Exploit This

Security News, Exploits, and Vulnerabilities.

Mobile apps and stealing a connected car

The concept of a connected car, or a car equipped with Internet access, has been gaining popularity for the last several years. By using proprietary mobile apps, it is possible to get some useful features, but if a car thief were to gain access to the mobile device that belongs to a victim that has the app installed, then would car theft not become a mere trifle?

A look into the Russian-speaking ransomware ecosystem

In other words, crypto ransomware is a fine tuned, user friendly and constantly developing ecosystem. In the last few years we, at Kaspersky Lab, have been monitoring the development of this ecosystem. This is what we’ve learned.

Holiday 2016 financial cyberthreats overview

Last November we conducted a brief analysis of the threat landscape over the holiday period – from October to December in 2014 and 2015. And we made the following prognosis: the same holiday period in 2016 will see a spike in cyberattacks. Now that the holidays are over, it is time to find out how accurate that prediction was.

Kaspersky Lab Black Friday Threat Overview 2016

Our research shows that, over the last few years, the holiday period which starts on so-called Black Friday was marked by an increase in phishing and other types of attacks, which suggests that the pattern will be repeated this year.

Wave your false flags!

Targeted attackers are using an increasingly wide range of deception techniques to muddy the waters of attribution, planting ‘False Flag’ timestamps, language strings, malware, among other things, and operating under the cover of non-existent groups.

Future attack scenarios against ATM authentication systems

The report comprises two papers in which we analyze all existing methods of authentication used in ATMs and those expected to be used in the near future, including: contactless authentication through NFC, one-time password authentication and biometric authentication systems, as well as potential vectors of attacks using malware, through to network attacks and attacks on hardware components.

Fooling the ‘Smart City’

The concept of a smart city brings together many modern technologies and solutions. Smart city infrastructures develop faster than security tools do, leaving ample room for the activities of both curious researchers and cybercriminals.

The Hunt for Lurk

In June, 2016, the Russian police arrested the alleged members of the criminal group known as Lurk. The police suspected Lurk of stealing nearly three billion rubles. The story of Lurk gives some idea of the amount of work that has to be done to obtain enough evidence to arrest and prosecute suspects.

Threat intelligence report for the telecommunications industry

The telecoms sector is under fire on all sides – hit by direct attacks on organizations and networks, indirect attacks in search of subscribers, and collateral damage from unrelated, targeted campaigns. This report reveals the many layers of vulnerability.

ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms

‘ProjectSauron’ – a nation-state threat actor attacking state organizations with a unique set of tools for each victim, making traditional indicators of compromise almost useless. The aim of the attacks appears to be mainly cyber-espionage.

%d bloggers like this: