Threat Category: Vulnerabilities and exploits | Page 2

At the end of May, researchers reported a new zero-day vulnerability in MSDT that can be exploited using Microsoft Office documents. The vulnerability, which dubbed Follina, later received the identifier CVE-2022-30190.

PC malware statistics for the Q1 2022 includes data on miners, ransomware, banking Trojans, and other threats to Windows, macOS and IoT devices.

The Verizon 2022 Data Breach Investigations Report is out, where Kaspersky collaborated as a contributor. The report provides interesting analysis of a full amount of global incident data.

Technical details and mitigations for CVE-2022-22965 vulnerability (Spring4Shell) that can help an attacker to execute arbitrary code on a remote web server.

Exploit for CVE-2022-0847 (Dirty Pipe) vulnerability in Linux kernel is available online. Kaspersky solutions detect and prevent exploitation attempts.

This report contains statistics and observations on vulnerabilities, phishing schemes and malware related to telehealth.

Check out the answers to some of users’ biggest security questions about the Log4Shell vulnerabilities (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105).

How to trick the machine-learning model in Anti-Spam designed to detect and quarantine suspicious e-mails, and how to detect such attacks.

Key statistics for 2021: miners, ransomware, trojan bankers and other financial malware, zero-day vulnerabilities and exploits, web attacks, threats for macOS and IoT.

The summary of the critical vulnerability CVE-2021-44228 in the Apache Log4j library, technical details and mitigations.

PC threat statistics for Q3 2021 contain data on miners, encrypting ransomware, financial malware, and threats to Windows, macOS and IoT.

We detected attacks with the use of an elevation of privilege exploit on multiple Microsoft Windows servers. Variants of the malware payload used along with the zero-day exploit were detected in widespread espionage campaigns. We are calling this cluster of activity MysterySnail.

Last week, Microsoft reported the RCE vulnerability CVE-2021-40444 in the MSHTML browser engine. Kaspersky is aware of targeted attacks using this vulnerability, and our products protect against attacks leveraging it.

Ferocious Kitten, TunnelSnake, PuzzleMaker and other threat actors, zero-day vulnerabilities, ransomware and banking Trojans – check out our review of Q2 2021.

PC threat statistics for Q2 2021 contain data on miners, encrypting ransomware, financial malware and threats to Windows, macOS and IoT.

Reports

In October 2022, we identified an active infection of government, agriculture and transportation organizations located in the Donetsk, Lugansk, and Crimea regions.

Roaming Mantis (a.k.a Shaoye) is a long-term cyberattack campaign that uses malicious Android package (APK) files to control infected Android devices and steal data. In 2022, we observed a DNS changer function implemented in its Android malware Wroba.o.

We continue to track the BlueNoroff group’s activities and this October we observed the adoption of new malware strains in its arsenal.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

Vulnerabilities and exploits

CVE-2022-30190 (Follina) vulnerability in MSDT: description and counteraction

IT threat evolution in Q1 2022. Non-mobile statistics

The Verizon 2022 DBIR

Spring4Shell (CVE-2022-22965): details and mitigations

CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel

Telehealth: a new frontier in medicine—and security

Answering Log4Shell-related questions

How and why do we attack our own Anti-Spam?

Kaspersky Security Bulletin 2021. Statistics

CVE-2021-44228 vulnerability in Apache Log4j library

IT threat evolution in Q3 2021. PC statistics

MysterySnail attacks with Windows zero-day

Exploitation of the CVE-2021-40444 vulnerability in MSHTML

IT threat evolution Q2 2021

IT threat evolution in Q2 2021. PC statistics

Reports

Bad magic: new APT found in the area of Russo-Ukrainian conflict

Roaming Mantis implements new DNS changer in its malicious mobile app in 2022

BlueNoroff introduces new methods bypassing MoTW

Ransomware and wiper signed with stolen certificates

Subscribe to our weekly e-mails