Advanced threat predictions for 2023
We polled our experts from the GReAT team and have gathered a small number of key insights about what APT actors are likely to focus on in 2023. Continue reading Advanced threat predictions for 2023
Category Archives: Zero-day vulnerabilities
Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
We investigated CVE-2022-41352 and were able to confirm that unknown APT groups have actively been exploiting this vulnerability in the wild, one of which is systematically infecting servers in Central Asia. Continue reading Ongoing exploitation of CVE-2022-41352 (Zimbra 0-day)
Google Patches Chrome’s Fifth Zero-Day of the Year
Google has patched the fifth actively exploited zero-day vulnerability discovered in Chrome this year as one in a series of fixes included in a stable channel update released Wednesday. The bug, tracked as CVE-2022-2856 and rated as high on the Common … Continue reading Google Patches Chrome’s Fifth Zero-Day of the Year
IT threat evolution in Q2 2022. Non-mobile statistics
Our non-mobile malware statistics for Q2 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices. Continue reading IT threat evolution in Q2 2022. Non-mobile statistics
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190. Continue reading CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction
Answering Log4Shell-related questions
Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105). Continue reading Answering Log4Shell-related questions
Kaspersky Security Bulletin 2021. Statistics
Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. Continue reading Kaspersky Security Bulletin 2021. Statistics
Kaspersky Security Bulletin 2021. Statistics
Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT. Continue reading Kaspersky Security Bulletin 2021. Statistics
CVE-2021-44228 vulnerability in Apache Log4j library
The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations. Continue reading CVE-2021-44228 vulnerability in Apache Log4j library