Threat Category: Vulnerabilities and exploits | Page 40

The vulnerability in the Windows Help and Support Center (CVE-2010-1885) has been a constant irritation to antivirus experts for the third week in succession. I will try to provide an analysis of the problem with the help of KSN

Google’s full disclosure of the Microsoft Windows Help and Support Center zero-day vulnerability, which is present in Windows XP and Windows 2003 – CVE 2010-1885.

As part of our general information sharing activity, we have launched a series of webcasts on YouTube.

Unreal IRCd Server source code discovered with backdoor.

When everyone is trying to secure their webservers, malware use client side vulnerabilities such as the recent vulnerability in some of Adobes software such as Acrobat Reader and Flash to spread malicious software.

A few thoughts about why replacing Windows with MacOS and Linux is not really the solution.

This report was compiled on the basis of data obtained and processed using the Kaspersky Security Network (KSN). KSN is one of the most important innovations in personal products and is currently in the final stages of development.

Is Google sniffing your WiFi network? Few hints on how to secure your wireless network.

Every day that goes by, I see more and more people complaining when it comes to Facebook and privacy.

This month Microsoft didn’t release a bulletin for the known vulnerability in SharePoint Server. What Microsoft did release today are two bulletins resolving critical vulnerabilities – one for Windows and one in Office.

Update about Gumblar recent stats and new fact discovered – Gumblar developers decided to block Japanese IPs!

Heloag was believed to be a Peer-to-Peer bot by some, but it is not (as static analysis revealed)!

Not only did Microsoft release their bulletins, but Adobe also released critical updates for Adobe Reader and Acrobat 9.3.1 for Windows, Mac and Unix along with updates for Reader and Acrobat 8.2.1.

New Brazilian crypto technique used for the server side malware obfuscation in order to prevent an automated malware analysis.

A lot of tools and services change hands – for money in the criminal underground . For example bot-packs are offered by the creator or his business partners for a defined amount of money. The customer gets a package with all needed files and additional support, like updates against anti-virus…

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Vulnerabilities and exploits

The figures behind the headache

What’s Google up to?

Lab Matters

Unreal Backdoored IRC Server

Importance of client-side security

Google abandoning Windows for Linux and MacOS

Information Security Threats in the First Quarter of 2010

Google Sniffing Beta ™

Facebook and the never ending talks about privacy

May’s Patch Tuesday

Gumblar: Farewell Japan

Heloag has rather no friends, just a master

April Patch Tuesday: Adobe and Microsoft

Brazil: new crypto challenge

No honor among thieves – even in Germany

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails