Microsoft Office 2007 SP3, Microsoft Office 2010 SP2, Microsoft Office 2013 SP1, Microsoft Office 2016, Microsoft Windows Vista SP2, Windows Server 2008 SP2, Windows 7 SP1, Windows 8.1 allow remote malicious users to execute arbitrary code via a crafted document, aka "Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API."
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
microsoft windows server 2008 r2 |
||
microsoft windows server 2012 - |
||
microsoft windows vista |
||
microsoft windows server 2008 |
||
microsoft office 2010 |
||
microsoft office 2013 |
||
microsoft office 2016 |
||
microsoft windows 7 |
||
microsoft office 2007 |
Targeted attacks Unknown threat actor targets power generator with DroxiDat and Cobalt Strike Earlier this year, we reported on a new variant of SystemBC called DroxiDat that was deployed against a critical infrastructure target in South Africa. This proxy-capable backdoor was deployed alongside Cobalt Strike beacons. The incident occurred in the third and fourth week of March, as part of a small wave of attacks involving both DroxiDat and Cobalt Strike beacons around the world; and we believe t...
These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2023: Kaspersky solutions blocked 694,400,301 attacks from online resources across the globe. A total of 169,194,807 unique links were recognized as malicious by Web Anti-Virus components. Attempts to run malware for stealing money from online bank accounts were stopped on the com...
IT threat evolution in Q2 2023 IT threat evolution in Q2 2023. Non-mobile statistics IT threat evolution in Q2 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q2 2023: Kaspersky solutions blocked 801,934,281 attacks from online resources across the globe. A total of 209,716,810 unique links were detected by Web ...
Introduction The malware landscape keeps evolving. New families are born, while others disappear. Some families are short-lived, while others remain active for quite a long time. In order to follow this evolution, we rely both on samples that we detect and our monitoring efforts, which cover botnets and underground forums. While doing so, we found new Emotet samples, a new loader dubbed “DarkGate”, and a new LokiBot infostealer campaign. We described all three in private reports, from ...
IT threat evolution in Q1 2023 IT threat evolution in Q1 2023. Non-mobile statistics IT threat evolution in Q1 2023. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q1 2023: Kaspersky solutions blocked 865,071,227 attacks launched from online resources across the globe. Web Anti-Virus detected 246,912,694 unique URLs ...
IT threat evolution in Q3 2022 IT threat evolution in Q3 2022. Non-mobile statistics IT threat evolution in Q3 2022. Mobile statistics These statistics are based on detection verdicts of Kaspersky products and services received from users who consented to providing statistical data. Quarterly figures According to Kaspersky Security Network, in Q3 2022: Kaspersky solutions blocked 956,074,958 attacks from online resources across the globe. Web Anti-Virus recognized 251,288,987...
At the end of May, researchers from the nao_sec team reported a new zero-day vulnerability in Microsoft Support Diagnostic Tool (MSDT) that can be exploited using Microsoft Office documents. It allowed attackers to remotely execute code on Windows systems, while the victim could not even open the document containing the exploit, or open it in Protected Mode. The vulnerability, which the researchers dubbed Follina, later received the identifier CVE-2022-30190. CVE-2022-30190 technical details Bri...
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q3: In Q3 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 146,761 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("script")[0];if(window[t]&&window[t].initialized)window[t].process&&w...
IT threat evolution Q2 2020. Review IT threat evolution Q2 2020. Mobile statistics These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network, in Q2: In Q2 2020, Kaspersky solutions blocked attempts to launch one or more types of malware designed to steal money from bank accounts on the computers of 181,725 users. !function(e,i,n,s){var t="InfogramEmbeds",d=e.getElementsByTagName("s...
Update, update, update. Plus: Flash, Struts, Drupal also make appearances Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week
Vulnerabilities in Microsoft Windows, Office, and Windows Server, for which patches have been available for years, continue to be the favorite target for hackers looking to spread malware. A list posted by US-CERT this week rattles off the 10 most oft-targeted security vulnerabilities during the past three years, and finds that, shock horror, for the most part, keeping up with patching will keep you safe. Microsoft ranks highly in the list because its software is widely used, and provides the mo...
These statistics are based on detection verdicts of Kaspersky products received from users who consented to provide statistical data. According to Kaspersky Security Network: In Q3 2019, we discovered an extremely unpleasant incident with the popular CamScanner app on Google Play. The new version of the app contained an ad library inside with the Trojan dropper Necro built in. Judging by the reviews on Google Play, the dropper’s task was to activate paid subscriptions, although it could delive...
RevengeHotels is a targeted cybercrime malware campaign against hotels, hostels, hospitality and tourism companies, mainly, but not exclusively, located in Brazil. We have confirmed more than 20 hotels that are victims of the group, located in eight states in Brazil, but also in other countries such as Argentina, Bolivia, Chile, Costa Rica, France, Italy, Mexico, Portugal, Spain, Thailand and Turkey. The goal of the campaign is to capture credit card data from guests and travelers stored in hote...
These statistics are based on detection verdicts of Kaspersky Lab products received from users who consented to provide statistical data. According to Kaspersky Security Network, Q1 2019 is remembered mainly for mobile financial threats. First, the operators of the Russia-targeting Asacub Trojan made several large-scale distribution attempts, reaching up to 13,000 unique users per day. The attacks used active bots to send malicious links to contacts in already infected smartphones. The mailings ...
