Ryuk Ransomware Emerges in Highly Targeted, Highly Lucrative Campaign

A targeted new ransomware has burst on the scene, attacking well-chosen, targeted organizations worldwide with a highly sophisticated operation that may be linked to a well-known APT actor. Over the past two weeks, the Ryuk ransomware has encrypted hundreds of PCs, storage and data centers in eac...

Modern OSs for embedded systems

At Kaspersky Lab we analyze the technologies available on cybersecurity market and this time we decided to look at what OS developers are offering for embedded systems or, in other words, the internet of things. Our primary interest is how and to what degree these OSs can solve...

Adobe Issues Patch for Actively Exploited Flash Player Zero-Day Exploit

If you have already uninstalled Flash player, well done! But if you haven't, here's another great reason for ditching it. Adobe has released a security patch update for a critical vulnerability in its Flash Player software that is actively being exploited in the wild by hackers in targeted attack...

Valve: Malformed Skybox .TGA in Half-Life (GoldSRC) leads to Access Violation

A malformed .TGA when loaded as a Skybox on a map in a GoldSRC engine game Half-Life can lead to arbitrary code execution on a remote client. Reproduction Steps Load the attached map + resources on a local Half-Life listen server. The game will crash with an Access Violation as soon as the map wi...

Variant of SynAck Malware Adopts Doppelgänging Technique

Researchers have identified a new variant of the SynAck ransomware that is now using the newly identified Process Doppelgänging to slip past antivirus programs. Researchers said this is the first ransomware seen in the wild to employ the approach. Both SynAck ransomware and Process Doppelgänging...

SamSam ransomware: what you need to know

SamSam ransomware is a custom infection used in targeted attacks, often deployed using a wide range of exploits or brute-force tactics. Based on our own run-ins with the infection, we've observed that attacks were made on targets via vulnerable JBoss host servers during a previous wave of SamSam...

The New Mobile Threat Landscape, circa 2017 to 2018

Submitted by Ian Grutze If mobile threats diversified and expanded in 2016, they matured in 2017. Mobile ransomware continued to rear its head, burgeoning into the platform’s most prevalent threat. Simple screen lockers, for instance, evolved into file-encrypting malware, some of which even seeme...

Operation Parliament, who is doing what?

Summary Kaspersky Lab has been tracking a series of attacks utilizing unknown malware since early 2017. The attacks appear to be geopolitically motivated and target high profile organizations. The objective of the attacks is clearly espionage – they involve gaining access to top legislative,...

Hermes ransomware distributed to South Koreans via recent Flash zero-day

This blog post was authored by @hasherezade, Jérôme Segura and Vasilios Hioureas. At the end of January, the South Korean Emergency Response Team KrCERT published news of a Flash Player zero-day used in targeted attacks. The flaw, which exists in Flash Player 28.0.0.137 and below, was distributed...

MyCrypto: Missing SPF record for the in scope domain

nli@nlistation:$ dig mycrypto.com txt ; DiG 9.10.3-P4-Ubuntu mycrypto.com txt ;; global options: +cmd ;; Got answer: ;; -HEADER DiG 9.10.3-P4-Ubuntu gmail.com txt ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 19223 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1,...

A Star Wars Analogy to Defend Against Non-Malware Attacks and the Dark Side

I like watching movies because I can relate almost anything in my real life to the movies I watched. Last week, I did a presentation at "Security Days Tokyo 2018," and I used Star Wars to describe the targeted attacks, non-malware attacks, AI-based, NGAV, etc. The Star Wars analogies were well...

Financial Cyberthreats in 2017

In 2017, we saw a number of changes to the world of financial threats and new actors emerging. As we have previously noted, fraud attacks in financial services have become increasingly account-centric. User data is a key enabler for large-scale fraud attacks, and frequent data breaches - among...

Talos Quarterly Threat Briefing - Winter 2018

Date: Tuesday, February 27, 2018 Time: 1:00pm ET/10:00am PT Topic: Miners, Malspam, and Meltdowns Recording available here: Space is limited for this event, so be sure to save your spot. Following the webinar, the video will also be made available here. In this edition of the Talos Quarterly Thre...

MGASA-2018-0120 Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...

Updated flash-player-plugin packages fix security vulnerability

Adobe Flash Player 28.0.0.161 addresses critical use-after-free vulnerabilities that could lead to remote code execution CVE-2018-4877, CVE-2018-4878. Successful exploitation could potentially allow an attacker to take control of the affected system. Adobe is aware of a report that an exploit for...

Targeted Attacks In The Middle East

This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attacks affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. The use of allegedly confidential decoy...

New Flash Player zero-day comes inside Office document

Update 2018-02-06: Adobe has released a patch for this vulnerability. More information is available here. We tested this zero-day with a proof-of concept that was made available. Rather than launching it from within Office, we turned it into a drive-by download attack. The animation below shows...

Software Defined Radio Attack Tool: RFCrack

RFCrack is my personal RF test bench, it was developed for testing RF communications between any physical device that communicates over sub Ghz frequencies. IoT devices, Cars, Alarm Systems etc… Testing was done with the Yardstick One on OSX, but RFCrack should work fine in linux. Current support...

4 Predictions for the Cybersecurity Landscape in 2018

Targeted attacks are on the rise, and the dark web isn’t helping curb that trend. To compound this, the recent revelations on Shadow Brokers and CIA Vault 7, as well as burgeoning nation-state cyber capabilities aren’t helping either. It’s only a matter of time before more attack methods are...

Excerpts from The Ransomware Economy: Projections

Carbon Black recently published an investigative report on the Dark Web marketplace for ransomware. This is the final excerpt from that report, which you can find here. For more information about the rise of ransomware, and what you can do about it, check out the Ransomware Epidemic: Stop Bad...