Let’s talk about the structure of the firmware of an IoT device in order to get a better understanding of the different components. Read Full Article
Operation PowerFall: CVE-2020-0986 and variants
While we already described the exploit for Internet Explorer in the original blog post about Operation PowerFall, we also promised to share more details about the elevation of privilege exploit. Let’s take a look at vulnerability CVE-2020-0986. Read Full Article
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
Kaspersky prevented an attack on a South Korean company by a malicious script for Internet Explorer. Closer analysis revealed that the attack used a previously unknown full chain that consisted of two zero-day exploits. Read Full Article
The Streaming Wars: A Cybercriminal’s Perspective
Cyber threats aren’t relegated to the world of big businesses and large-scale campaigns. The most frequent attacks aren’t APTs and massive data breaches—they’re the daily encounters with malware and spam by everyday users. Read Full Article
Redirect auction
We’ve already looked at links under old YouTube videos or in Wikipedia articles which at some point turned bad and began pointing to partner program pages, phishing sites, or even malware. It was as if the attackers were purposely buying up domains, but such a scenario always seemed to us too complicated. Read Full Article
Pig in a poke: smartphone adware
Our support team continues to receive more and more requests from users complaining about intrusive ads on their smartphones from unknown sources. Read Full Article
Web skimming with Google Analytics
Recently, we identified several cases where Google Analytics was misused: attackers injected malicious code into sites, which collected all the data entered by users, and then sent it via Analytics. Read Full Article
Aggressive in-app advertising in Android
We will look into a few examples of suspicious-looking ad modules that we discovered in popular apps earlier this year. Read Full Article
Cyberthreats on lockdown
The pandemic has affected us all in some way, so it would be surprising if cybercriminals were an exception. Spammers and phishers were naturally the trailblazers in this but the entire cybercrime landscape has changed in the last few months. Read Full Article
Remote spring: the rise of RDP bruteforce attacks
With the spread of COVID-19, organizations worldwide have introduced remote working, which is having a direct impact on cybersecurity and the threat landscape. Read Full Article