Announcement

Collapse
No announcement yet.

Articles

Collapse

CMS Home Page

  • Filter
  • Time
  • Show
Clear All
new posts

  • Disappearing bytes: Reverse engineering the MS Office RTF parser

    Disappearing bytes: Reverse engineering the MS Office RTF parser

    In 2017, we encountered lots of samples that were ‘exploiting’ the implementation of Microsoft Word’s RTF parser to confuse all other third-party RTF parsers, including those used in anti-malware software.

    More...
    See more | Go to post

  • A Slice of 2017 Sofacy Activity

    A Slice of 2017 Sofacy Activity

    Sofacy, also known as APT28, Fancy Bear, and Tsar Team, is a highly active and prolific APT. From their high volume 0day deployment to their innovative and broad malware set, Sofacy is one of the top groups that we monitor, report, and protect against. 2017 was not any different in this regard.

    More...
    See more | Go to post

  • Spam and phishing in 2017

    Spam and phishing in 2017

    The share of spam in email traffic in 2017 fell by 1.68% to 56.63%. The lowest share (52.67%) was recorded in December 2017. The highest (59.56%) belonged to September. In 2017, the Anti-Phishing system was triggered 246,231,645 times on computers of Kaspersky Lab users as a result of phishing redirection attempts.

    More...
    See more | Go to post

  • Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

    Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World

    Of all the forms of attack against financial institutions around the world, the one that brings traditional crime and cybercrime together the most is the malicious ecosystem that exists around ATM malware. Criminals from different backgrounds work together with a single goal in mind: jackpotting.

    More...
    See more | Go to post

  • Zero-day vulnerability in Telegram

    Zero-day vulnerability in Telegram

    In October 2017, we learned of a vulnerability in Telegram Messenger’s Windows client that was being exploited in the wild. It involves the use of a classic right-to-left override attack when a user sends files over the messenger service.

    More...
    See more | Go to post

  • A vulnerable driver: lesson almost learned

    A vulnerable driver: lesson almost learned

    At first, it looked like we’d found a zero-day local privilege escalation vulnerability for Windows, but the sample that was triggering Exploit Checker events turned out to be the clean signed executable file, part of the multiplayer online game.

    More...
    See more | Go to post

  • Gas is too expensive? Let’s make it cheap!

    Gas is too expensive? Let’s make it cheap!

    A search online lead me to a discovery I didn’t think was possible nowadays. I realized almost immediately that critical security issues were probably involved. I found that out of the many tens of thousands of gas stations the company claimed to have installed their product in, 1,000 are remotely hackable.

    More...
    See more | Go to post

  • DDoS attacks in Q4 2017

    DDoS attacks in Q4 2017

    Q4 2017 represented something of a lull: both the number and duration of DDoS attacks were down against the previous quarter. At the same time, the increase in the number of attacks on honeypot traps in the runup to holiday sales indicates that cybercriminals are keen to expand their botnets at the most opportune moment by pressuring owners of online resources and preventing them from making a profit.

    More...
    See more | Go to post

  • BSides NYC, a volunteer organized event put on by and for the community

    BSides NYC, a volunteer organized event put on by and for the community

    Another edition of BSides NYC has passed, and as first time attendee and presenter, I was genuinely impressed with the impeccable organization, the content shared, and the interesting conversations that took place among enthusiasts and professionals from all over the world.

    More...
    See more | Go to post

  • Every little bitcoin helps

    Every little bitcoin helps

    It often happens that inventions and technologies that start out good end up turning into dangerous tools in the hands of criminals. Blockchain is no exception to this rule, especially in its most common cryptocurrency incarnation. The attacks targeted employees of small companies, but such emails could be sent to any user’s personal mail.

    More...
    See more | Go to post
There are no articles in this category.
  • Filter
  • Time
  • Show
Clear All
new posts
Please log in to your account to view your subscribed posts.

Categories

Collapse

Article Tags

Collapse

Latest Articles

Collapse

  • Tens of thousands per Gram
    willie
    In late 2017, information appeared on specialized resources about a Telegram ICO to finance the launch of its own blockchain platform. The lack of information provided fertile ground for scammers: the rumors prompted mailshots seemingly from official representatives of the platform, inviting people to take part in the ICO and purchase tokens.

    More...
    19-04-2018, 18:08
  • Leaking ads
    willie
    We found that because of third-party SDKs many popular apps are exposing user data to the internet, with advertising SDKs usually to blame. They collect user data so they can show relevant ads, but often fail to protect that data when sending it to their servers.

    More...
    18-04-2018, 05:58
  • Roaming Mantis uses DNS hijacking to infect Android smartphones
    willie
    In March 2018, Japanese media reported the hijacking of DNS settings on routers located in Japan, redirecting users to malicious IP addresses. The redirection led to the installation of Trojanized applications named facebook.apk and chrome.apk that contained Android Trojan-Banker. During our research we received some invaluable information about the true scale of this attack, we decided to call it ‘Roaming Mantis’.

    More...
    16-04-2018, 16:36
  • Operation Parliament, who is doing what?
    willie
    Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative, executive and judicial bodies around the world.

    More...
    14-04-2018, 01:02
  • APT Trends report Q1 2018
    willie
    In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018.

    More...
    13-04-2018, 10:16
  • Pocket cryptofarms
    willie
    In recent months, the topic of cryptocurrency has been a permanent news fixture — the value of digital money has been see-sawing spectacularly. Such pyrotechnics could hardly have escaped the attention of scammers, which is why cryptocurrency fluctuations have gone hand in hand with all kinds of stories. These include hacked exchanges, Bitcoin and Monero ransoms, and, of course, hidden mining.

    More...
    04-04-2018, 20:33
Working...
X