According to KSN: In Q2 2018, Kaspersky Lab detected 1,744,244 malicious installation packages, which is 421,666 packages more than in the previous quarter. Among all the threats detected in Q2 2018, the lion’s share belonged to potentially unwanted RiskTool apps (55.3%); compared to the previous quarter, their share rose by 6 p.p. Members of the RiskTool.AndroidOS.SMSreg family contributed most to this indicator. Second place was taken by Trojan-Dropper threats (13%), whose share fell by 7 p....
The good, the bad, and the ugly from infosec
Roundup There has been a bumper crop of security news this week, including another shipping giant getting taken down by ransomware, Russian hackers apparently completely pwning US power grids and a sane request from Senator Wyden (D-OR) for the US government to dump Flash. But there has been other news bubbling under. Useless action please! While Wyden might know what he's talking about his colleagues seem set on useless posturing. On Tuesday Senators Pat Toomey (R-PA) and Chris Van Hollen (D-MD...
According to KSN: In Q1 2018, DNS-hijacking, a new in-the-wild method for spreading mobile malware on Android devices, was identified. As a result of hacked routers and modified DNS settings, users were redirected to IP addresses belonging to the cybercriminals, where they were prompted to download malware disguised, for example, as browser updates. That is how the Korean banking Trojan Wroba was distributed. It wasn’t a drive-by-download case, since the success of the attack largely depended ...
In late April 2018, a new zero-day vulnerability for Internet Explorer (IE) was found using our sandbox; more than two years since the last in the wild example (CVE-2016-0189). This particular vulnerability and subsequent exploit are interesting for many reasons. The following article will examine the core reasons behind the latest vulnerability, CVE-2018-8174. Our story begins on VirusTotal (VT), where someone uploaded an interesting exploit on April 18, 2018. This exploit was detected by sever...
And sent them mostly to South Korea, naturally
South Korea was the target of a barrage of malware campaigns last year. Cisco Talos's Warren Mercer and Paul Rascagneres (with contributions from Jungsoo An) spent the year watching goings-on on the Korean peninsula. The researchers focussed on one organisation (likely North Korean given the target, but this is unconfirmed), which they dub Group 123, and its continuing campaigns against the South. Remote Access Trojans – RATs – are Group 123's favourite approach, with three phishing campaign...
Beginning in the second quarter of 2017, Kaspersky’s Global Research and Analysis Team (GReAT) began publishing summaries of the quarter’s private threat intelligence reports in an effort to make the public aware of what research we have been conducting. This report serves as the next installment, focusing on important reports produced during Q3 of 2017. As stated last quarter, these reports will serve as a representative snapshot of what has been offered in greater detail in our private r...
According to KSN data, Kaspersky Lab solutions detected and repelled 277,646,376 malicious attacks from online resources located in 185 countries all over the world. 72,012,219 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 204,388 user computers. Crypto ransomware attacks were blocked on 186283 computers of unique users. Kaspersky Lab’s file antivirus detected ...
The Gaza cybergang is an Arabic-language, politically-motivated cybercriminal group, operating since 2012 and actively targeting the MENA (Middle East North Africa) region. The Gaza cybergang’s attacks have never slowed down and its typical targets include government entities/embassies, oil and gas, media/press, activists, politicians, and diplomats. One of the interesting new facts, uncovered in mid-2017, is its discovery inside an oil and gas organization in the MENA region, infiltrating sys...
According to KSN data, Kaspersky Lab solutions detected and repelled 342, 566, 061 malicious attacks from online resources located in 191 countries all over the world. 33, 006, 783 unique URLs were recognized as malicious by web antivirus components. Attempted infections by malware that aims to steal money via online access to bank accounts were registered on 224, 675 user computers. Crypto ransomware attacks were blocked on 246, 675 computers of unique users. Kaspersky Lab’s file antivirus de...
Exploit combo fails to dodge Word warning prompts
Updated A booby-trapped .RTF file is doing the rounds that combines two publicly available Microsoft Office exploits. Opening the document in a vulnerable installation of Office is supposed to lead to arbitrary execution of any malicious code within the file. Cisco's security outfit Talos believes "the attackers used the combination to avoid Word displaying [an on-screen] prompt which may raise suspicions for the target end user. Another possibility is that they attempted to use this combination...
Since 2014, Kaspersky Lab’s Global Research and Analysis Team (GReAT) has been providing threat intelligence reports to a wide-range of customers worldwide, leading to the delivery of a full and dedicated private reporting service. Prior to the new service offering, GReAT published research online for the general public in an effort to help combat the ever-increasing threat from nation-state and other advanced actors. Since we began offering a threat intelligence service, all deep technical ...
Patch Tuesday shakeup sucks
Microsoft today buried among minor bug fixes patches for critical security flaws that can be exploited by attackers to hijack vulnerable computers. In a massive shakeup of its monthly Patch Tuesday updates, the Windows giant has done away with its easy-to-understand lists of security fixes published on TechNet – and instead scattered details of changes across a new portal: Microsoft's Security Update Guide. Billed by Redmond as "the authoritative source of information on our security updates,"...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources We're number one! We're number one! We're...
It's generally accepted that security flaws in Microsoft's products are a top magnet for crooks and fraudsters: its sprawling empire of hardware and software is a target-rich ecosystem in that there is a wide range of bugs to exploit, and a huge number of vulnerable organizations and users. And so we can believe it when Qualys yesterday said 15 of the 20 most-exploited software vulnerabilities it has observed are in Microsoft's code. These are the vulnerabilities abused by miscreants to infect v...
Vulmon