Vulnerabilities and exploits – Page 5

Updated MATA attacks industrial companies in Eastern Europe

Posted on October 18, 2023 by GReAT, Kaspersky ICS CERT

In early September 2022, we discovered several new malware samples belonging to the MATA cluster. The campaign had been launched in mid-August 2022 and targeted over a dozen corporations in Eastern Europe from the oil and gas sector and defense industry. Continue reading Updated MATA attacks industrial companies in Eastern Europe→

Overview of IoT threats in 2023

Posted on September 21, 2023 by Vitaly Morgunov, Yaroslav Shmelev, Kaspersky Security Services, Kaspersky ICS CERT

IoT threats: how devices get hacked, what malware is uploaded, and what services are on offer on the dark web in 2023. Continue reading Overview of IoT threats in 2023→

IT threat evolution in Q2 2023. Non-mobile statistics

Posted on August 30, 2023 by AMR

PC malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q2 2023. Non-mobile statistics→

Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability

Posted on July 19, 2023 by Francesco Figurelli, Eduardo Ovalle

We will highlight the key points and then focus on the initial use of the CVE-2023-23397 vulnerability by attackers before it became public. Continue reading Comprehensive analysis of initial attack samples exploiting CVE-2023-23397 vulnerability→

IT threat evolution in Q1 2023. Non-mobile statistics

Posted on June 7, 2023 by AMR

PC malware statistics for the Q1 2023 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q1 2023. Non-mobile statistics→

Operation Triangulation: iOS devices targeted with previously unknown malware

Posted on June 1, 2023 by Igor Kuznetsov, Valentin Pashkov, Leonid Bezvershenko, Georgy Kucherin

While monitoring the traffic of our own corporate Wi-Fi network, we noticed suspicious activity that originated from several iOS-based phones. We created offline backups of the devices, inspected them and discovered traces of compromise. Continue reading Operation Triangulation: iOS devices targeted with previously unknown malware→

Nokoyawa ransomware attacks with Windows zero-day

Posted on April 11, 2023 by Boris Larin

In February 2023, we found a zero-day exploit, supporting different versions and builds of Windows, including Windows 11. This particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. Continue reading Nokoyawa ransomware attacks with Windows zero-day→

Good, Perfect, Best: how the analyst can enhance penetration testing results

Posted on February 10, 2023 by Olga Zinenko, Kaspersky Security Services

What is the analyst on a penetration testing team, what role they perform at Kaspersky, and why is their job vital to the success of the project? Continue reading Good, Perfect, Best: how the analyst can enhance penetration testing results→

What your SOC will be facing in 2023

Posted on January 23, 2023 by Sergey Soldatov, Roman Nazarov

Supply chain and reoccurring attacks, data destruction, lack of staff — what challenges will your security operations center be facing in 2023? Continue reading What your SOC will be facing in 2023→

CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange

Posted on December 19, 2022 by Vitaly Morgunov, Dmitry Kondratyev, Alexander Kolesnikov, Alexey Kulaev

At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell. Continue reading CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange→