PRINT
PRINT
SEND MAIL
SEND MAIL

Category: Vulnerabilities and exploits

TUTORIALS

Earn Bitcoins just by surfing Online !

Use CryptoTab as your default browser to maximize your revenue Mining speed increases when your browser is active. Use CryptoTab browser for your everyday activities, visit your favorite sites, watch movies online, and take advantage of maximum mining power. Browser with built-in mining CryptoTab Browser includes built-in mining algorithm that allows using your computer resources more effectively than in extension format. It boosts your mining speed up to 8 times and increases BTC earnings. Enhance your browser with over 150 thousand extensions Set up…

TUTORIALS

Cerberus Linux v1 Subsystem for Windows 10!

Cerberus Linux subsystem is Linux to run on top windows! like the picture bellow^^^ Cerberus linux v1 tools and extras : 15 new Cerberus Frameworks : Metapackages , containers with custom scripts within! Exploits (to analyze): EARLYSHOVEL RedHat 7.0 – 7.1 Sendmail 8.11.x exploit EBBISLAND (EBBSHAVE) root RCE via RPC XDR overflow in Solaris 6, 7, 8, 9 & 10 (possibly newer) both SPARC and x86. ECHOWRECKER remote Samba 3.0.x Linux exploit. EASYBEE appears to be an MDaemon email server vulnerability EASYFUN EasyFun 2.2.0 Exploit for WDaemon…

Windows10

Black Window 10 v2

  Black Window Enterprise 10 Codename : Polemos Black Window 10 Enterprise is the first windows based penetration testing distribution with Linux integrated ! The system comes activated with a digital license for Windows enterprise! It supports windows apps and Linux apps, GUI and terminal apps! It comes with a tone off hacking tools plus all the tools that are included with the latest release of Cerberus Linux! It has managed to implement Cerberus os within windows. Offers the stability of a windows system…

Debian

Cerberus Linux v3

  Cerberus Linux v3  Cerberus is a penetration testing distribution focusing on automation and anonymity , it aims to have the best tools available on the hacking scene tools like Fuzzbunch, Dandespritz, Cobalt strike, Armitage, Metasploit framework and Metasploit community version set up and ready for use!! It includes custom scripts, custom themes, custom icons!Cerberus distribution is based on Debian testing, it has the capability to use 3 repositories to install packages from kali repo,Debian repo, and cyber sec repo! Cerberus is an Angry…

FeaturedFinancial malwareKaspersky Security BulletinMalware StatisticsMinerSecurity FeedsTrojan BankerVulnerabilities and exploitsVulnerability Statistics

Kaspersky Security Bulletin 2018. Statistics

All the statistics used in this report were obtained using Kaspersky Security Network (KSN), a distributed antivirus network that works with various anti-malware protection components. The data was collected from KSN users who agreed to provide it. Millions of Kaspersky Lab product users from 213 countries and territories worldwide participate in this global exchange of information about malicious activity. All the statistics were collected from November 2017 to October 2018. The year in figures 30 .01% of user computers were subjected to at least…

APTBrowser PluginsCybercrimeData leaksFeaturedFinancial malwareInternet of ThingsKaspersky Security BulletinMobile SecurityOlympic DestroyerSecurity FeedsSmart homeSofacyTargeted AttacksTrojan BankerTurlaVulnerabilities and exploits

Kaspersky Security Bulletin 2018. Top security stories

Introduction The internet is now woven into the fabric of our lives. Many people routinely bank, shop and socialize online and the internet is the lifeblood of commercial organizations. The dependence on technology of governments, businesses and consumers provides a broad attack surface for attackers with all kinds of motives – financial theft, theft of data, disruption, damage, reputational damage or simply ‘for the lulz’. The result is a threat landscape that ranges from highly sophisticated targeted attacks to opportunistic cybercrime. All too often,…

FeaturedMicrosoft WindowsProof-of-ConceptSecurity FeedsVulnerabilities and exploitsZero-day vulnerabilities

