Exploit This

Security News, Exploits, and Vulnerabilities.

IT threat evolution Q3 2018. Statistics

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Q3 figures According to Kaspersky Security Network: Kaspersky Lab solutions blocked 947,027,517 attacks launched from online resources located in 203… Read Full Article

IT threat evolution Q3 2018

LuckyMouse, mobile Trojan Asacub, BusyGasper, KeyPass ransomware and other notable targeted attacks and malware stories of Q3 2018.

Spam and phishing in Q3 2018

In Q3 2018, the average share of spam in global mail traffic rose by 2.88 p.p. to 52.54%, and the Anti-Phishing system prevented more than 137 million redirects to phishing sites, up 30 million against the previous reporting period.

Hey there! How much are you worth?

I decided to investigate the black market and see what kind of information is being sold there. We all know that you can buy drugs, weapons and stolen goods there, but you can also buy online identities. How much do you think your online identity is worth?

DDoS Attacks in Q3 2018

The third quarter 2018 turned out relatively quiet in terms of DDoS attacks. “Relatively” because there were not very many high-level multi-day DDoS onslaughts on major resources. However, the capacities employed by cybercriminals keep growing year after year, while the total number of attacks shows no signs of decline.

Hackers attacking your memories: science fiction or future threat?

To better understand the potential future threat landscape facing memory implants, researchers from Kaspersky Lab and the University of Oxford Functional Neurosurgery Group have undertaken a practical and theoretical threat review of existing neurostimulators and their supporting infrastructure.

Phishing for knowledge

When we talk about phishing, top of mind are fake banking sites, payment systems, as well as mail and other globally popular services. However, cybercriminals have their fingers in far more pies than that. Unobviously, perhaps, students and university faculties are also in the line of fire.

Octopus-infested seas of Central Asia

For the last two years we have been monitoring a Russian-language cyberespionage actor that focuses on Central Asian users. We named the actor DustSquad and have provided reports on four of their campaigns. In this blogpost we cover a malicious program for Windows called Octopus that mostly targets diplomatic entities.

MuddyWater expands operations

MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US.

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. Microsoft confirmed the vulnerability and designated it CVE-2018-8453.

%d bloggers like this: