Vulnerabilities and exploits

While researching PlugX propagation with the use of Java exploits we stumbled upon one compromised site that hosted and pushed a malicious Java applet exploiting the CVE 2013-0422 vulnerability. The very malicious Java application was detected heuristically with generic verdict for that vulnerability and it would have been hardly possible to spot that particular site

A new-ish Flash exploit is on the loose for attack around the web. This time, the attackers have compromised a caregiver site providing support for Tibetan refugee children and are spreading malware signed with Winnti stolen certificates with Flash exploits.

Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other Bulletins rated “Important”. It appears that the two critical Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer. For the Windows workstation environments, all versions of Internet Explorer need to be patched asap,

Microsoft released two Bulletins this month patching 3 critical vulnerabilities. Along with these immediate issues, they released five other rated “Important”. It appears that the two Bulletins address use-after-free vulnerabilities that can all be attacked through Internet Explorer.

On March 4th we spotted a large number of unusual emails being blocked by our Linux Mail Security product.

Microsoft releases nine March Security Bulletins. Four of the Bulletins are rated critical, but of the 20 vulnerabilities being patched, 12 are rated critical and enable remote code execution and elevation of privilege. Microsoft software being patched with critical priority include Internet Explorer, Silverlight, Visio Viewer, and SharePoint. So, pretty much every consumer running Windows, and lots of Microsoft shops, should be diligently patching systems today.

Together with our partner CrySyS Lab, we’ve discovered two new, previously-unknown infection mechanisms for Miniduke. These new infection vectors rely on Java and IE vulnerabilities to infect the victim’s PC. While inspecting one of the C&C servers of Miniduke, we have found files that were not related to the C&C code, but seemed to be

This is the topic that cybercriminals are speculating about and using as a hook to infect victims. The campaign is based on the Blackhole v2.0

New Adobe PDFs exploiting CVE-2013-0640 drop sophisticated malware known as “MiniDuke”.

We’ve recently experienced yet another case of a root certificate authority (CA from now on) losing control of its own certificates. And yet again, we have been waiting for either the CA or the browser to do something about it. This whole mess stems, once again, from both a governance and a technical problem. First,

Today’s February Microsoft Security Bulletin release patches a long list of vulnerabilities. However, only a subset of these vulnerabilities are critical. Four of them effect client side software and one effect server side – Internet Explorer, DirectShow media processing components (using web browsers or Office software as a vector of delivery), OLE automation components (APT

Adobe Flash Player CVE-2013-0633 is a critical vulnerability that was discovered and reported to Adobe by Kaspersky Lab researchers Sergey Golovanov and Alexander Polyakov. The exploits for CVE-2013-0633 have been observed while monitoring the so-called -legal- surveillance malware created by the Italian company HackingTeam. In this blog, we will describe some of the attacks and the usage of this 0-day to deploy malware from -HackingTeam- marketed as Remote Control System.

This report is based on information about vulnerable programs found on the computers of our customers. The purpose of this research is to understand how users react to vulnerable programs and analyze the potential dangers of vulnerable software.

Earlier this week, we published our report on “Red October”, a high-level cyber-espionage campaign that during the past five years has successfully infiltrated computer networks at diplomatic, governmental and scientific research organizations. In part one, we covered the most important parts of the campaign: the anatomy of the attack, a timeline of the attacker’s operation,

Since the publication of our report, our colleagues from Seculert have discovered and posted a blog about the usage of another delivery vector in the Red October attacks (http://blog.seculert.com/2013/01/operation-red-october-java-angle.html).
In addition to Office documents (CVE-2009-3129, CVE-2010-3333, CVE-2012-0158), it appears that the attackers also infiltrated victim network(s) via Java exploitation (35f1572eb7759cb7a66ca459c093e8a1 – NewsFinder.jar), known as the Rhino exploit (CVE-2011-3544).