Vulnerabilities and exploits

Microsoft releases eight security bulletins today, updating a set of forty five software vulnerabilities. This month’s updates touch a smaller set of Microsoft software, but two of the Bulletins address kernel-level vulnerabilities and require a restart.

Police departments have been surveilling citizens for years with the help of security cameras set up throughout various cities. For hackers, being able to launch man-in-the-middle attacks on the video data is a short step away from replacing real video feeds with pre-recorded footage.

The security flaws of the OAuth protocol have been known for quite a while. However, this is the first time we have come across a phishing email used by fraudsters to put these techniques into practice.

For over half a decade, the Naikon APT waged multiple attack campaigns on sensitive targets throughout South-eastern Asia and around the South China Sea.

The Naikon APT was one of the most active APTs in Asia. The attackers targeted mainly top-level government agencies and civil and military organizations in countries such as the Philippines, Malaysia, Cambodia, Indonesia, Vietnam, Myanmar, Singapore, Nepal, Thailand, Laos and China. For years they have mined victims, apparently in search of geo-political intelligence.

Microsoft released a set of thirteen Security Bulletins (MS015-043 through MS015-055) to start off May 2015, addressing 46 vulnerabilities in a wide set of Microsoft software technologies.

In the first quarter of 2015 Kaspersky Lab products detected a total of 2,2 bln malicious attacks and more than 93 mln unique malicious URLs. The story of the powerful Equation cyberespionage group was perhaps the most talked-about news story of Q1.

The main role in performing a hidden attack is played by exploits to software vulnerabilities that can be used to secretly download malicious code on the victim machine. Recently, we have come across a new technique used to hide exploit-based attacks: fraudsters packed the exploit pack in the Flash file.

One of the most active APT groups in Asia, and especially around the South China Sea area is “Naikon”. Naikon plays a key part in our story, but the focus of this report is on another threat actor entirely; one who came to our attention when they hit back at a Naikon attack.

Microsoft releases 11 Security Bulletins (MS15-032 through MS15-042) today, addressing a list of over 25 CVE-identified vulnerabilities for April of 2015.

In December 2014 we discovered a very interesting vulnerability in the Darwin kernel. Using it attackers can send just one incorrect network packet to the victim and the victim’s system (OS X 10.10 or iOS 8) will crash.

One of the big trends in sphere of health and fitness are fitness trackers such as smartbands. Tracking devices and their mobile applications from three leading vendors were inspected in this report to shed some light on the current state of security and privacy of wearable fitness trackers.

Last week, we had the privilege to participate in and present at the 15th edition of CanSecWest in beautiful Vancouver, BC, along with its famous accompaniment, the ever famous Pwn2Own competition.

Wait, what? Wasn’t the Stuxnet LNK vulnerability CVE-2010-2568, reported by Sergey Ulasen, patched years ago?

Over the years we have tracked multiple campaigns by an advanced threat actor we call Animal Farm. The group has targeted a wide range of global organizations.