Kaspersky Archives

Winsage

March 28, 2025

Windows Users at Risk: New Zero-Day Exploit Steals Passwords Without Interaction

A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.

Winsage

March 28, 2025

Mozilla warns Windows users of critical Firefox sandbox escape flaw

Mozilla released Firefox version 136.0.4 to address a critical security vulnerability, CVE-2025-2857, which could allow attackers to escape the browser's sandbox on Windows systems. This flaw, identified by developer Andrew McCreight, affects both standard and extended support releases of Firefox. Mozilla patched this issue in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1. The vulnerability is similar to a recent zero-day exploit in Google Chrome, CVE-2025-2783, which was used in cyber-espionage campaigns against Russian entities. Additionally, Mozilla previously addressed another zero-day vulnerability, CVE-2024-9680, exploited by the RomCom cybercrime group, allowing code execution within Firefox's sandbox. Earlier in the year, Mozilla responded to two zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition.

Tech Optimizer

March 25, 2025

Kapersky Internet Security and Antivirus Review 2025

Kaspersky Anti-Virus features a user-friendly interface organized into four main sections: scan, database update, reports, and an on-screen keyboard. The on-screen keyboard enhances privacy when entering sensitive data, protecting against keyloggers. The Reports section provides an overview of scanning activities and includes data from the System Watcher feature, which can mitigate malware attacks. The Database Update section allows for automatic updates to keep the software current with the latest threats, with options for manual scheduling. The scan menu includes a Quick Scan that completes in about seven minutes and a Full Scan that can take several hours; both scans detected all actual malware during testing. Additional scanning options include selective scans and removable drive scans. The software allows for high customization, including a "Gamer Mode" that defers scheduled scans during full-screen applications. It also postpones tasks during battery operation or high disk activity and offers an option to opt out of promotional offers.

Winsage

March 12, 2025

Microsoft patches Windows Kernel zero-day exploited since 2023

ESET has identified a zero-day vulnerability in the Windows Win32 Kernel Subsystem, designated as CVE-2025-24983, which has been exploited since March 2023. This vulnerability, stemming from a use-after-free weakness, allows low-privileged attackers to escalate access to SYSTEM privileges without user interaction. It primarily affects older Windows versions, including Windows Server 2012 R2 and Windows 8.1, but also poses risks to newer versions like Windows Server 2016 and Windows 10 (build 1809 and earlier). The exploit was first seen in the wild in March 2023, targeting systems compromised by the PipeMagic malware. Microsoft has addressed this vulnerability in the recent Patch Tuesday updates. Additionally, five other zero-day vulnerabilities were also patched, and CISA has mandated that Federal Civilian Executive Branch agencies secure their systems by April 1st.

Tech Optimizer

March 12, 2025

Malware steals bank cards and passwords from millions of devices

Infostealer malware has become a major cybersecurity threat, with around 25 million users targeted between early 2023 and the end of 2024. These malware variants capture sensitive information, including bank card details and passwords, with nearly 26 million devices affected during this period, resulting in over 2 million unique bank card details leaked. One in every 14 infections compromised bank card data, passwords, and second-factor authentication cookies. In 2024, infections increased significantly, with RisePro's share rising from 1.4% to 22.45% and Stealc from 2.65% to 13.33%. Redline remained the most prevalent infostealer, responsible for 34.36% of infections. By August 2024, an estimated 15.9 million devices had been affected in 2023, increasing to 16.49 million by March 2025. Over 9 million infections were tracked in 2024, with final counts expected to exceed those of 2023. To protect sensitive information, it is recommended to invest in robust antivirus software, use virtual cards for online transactions, set up transaction alerts and spending limits, avoid storing card details in browsers, use strong and unique passwords, and consider personal data removal services.

Tech Optimizer

March 8, 2025

The Best Antivirus Apps to Keep Your Data Safe in 2025

Cybersecurity is essential as digital lives become more integrated into daily routines, with personal devices storing sensitive information. Cyber threats have evolved, necessitating robust antivirus software for data protection in 2025. Norton 360 offers real-time threat detection, a built-in VPN, and dark web monitoring. Bitdefender Total Security is noted for its minimal impact on system performance and AI-powered threat detection. McAfee Total Protection focuses on identity theft protection with real-time malware protection and identity theft monitoring. Kaspersky Security Cloud provides adaptive security tailored to user behavior and includes webcam protection. Avast One is a reliable free antivirus option covering essential threats, while Trend Micro Maximum Security emphasizes online privacy with features like a social media privacy scanner and anti-phishing protection.

