Сrimeware and financial cyberthreats in 2025
Kaspersky’s GReAT looks back on the 2024 predictions about financial and crimeware threats, and explores potential cybercrime trends for 2025. Continue reading Сrimeware and financial cyberthreats in 2025
Category Archives: Zero-day vulnerabilities
The Crypto Game of Lazarus APT: Investors vs. Zero-days
Kaspersky GReAT experts break down the new campaign of Lazarus APT which uses social engineering and exploits a zero-day vulnerability in Google Chrome for financial gain. Continue reading The Crypto Game of Lazarus APT: Investors vs. Zero-days
Exploits and vulnerabilities in Q2 2024
The report contains statistics on vulnerabilities and exploits, with an analysis of interesting vulnerabilities found in Q2 2024. Continue reading Exploits and vulnerabilities in Q2 2024
QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft’s patch Tuesday. We have seen it exploited by QuakBot and other malware. Continue reading QakBot attacks with Windows zero-day (CVE-2024-30051)
New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches
Read details about the new Ivanti VPN zero-day vulnerabilities, along with the latest information about patches. Most of the exposed VPN appliances are reported to be in the U.S., followed by Japan and Germany. Continue reading New Ivanti Secure VPN Zero-Day Vulnerabilities and Patches
Operation Triangulation: The last (hardware) mystery
Recent iPhone models have additional hardware-based security protection for sensitive regions of the kernel memory. We discovered that to bypass this hardware-based security protection, the attackers used another hardware feature of Apple-designed SoCs. Continue reading Operation Triangulation: The last (hardware) mystery
Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #4 – CVE-2023-23376)
Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #3 – October 2022)
Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Continue reading Windows CLFS and five exploits used by ransomware operators (Exploit #2 – September 2022)
Windows CLFS and five exploits used by ransomware operators
We had never seen so many CLFS driver exploits being used in active attacks before, and then suddenly there are so many of them captured in just one year. Is there something wrong with the CLFS driver? Are all these vulnerabilities similar? These questions encouraged me to take a closer look at the CLFS driver and its vulnerabilities. Continue reading Windows CLFS and five exploits used by ransomware operators