Clik here to view.
Nokoyawa ransomware attacks with Windows zero-day
Updated April 20, 2023 In February 2023, Kaspersky technologies detected a number of attempts to execute similar elevation-of-privilege exploits on Microsoft Windows servers belonging to small and...
View ArticleClik here to view.
How to catch a wild triangle
In the beginning of 2023, thanks to our Kaspersky Unified Monitoring and Analysis Platform (KUMA) SIEM system, we noticed suspicious network activity that turned out to be an ongoing attack targeting...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators (Exploit #5 –...
This is part six of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators (Exploit #1 –...
This is the second part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators
In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. In that blog post, we...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators (Exploit #2 –...
This is the third part of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators (Exploit #3 –...
This is part four of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read...
View ArticleClik here to view.
Windows CLFS and five exploits used by ransomware operators (Exploit #4 –...
This is part five of our study about the Common Log File System (CLFS) and five vulnerabilities in this Windows OS component that have been used in ransomware attacks throughout the year. Please read...
View ArticleClik here to view.
Operation Triangulation: The last (hardware) mystery
Today, on December 27, 2023, we (Boris Larin, Leonid Bezvershenko, and Georgy Kucherin) delivered a presentation, titled, “Operation Triangulation: What You Get When Attack iPhones of Researchers”, at...
View ArticleClik here to view.
QakBot attacks with Windows zero-day (CVE-2024-30051)
In early April 2024, we decided to take a closer look at the Windows DWM Core Library Elevation of Privilege Vulnerability CVE-2023-36033, which was previously discovered as a zero-day exploited in the...
View Article