Vulnerabilities and exploits – Page 16

Recent Cloud Atlas activity

Posted on August 12, 2019 by GReAT

From the beginning of 2019 until July, we have been able to identify different spear-phishing campaigns related to Cloud Atlas mostly focused on Russia, Central Asia and independent regions of Ukraine. Continue reading Recent Cloud Atlas activity→

APT trends report Q2 2019

Posted on August 1, 2019 by GReAT

The quarterly summaries of APT activity are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private reports. This is our latest installment, focusing on activities that we observed during Q2 2019. Continue reading APT trends report Q2 2019→

Sodin ransomware exploits Windows vulnerability and processor architecture

Posted on July 3, 2019 by Orkhan Mamedov

When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers. Continue reading Sodin ransomware exploits Windows vulnerability and processor architecture→

How we hacked our colleague’s smart home

Posted on July 1, 2019 by Pavel Cheremushkin

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API. Continue reading How we hacked our colleague’s smart home→

ViceLeaker Operation: mobile espionage targeting Middle East

Posted on June 26, 2019 by GReAT

In May 2018, we discovered a campaign targeting dozens of mobile Android devices belonging to Israeli citizens. We decided to call the operation “ViceLeaker”, because of strings and variables in its code. Continue reading ViceLeaker Operation: mobile espionage targeting Middle East→

Plurox: Modular backdoor

Posted on June 18, 2019 by Anton Kuzmenko

The analysis showed the Backdoor.Win32.Plurox to have a few quite unpleasant features. What’s more, the backdoor is modular, which means that its functionality can be expanded with the aid of plugins. Continue reading Plurox: Modular backdoor→

IT threat evolution Q1 2019. Statistics

Posted on May 23, 2019 by Victor Chebyshev

In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users. Continue reading IT threat evolution Q1 2019. Statistics→

IT threat evolution Q1 2019

Posted on May 23, 2019 by David Emm

Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019. Continue reading IT threat evolution Q1 2019→

ScarCruft continues to evolve, introduces Bluetooth harvester

Posted on May 13, 2019 by GReAT

After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula. Continue reading ScarCruft continues to evolve, introduces Bluetooth harvester→

Operation ShadowHammer: a high-profile supply chain attack

Posted on April 23, 2019 by GReAT

In late March 2019, we briefly highlighted our research on ShadowHammer attacks, a sophisticated supply chain attack involving ASUS Live Update Utility. Now it is time to share more details about the research with our readers. Continue reading Operation ShadowHammer: a high-profile supply chain attack→