Vulnerabilities and exploits – Page 2

SAS CTF and the many ways to persist a kernel shellcode on Windows 7

Posted on October 17, 2024 by Igor Kuznetsov, Boris Larin

In this article we solve the most difficult SAS CTF challenge based on the APT technique to introduce and persist a kernel shellcode on Windows 7. Continue reading SAS CTF and the many ways to persist a kernel shellcode on Windows 7→

Whispers from the Dark Web Cave. Cyberthreats in the Middle East

Posted on October 14, 2024 by Vera Kholopova, Kaspersky Security Services

The Kaspersky Digital Footprint Intelligence team shares insights into the H1 2024 Middle Eastern cyberthreat landscape: hacktivism, initial access brokers, ransomware, stealers, and so on. Continue reading Whispers from the Dark Web Cave. Cyberthreats in the Middle East→

A deep dive into the most interesting incident response cases of last year

Posted on September 3, 2024 by Eduardo Ovalle, Ahmad Zaidi Said, AbdulRhman Alfaifi

Kaspersky Global Emergency Response Team (GERT) shares the most interesting IR cases for the year 2023: insider attacks, ToddyCat-like APT, Flax Typhoon and more. Continue reading A deep dive into the most interesting incident response cases of last year→

Memory corruption vulnerabilities in Suricata and FreeRDP

Posted on August 22, 2024 by Dmitry Shmoylov, Evgeny Legerov, Denis Skvortsov

While pentesting KasperskyOS-based Thin Client and IoT Secure Gateway, we found several vulnerabilities in the Suricata and FreeRDP open-source projects. We shared details on these vulnerabilities with the community along with our fuzzer. Continue reading Memory corruption vulnerabilities in Suricata and FreeRDP→

Exploits and vulnerabilities in Q2 2024

Posted on August 21, 2024 by Vitaly Morgunov, Alexander Kolesnikov

The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. Continue reading Exploits and vulnerabilities in Q2 2024→

Indirect prompt injection in the real world: how people manipulate neural networks

Posted on August 12, 2024 by Vladislav Tushkanov

We studied data from the internet and Kaspersky internal sources to find out how and why people use indirect prompt injection. Continue reading Indirect prompt injection in the real world: how people manipulate neural networks→

Cinterion EHS5 3G UMTS/HSPA Module Research

Posted on June 13, 2024 by Kaspersky ICS CERT

We performed the security analysis of a Telit Cinterion modem in course of a bigger project of security assessment of a popular model of a truck and found eight vulnerabilities. Continue reading Cinterion EHS5 3G UMTS/HSPA Module Research→

QR code SQL injection and other vulnerabilities in a popular biometric terminal

Posted on June 11, 2024 by Georgy Kiguradze

The report analyzes the security properties of a popular biometric access control terminal made by ZkTeco and describes vulnerabilities found in it. Continue reading QR code SQL injection and other vulnerabilities in a popular biometric terminal→

A journey into forgotten Null Session and MS-RPC interfaces

Posted on May 23, 2024 by Haidar Kabibo

This is the first part of the research, devoted to null session vulnerability, unauthorized MS-RPC interface and domain user enumeration. Continue reading A journey into forgotten Null Session and MS-RPC interfaces→

QakBot attacks with Windows zero-day (CVE-2024-30051)

Posted on May 14, 2024 by Boris Larin, Mert Degirmenci

In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft’s patch Tuesday. We have seen it exploited by QuakBot and other malware. Continue reading QakBot attacks with Windows zero-day (CVE-2024-30051)→