Vulnerabilities and exploits

Over the last 10 months, we have analyzed a massive cyber-espionage operation which we call “Epic Turla”. The attackers have infected several hundred computers in more than 45 countries, including government institutions, embassies, military, education, research and pharmaceutical companies. We observed exploits against older (patched) vulnerabilities, social engineering techniques and watering hole strategies.

At Kaspersky Lab we regularly conduct threat studies dedicated to a particular type of cyber threat. This summer we decided to look closely at what versions of Windows Operating System are most popular among our users and also at what kind of vulnerabilities are used in cyber-attacks involving exploits.

Kaspersky Lab products detected and neutralized a total of 995,534,410 threats in the second quarter of 2014. 927,568 computers running Kaspersky Lab products were attacked by banking malware. 65,118 new malicious mobile programs were detected. 2033 mobile banking Trojans were detected in this period, 1.7 times more than last quarter.

Energetic Bear/Crouching Yeti is an actor involved in several advanced persistent threat (APT) campaigns that has been active going back to at least the end of 2010.

Looking past the 23 Critical Internet Explorer remote code execution vulnerabilities being patched this month by MS14-037 that require immediate attention, most interesting is CVE-2014-2783, the Internet Explorer “Extended Validation (EV) Certificate Security Feature Bypass Vulnerability”. The vulnerability itself, reported by Eric Lawrence of “Fiddler” fame, is applicable in a “corner case” situation and can

Cybercriminals around the world have already started to point their guns and attacks at the new gTLDs, the ‘generic Top Level Domains’ approved by ICANN and offered by registrars to people interested in buying a new domain name. Recently we found malicious activities including malware and phishing pages registered in the top level domains .club,

Dubai today has become a global city and a business hub, same is going for threats and malware attacks, UAE is the most attacked country in the Middle East.

Cybercriminals are very actively targeting web sites which are not well-managed, so as to abuse them for their malicious activities. Damage to web sites in Japan has increased since last year, which is alarming to Japanese Internet users. Kaspersky Labs Japan has observed more than 2,800 compromised web sites between January and March 2014. WordPress

When we’re traveling we tend to bring lots of smart devices with us. It’s great to be able to share a beautiful photo, let people know where you are or put your latest news on Twitter or Facebook. It’s also a good way to find info about restaurants, hotels and transport connections. But to do

Microsoft fixes a smaller set of software product code this month for “Critical” vulnerabilities, and a handful for “Important” fixes with MS014-030 through MS014-036. But whoa, almost 60 remote code execution flaws exist in the six versions of Internet Explorer and the Microsoft components that render fonts on your system! Not only is that a very long

The patch is up! Microsoft is pushing out an Out of Band (OOB) security update MS14-021 to address the recently disclosed Internet Explorer 0day exploit incidents involving a known, high end threat actor. Cheers to a quick response from such a large vendor on this issue! The story goes like this. The week of the

In mid-April we detected two new SWF exploits. After some detailed analysis it was clear they didn’t use any of the vulnerabilities that we already knew about. We sent the exploits off to Adobe and a few days later got confirmation that they did indeed use a 0-day vulnerability that was later labeled as CVE-2014-0515. The

According to KSN data, Kaspersky Lab products blocked a total of 1131000866 malicious attacks on computers and mobile devices in the first quarter of 2014.

This month’s Adobe Patch Tuesday revolves around Flash. This means the zero-days used by VUPEN to exploit Adobe Reader at CanSecWest last month go unpatched. CVE-2014-0506 and CVE-2014-0507 deal with remote code execution and were both used separately at CanSecWest’s Pwn2Own. (It looks like these CVEs were initially assigned CVE-2014-0511 and CVE-2014-0510.) CVE-2014-0508 deals with information leakage, while

Absolutely all of the latest versions of Microsoft Word and some versions of Internet Explorer maintain critical vulnerabilities enabling remote code execution. Today, Microsoft releases two critical patches to close multiple vulnerabilities with each. Two important updates are released to address a batch file handling issue and another RCE hole in Microsoft Publisher. All of