Tag: hack

  • An increased number of Linux and Windows users are encountering exploits: Kaspersky report

    An increased number of Linux and Windows users are encountering exploits: Kaspersky report

    A hacker in a hooded sweatshirt monitoring computer screens, while a woman looks shocked at a laptop displaying a 'System HACKED' warning.

    New Kaspersky data has shown that more Windows and Linux users faced vulnerability exploits in the first half of 2025 compared to 2024.

    The total number of vulnerabilities registered in the first half of 2025, according to cve.org, also increased compared to previous periods, with аttackers actively using exploits as a tool to access user systems.

    An exploit is a type of malware that is designed to take advantage of an existing bug or vulnerability in an application or operating system to gain unauthorized access to systems. Kaspersky research shows that the share of exploits targeting critical vulnerabilities in operating systems reached 64% in Q2 2025 (up from 48% in Q1 2025), with third-party apps (29%) and browsers (7%) following.

    The number of Linux users encountering exploits shows an upward trend in 2025 compared to 2024. Specifically, in Q2 2025 the number of such users was over 50 points higher than in Q2 2024, and the Q1 2025 figure was almost 2 times higher than the same period of 2024.

    The number of Windows users who encountered exploits also showed an upward trend for Q1 and Q2 2025: There was a 25 point growth in Q1 2025 compared to Q1 2024 and an 8 point growth in Q2 2025 compared to Q2 2024.

    Among the vulnerabilities used in advanced attacks (Advanced Persistent Threat, APT) are both new 0-days and vulnerabilities that had been known before. Most often, these are tools for accessing the system and escalating privileges. More detailed information is available in the report on Securelist.

    “Attackers increasingly use methods to escalate privileges and exploit weaknesses in digital systems. As the number of vulnerabilities continues to grow, it is very important to constantly prioritize patching known vulnerabilities and use software that can mitigate post-exploitation actions. CISOs should counter the consequences of exploitation by searching for and neutralizing command and control implants that can be used by attackers on a compromised system,” says Alexander Kolesnikov, a security expert at Kaspersky.

    According to cve.org, both the number of critical vulnerabilities and the overall number of registered CVEs (Common Vulnerabilities and Exposures) surged in the first half of 2025.

    At the beginning of 2024 there were around 2600 CVEs registered monthly, with the number increasing throughout the year. In comparison, 2025 has already seen over 4000 CVEs registered monthly.

    To stay secure in this shifting threat landscape, Kaspersky advises organizations to:

    • Investigate vulnerability exploits exclusively within secure virtual environments.
    • Ensure 24/7 monitoring of infrastructure, with a focus on perimeter defenses.
    • Maintain a robust patch management process by promptly installing security updates. To set up and automate this, use Vulnerability Assessment and Patch Management and Kaspersky Vulnerability Data Feed.
    • Deploy reliable solutions to detect and block malicious software on corporate devices, alongside comprehensive tools that include incident response scenarios, employee training programs, and an up-to-date cyberthreat database.

    About Kaspersky
    Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe.

    The company’s comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and nearly 200,000 corporate clients protect what matters most to them. Learn more at http://www.kaspersky.com.

  • What You Need to Know About the Hack That Exposed North Korea’s Kimsuky Spying Operation

    What You Need to Know About the Hack That Exposed North Korea’s Kimsuky Spying Operation

    A split image featuring a serious-looking man in a suit seated at a desk on the left, and a hooded figure wearing a mask and pointing towards a laptop on the right, symbolizing the contrast between political figures and hackers.

    1. Who got hacked?
    Two hackers known as Saber and cyb0rg say they compromised the computer of a North Korean government hacker linked to the Kimsuky espionage group.

    2. What is Kimsuky?
    Kimsuky, also known as APT43 and Thallium, is an advanced persistent threat group believed to be part of North Korea’s intelligence operations. It is known for targeting journalists, government agencies, and foreign organizations.

    3. What did the hackers find?
    The breach yielded almost 9 GB of data, including phishing logs, hacking tools, internal manuals, stolen credentials, and source code.

    4. Which targets were affected?
    The data included logs of phishing campaigns against South Korea’s Defense Counterintelligence Command and major online platforms such as Kakao, Naver, and Daum.

    5. Any sensitive government data?
    Yes. The leak exposed the full source code of South Korea’s “Kebi” email platform used by its Ministry of Foreign Affairs, along with admin and archive modules.

    6. What tools were in the leak?
    The files contained phishing-site toolkits, Cobalt Strike loaders, reverse shells, proxy modules, and other malicious binaries used for cyber-espionage.

    7. How was the hacker identified?
    Saber and cyb0rg said they matched artifacts, file configurations, and domains to known Kimsuky infrastructure, confirming the operator’s identity.

    8. Any clues about work habits?
    They noted the hacker kept strict office hours, logging on at 9 a.m. and off at 5 p.m. Pyongyang time.

