Vulnerabilities and exploits

With the emergence of wearables, the convergence between the virtual and the physical world makes people feel more natural using technology all the time. Unfortunately, the emergence of new technologies also entails new security risks.

Now that the Internet of Things is all the rage, I wanted to take a look at a trend in IoT that I find particularly exciting and that’s wearable devices.

We spotted an interesting attack from Brazilian bad guys aiming to change the DNS settings of home routers by using a web-based attack, some social engineering, and malicious websites.

Anyone using the Internet is at risk, regardless of age and regardless of what they like to do online. Cybercriminals can deploy an impressive arsenal and use it to get access to our money, our personal data and the resources of our computer systems.

A typical modern home can have around five devices connected to the local network which aren’t computers, tablets or cellphones. As users in a connected digital environment we need to ask ourselves: ‘Are the devices connected to my network vulnerable? What could an attacker actually do if these devices were compromised? Is my home ‘hackable?’

The second Tuesday of the month is here along with Microsoft’s August security updates, and with it brings interesting updates of OneNote and Internet Explorer.

Today Adobe released the security bulletin APSB14-19, crediting Kaspersky Lab for reporting CVE-2014-0546.

Over the last 10 months, we have analyzed a massive cyber-espionage operation which we call “Epic Turla”. The attackers have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies. We observed exploits against older (patched) vulnerabilities, social engineering techniques and watering hole strategies.

At Kaspersky Lab we regularly conduct threat studies dedicated to a particular type of cyber threat. This summer we decided to look closely at what versions of Windows Operating System are most popular among our users and also at what kind of vulnerabilities are used in cyber-attacks involving exploits.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010.

Looking past the 23 Critical Internet Explorer remote code execution vulnerabilities being patched this month by MS14-037 that require immediate attention, most interesting is CVE-2014-2783, the Internet Explorer “Extended Validation (EV) Certificate Security Feature Bypass Vulnerability”. The vulnerability itself, reported by Eric Lawrence of “Fiddler” fame, is applicable in a “corner case” situation and can

Cybercriminals around the world have already started to point their guns and attacks at the new gTLDs, the ‘generic Top Level Domains’ approved by ICANN and offered by registrars to people interested in buying a new domain name. Recently we found malicious activities including malware and phishing pages registered in the top level domains .club,

Dubai today has become a global city and a business hub, same is going for threats and malware attacks, UAE is the most attacked country in the Middle East.

Cybercriminals are very actively targeting web sites which are not well-managed, so as to abuse them for their malicious activities. Damage to web sites in Japan has increased since last year, which is alarming to Japanese Internet users. Kaspersky Labs Japan has observed more than 2,800 compromised web sites between January and March 2014. WordPress