Exploit kits still play a role in today’s threat landscape and continue to evolve. For this blogpost I studied and analyzed the evolution of one of the most sophisticated exploit kits out there – Magnitude EK – for a whole year. Read Full Article
Trust me, I have a pen
Earlier today we became aware of a malicious website delivering Petya through the Hunter exploit kit. While there is nothing special about yet another exploit kit page, this one caught our attention because it mimics the index page of our sinkhole systems. Read Full Article
Attacking Diffie-Hellman protocol implementation in the Angler Exploit Kit
In Angler, threat actors used the Diffie-Hellman protocol to creating difficulties in firewall detection of the exploit and also making it harder for the analysts to get the exploit code. However, the experts from Kaspersky Lab managed to perform a successful attack against Diffie-Hellman protocol implementation and decipher the shellcode. Read Full Article
How exploit packs are concealed in a Flash object
The main role in performing a hidden attack is played by exploits to software vulnerabilities that can be used to secretly download malicious code on the victim machine. Recently, we have come across a new technique used to hide exploit-based attacks: fraudsters packed the exploit pack in the Flash file. Read Full Article
Behind the ‘AndroidOS.Koler’ distribution network
AndroidOS.Koler.a a ransomware program that blocks the screen of an infected device and requests a ransom in order to unlock the device. An entire network of malicious porn sites linked to a traffic direction system that redirects the victim to different payloads targeting not only mobile devices but any other visitor. Read Full Article
New gTLDs, same attacks
Cybercriminals around the world have already started to point their guns and attacks at the new gTLDs, the ‘generic Top Level Domains’ approved by ICANN and offered by registrars to people interested in buying a new domain name. Recently we… Read Full Article
Microsoft Updates Internet Explorer against Highly Targeted 0day Distributing Pirpi
The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such… Read Full Article
Microsoft Updates April 2014 – Office and Internet Explorer Critical Vulnerabilities
Absolutely all of the latest versions of Microsoft Word and some versions of Internet Explorer maintain critical vulnerabilities enabling remote code execution. Today, Microsoft releases two critical patches to close multiple vulnerabilities with each. Two important updates are released to… Read Full Article
Kaspersky Security Bulletin 2013. Overall Statistics for 2013
PDF Version Contents Malware Evolution Corporate Threats Overall Statistics for 2013 2013 in figures Mobile Threats Significant Events Statistics Main findings Vulnerable applications exploited by cybercriminals Online threats (attacks via the web) Top 20 malicious programs on the Internet Countries… Read Full Article
CVE-2013-3906 : Another 0-day for Microsoft Office
On November 5, Microsoft announced the discovery of a new vulnerability CVE-2013-3906 which can be exploited when TIFF images are processed. By exploiting this vulnerability it is possible to attack software – including Microsoft Office and Lync – that uses a vulnerable… Read Full Article