    9. Why is this significant?
    This is a rare instance where an individual member of a North Korean APT group was compromised, offering a direct view into its operations instead of relying on second-hand evidence.

    10. Could this disrupt Kimsuky?
    Cybersecurity experts believe the leak could temporarily hamper the group’s activities while giving researchers valuable insight into its methods and partnerships, including possible collaboration with Chinese hackers.

  • Oops, We Did It Again: Tech Behemoth Ingram Micro Bows to the Ransomware Gods (and So Do You)

    Oops, We Did It Again: Tech Behemoth Ingram Micro Bows to the Ransomware Gods (and So Do You)

    In yet another shining example of modern cybersecurity excellence, Ingram Micro, one of the world’s largest IT distributors, confirmed over the weekend that its operations were derailed by a ransomware attack — proving that not even the biggest players are safe from glorified digital extortionists.

    The incident began Friday afternoon when Ingram Micro, which services thousands of resellers, vendors, and businesses globally, abruptly pulled some of its systems offline.

    The result? A full-blown digital migraine for customers who were suddenly unable to access management portals or place orders.

    Online forums, including Reddit, lit up with complaints from affected users as the company scrambled behind the scenes to figure out just how bad things really were.

    By Saturday, Ingram Micro did the corporate two-step: acknowledge the breach, vow to fix it, and promise to keep its fingers crossed.

    “Ingram Micro recently identified ransomware on certain of its internal systems,” the company said in a statement that hit all the usual PR bingo buzzwords.

    They then assured the public they had taken “proactive” steps to secure the environment — like shutting everything down and hoping the attackers eventually get bored.

    As of Monday, services were still in recovery mode, while the company issued a heartfelt apology for the chaos that left customers and partners scrambling for alternatives.

    What Ingram Micro failed to include in its weekend confession was how the hackers got in or whether any sensitive data was snatched during the attack — two minor details that might be important for a company that exists to secure IT infrastructure.

    Instead, the company took a vow of digital silence, only saying it was working diligently to restore systems and process orders.

    According to various cybersecurity sources, the notorious SafePay ransomware gang has taken credit for the attack.

    This charming little crew of cybercriminals, active since November 2024, has already racked up more than 220 victims and is now apparently adding Fortune 1000 tech giants to their trophy shelf.

    While SafePay isn’t as flashy as some of its ransomware siblings like LockBit or BlackCat, its rise in activity suggests it’s a serious contender in the thriving ransomware-as-a-service economy.

    What makes this latest attack even more infuriating is how commonplace such breaches have become in the era of cloud dependency and vendor sprawl.

    Organizations like Ingram Micro have been vocal about promoting digital transformation, but apparently forgot to fully invest in digital resilience — or at least in firewalls that work.

    The growing number of ransomware incidents has become so routine that major attacks barely raise an eyebrow anymore, unless the disruption affects basic services or Netflix.

    Experts have been sounding the alarm for years, warning that ransomware is no longer a fringe threat but a full-blown industrial crisis.

    Yet the parade of preventable breaches continues, suggesting that no amount of cyber insurance, staff training, or feel-good press releases is enough to plug the gaping holes in corporate security strategies.

    Meanwhile, attackers like SafePay continue to cash in on sloppy patching, weak authentication, and the general belief that “it won’t happen to us.”

    For Ingram Micro, this attack could be more than just a weekend outage — it’s a flashing neon sign that even the giants can fall when they ignore the fundamentals.

    Customers and partners now have front-row seats to the new normal: disruptions not caused by hurricanes or supply chain delays, but by ransomware actors wielding Python scripts and a sense of mischief.

    And as long as companies keep playing cybersecurity whack-a-mole, they might want to keep those incident response templates warm and ready.

  • Cybersecurity Breach at American Water: Are Our Utilities at Risk?

    Cybersecurity Breach at American Water: Are Our Utilities at Risk?

    American Water, the largest regulated water utility in the United States, has revealed a serious cybersecurity incident that has led to the shutdown of its customer portal and a temporary suspension of billing services.

    The New Jersey-based company serves over 14 million customers across 24 states and 18 military installations.

    On October 3, American Water detected unauthorized activity within its systems and immediately disconnected affected components.

    The company has not disclosed specific technical details about the breach but suggested that it may involve ransomware.

    Despite this alarming situation, American Water insists that its water supply remains safe and that operations at its facilities have not been compromised.

    To mitigate potential damage, the company has activated third-party cybersecurity professionals to assist in an ongoing investigation.

    American Water has assured customers there will be no late fees or service interruptions while the MyWater portal remains offline.

    This incident underscores a troubling trend of cyberattacks targeting critical infrastructure, prompting federal officials to advocate for enhanced security measures in the water sector.

    As vulnerabilities in utilities become increasingly apparent, questions about their resilience against cyber threats loom large.