Business

636 articles

A ransomware attack through an IP camera

Fending off ransomware attacks that exploit corporate IoT devices.

New requirements for password strength and storage

Password standards: 2024 requirements

Discontinuing mandatory password rotations, banning outdated MFA methods, and other updates in the NIST SP 800-63 standards for digital account authentication and management.

Which cybersecurity processes can be effectively automated with AI?

AI in cybersecurity automation

AI has dozens of applications in cybersecurity. Which ones are the most effective?

Kaspersky Expertise Centers

Today we talk about our five main centers of expertise and their contribution to Kaspersky’s products, threat intelligence and expert cybersecurity services.

Kaspersky AI Technology Research Center: who we are and what we do

Our developments, products, research, patents and expert teams harnessed for AI.

Phishing-as-a-Service through Telegram bot

Automated phishing

Telegram bot sells subscriptions to phishing tools to hack Microsoft 365 accounts, including 2FA bypass.

Comparing From and Reply To headers boosts detection of BEC and spear phishing.

Why compare From and Reply-To?

A simple technology that significantly improves email protection.

A safe process for updating cybersecurity products

How to minimize software update risks

Today we tell you about our practices for releasing new products, and also updating existing releases, which reduce the risk of large-scale incidents.

A shield of trust

Managing cybersecurity risks through an evidence-based approach.

Impact of Microsoft Copilot+ Recall and Apple Intelligence on organizational cybersecurity

How to prepare corporate cybersecurity for all-seeing AI assistants

Although Microsoft has radically revised the rollout plan for its controversial Recall feature, cybersecurity teams can’t afford to ignore the issue of “AI onlookers.

Global outage of Microsoft clients due to CrowdStrike update

Global outage due to Friday’s release of CrowdStrike

The story of how CrowdStrike released an update on a Friday and brought down thousands, tens of thousands, or maybe even hundreds of thousands of computers around the world.

Zero-day vulnerability in Internet Explorer

A zero-day vulnerability actively exploited by attackers has been discovered in Internet Explorer — the browser that Microsoft supposedly laid to rest over a year ago.

Pseudo-exploit for CVE-2024-6387 aka regreSSHion

Attack on cybersecurity researchers: pseudo-exploit for regreSSHion

Someone is targeting security experts using an archive that allegedly contains an exploit for the regreSSHion vulnerability.

Why you need to remove the Polyfill.io script from your website

Remove Polyfill.io from your website

The JavaScript CDN service Polyfill.io has started spreading malicious code. Remove the service’s script from your website.

CVE-2024-6387 aka regreSSHion – root cause, risks, mitigation

regreSSHion vulnerability in OpenSSH

A new vulnerability allows remote attackers to gain root privileges on Linux servers. How easy is it for CVE-2024-6387 to be exploited – and how to prevent it

Hijacking GitHub accounts using phishing emails

Phishing on GitHub through job offers to… developers

Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.

24 vulnerabilities of ZKTeco biometric terminals, and how to implement biometrics safely

Hidden dangers of biometric authentication devices

Based on our analysis of ZKTeco vulnerabilities, we dissect the risks associated with biometric authentication.

How ShrinkLocker ransomware leverages BitLocker

ShrinkLocker ransomware employing BitLocker for encryption

Our experts have discovered ransomware they’ve dubbed “ShrinkLocker”, which encrypts infected computers’ drives using BitLocker — a utility built into Windows.