Francesco Figurelli

Sep 8, 2023 | securelist.com | Igor Golovin |Eduardo Ovalle |Francesco Figurelli |Tatyana Machneva

A while ago we discovered a bunch of Telegram mods on Google Play with descriptions in traditional Chinese, simplified Chinese and Uighur. The vendor says these are the fastest apps which use a distributed network of data processing centers around the world. What can possibly be wrong with a Telegram mod duly tested by Google Play and available through the official store?

Aug 25, 2023 | securelist.com | Eduardo Ovalle |Francesco Figurelli |Tatyana Machneva |Olga Svistunova

Lockbit is one of the most prevalent ransomware strains. It comes with an affiliate ransomware-as-a-service (RaaS) program offering up to 80% of the ransom demand to participants, and includes a bug bounty program for those who detect and report vulnerabilities that allow files to be decrypted without paying the ransom. According to the Lockbit owners, the namesake cybercriminal group, there have been bounty payments of up to 50 thousand dollars.

Aug 14, 2023 | securelist.com | Olga Svistunova |Alexander Rodchenko |Francesco Figurelli |Eduardo Ovalle

Phishers want their fake pages to cost minimum effort but generate as much income as possible, so they eagerly use various tools and techniques to evade detection, and save time and money. Examples include automation with phishing kits or Telegram bots. Another tactic, popular with scammers big and small, phishers included, is hacking websites and placing malicious content on those, rather than registering new domains.

Jul 19, 2023 | securelist.com | Georgy Kucherin |Leonid Bezvershenko |Francesco Figurelli |Eduardo Ovalle

On March 14, 2023, Microsoft published a blogpost describing an Outlook Client Elevation of Privilege Vulnerability (CVSS: 9.8 CRITICAL). The publication generated a lot of activity among white, grey and black hat researchers, as well as lots of publications and tweets about the vulnerability and its exploitation. Below, we will highlight the key points and then focus on the initial use of this vulnerability by attackers before it became public.

Jun 7, 2023 | securelist.com | David Emm |Alexander Rodchenko |Francesco Figurelli |Eduardo Ovalle

IT threat evolution in Q1 2023IT threat evolution in Q1 2023. Non-mobile statisticsIT threat evolution in Q1 2023. Mobile statisticsTargeted attacksAt the close of 2022, we reported the recent activities of BlueNoroff, a financially motivated threat actor known for stealing cryptocurrency. The threat actor typically exploits Word documents, using shortcut files for the initial intrusion. However, recently the group has adopted new methods to deliver its malware.