Exploit This

Security News, Exploits, and Vulnerabilities.

Zero-day in Windows Kernel Transaction Manager (CVE-2018-8611)

In October 2018, our AEP systems detected an attempt to exploit a vulnerability in the Microsoft Windows. Further analysis led us to uncover a zero-day vulnerability in ntoskrnl.exe.

DarkVishnya: Banks attacked through direct connection to local network

In 2017-2018, Kaspersky Lab specialists were invited to research a series of cybertheft incidents. Each attack had a common springboard: an unknown device directly connected to the company’s local network.

APT review of the year

What were the most interesting developments in terms of APT activity throughout the year and what can we learn from them? Not an easy question to answer. Still, with the benefit of hindsight, let’s try to approach the problem from different angles to get a better understanding of what went on.

KoffeyMaker: notebook vs. ATM

Kaspersky Lab’ experts investigated one such toolkit, dubbed KoffeyMaker, in 2017-2018, when a number of Eastern European banks turned to us for assistance after their ATMs were quickly and almost freely raided. It soon became clear that we were dealing with a black box attack.

Kaspersky Security Bulletin 2018. Statistics

During the year, Kaspersky Lab solutions repelled 1 876 998 691 attacks launched from online resources located all over the world, 554 159 621 21 643 946 unique malicious objects were detected and unique URLs were recognized as malicious by web antivirus components.

AA18-337A: SamSam Ransomware

Original release date: December 03, 2018
Summary
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity a…

Kaspersky Security Bulletin 2018. Top security stories

All too often, both rely on manipulating human psychology as a way of compromising entire systems or individual computers. Increasingly, the devices targeted also include those that we don’t consider to be computers – from children’s toys to security cameras. Here is our annual round-up of major incidents and key trends from 2018

First Annual Cyberwarcon

Cyberwarcon is a brand new event organized yesterday in Arlington, Virginia, and delivered eight hours of fantastic content. “CyberwarCon is a one-day conference in the Washington D.C. area focused on the specter of destruction, disruption, and malicious influence on our… Read Full Article

Kaspersky Security Bulletin 2018. Story of the year: miners

Year 2018 began with a rise in the number of miner-related attacks. However, after a drop in the value of the main cryptocurrencies, which lasted from January to February, infection activity noticeably declined. General interest in cryptocurrencies also waned. Yet the threat is still current.

TA18-331A: 3ve – Major Online Ad Fraud Operation

Original release date: November 27, 2018
Systems Affected
Microsoft Windows
Overview
This joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federa…

%d bloggers like this: