed to help with the attribution of malware samples to known advanced persistent threat groups. The new Kaspersky Threat Attribution Engine, a commercial product available globally, uses a proprietary method to match malicious code against a malware database and link it to APT groups or campaigns based on code similarities.

A new report from Kaspersky shows that employers are failing to prepare their workers for any and all cybersecurity risks present when handling enterprise business at home. In the report, 73% of the 6,000 employees who spoke with Kaspersky researchers said they have "Have not yet received any specific cybersecurity awareness guidance or training from their employer." SEE: Security Awareness and Training policy.

Kaspersky has teamed up with SecurityWeek to offer a virtual edition of the high-profile Security Analyst Summit. Kaspersky has rescheduled its in-person Security Analyst Summit for November 18-21, when the conference will take place in Barcelona, Spain, if the current coronavirus pandemic is contained.

Kaspersky has announced a free training module to help remote teams make more informed cybersecurity decisions. To further complicate matters, there is often a steep learning curve for teams with little to no experience working remotely prior to this outbreak.

Financial phishing has increased in frequency and accounted for more than half of all phishing detections last year, Kaspersky says. Last year, financial phishing accounted for 51.4% of all phishing detections, an increase from the 44.7% share it saw during the previous year.

Kaspersky has detailed its takedown of a massive so-called watering-hole attack appearing to target certain folks in China, in the top story in The Reg's infosec roundup that looks at issues of the past week beyond our own detailed coverage. "We were not able to witness any live attacks and thus could not determine the operational target. However, this campaign once again demonstrates why online privacy needs to be actively protected," said Kaspersky researcher Ivan Kwiatkowski.

Vulnerabilities discovered in Kaspersky Secure Connection, Trend Micro Maximum Security, and Autodesk Desktop Application could be exploited for DLL preloading, code execution, and privilege...

The issues have been patched or solved but researchers say they represent a worrying step in how attackers can manipulate trusted security systems.

Kaspersky has patched several vulnerabilities affecting the web protection features present in its Anti-Virus, Internet Security, Total Security, Free Anti-Virus, Security Cloud, and Small Office...