Detecting DLL hijacking with machine learning: real-world cases Kaspersky SIEM集成了一种机器学习模型，用于检测DLL劫持攻击。该模型通过检查系统中加载的所有DLL库，并结合Kaspersky安全网络的全球知识库进行验证，以提高检测准确性并减少误报。模型支持两种运行模式：在correlator上处理已触发规则的事件，在collector上处理所有相关事件。在试点测试中，该模型成功识别了多个真实攻击案例，包括利用DLL侧载技术的恶意活动。... 2025-10-6 08:15:13 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com library malicious hijacking windows

How we trained an ML model to detect DLL hijacking 文章探讨了DLL劫持攻击的现状及其检测挑战，并介绍了卡巴斯基使用机器学习模型检测此类攻击的方法。通过三代模型的训练与优化，检测准确率显著提升，误报率降低。这些模型已应用于内部系统及商业产品中，有效识别并阻止 DLL 劫持攻击。... 2025-10-6 08:15:12 | 阅读: 16 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com hijacking library malicious labeling positives

Forensic journey: hunting evil within AmCache 文章探讨了Windows系统中AmCache文件的重要性。该文件记录了所有执行过的程序的元数据，包括路径、哈希值和时间戳等信息。通过分析这些数据，可以识别恶意软件、追踪攻击行为并生成威胁情报。... 2025-10-1 10:15:13 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com amcache windows hve

Massive npm infection: the Shai-Hulud worm and patient zero read file error: read notes: is a directory... 2025-9-25 10:15:13 | 阅读: 23 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com crowdstrike shai hulud github

Threat landscape for industrial automation systems in Q2 2025 read file error: read notes: is a directory... 2025-9-19 10:45:13 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com malicious q2 pp threats decreased

RevengeHotels: a new wave of attacks leveraging LLMs and VenomRAT 文章描述了一个错误代码（1016），通常与网络连接问题相关，可能由代理服务器配置错误、网络连接中断或防火墙设置不当引起。解决方法包括检查代理设置、重启设备或联系网络管理员以排查具体原因。... 2025-9-16 10:15:14 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com 1016

Shiny tools, shallow checks: how the AI hype opens the door to malicious MCP servers 本文探讨了Model Context Protocol (MCP)作为AI助手与外部工具连接的标准如何被滥用为攻击手段。文章分析了协议级和供应链攻击路径，并通过恶意MCP服务器的概念验证展示了敏感数据泄露风险。建议采取审查安装、限制权限和监控异常行为等措施以防范威胁。... 2025-9-15 10:45:13 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com mcp malicious analysis github ssh

Notes of cyber inspector: three clusters of threat in cyberspace read file error: read notes: is a directory... 2025-9-10 14:30:17 | 阅读: 17 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com ttps motivated security hacktivists russia

IT threat evolution in Q2 2025. Non-mobile statistics read file error: read notes: is a directory... 2025-9-5 09:15:14 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com ransomware quarter trojan territory q2

IT threat evolution in Q2 2025. Mobile statistics read file error: read notes: is a directory... 2025-9-5 09:15:12 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com trojan banker mamont q2 trojans

Cookies and how to bake them: what they are for, associated risks, and what session hijacking has to do with it read file error: read notes: is a directory... 2025-9-2 10:15:12 | 阅读: 20 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com security attacker malicious developers fixation

How attackers adapt to built-in macOS protection 文章介绍了macOS的安全机制（如Keychain、TCC、SIP、File Quarantine、Gatekeeper和XProtect），分析了常见攻击方式及其绕过方法，并提供了检测和防御建议。... 2025-8-29 10:30:15 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com security keychain library spctl keychains

Exploits and vulnerabilities in Q2 2025 read file error: read notes: is a directory... 2025-8-27 10:15:13 | 阅读: 22 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com q2 security c2 exploited

Modern vehicle cybersecurity trends 现代汽车正向数字化发展,提供智能系统与便利功能,但也扩大了网络安全风险。车内网络复杂,不同车型安全架构差异大,未来可能面临更多威胁,尤其是针对车队和商用车辆的攻击风险增加。... 2025-8-22 09:15:14 | 阅读: 15 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com vehicles vehicle security remote

GodRAT – New RAT targeting financial institutions 2024年9月发现针对金融行业的恶意攻击，通过Skype分发伪装成财务文件的恶意屏幕保护程序文件，部署名为GodRAT的远程访问木马（RAT），基于Gh0st RAT代码，并利用隐写术隐藏恶意代码。攻击者还使用AsyncRAT作为辅助植入程序以维持长期访问。该活动持续至2025年8月，主要针对香港和阿联酋等地。... 2025-8-19 11:15:13 | 阅读: 14 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com godrat shellcode scr c2 injector

Evolution of the PipeMagic backdoor: from the RansomExx incident to CVE-2025-29824 read file error: read notes: is a directory... 2025-8-18 09:0:16 | 阅读: 48 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com pipemagic attackers payload memory loader

New trends in phishing and scams: how AI and social media are changing the game read file error: read notes: is a directory... 2025-8-13 08:45:12 | 阅读: 21 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com phishing victim bots attackers translate

Scammers mass-mailing the Efimer Trojan to steal crypto read file error: read notes: is a directory... 2025-8-8 09:15:11 | 阅读: 18 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com trojan efimer c2 phrases ntdlg

Driver of destruction: How a legitimate driver is being used to take down AV processes 文章描述了一起利用恶意软件“AV killer”攻击事件，该软件通过滥用ThrottleStop.sys驱动终止杀毒进程并降低系统防御。攻击者通过有效凭证入侵SMTP服务器后横向移动，并部署MedusaLocker勒索软件加密系统。... 2025-8-6 10:15:13 | 阅读: 24 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com killer memory attacker security

Cobalt Strike Beacon delivered via GitHub and social media 2024年下半年，俄罗斯IT行业及其他国家实体遭遇网络攻击。攻击者利用DLL劫持、API混淆等技术，并通过社交平台隐藏恶意软件。攻击主要通过伪装成合法通信的钓鱼邮件传播，目标为俄罗斯IT公司为主，波及多国。... 2025-7-30 09:30:19 | 阅读: 26 | 收藏 | Over Security - Cybersecurity news aggregator - securelist.com malicious hxxps microsoft attackers