Pawn Storm Update: iOS Espionage App Found
In our continued research on Operation Pawn Storm, we found one interesting poisoned pawn—spyware specifically designed for espionage on iOS devices. While spyware targeting Apple users is highly notable by itself, this particular spyware is also involved in a targeted attack. Background of Operation Pawn Storm Operation Pawn Storm is an active economic and political cyber-espionage […] more…The Syrian malware part 2: Who is The Joe?
Introduction Kaspersky Lab would like to alert users in the Middle East for new malware attacks being delivered through Syrian news and social networking forums. Malware writers are using multiple techniques to deliver their files and entice the victims to run them, creating an effective infection vector. Mainly depending on social engineering, the attackers exploit […] more…An analysis of Regin’s Hopscotch and Legspin
With high profile threats like Regin, mistakes are incredibly rare. However, when it comes to humans writing code, some mistakes are inevitable. Among the most interesting things we observed in the Regin malware operation were the forgotten codenames for some of its modules. These are: Hopscotch Legspin Willischeck U_STARBUCKS We decided to analyze two of […] more…North Korean News Agency Website Serves File Infector
We were recently alerted to reports claiming that the website North Korea’s official news service, www.kcna.kp, had been delivering malware via embedded malicious code. One of the photo spreads on the website was found to contain malware that launched a watering hole attack on individuals who came to visit the website and its other pages. […] more…AdSense Abused with Malvertising Campaign
Last weekend we noticed a large number of requests to scan websites for malware because they randomly redirected to some “magazine” websites. Most of them mentioned the lemode-mgz .com site. In all cases, the symptoms were the same. Some users randomly got redirected when they clicked on links or loaded new pages. They all reported […] more…MBR Wiper Attacks Strike Korean Power Plant
In recent weeks, a major Korean electric utility has been affected by destructive malware, which was designed to wipe the master boot records (MBRs) of affected systems. It is believed that this MBR wiper arrived at the target systems in part via a vulnerability in the Hangul Word Processor (HWP), a commonly used application in South […] more…Escaping the Internet Explorer Sandbox: Analyzing CVE-2014-6349
Applications that have been frequently targeted by exploits frequently add sandboxes to their features in order to harden their defenses against these attacks. To carry out a successful exploit, an attacker will have to breach these sandboxes to run malicious code. As a result, researchers will pay particular attention to exploits that are able to […] more…CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game
Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.” Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit […] more…Five security developments we can be thankful for in 2014
It’s not often that we take a moment to think about what we in security are grateful for. And as we approach the time of year when all the security gurus bring out their crystal balls and prognosticate what the Big Bad of the coming year will be, I would like to take a moment […] more…‘Less’ means more to malware authors targeting Linux users
Using the “less” Linux command to view the contents of files downloaded from the Internet is a dangerous operation that can lead to remote code execution, according to a security researcher. At first glance, less appears to be a harmless command that outputs a file’s content to a terminal window and allows the users to […] more…Regin: Nation-state ownage of GSM networks
Motto: “Beware of Regin, the master! His heart is poisoned. He would be thy bane…“ “The Story of Siegfried” by James Baldwin Introduction, history Download our full Regin paper (PDF). In the spring of 2012, following a Kaspersky Lab presentation on the unusual facts surrounding the Duqu malware, a security researcher contacted us and mentioned […] more…ROVNIX Infects Systems with Password-Protected Macros
We recently found that the malware family ROVNIX is capable of being distributed via macro downloader. This malware technique was previously seen in the DRIDEX malware, which was notable for using the same routines. DRIDEX is also known as the successor of the banking malware CRIDEX. Though a fairly old method for infection, cybercriminals realized that using malicious macros work […] more…A Killer Combo: Critical Vulnerability and ‘Godmode’ Exploitation on CVE-2014-6332
Microsoft released 16 security updates during its Patch Tuesday release for November 2014, among which includes CVE-2014-6332, or the Windows OLE Automation Array Remote Code Execution Vulnerability (covered in MS14-066). We would like to bring attention to this particular vulnerability for the following reasons: It impacts almost all Microsoft Windows platforms from Windows 95 onward. A stable […] more…Firefox boosts privacy with history-wiping ‘Forget’ button, DuckDuckGo search support
Feeling ashamed of your latest Kim Kardashian news binge? The latest version of Firefox can easily forget all about it. Firefox version 33.1 adds a new button called “Forget,” which lets users wipe only their most recent browsing history and cookies. Users can choose to forget the last 5 minutes, 2 hours or 24 hours […] more…Security Holes in Corporate Networks: Network Vulnerabilities
In our previous blogpost, we told you about the types of attacks that a cybercriminal can undertake while working with a regular user account without local administrator privileges. In particular, we presented an example of how the simplified inheritance of privileges within the context of domain authorization (Single-Sign-On) enables cybercriminals to gain access to various […] more…BE2 Custom Plugins, Router Abuse, and Target Profiles
The BlackEnergy malware is crimeware turned APT tool and is used in significant geopolitical operations lightly documented over the past year. An even more interesting part of the BlackEnergy story is the relatively unknown custom plugin capabilities to attack ARM and MIPS platforms, scripts for Cisco network devices, destructive plugins, a certificate stealer and more. […] more…More information
- Twitter trolls hijack Epilepsy Foundation hashtags with strobing images
- VMware sandbox escape bugs are so critical, patches are released for end-of-life products
- Facebook, under siege, slams European privacy regulators
- Panasonic In-Flight Entertainment Systems Can Be Hacked: Researcher
- Hacked Is The New Black For Retailers. Here’s What You Need To Know
- How To Plan For Security Incident Response
- Denials don’t fix Facebook security flaw on iOS, Android
- Teamviewer CVE-2019-18251 Remote Security Vulnerability
- China calls for cooperation rather than war in cyberspace
- Twitter bans Kaspersky Lab from buying ads