Kaspersky

We’re excited to announce the opening of our latest Transparency Center in Bogotá, Colombia, strengthening our commitment to trust and transparency in Latin America! As part of our Global Transparency Initiative (GTI), this center offers an inside look at our transparency practices and source code reviews, giving partners and customers confidence in our solutions. Since 2017, the GTI has been at the core of our efforts to enhance trust and mitigate supply chain risks by opening the “black box” of cybersecurity technology for verification. More information ⇒ https://kas.pr/h27j #Cybersecurity #Transparency

👮♀️ Financially Motivated Cyberattacks: What to Expect in 2025? Our experts tracking crimeware trends are ready to predict what defenders will face in the coming year. A full review of 2024 results and predictions is available on Securelist (https://lnkd.in/d5cnvFYG),,) but here are the most interesting trends: 🔅 Open APIs and CDBCs The digitization of finance driven by central banks continues, creating a new attractive target for major cyberattacks. Central Bank Digital Currencies (CDBCs) and open banking are being piloted in many countries, simultaneously creating a massive attack surface on new and insufficiently studied APIs. 🍏 Rise in Mobile Threats While banking malware for Windows is stagnating, the number of mobile threats has doubled over the past year. This trend is expected to continue into 2025. 💎 Chinese Underground Export Financially motivated groups from China are starting to show interest in Europe and Latin America. Currently, this is manifested in Android trojans and phishing schemes aimed at credit card fraud, but more sophisticated schemes are also emerging. 👮♀️ New Ransomware Tricks Attempts to cause more harm to victims and increase the cost of recovery continue. Experiments with data "poisoning" within infrastructure, which is harder to detect and fix, are expected. There will also be more pressure focusing on regulatory consequences for the victim. 📌 Half a dozen more trends await you on Securelist: https://lnkd.in/d5cnvFYG #statistics #KSB #threat #cybercrime

Kaspersky Security Center takes the complexity out of IT security administration and systems management. Learn more with our comprehensive Q&As for Security Center: https://kas.pr/o9ur #Kaspersky #KasperskySecurityCenter #Cybersecurity

What role should artificial intelligence (AI) play in classrooms? Our expert-led free training dives into the ethical and practical side of AI for educators and parents. Hurry up! Limited seats left: https://lnkd.in/d_UYsp_w #EdTech #Cybersecurity

Act like a grandmaster and outsmart every threat. Trusted Threat Intelligence, precisely tailored to your threat landscape. From geography and industry to specific threat types, actors, IoCs, TTPs, software, and more, we provide the insights you need to stay ahead of evolving threats. Learn more and request a demo here: https://kas.pr/xsp1

We’re thrilled to announce that IRO HERVE MONDOUHO, CISSP, a valued member of our team, has been named among the Top 100 Cybersecurity Experts Driving Change in Africa—a prestigious list created by Ciberobs - Make Africa Safe. This recognition celebrates experts who are making a meaningful impact in cybersecurity across the continent through their skill, dedication, and proactive efforts. By strengthening Africa’s digital resilience, they’re shaping a more secure future for us all. We couldn’t be prouder to see one of our own honored for his hard work and steadfast commitment. Together, we’re building a safer digital world.

💻 November Patch Tuesday: Aiming for a Record? The latest Microsoft update addresses 92 vulnerabilities, including two being actively exploited and four disclosed before patches were available. Four vulnerabilities are classified as critical. Among these, 52 led to Remote Code Execution (RCE), 26 to privilege escalation, one to information disclosure, alongside four DoS and two security feature bypasses. This year, Redmond has released nearly 950 security updates, suggesting that after the December update, the year might set a record for the number of identified and fixed vulnerabilities. Currently exploited in the wild are: CVE-2024-43451 (CVSS 6.5) — another issue stemming from never dying Internet Explorer, involving NTLMv2 hash leakage via the MSHTML component. Minimal user interaction is required – one can select or right-click a file to trigger an exploit. https://lnkd.in/eWeGJz2d CVE-2024-49039 (CVSS 8.8) — an escape from AppContainer, escalating privileges to Medium integrity. https://lnkd.in/emB4YpuM Details on who and how exploited these vulnerabilities remain unknown, but the second one was identified by several research groups, including Google TAG, suggesting relatively widespread use by major APTs. CVEs disclosed before patches were available: CVE-2024-49019 (CVSS 7.8) — an Elevation of Privilege in Active Directory Certificate Service, also known as EKUwu (https://lnkd.in/dbM7h5QD)..) CVE-2024-49040 (CVSS 7.5) — spoofing in MS Exchange. Emails with a non-standard P2 FROM header may display a forged sender address. Microsoft anticipates imminent exploitation and recommends additional configuration changes to protect users. https://lnkd.in/ddhbCiGk However, ZDI also considers two more CVEs from the update as public with PoC: A critical RCE in .NET and VSCode (CVE-2024-43498, CVSS 9.8) and an RCE in OpenSSL (CVE-2024-5535, CVSS 9.2). https://lnkd.in/euVw5auR https://lnkd.in/eah4n-gf Among the vulnerabilities that were not public before patching, CVE-2024-43639, an RCE in Kerberos with an eyebrow-raising CVSS of 9.8, is particularly concerning—all Windows Servers are affected, the code executes with high privileges, and the attacker doesn't even need to be authenticated. However, Redmond claims that exploitation is less likely. https://lnkd.in/eMD4daxx #news #Microsoft #patchtuesday #vulnerability

Enjoy features like automated response and event chain detection. Discover Kaspersky Anti Targeted Attack ⇒ https://kas.pr/4q4b

Cyber defense & AI: Are you ready to protect your organization? Learn more here ⇒ https://kas.pr/9e4z #AI #Cybersecurity

Now until the end of the year, enjoy a 30% discount on our #IncidentResponse retainer when paired with Kaspersky MDR. Secure your business with expert support. Leave an online request today! ⇒ https://kas.pr/55sj #Cybersecurity #InfoSec #EnterpriseSecurity