Announcement

Collapse
No announcement yet.

Articles

Collapse

CMS Home Page

  • Filter
  • Time
  • Show
Clear All
new posts

  • Analyzing an exploit for СVE-2017-11826

    Analyzing an exploit for СVE-2017-11826

    The latest Patch Tuesday (17 October) brought patches for 62 vulnerabilities, including one that fixed СVE-2017-11826 – a critical zero-day vulnerability used to launch targeted attacks – in all versions of Microsoft Office. The exploit for this vulnerability is an RTF document containing a DOCX document that exploits СVE-2017-11826 in the Office Open XML parser.

    More...
    See more | Go to post

  • Bad Rabbit ransomware

    Bad Rabbit ransomware

    On October 24th we observed notifications of mass attacks with ransomware called Bad Rabbit. It has been targeting organizations and consumers, mostly in Russia but there have also been reports of victims in Ukraine.

    More...
    See more | Go to post

  • Dangerous liaisons

    Dangerous liaisons

    We took the most popular dating apps and analyzed what sort of user data they were capable of handing over to criminals and under what conditions.

    More...
    See more | Go to post

  • ATM malware is being sold on Darknet market

    ATM malware is being sold on Darknet market

    In May 2017, Kaspersky Lab researchers discovered a forum post advertising ATM malware that was targeting specific vendor ATMs. The forum contained a short description of a crimeware kit designed to empty ATMs with the help of a vendor specific API, without interacting with ATM users and their data. The price of the kit was 5000 USD at the time of research.

    More...
    See more | Go to post

  • BlackOasis APT and new targeted attacks leveraging zero-day exploit

    BlackOasis APT and new targeted attacks leveraging zero-day exploit

    On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today.

    More...
    See more | Go to post

  • ATMii: a small but effective ATM robber

    ATMii: a small but effective ATM robber

    While some criminals blow up ATMs to steal cash, others use less destructive methods, such as infecting the ATM with malware and then stealing the money. We have written about this phenomenon extensively in the past and today we can add another family of malware to the list – Backdoor.Win32.ATMii.

    More...
    See more | Go to post

  • The Festive Complexities of SIGINT-Capable Threat Actors

    The Festive Complexities of SIGINT-Capable Threat Actors

    The 2017 VirusBulletin conference is upon us and, as in previous years, we’re taking the opportunity to dive into an exciting subject, guided by our experience from doing hands-on APT research. This year we decided to put our heads together to understand the implications that the esoteric SIGINT practice of fourth-party collection could have on threat intelligence research.

    More...
    See more | Go to post

  • Threat Landscape for Industrial Automation Systems in H1 2017

    Threat Landscape for Industrial Automation Systems in H1 2017

    Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the results of its research on the threat landscape for industrial automation systems for the first six months of 2017.

    More...
    See more | Go to post

  • A simple example of a complex cyberattack

    A simple example of a complex cyberattack

    We're already used to the fact that complex cyberattacks use 0-day vulnerabilities, bypassing digital signature checks, virtual file systems, non-standard encryption algorithms and other tricks. Sometimes, however, all of this may be done in much simpler ways, as was the case in the malicious campaign that we detected a while ago – we named it 'Microcin' after microini, one of the malicious components used in it.

    More...
    See more | Go to post

  • A Modern Hypervisor as a Basis for a Sandbox

    A Modern Hypervisor as a Basis for a Sandbox

    In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code. At Kaspersky Lab, we have several sandboxes, we will look at just one of them that was customized to serve the needs of a specific product and became the basis of Kaspersky Anti Targeted Attack Platform.

    More...
    See more | Go to post
There are no articles in this category.
  • Filter
  • Time
  • Show
Clear All
new posts
Please log in to your account to view your subscribed posts.

Categories

Collapse

Article Tags

Collapse

Latest Articles

Collapse

  • Skygofree: Following in the footsteps of HackingTeam
    willie
    At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago.

    More...
    16-01-2018, 14:52
  • Happy IR in the New Year!
    willie
    Endpoint anal In IR cases we use a very simple script that is uploaded to every Windows computer in the corporate network to collect logs, NTFS data, entries from the Windows registry and strings from the binary files to find out how exactly the attackers were moving through the network. It’s holiday season and it is our pleasure to share this script with you.

    More...
    28-12-2017, 20:53
  • Nhash: petty pranks with big finances
    willie
    In an earlier publication we noted that cybercriminals were making use of social engineering to install this sort of software on users’ computers. This time, we’d like to dwell more on how exactly the computers of gullible users start working for cybercriminals.

    More...
    22-12-2017, 06:22
  • Travle aka PYLOT backdoor hits Russian-speaking targets
    willie
    At the end of September, Palo Alto released a report on Unit42 activity where they – among other things – talked about PYLOT malware. We have been detecting attacks that have employed the use of this backdoor since at least 2015 and refer to it as Travle. Coincidentally, KL was recently involved in an investigation of a successful attack where Travle was detected, during which we conducted a deep analysis of this malware.

    More...
    20-12-2017, 10:46
  • Jack of all trades
    willie
    Among this array of threats we found a rather interesting sample – Trojan.AndroidOS.Loapi. This Trojan boasts a complicated modular architecture that means it can conduct a variety of malicious activities: mine cryptocurrencies, annoy users with constant ads, launch DDoS attacks from the affected device and much more.

    More...
    18-12-2017, 17:11
  • Kaspersky Security Bulletin. Overall statistics for 2017
    willie
    In 2017, Kaspersky Lab’s web antivirus detected 15 714 700 unique malicious objects (scripts, exploits, executable files, etc.) and 199 455 606 unique URLs were recognized as malicious by web antivirus components. Kaspersky Lab solutions detected and repelled 1 188 728 338 malicious attacks launched from online resources located in 206 countries all over the world.

    More...
    14-12-2017, 19:08
Working...
X