Vulnerabilities and exploits

Kaspersky solutions blocked 717,057,912 attacks launched from online resources in 203 countries across the globe, 217,843,293 unique URLs triggered Web Anti-Virus components.

When Sodin appeared in the first half of 2019, it immediately caught our attention for distributing itself through an Oracle Weblogic vulnerability and carrying out attacks on MSP providers.

In this article, we publish the results of our study of the Fibaro Home Center smart home. We identified vulnerabilities in Fibaro Home Center 2 and Fibaro Home Center Lite version 4.540, as well as vulnerabilities in the online API.

In Q1 2019, Kaspersky Lab solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 243,604 users and detected attacks using miners on the computers of 1,197,066 users.

Zebrocy and GreyEnergy, four zero-day vulnerabilities in Windows, attacks on cryptocurrency exchanges, a very old bug in WinRAR, attacks on smart devices and other events of the first quarter of 2019.

After publishing our initial series of blogposts back in 2016, we have continued to track the ScarCruft threat actor. ScarCruft is a Korean-speaking and allegedly state-sponsored threat actor that usually targets organizations and companies with links to the Korean peninsula.

In March 2019, our automatic Exploit Prevention (EP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys

Kaspersky Lab ICS CERT team publishes the findings of its research on the threat landscape for industrial automation systems conducted during the second half of 2018.

I have given a step-by-step guide on the analysis of embedded firmware, finding vulnerabilities and exploiting them to acquire a firmware dump and to carry out code execution on a USB device.

In February 2019, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in the Microsoft Windows operating system. Further analysis of this event led to us discovering a zero-day vulnerability in win32k.sys.

There are lots of home charger vendors. Some of them, such as ABB or GE, are well-known brands, but some smaller companies have to add ‘bells and whistles’ to their products to attract customers. One of the most obvious and popular options in this respect is remote control of the charging process. But from our point of view this sort of improvement can make chargers an easy target for a variety of attacks.

In October 2018, our AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe.

During the year, Kaspersky Lab solutions repelled 1 876 998 691 attacks launched from online resources located all over the world, 554 159 621 unique malicious objects were detected and 21 643 946 unique URLs were recognized as malicious by web antivirus components.

Asking the most intelligent people I know, and basing our scenario on APT attacks because they traditionally show the most innovation when it comes to breaking security, here are our main ‘predictions’ of what might happen in the next few months.

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589.