A new exploit for zero-day vulnerability CVE-2018-8589

Yesterday, Microsoft published its security bulletin, which patches a vulnerability discovered by our technologies. We reported it to Microsoft on October 17, 2018. The company confirmed the vulnerability and assigned it CVE-2018-8589. In October 2018, our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft’s Windows operating system. Further analysis revealed a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage of a malware installer in order to gain the necessary privileges for persistence on the…

FeaturedFinancial malwareInternet of ThingsMalware DescriptionsMalware reportsMalware StatisticsMinerMobile MalwarePOS malwareSecurity FeedsTrojan BankerVulnerabilities and exploits

IT threat evolution Q3 2018. Statistics

These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. Q3 figures According to Kaspersky Security Network: Kaspersky Lab solutions blocked 947,027,517 attacks launched from online resources located in 203 countries. 246,695,333 unique URLs were recognized as malicious by Web Anti-Virus components. Attempted infections by malware designed to steal money via online access to bank accounts were logged on the computers of 305,315 users. Ransomware attacks were registered on the computers of 259,867 unique…

APTFeaturedMicrosoft WindowsProof-of-ConceptSecurity FeedsVulnerabilities and exploitsZero-day vulnerabilities

Zero-day exploit (CVE-2018-8453) used in targeted attacks

Yesterday, Microsoft published their security bulletin, which patches CVE-2018-8453, among others. It is a vulnerability in win32k.sys discovered by Kaspersky Lab in August. We reported this vulnerability to Microsoft on August 17, 2018. Microsoft confirmed the vulnerability and designated it CVE-2018-8453. In August 2018 our Automatic Exploit Prevention (AEP) systems detected an attempt to exploit a vulnerability in Microsoft Windows operating system. Further analysis into this case led us to uncover a zero-day vulnerability in win32k.sys. The exploit was executed by the first stage…

FeaturedIndustrial control systemsIndustrial threatsMalware StatisticsSecurity FeedsSecurity PoliciesVulnerabilities and exploits

Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industrial Control Systems Cyber Emergency Response Team (Kaspersky Lab ICS CERT) publishes the findings of its research on the threat landscape for industrial automation systems conducted during the first half of 2018. The main objective of these publications is to provide information support to global…

BotnetsDDoS-attacksInternet of ThingsMalware StatisticsMinerSecurity FeedsSpam LettersVulnerabilities and exploits

What are botnets downloading?

Spam mailshots with links to malware and bots downloading other malware are just a couple of botnet deployment scenarios. The choice of infectious payload is limited only by the imagination of the botnet operator or customer. It might be a ransomware, a banker, a miner, a backdoor, the list goes on, and you don’t need to go far for examples: take Gandcrab and Trik, or Locky and Necurs, for instance. Every day we intercept numerous file-download commands sent to bots of various types and…

Application ControlFeaturedPublicationsSecurity FeedsSecurity PoliciesVulnerabilities and exploitsVulnerability Statistics

Security assessment of corporate information systems in 2017

Each year, Kaspersky Lab’s Security Services department carries out dozens of cybersecurity assessment projects for companies worldwide. In this publication, we present a general summary and statistics for the cybersecurity assessments we have conducted of corporate information systems throughout 2017. We have analyzed several dozen projects for companies from various sectors, including government bodies, financial organizations, telecommunications and IT companies, as well as manufacturing and energy companies. The results and statistics on detected vulnerabilities are provided separately for each type of service provided: external…

APTArabic MalwareCyber espionageFeaturedMalware reportsMobile MalwareSecurity FeedsSpear PhishingTargeted AttacksVulnerabilities and exploitsWatering hole attacksWearable devices

IT threat evolution Q2 2018

Targeted attacks and malware campaigns Operation Parliament In April, we reported the workings of Operation Parliament, a cyber-espionage campaign aimed at high-profile legislative, executive and judicial organizations around the world – with its main focus in the MENA (Middle East and North Africa) region, especially Palestine. The attacks, which started early in 2017, target parliaments, senates, top state offices and officials, political science scholars, military and intelligence agencies, ministries, media outlets, research centers, election commissions, Olympic organizations, large trading companies and others. The attackers…