Threat Category: Vulnerabilities and exploits | Page 41

A lot of tools and services change hands – for money in the criminal underground . For example bot-packs are offered by the creator or his business partners for a defined amount of money. The customer gets a package with all needed files and additional support, like updates against anti-virus…

Vulnerabilities continue to be detected and successfully exploited in Adobe’s most popular products – Acrobat and Reader.

Some days ago we received an interesting PDF file (detected as Exploit.JS.Pdfka.bui) which contained an exploit for the CVE-2010-0188 vulnerability, which was…

News has spread pretty quickly about the latest IE 0-day exploit (https://docs.microsoft.com/en-us/security-updates/securityadvisories/2010/981374). Unfortunately, in trying to publicize the quality of his employer’s product in relation to this new exploit, according to Ryan Naraine

Today Microsoft released 2 bulletins addressing 8 vulnerabilities affecting Windows and Microsoft Office products.

Too many passwords?

The statistics used in this report are generated by the Kaspersky Security Network (KSN), a major innovation implemented in Kaspersky Lab personal products. The system is currently being adapted for implementation in Kaspersky Lab’s corporate product offerings.

Earlier today, Microsoft released the out-of-band (OOB) Microsoft Security Bulletin MS10-002 (rated “Critical”) to the public.

From the look of things Microsoft is starting off slow this year with only one of each in today’s release – one bulletin, one advisory and one re-released bulletin.

Last minute shopping – keep safe!

Piecing the search engine puzzle together in real time

Rogue AV raising the stakes

This month Microsoft released 6 bulletins to plug 12 vulnerabilities in Windows, Internet Explorer (IE) and Microsoft Office products.

Gumblar infection count

The link between high speed and cybercrime

Kaspersky Lab presents its monthly malware statistics for October. From this month onwards, the data used is gathered from all products which use the Kaspersky Security Network (KSN), i.e. products from both the 2009 and 2010 lines.

Reports

According to Kaspersky, Librarian Ghouls APT continues its series of attacks on Russian entities. A detailed analysis of a malicious campaign utilizing RAR archives and BAT scripts.

Kaspersky GReAT experts uncovered a new campaign by Lazarus APT that exploits vulnerabilities in South Korean software products and uses a watering hole approach.

MysterySnail RAT attributed to IronHusky APT group hasn’t been reported since 2021. Recently, Kaspersky GReAT detected new versions of this implant in government organizations in Mongolia and Russia.

Kaspersky researchers analyze GOFFEE’s campaign in H2 2024: the updated infection scheme, new PowerModul implant, switch to a binary Mythic agent.

Vulnerabilities and exploits

No honor among thieves – even in Germany

Adobe yet again

When too much is not enough too much

Patch Tuesday

Too many passwords?

Kaspersky Security Bulletin 2009. Statistics, 2009

Patch now: MS10-002

Patch Tuesday – Jan 2010

Last minute shopping – keep safe!

Where will real-time search take us?

Rogue AV raising the stakes

2009: the final Patch Tuesday

Gumblar infection count

The link between high speed and cybercrime

Monthly Malware Statistics: October 2009

Reports

Sleep with one eye open: how Librarian Ghouls steal data by night

Operation SyncHole: Lazarus APT goes back to the well

IronHusky updates the forgotten MysterySnail RAT to target Russia and Mongolia

GOFFEE continues to attack organizations in Russia

Subscribe to our weekly e-mails