CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it. Continue reading Exploitation of the CVE-2021-40444 vulnerability in MSHTML

Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Spain’s Ministry of the Interior has announced the arrest of 16 individuals connected to the Grandoreiro and Melcoz cybercrime groups. Both are originally from Brazil and form part of the Tetrade umbrella, operating for a few years now in Latin America and Western Europe. Continue reading Arrests of members of Tetrade seed groups Grandoreiro and Melcoz

Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

Last week Microsoft warned Windows users about vulnerabilities in the Windows Print Spooler service – CVE-2021-1675 and CVE-2021-34527 (also known as PrintNightmare). We are closely monitoring the situation and improving generic detection of these vulnerabilities. Continue reading Quick look at CVE-2021-1675 & CVE-2021-34527 (aka PrintNightmare)

REvil ransomware attack against MSPs and its clients around the world

An attack perpetrated by REvil aka Sodinokibi ransomware gang against Managed Service Providers (MSPs) and their clients was discovered on July 2. Some of the victims reportedly have been compromised a popular MSP software which led to encryption of their customers. Continue reading REvil ransomware attack against MSPs and its clients around the world