Kaspersky

Winsage
March 28, 2025
A newly uncovered zero-day vulnerability in Windows allows hackers to steal NTLM credentials simply by previewing a malicious file, affecting multiple Windows versions, including Windows 7 and Windows 11 v24H2. Microsoft has not yet issued a patch for this vulnerability, leaving millions of users exposed. The flaw was reported by security researcher Mitja Kolsek from ACROS Security, who noted that stolen credentials could lead to unauthorized access to networks. ACROS Security has created a temporary micro-patch available through its 0patch platform, which users are encouraged to implement. Additionally, a separate zero-day vulnerability identified in Google Chrome and other Chromium-based browsers allows attackers to bypass sandbox protection with a click on a malicious link, primarily targeting media organizations and government agencies in Russia. Users are advised to install the 0patch fix, avoid interacting with unfamiliar files, and update their browsers to protect against these threats.
Winsage
March 28, 2025
Mozilla released Firefox version 136.0.4 to address a critical security vulnerability, CVE-2025-2857, which could allow attackers to escape the browser's sandbox on Windows systems. This flaw, identified by developer Andrew McCreight, affects both standard and extended support releases of Firefox. Mozilla patched this issue in Firefox 136.0.4 and Firefox ESR versions 115.21.1 and 128.8.1. The vulnerability is similar to a recent zero-day exploit in Google Chrome, CVE-2025-2783, which was used in cyber-espionage campaigns against Russian entities. Additionally, Mozilla previously addressed another zero-day vulnerability, CVE-2024-9680, exploited by the RomCom cybercrime group, allowing code execution within Firefox's sandbox. Earlier in the year, Mozilla responded to two zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2024 hacking competition.
Tech Optimizer
March 25, 2025
Kaspersky Anti-Virus features a user-friendly interface organized into four main sections: scan, database update, reports, and an on-screen keyboard. The on-screen keyboard enhances privacy when entering sensitive data, protecting against keyloggers. The Reports section provides an overview of scanning activities and includes data from the System Watcher feature, which can mitigate malware attacks. The Database Update section allows for automatic updates to keep the software current with the latest threats, with options for manual scheduling. The scan menu includes a Quick Scan that completes in about seven minutes and a Full Scan that can take several hours; both scans detected all actual malware during testing. Additional scanning options include selective scans and removable drive scans. The software allows for high customization, including a "Gamer Mode" that defers scheduled scans during full-screen applications. It also postpones tasks during battery operation or high disk activity and offers an option to opt out of promotional offers.
Winsage
March 12, 2025
ESET has identified a zero-day vulnerability in the Windows Win32 Kernel Subsystem, designated as CVE-2025-24983, which has been exploited since March 2023. This vulnerability, stemming from a use-after-free weakness, allows low-privileged attackers to escalate access to SYSTEM privileges without user interaction. It primarily affects older Windows versions, including Windows Server 2012 R2 and Windows 8.1, but also poses risks to newer versions like Windows Server 2016 and Windows 10 (build 1809 and earlier). The exploit was first seen in the wild in March 2023, targeting systems compromised by the PipeMagic malware. Microsoft has addressed this vulnerability in the recent Patch Tuesday updates. Additionally, five other zero-day vulnerabilities were also patched, and CISA has mandated that Federal Civilian Executive Branch agencies secure their systems by April 1st.
Tech Optimizer
March 12, 2025
Infostealer malware has become a major cybersecurity threat, with around 25 million users targeted between early 2023 and the end of 2024. These malware variants capture sensitive information, including bank card details and passwords, with nearly 26 million devices affected during this period, resulting in over 2 million unique bank card details leaked. One in every 14 infections compromised bank card data, passwords, and second-factor authentication cookies. In 2024, infections increased significantly, with RisePro's share rising from 1.4% to 22.45% and Stealc from 2.65% to 13.33%. Redline remained the most prevalent infostealer, responsible for 34.36% of infections. By August 2024, an estimated 15.9 million devices had been affected in 2023, increasing to 16.49 million by March 2025. Over 9 million infections were tracked in 2024, with final counts expected to exceed those of 2023. To protect sensitive information, it is recommended to invest in robust antivirus software, use virtual cards for online transactions, set up transaction alerts and spending limits, avoid storing card details in browsers, use strong and unique passwords, and consider personal data removal services.
Tech Optimizer
February 23, 2025
Ransomware is a type of malicious software that encrypts files, making them inaccessible until a ransom is paid, usually in cryptocurrency. Ransom demands can range from a few hundred to several thousand dollars, causing significant disruptions and financial losses. Key examples of ransomware include WannaCry, Petya, CryptoLocker, Ryuk, REvil, and Snake. To protect against ransomware, it is crucial to keep software updated, use anti-virus solutions, be cautious with unknown attachments or links, and regularly back up important data. Effective protection tools include backup solutions, anti-virus software, firewalls, and ransomware-specific solutions. Free protection options include Windows Defender, Malwarebytes Anti-Ransomware, Bitdefender Anti-Ransomware, Avast Anti-Ransomware, and Kaspersky Anti-Ransomware Tool for Business. Ransomware can be categorized into locker ransomware, screen ransomware, and encrypting ransomware.
TrendTechie
February 20, 2025
Experts from Kaspersky GReAT have identified a scheme where cybercriminals distribute malware disguised as free versions of popular computer games via torrent trackers. This malware downloads a modified version of the XMRig cryptocurrency miner onto users' devices. The distribution began on December 31, 2024, and continued until the end of January 2025, with the first infected files appearing on torrent sites in the previous autumn. Affected countries include Russia, Belarus, Kazakhstan, Brazil, and Germany. The XMRig miner exploits the computational power of infected devices to mine Monero and was embedded in files associated with games like BeamNG.drive, Dyson Sphere Program, Universe Sandbox, Plutocracy, and Garry’s Mod. Kaspersky reported that 70.5% of users encountered infected versions of BeamNG.drive. The malware causes overheating, decreased performance, and increased electricity consumption without immediate signs of infection. Tatyana Shishkova from Kaspersky noted that the timing of the campaign coincided with the holiday season and that gaming applications were targeted due to their high performance. She advised users to avoid downloading software from unreliable sources.
TrendTechie
February 19, 2025
A campaign known as StaryDobry, identified by Kaspersky Lab, began on the last day of 2024, targeting users of popular torrent trackers during the holiday season. The attack affected users globally, particularly in Russia, Belarus, Kazakhstan, Germany, and Brazil. Cybercriminals distributed trojanized versions of popular games like BeamNG.drive and Garry’s Mod, which contained hidden cryptocurrency mining software. The malware used in this campaign included XMRig, designed for mining Monero (XMR) without user consent. The installation process involved multiple layers of evasion, including checking for debugging tools and system parameters. The malware extracted files using RAR libraries, sent system fingerprints to a command server, and launched a loader that disguised itself as system files. XMRig operated in the background, utilizing the victim's CPU for mining while avoiding detection by terminating itself if analysis tools were present. The attack poses risks not only to individual users but also to corporate systems through compromised devices. No information is available about the attackers behind this campaign.
Search