A vulnerability impacting multiple ESET products has been exploited by an APT group to load malicious DLL libraries and silently deploy malware, Kaspersky reports.
The issue, tracked as CVE-2024-11859, is described as a DLL search order hijacking flaw that could be exploited by attackers with administrative privileges for arbitrary code execution.
Russian cybersecurity firm, Kaspersky Lab, has told workers in its U.S.-based division that they are being laid off this week and that it is closing its U.S. business, according to several sources. The sudden move comes after the U.S. Commerce Department announced last month that it was banning the sale of Kaspersky software in the U.S. beginning July 20. The company has been selling its software here since 2005.
Kaspersky discovered a new APT CloudSorcerer targeting Russian government entities and using cloud services as C2, just like the CloudWizard actor.
U.S. officials imposed the “first of its kind” ban arguing that Kaspersky threatens U.S. national security because of its links to Russia.
For more than six years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. These summaries are based on our threat intelligence research. They provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports. They are designed to highlight the significant events and findings that we feel people should be aware of.
Breaches in Russia’s digital defences show the West is not alone in its vulnerability to hackers
"Operation Triangulation" stole mic recordings, photos, geolocation, and more.
Hi all, Today we have very big and important news. Kaspersky experts have discovered an extremely complex, professionally targeted cyberattack that uses Apple’s mobile devices. The purpose of this attack is the inconspicuous introduction of spyware into the iPhones of employees of the company – both top and middle-management. The attack is carried out using
Fake hardware cryptowallet, and how bitcoins were stolen from it.
in February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and medium-sized businesses in the Middle East, in North America, and previously in Asia regions. These exploits were very similar to already known Common Log File System (CLFS) driver exploits that we analyzed previously, but we decided to double check and it was worth it – one of the exploits turned out to be a zero-day, supporting different versions and builds of Windows, including Windows 11. The exploit was highly obfuscated with more than 80% of the its code being “junk” elegantly compiled into the binary, but we quickly fully reverse-engineered it and reported our findings to Microsoft. Microsoft assigned CVE-2023-28252 to the Common Log File System elevation-of-privilege vulnerability, and a patch was released on April 11, 2023, as part of April Patch Tuesday.
What cyberthreats target young gamers? An overview of the most well-spread child threats in virtual gaming worlds.
Attackers are distributing malware disguised as a ChatGPT desktop client for Windows offering “precreated accounts”
Kaspersky researchers detected OnionPoison campaign: malicious Tor Browser installer spreading through a popular YouTube channel and targeting Chinese users.
Against the backdrop of the conflict between Russia and Ukraine, the number of DDoS attacks in Q1 2022 increased by 4.5 times against Q1 2021. A significant proportion of them were by hacktivists.
Dans un exercice d'équilibriste, l'Anssi a demandé aux entreprises de s'interroger sur l'utilisation des solutions de l'éditeur Kaspersky du fait des liens avec la Russie. Elle prône à moyen terme une diversification des outils de sécurité.
Les tensions internationales actuelles causées par l’invasion de l’Ukraine par la Russie s’accompagnent d’effets dans le cyberespace. Si les combats en Ukraine sont principalement conventionnels, l’ANSSI constate l’usage de cyberattaques dans le cadre du conflit. Dans un espace numérique sans frontières, ces cyberattaques peuvent affecter des entités françaises et il convient sans céder à la panique de l’anticiper et de s’y préparer. Aussi, afin de réduire au maximum la probabilité de tels événements et d’en limiter les effets, l’ANSSI partage des bonnes pratiques de sécurité ainsi que des éléments sur la menace et invite l’ensemble des acteurs à s’en saisir. A cette fin, ce bulletin centralise et diffuse les éléments d’intérêt cyber en lien avec le contexte actuel pour favoriser le renforcement du niveau de protection de l’ensemble des entités françaises. Il sera mis à jour régulièrement.
Apple a publié iOS 15.3.1 pour corriger la vulnérabilité CVE-2022-22620 de WebKit, qui serait activement exploitée par les cybercriminels.
