CTB-Locker is back: the web server edition
Cryptolockers have become more and more sophisticated, bypassing system protections and terrifying anyone in their path. TeslaCrypt, CryptoWall, TorrentLocker, Locky and CTB-Locker are only some of the malware we have protected from for the past two years. We have seen many shapes and colors of cryptolockers, but the new CTB-Locker variant says it all. The […] more…Kaspersky Security Bulletin. Spam and phishing in 2015
Download PDF The year in figures According to Kaspersky Lab, in 2015 The proportion of spam in email flows was 55.28%, which is 11.48 percentage points lower than in 2014. 79% of spam emails were no more than 2 KB in size. 15.2% of spam was sent from the US. 146,692,256 instances that triggered the […] more…Windows 10 Sharpens Browser Security With Microsoft Edge
Internet Explorer is possibly the most popular target for vulnerabilities around today. In 2014 alone, a total of 243 vulnerabilities in Internet Explorer were disclosed and patched. Every Microsoft Patch Tuesday cycle contains one bulletin that covers multiple IE vulnerabilities – the monthly “Cumulative Security Update for Internet Explorer”, as it is called by Microsoft. […] more…Hacking Team RCSAndroid Spying Tool Listens to Calls; Roots Devices to Get In
Following news that iOS devices are at risk of spyware related to the Hacking Team, the saga continues into the Android sphere. We found that among the leaked files is the code for Hacking Team’s open-source malware suite RCSAndroid (Remote Control System Android), which was sold by the company as a tool for monitoring targets. […] more…How to mitigate 85% of threats with only four strategies
The Australian Signals Directorate Top35 list of mitigation strategies shows us that at least 85% of intrusions could have been mitigated by following the top four mitigation strategies together. These are: application whitelisting, updating applications, updating operating systems and restricting administrative privileges. Kaspersky Lab has technological solutions to cover the first three of these (i.e. […] more…IT threat evolution in Q1 2015
Q1 in figures According to KSN data, Kaspersky Lab products detected and neutralized a total of 2,205,858,791 malicious attacks on computers and mobile devices in the first quarter of 2015. Kaspersky Lab solutions repelled 469,220,213 attacks launched from online resources located all over the world. Kaspersky Lab’s web antivirus detected 28,483,783 unique malicious objects: scripts, […] more…NewPosThings Has New PoS Things
Arbor Networks initially posted about a new point-of-sale (PoS) malware family named NewPosThings last September, which we detect as either TSPY_POSNEWT.SM or TSPY_POSNEWT.A. We are now seeing new developments in this area—namely, versions for 64-bit and higher. The 64-bit version is out Similar to the previous 32-bit version reported last year, the 64-bit sample is […] more…Deploying a Smart Sandbox for Unknown Threats and Zero-Day Attacks
Zero-day exploits pose some of the most serious risks to users everywhere. The absence of a patch means that it is up to users (and whatever security products they use) to protect against these attacks. One of the tools that can be used in mitigating these attacks is advanced network detection solutions like Trend Micro Deep Discovery, […] more…AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported […] more…CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit […] more…Website Malware Removal: Phishing
As we continue on our Malware Removal series we turn our attention to the increasing threat of Phishing infections. Just like a fisherman casts and reels with his fishing rod, a “phisher-man” will try their luck baiting users with fake pages, often in the form of login pages. These copied website pages are cast into […] more…Root Cause Analysis of CVE-2014-1772 – An Internet Explorer Use After Free Vulnerability
We see many kinds of vulnerabilities on a regular basis. These range from user-after-free (UAF) vulnerabilities, to type confusion, to buffer overflows, to cross-site scripting (XSS) attacks. It’s rather interesting to understand the root cause of each of these vulnerability types, so we looked at the root cause of an Internet Explorer vulnerability – CVE-2014-1772. We’d […] more…Website Attacks – SQL Injection And The Threat They Present
We are starting a new series of articles where we will talk about different active website attacks we are seeing. The first one we will cover is known as a SQL Injection (SQLi). Some might know what a SQL Injection (SQLi) attack looks like, but assuming you don’t, it’s an attack that leverages an injection […] more…Phishing with help from Compromised WordPress Sites
We get thousands of spam and phishing emails daily. We use good spam filters (along with Gmail) and that greatly reduces the noise in our inbox. Today though, one slipped through the crack and showed up in my personal inbox: As I went to mark the email as Spam, I decided to hover over the […] more…Trend Micro Uncovers 14 Critical Vulnerabilities in 2014 So Far
Exploits are frequently used in targeted attacks to stealthily infect systems. These exploits do not have to target newly discovered or zero-day vulnerabilities; for example, CVE-2013-2551 (a vulnerability in Internet Explorer) is still being targeted in 2014. However, zero-day exploits are still a serious threat as these can catch all parties off-guard, including security vendors. Zero-days take advantage […] more…"El Machete"
Introduction Some time ago, a Kaspersky Lab customer in Latin America contacted us to say he had visited China and suspected his machine was infected with an unknown, undetected malware. While assisting the customer, we found a very interesting file in the system that is completely unrelated to China and contained no Chinese coding traces. […] more…More information
- Iranian APT Targets Android Users With New Variants of DCHSpy Spyware
- Facebook Offers Rewards for Access Token Exposure Flaws
- Anatomy of a password disaster – Adobe’s giant-sized cryptographic blunder
- Bitfloor founder claims pilfered currency has not been touched
- Users Need to Consent to Online Tracking Cookies: EU Court
- UN hacked via unpatched SharePoint server
- 10 tips for implementing IPS securely
- TXOne Networks Scores $51M Series B Extension
- US files suit against Snowden to keep book profits out of his hands
- Focusing on user habits key to preventing email phishing, according to research