Vulnerabilities and exploits – Page 8

IT threat evolution in Q1 2022. Non-mobile statistics

Posted on May 27, 2022 by AMR

PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q1 2022. Non-mobile statistics→

The Verizon 2022 DBIR

Posted on May 25, 2022 by GReAT

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data. Continue reading The Verizon 2022 DBIR→

Spring4Shell (CVE-2022-22965): details and mitigations

Posted on April 4, 2022 by AMR

Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server. Continue reading Spring4Shell (CVE-2022-22965): details and mitigations→

CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Posted on March 14, 2022 by AMR

Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts. Continue reading CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel→

Telehealth: A New Frontier in Medicine—and Security

Posted on February 1, 2022 by Maria Namestnikova

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth. Continue reading Telehealth: A New Frontier in Medicine—and Security→

The BlueNoroff cryptocurrency hunt is still on

Posted on January 13, 2022 by Seongsu Park, Vitaly Kamluk

It appears that BlueNoroff shifted focus from hitting banks and SWIFT-connected servers to solely cryptocurrency businesses as the main source of the group’s illegal income. Continue reading The BlueNoroff cryptocurrency hunt is still on→

Answering Log4Shell-related questions

Posted on December 20, 2021 by Kaspersky

Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). Continue reading Answering Log4Shell-related questions→

How and why do we attack our own Anti-Spam?

Posted on December 20, 2021 by Alan Savushkin, Nikita Benkovich, Daniil Kovalchuk

How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks. Continue reading How and why do we attack our own Anti-Spam?→

Kaspersky Managed Detection and Response: interesting cases

Posted on December 15, 2021 by Petr Mareichev, Sergey Soldatov

Several interesting attacks detected by Kaspersky Managed Detection and Response (MDR): two PrintNightmare exploitation attempts, MuddyWater attack and LSASS credential dumping. Continue reading Kaspersky Managed Detection and Response: interesting cases→

Kaspersky Managed Detection and Response: interesting cases

Posted on December 15, 2021 by Petr Mareichev, Sergey Soldatov