Collaborate Disseminate
In the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of the research we have been conducting. This report serves as the next installment, focusing on the relevant activities that we observed during Q1 2018. Continue reading APT Trends report Q1 2018
A vulnerability that was recently patched in Flash Player after being used in targeted attacks is now seeing widespread exploitation in a malicious spam campaign. The flaw was first identified in late January by security researchers who saw it used in … Continue reading Recent Flash Zero-Day Flaw Now Exploited in Widespread Attacks
Adobe has released an emergency update for Flash Player to fix a critical zero-day vulnerability that already has been used in targeted attacks by North Korean hackers. News of the vulnerability broke last week with an alert from the South Korean Compu… Continue reading Adobe Fixes Flash Player Zero-Day Vulnerability
If you think that only CPU updates that address this year’s major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to.
Microsoft has is… Continue reading Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day
Security researchers have discovered and disclosed details of two unpatched critical vulnerabilities in a popular internet forum software—vBulletin—one of which could allow a remote attacker to execute malicious code on the latest version of vBulletin … Continue reading Two Critical 0-Day Remote Exploits for vBulletin Forum Disclosed Publicly
An internet of things (IoT) botnet that recently hijacked more than 100,000 DSL modems in Argentina has extended to other countries and doubled in size over the past week, possibly due to a zero-day vulnerability. The botnet has been dubbed “Sato… Continue reading IoT Botnet Satori Grows Rapidly Thanks to Zero-Day Flaw
The best way to remediate zero-day threats is to focus on proactively assessing and patching the vulnerabilities that facilitate them.
The post Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel appeared first on Security Intelligence.
Continue reading Don’t Just Put Out the Zero-Day Fire — Get Rid of the Fuel
FinSpy—the infamous surveillance malware is back and infecting high-profile targets using a new Adobe Flash zero-day exploit delivered through Microsoft Office documents.
Security researchers from Kaspersky Labs have discovered a new zero-day remote code execution vulnerability in Adobe Flash, which was being actively exploited in the wild by a group of advanced persistent threat actors,
Continue reading Hackers Use New Flash Zero-Day Exploit to Distribute FinFisher Spyware
On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today. Continue reading BlackOasis APT and new targeted attacks leveraging zero-day exploit
On October 10, 2017, Kaspersky Lab’s advanced exploit prevention systems identified a new Adobe Flash zero day exploit used in the wild against our customers. The exploit was delivered through a Microsoft Office document and the final payload was the latest version of FinSpy malware. We have reported the bug to Adobe who assigned it CVE-2017-11292 and released a patch earlier today. Continue reading BlackOasis APT and new targeted attacks leveraging zero-day exploit