Category Archives: Antivirus

Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

A serious flaw in the wireless protocol that secures all modern protected Wi-Fi networks has been discovered. How serious? If your device supports Wi-Fi, it is most likely affected. This feasible attack, dubbed KRACK, could abuse design or implementation flaws … Continue reading

Posted in Antivirus | Comments Off on Release the KRACKen: flaw in Wi-Fi security leaves users vulnerable

Old MS Office feature weaponized in malspam attacks

There has been a lot of talks recently following a write up and proof of concept about a Microsoft Office feature that can be misused and weaponized by malicious actors. The protocol, known as Dynamic Data Exchange (DDE), has actually been around … Continue reading

Posted in Antivirus | Comments Off on Old MS Office feature weaponized in malspam attacks

BlackOasis APT and new targeted attacks leveraging zero-day exploit

More information about BlackOasis APT is available to customers of Kaspersky Intelligence Reporting Service. Contact: intelreports@kaspersky.com Introduction Kaspersky Lab has always worked closely with vendors to protect users. As soon as we find new vulnerabilities we immediately inform the vendor … Continue reading

Posted in Antivirus | Comments Off on BlackOasis APT and new targeted attacks leveraging zero-day exploit

A week in security (October 9 – October 15)

Last week on the Labs blog, we talked about GDPR as part of our series in the National Cyber Security Awareness Month (NCSAM). We also discussed a new method for phishing Apple ID passwords and the possible ramifications. We analyzed … Continue reading

Posted in Antivirus | Comments Off on A week in security (October 9 – October 15)

Phishes, pseudophishes, and bad email

Everyone knows about phishing. We’ve all heard that the solution to phishing is to educate the user as, after all, it must be the user’s fault for stupidly clicking on the thing. But what about when perverse incentives make clicking … Continue reading

Posted in Antivirus | Comments Off on Phishes, pseudophishes, and bad email

Mobile Menace Monday: despicable adware

Are you wondering how that mysterious icon ended up on your Android phone’s start screen? Annoyed at the ads clogging your notification bar? You aren’t alone. Thousands of Android apps now include software that shoves marketing icons onto your phone’s … Continue reading

Posted in Antivirus | Comments Off on Mobile Menace Monday: despicable adware

Decoy Microsoft Word document delivers malware through a RAT

In this post, we take a look at a Microsoft Word document which itself is somewhat clean, but is used to launch a multi-stage attack that relies on the hyperlink feature in the OpenXML format. This then loads another document … Continue reading

Posted in Antivirus | Comments Off on Decoy Microsoft Word document delivers malware through a RAT

Equifax, TransUnion websites push fake Flash Player in malvertising campaign

Dan Goodin reported on Ars Technica that the Equifax website was involved in yet another kerfuffle, this time pushing a fake Flash Player. Looking at the YouTube video of this incident frame by frame, we were able to retrace some … Continue reading

Posted in Antivirus | Comments Off on Equifax, TransUnion websites push fake Flash Player in malvertising campaign

Labs report: summer ushers in unprecedented season of breaches

In this edition of the Malwarebytes Cybercrime Tactics and Techniques report for the third quarter of 2017, we saw a number of high profile breaches targeting the personal information of hundreds of millions of people. While the Equifax breach may … Continue reading

Posted in Antivirus | Comments Off on Labs report: summer ushers in unprecedented season of breaches

A new kind of Apple phishing scam

In a recent blog post, Felix Krause revealed a method for phishing Apple ID passwords on iOS that would be quite indistinguishable from a real iOS password request. This got us thinking about the ramifications—how else could this tactic be … Continue reading

Posted in Antivirus | Comments Off on A new kind of Apple phishing scam