Winsage

February 27, 2025

LCRYX Ransomware Attacks Windows Machines by Blocking Registry Editor and Task Manager

LCRYX ransomware, a VBScript-based threat, re-emerged in February 2025 after first appearing in November 2024. It encrypts files with the .lcryx extension and demands a ransom of 0 in Bitcoin for decryption. The ransomware operates with administrative privileges, disables essential system tools like Task Manager and Command Prompt, and restricts access to the Control Panel. It prevents the execution of diagnostic tools and disables inactivity timeouts. LCRYX ensures persistence by modifying registry settings and remapping keyboard keys. It uses a combination of Caesar cipher and XOR encryption techniques, eliminates backups, and makes recovery nearly impossible. The malware terminates essential processes, overwrites the Master Boot Record, and disables real-time monitoring features of antivirus solutions. After encryption, it generates a ransom note directing victims to a payment website. Some variants display pop-ups revealing the victim’s IP address or launch unrelated applications. Users are advised to implement comprehensive security solutions and maintain regular backups.

Tech Optimizer

February 23, 2025

Top 10 Best Ransomware Protection Tools

Ransomware is a type of malicious software that encrypts files, making them inaccessible until a ransom is paid, usually in cryptocurrency. Ransom demands can range from a few hundred to several thousand dollars, causing significant disruptions and financial losses. Key examples of ransomware include WannaCry, Petya, CryptoLocker, Ryuk, REvil, and Snake. To protect against ransomware, it is crucial to keep software updated, use anti-virus solutions, be cautious with unknown attachments or links, and regularly back up important data. Effective protection tools include backup solutions, anti-virus software, firewalls, and ransomware-specific solutions. Free protection options include Windows Defender, Malwarebytes Anti-Ransomware, Bitdefender Anti-Ransomware, Avast Anti-Ransomware, and Kaspersky Anti-Ransomware Tool for Business. Ransomware can be categorized into locker ransomware, screen ransomware, and encrypting ransomware.

TrendTechie

February 20, 2025

Хакеры заражали гаджеты российских пользователей криптомайнером под видом игр-симуляторов

Experts from Kaspersky GReAT have identified a scheme where cybercriminals distribute malware disguised as free versions of popular computer games via torrent trackers. This malware downloads a modified version of the XMRig cryptocurrency miner onto users' devices. The distribution began on December 31, 2024, and continued until the end of January 2025, with the first infected files appearing on torrent sites in the previous autumn. Affected countries include Russia, Belarus, Kazakhstan, Brazil, and Germany. The XMRig miner exploits the computational power of infected devices to mine Monero and was embedded in files associated with games like BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod. Kaspersky reported that 70.5% of users encountered infected versions of BeamNG.drive. The malware causes overheating, decreased performance, and increased electricity consumption without immediate signs of infection. Tatyana Shishkova from Kaspersky noted that the timing of the campaign coincided with the holiday season and that gaming applications were targeted due to their high performance. She advised users to avoid downloading software from unreliable sources.

TrendTechie

February 19, 2025

Вместо подарков – майнер: новогодняя ловушка на торрентах унесла ресурсы компьютеров по всему миру

A campaign known as StaryDobry, identified by Kaspersky Lab, began on the last day of 2024, targeting users of popular torrent trackers during the holiday season. The attack affected users globally, particularly in Russia, Belarus, Kazakhstan, Germany, and Brazil. Cybercriminals distributed trojanized versions of popular games like BeamNG.drive and Garry’s Mod, which contained hidden cryptocurrency mining software. The malware used in this campaign included XMRig, designed for mining Monero (XMR) without user consent. The installation process involved multiple layers of evasion, including checking for debugging tools and system parameters. The malware extracted files using RAR libraries, sent system fingerprints to a command server, and launched a loader that disguised itself as system files. XMRig operated in the background, utilizing the victim's CPU for mining while avoiding detection by terminating itself if analysis tools were present. The attack poses risks not only to individual users but also to corporate systems through compromised devices. No information is available about the attackers behind this campaign.