Vasily Berdnikov

Oct 31, 2024 | securelist.com | Vladislav Tushkanov |Boris Larin |Vasily Berdnikov |Anna Pavlovskaya

One topic being actively researched in connection with the breakout of LLMs is capability uplift – when employees with limited experience or resources in some area become able to perform at a much higher level thanks to LLM technology. This is especially important in information security, where cyberattacks are becoming increasingly cost-effective and larger-scale, causing headaches for security teams. Among other tools, attackers use LLMs to generate content for fake websites.

Oct 22, 2024 | securelist.com | Igor Kuznetsov |Boris Larin |Giampaolo Dedola |Vasily Berdnikov

Grandoreiro is a well-known Brazilian banking trojan — part of the Tetrade umbrella — that enables threat actors to perform fraudulent banking operations by using the victim’s computer to bypass the security measures of banking institutions. It’s been active since at least 2016 and is now one of the most widespread banking trojans globally.

May 16, 2024 | knowtechie.com | Vasily Berdnikov |Kevin Raposo

Google has been having quite a week because it just patched its third zero-day vulnerability in Chrome within seven days. The latest culprit? CVE-2024-4947. If you think that sounds technical, you’re right, but stick with me. This affects almost everyone using the internet, so it’s worth unpackingTL;DR Version: CVE-2024-4947 is a zero-day vulnerability in Chrome that’s being actively exploited. This makes it the third vulnerability that has been fixed in Chrome within the past week.

Apr 13, 2023 | securelist.com | Kaspersky Security |Olga Svistunova |Georgy Kucherin |Vasily Berdnikov

IntroductionAlthough ransomware is still a hot topic on which we will keep on publishing, we also investigate and publish about other threats. Recently we explored the topic of infection methods, including malvertising and malicious downloads. In this blog post, we provide excerpts from the recent reports that focus on uncommon infection methods and describe the associated malware. For questions or more information on our crimeware reporting service, please contact [email protected].

Apr 12, 2023 | securelist.com | Seongsu Park |Olga Svistunova |Georgy Kucherin |Vasily Berdnikov

The Lazarus group is a high-profile Korean-speaking threat actor with multiple sub-campaigns. We have previously published information about the connections of each cluster of this group. In this blog, we’ll focus on an active cluster that we dubbed DeathNote because the malware responsible for downloading additional payloads is named Dn.dll or Dn64.dll. This threat is also known as Operation DreamJob or NukeSped.