Threat Category: Vulnerabilities and exploits | Page 31

Kaspersky Lab security researcher Tim Armstrong looks at the security posture of the Android platform and discusses current and future threats to Android-powered devices.

Over the past few weeks, we have been busy researching the Command and Control infrastructure used by Duqu

Kaspersky Lab malware analyst Dmitry Besthuzhev looks at cybercrime in Latin America and makes a prediction regarding state-sponsored cyber-attacks in the region.

Not so long ago we wrote about cybercriminals using infected computers to generate virtual money via Bitcoin

A look at the top five database breaches and the technologies that may have helped limit the damage.

A simple message on a Google forum in August sparked an investigation which would eventually bring down the DigiNotar certificate authority.

Once the driver is loaded, it decrypts a small block that contains its registry key and the name of the registry value to be read from that key. It also contains the name of the driver object to create

In this edition of Lab Matters, Ryan Naraine interviews Kaspersky Lab CTO Nikolay Nikolay Grebennikov about malicious threats on mobile devices. Grebennikov talks about the taxonomy of threats and explains Kaspersky Lab’s vision for protecting data on smart phones.

New information suggests Duqu was used to spy on Iran’s nuclear program.

Dutch Certificate Authority KPN/Getronics has announced the suspension of the issuance of digital certificates.

In April, the .co.cc and .cz.cc sub-domains were absolutely littered with malware distributing web sites, and the unusually telling DNS registration setup on .co.cc and .cz.cc had forecast the previously upcoming Apple FakeAv.

First things first, I have to point out a mistake in the previous text. When analyzing the fourth incident in Iran, we stated that there were two network attacks on a victim machine from the IP address 63.87.255.149. It could have been an exclusive version of Duqu, but it turned out to be a big mistake.

Tim Armstrong looks at the timeline of the Sony breach and pieces together the relevant details at each point in time. He discusses the known facts of the case and the potential future fallout.

Here’s the latest of our malware calendar wallpapers.

Our investigation and research of Duqu malware continues.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Vulnerabilities and exploits

Lab Matters – Analyzing the Android security ecosystem

The Mystery of Duqu: Part Six (The Command and Control servers)

Lab Matters – Cyber crime and cyber war in Latin America

Money from the cloud

Lab Matters – DLP – Can it help limit the damage?

IT Threat Evolution: Q3 2011

The Mystery of Duqu: Part Five

Lab Matters – Detecting Malware Attacks on Smartphones

Duqu First Spotted as ‘Stars’ Malware in Iran

Dutch CA suspends issuance of digital certificates

Is .info the new .cc?

The Mystery of Duqu: Part Three

Lab Matters – Inside the Sony Hack

Malware Calendar Wallpaper for November 2011

The Mystery of Duqu: Part Two

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails