Vulnerabilities and exploits – Page 4

Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)

Posted on December 21, 2023 by Boris Larin

This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #5 – CVE-2023-28252)→

Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol

Posted on December 14, 2023 by Kaspersky GERT, GReAT

We uncovered a novel multiplatform threat named “NKAbuse”. The malware utilizes NKN technology for data exchange between peers, functioning as a potent implant, and equipped with both flooder and backdoor capabilities. Continue reading Unveiling NKAbuse: a new multiplatform threat abusing the NKN protocol→

Story of the year: the impact of AI on cybersecurity

Posted on December 11, 2023 by Vladislav Tushkanov, Victor Sergeev, Andrey Ochepovsky, Yuliya Shlychkova

Generative AI has become the trendiest technology of 2023. Kaspersky reviews AI-related security concerns, and implementations of this technology in cyberdefense and red teaming, and provides predictions for 2024. Continue reading Story of the year: the impact of AI on cybersecurity→

Kaspersky Security Bulletin 2023. Statistics

Posted on December 4, 2023 by AMR

Key statistics for 2023: ransomware, trojan bankers, miners and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. Continue reading Kaspersky Security Bulletin 2023. Statistics→

IT threat evolution Q3 2023

Posted on December 1, 2023 by David Emm

Attacks on a critical infrastructure target in South Africa, supply-chain attack on Linux machines, Telegram doppelganger used to target people in China. Continue reading IT threat evolution Q3 2023→

IT threat evolution in Q3 2023. Non-mobile statistics

Posted on December 1, 2023 by AMR

PC malware statistics for Q3 2023 include data on miners, ransomware, banking Trojans and other threats to Windows, macOS and IoT equipment. Continue reading IT threat evolution in Q3 2023. Non-mobile statistics→

Crimeware and financial cyberthreats in 2024

Posted on November 21, 2023 by Kaspersky

Kaspersky assesses last year’s predictions for the financial threat landscape, and tries to anticipate crimeware trends for the coming year 2024. Continue reading Crimeware and financial cyberthreats in 2024→

Advanced threat predictions for 2024

Posted on November 14, 2023 by GReAT

Kaspersky researchers review APT predictions for 2023 and current trends in the advanced threat landscape, and try to predict how it will develop in 2024. Continue reading Advanced threat predictions for 2024→

A cascade of compromise: unveiling Lazarus’ new campaign

Posted on October 27, 2023 by Seongsu Park

We unveil a Lazarus campaign exploiting security company products and examine its intricate connections with other campaigns Continue reading A cascade of compromise: unveiling Lazarus’ new campaign→

How to catch a wild triangle

Posted on October 26, 2023 by Leonid Bezvershenko, Georgy Kucherin, Igor Kuznetsov, Boris Larin, Valentin Pashkov

How Kaspersky researchers obtained all stages of the Operation Triangulation campaign targeting iPhones and iPads, including zero-day exploits, validators, TriangleDB implant and additional modules. Continue reading How to catch a wild triangle→