16.8 C
London
Saturday, September 23, 2017
Home Tags Dynamic Link Library

Tag: Dynamic Link Library

A vulnerability in the Cisco FindIT Network Discovery Utility could allow an authenticated, local attacker to perform a DLL preloading attack, potentially causing a partial impact to device availability, confidentiality, and integrity. The vulnera...
In the field of information security, sandboxes are used to isolate an insecure external environment from a secure internal environment (or vice versa), to protect against the exploitation of vulnerabilities, and to analyze malicious code.

At Kaspersky Lab, we have several sandboxes, we will look at just one of them that was customized to serve the needs of a specific product and became the basis of Kaspersky Anti Targeted Attack Platform.

Introducing WhiteBear

As a part of our Kaspersky APT Intelligence Reporting subscription, customers received an update in mid-February 2017 on some interesting APT activity that we called WhiteBear.
It is a parallel project or second stage of the Skipper Turla cluster of activity documented in another private report. Like previous Turla activity, WhiteBear leverages compromised websites and hijacked satellite connections for command and control (C2) infrastructure.
In July 2017, during an investigation, suspicious DNS requests were identified in a partnerrsquo;s network.

The source of the queries was a software package produced by NetSarang. Our analysis showed that recent versions of the software had been surreptitiously modified to include an encrypted payload that could be remotely activated by a knowledgeable attacker.

IT threat evolution Q2 2017

The threat from ransomware continues to grow.

Between April 2016 and March 2017, we blocked ransomware on the computers of 2,581,026 Kaspersky Lab customers.
In May, we saw the biggest ransomware epidemic in history, called WannaCry.

APT Trends report Q2 2017

Since 2014, Kaspersky Labrsquo;s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors.
Microsoft Windows automatically executes code specified in shortcut(LNK)files.
The Telerik Web UI,versions R2 2017(2017.2.503)and prior,is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.
Operation that hit thousands was “thoroughly well-planned and well-executed.”
To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware.

Given our love for unsolved mysteries, we jumped right on it. Wersquo;d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya.
Ongoing campaign shows more hackers are adopting sneaky attack technique.
Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users' computers and circumvent installed security solutions.

The list of compromised security products includes dozens of vendors and relates to the whole cybersecurity industry.