Vulnerabilities and exploits

Not many weeks ago Google released a new revision of its flagship mobile operating system, Android 4.3. Although some say that this time updates have been quite scarce, from a security perspective there have been some undeniable improvements (among others, the “MasterKey” vulnerability has been finally patched). One of the most prominent is SELinux. Many

According to KSN data, Kaspersky Lab products detected and neutralized a total of 983 051 408 threats in the second quarter of 2013.

Today, Microsoft released a set of eight security Bulletins (MS13-059 through MS13-066) for a broad variety of vulnerable technologies and exploit categories. The critical vulnerabilities are not known to be exploited publicly at the time of Bulletin release. The more interesting Bulletins this month address RCE and EoP vulnerabilities in Internet Explorer, Windows components, and yet again

Around one year ago I posted about what were the most common web attacks in Spain and how the malware was spread. It is time for an update! We regularly collect data regarding infected web sites based in our detections on KSN. Apart from the general verdicts that I usually find in the top of

A snippet of code on the Central Tibetan Administration website redirects CN speaking visitors to a Java exploit that drops an APT-related backdoor. For some context, the site claims the administration itself as “…the Central Tibetan Administration (CTA) of His Holiness the Dalai Lama, this is the continuation of the government of independent Tibet.” The

Yesterday, Lavabit – a secure e-mail provider – announced that it’s closing down their operations. The official text and the Website looks like this: Lavabit was one of the very few secure e-mail service providers bringing security for its paid customers by encrypting all locally stored e-mail messages with an asymmetric key and AES-256. This means

As the binary is still being analyzed, in this article we will focus only on the delivery part. Even if the exploit is not a zero-day, it’s pretty interesting…

Last weeks have been quite busy with announcements of either master keys or Chinese master keysbeing unveiled, both qualifying as critical vulnerabilities for the Android platform. Although things have finally calmed a bit, we are still waiting for the final act in Las Vegas at Black Hat USA, where Jeff Forristal (the researcher who discovered one of the

While analyzing suspicious URLs I found out that more and more malicious URLs are coming from.lc domain, which formally belongs to Santa Lucia country located in in the eastern Caribbean Sea. Our statistics confirm this trend. Cybercriminals from different places of the world are actively using this domain, including cybercriminals from Brazil abusing free Web

According to surveys conducted in Europe and the United States, company employees spend up to 30% of their working hours on private affairs.

As promised in Microsoft’s July Advance Notification, Microsoft ships seven security bulletins this month (MS13-052 – MS13-058). At least 34 CVE are being patched. Six of the Security Bulletins are rated “critical” due to remote code execution issues. The vulnerabilities being fixed this month enable RCE across all versions of Windows operating systems, but most of these serious flaws have all been privately reported and there is no indication that they are publicly known or exploited yet. Some however, are publicly known and drew attention from a number of exploit developers. The kernel mode vulnerability, CVE-2013-3172 is publicly known, along with another kernel mode bug publicly disclosed by Tavis Ormandy in May. Unfortunately, an exploit abusing that vulnerability was touched up by another contributor and then already integrated into metasploit for public distribution and use. It’s also interesting that the update for the kernel mode TrueType Font Parsing CVE-2013-3129 bug effects code paths in seven different software packages (Office, Lync, Visual Studio, .NET, Silverlight, and “Windows components”) updated separately by Security Bulletins MS13-052, MS13-053, and MS13-054.

Over the last few years, we have been monitoring a cyber-espionage campaign that has successfully compromised more than 350 high profile victims in 40 countries. The main tool used by the threat actors during these attacks is NetTraveler, a malicious program used for covert computer surveillance

According to KSN data, Kaspersky Lab products detected and neutralized 1 345 570 352 threats in Q1 2013.

Microsoft released a long list of updates for Microsoft software today. The most interesting appear to be those patching Internet Explorer and the kernel software vulnerabilities. In all, ten critical “use-after-free” vulnerabilities are patched in IE along with one important Information Disclosure vulnerability, and three elevation of privilege vulnerabilities are being patched as well. Almost

The experience of many information security officers shows that only a small portion of security incidents take place as a result of meticulously planned and sophisticated targeted attacks, while most incidents are due to a lack of effective security and control measures.