Vulnerabilities and exploits

When we’re traveling we tend to bring lots of smart devices with us. It’s great to be able to share a beautiful photo, let people know where you are or put your latest news on Twitter or Facebook. It’s also a good way to find info about restaurants, hotels and transport connections. But to do

Microsoft fixes a smaller set of software product code this month for “Critical” vulnerabilities, and a handful for “Important” fixes with MS014-030 through MS014-036. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a very long

The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such a large vendor on this issue! The story goes like this. The week of the

In mid-April we detected two new SWF exploits. After some detailed analysis it was clear they didn’t use any of the vulnerabilities that we already knew about. We sent the exploits off to Adobe and a few days later got confirmation that they did indeed use a 0-day vulnerability that was later labeled as CVE-2014-0515. The

According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

This month’s Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched. CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest’s Pwn2Own. (It looks like these CVEs were initially assigned CVE-2014-0511 and CVE-2014-0510.) CVE-2014-0508 deals with information leakage, while

Absolutely all of the latest versions of Microsoft Word and some versions of Internet Explorer maintain critical vulnerabilities enabling remote code execution. Today, Microsoft releases two critical patches to close multiple vulnerabilities with each. Two important updates are released to address a batch file handling issue and another RCE hole in Microsoft Publisher. All of

Support for Windows XP is ending: after today there will be no new security updates, non-security hotfixes, free or paid assisted support options or online technical content updates.

No doubt it’s been a crazy week for anyone even remotely interested in Bitcoin. Mt. Gox, once the largest Bitcoin marketplace out there, has shut down, putting a bitter end to an almost month-long situation in which all withdrawals were halted because of technical issues. Mt. Gox BTC price evolution in February 2014, source: Clark Moody As

The tales spun by Nigerian scammers often amaze with their ability to exploit and adapt the same type of scam to a whole variety of situations. Most of these situations are tragic, either related to someone’s death or political turmoil. That’s why an attempt to give away one’s money (or huge part of it) as

In response to numerous requests for comments and clarifications after our presentation at the Kaspersky Security Analyst Summit 2014, we have created this FAQ.

This report is a return to the problem of security mechanisms implemented in modern anti-theft technologies that reside in firmware and PC BIOS of commonly used laptops and some desktop computers.

The Mask is an advanced threat actor that has been involved in cyber-espionage operations since at least 2007. What makes The Mask special is the complexity of the toolset used by the attackers. This includes an extremely sophisticated piece of malware, a rootkit, a bootkit, Mac OS X and Linux versions and possibly versions for Android and iPad/iPhone (iOS).

A short while ago, we came across a set of similar SWF exploits and were unable to determine which vulnerability they exploited. We reported this to Adobe and it turned out that these ITW exploits targeted a 0-day vulnerability. Today, Adobe released a patch for the vulnerability. This post provides a technical analysis of the exploits and

Early this year, we received a malicious Java application for analysis, which turned out to be a multi-platform bot capable of running on Windows, Mac OS and Linux. The bot was written entirely in Java. The attackers used vulnerability CVE-2013-2465 to infect users with the malware. Initializing and decrypting strings To make analyzing and detecting