IT threat evolution in Q1 2015
Q1 in figures According to KSN data, Kaspersky Lab products detected and neutralized a total of 2,205,858,791 malicious attacks on computers and mobile devices in the first quarter of 2015. Kaspersky Lab solutions repelled 469,220,213 attacks launched from online resources located all over the world. Kaspersky Lab’s web antivirus detected 28,483,783 unique malicious objects: scripts, […] more…NewPosThings Has New PoS Things
Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher. The 64-bit version is out Similar to the previous 32-bit version reported last year, the 64-bit sample is […] more…Deploying a Smart Sandbox for Unknown Threats and Zero-Day Attacks
Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, […] more…AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported […] more…CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit […] more…Website Malware Removal: Phishing
As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into […] more…Root Cause Analysis of CVE-2014-1772 – An Internet Explorer Use After Free Vulnerability
We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It’s rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability – CVE-2014-1772. We’d […] more…Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a SQL Injection (SQLi). Some might know what a SQL Injection (SQLi) attack looks like, but assuming you don’t, it’s an attack that leverages an injection […] more…Phishing with help from Compromised WordPress Sites
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the […] more…Trend Micro Uncovers 14 Critical Vulnerabilities in 2014 So Far
Exploits are frequently used in targeted attacks to stealthily infect systems. These exploits do not have to target newly discovered or zero-day vulnerabilities; for example, CVE-2013-2551 (a vulnerability in Internet Explorer) is still being targeted in 2014. However, zero-day exploits are still a serious threat as these can catch all parties off-guard, including security vendors. Zero-days take advantage […] more…"El Machete"
Introduction Some time ago, a Kaspersky Lab customer in Latin America contacted us to say he had visited China and suspected his machine was infected with an unknown, undetected malware. While assisting the customer, we found a very interesting file in the system that is completely unrelated to China and contained no Chinese coding traces. […] more…Mitigating UAF Exploits with Delay Free for Internet Explorer
After introducing the “isolated heap” in June security patch for Internet Explorer, Microsoft has once again introduced several improvements in the July patch for Internet Explorer. The most interesting and smart improvement is one which we will call “delay free.” This improvement is designed to mitigate Use After Free (UAF) vulnerability exploits by making sure Internet […] more…Website Malware – Mobile Redirect to BaDoink Porn App
A few weeks ago we reported that we were seeing a huge increase in the number of web sites compromised with a hidden redirection to pornographic content. It was a very tricky injection, with the redirection happening only once per day per IP address and only if the visitor was using a mobile device (IPhone, […] more…Cloud Services: Holes in Corporate Network Security
The most popular uses of cloud services include: storing image scans of passports and other personal documents; synchronization of password, contact list, and email/message databases; creating sites; storing versions of source codes, etc. When cloud-based data storage service Dropbox announced a patched vulnerability in its link generator, it once again sparked online discussions about how […] more…Finding evil in Flash files
Adobe Flash is present on nearly every PC, thus, malware authors have been increasingly targeting it over the last years, following the principle of return on investment, i.e. they will focus on popular technologies to exploit as that will eventually mean a larger base of compromised machines. The rich ActionScript features that are available in […] more…Layer 7 DDOS – Blocking HTTP Flood Attacks
There are many types of Distributed Denial of Service (DDOS) attacks that can affect and bring down a website, and they vary in complexity and size. The most well known attacks are the good old syn-flood, followed by the Layer 3/4 UDP and DNS amplification attacks. Today though, we’re going to spend a little time […] more…More information
- Cyber protection developed for supply chains
- World Economic Forum Global Risks Report Highlights Dangers of Digital innovation
- Organization Service Maintenance – 05/05/18
- Dark web drug sellers shutter location-tracking EXIF data from photos
- Macro Malware Dridex, Locky Using Forms to Hide Code
- A new D-Link Wi-Fi camera drops at CES 2015
- Microsoft Windows TCP/IP Protocol CVE-2014-1811 Remote Denial of Service Vulnerability
- React Native Aria Packages Backdoored in Supply Chain Attack
- GPLv3 driver for exFAT reaches version 1.0
- Cerber Ransomware Morphing Every 15 Seconds