Security News

A flaw in the MSHTML engine that lets an attacker use a malicious Office document to install malware is currently being used against the energy, industrial, banking, medical tech, and other sectors. A recently reported security vulnerability in Microsoft's MSHTML browser engine is being found all over the world, and Kaspersky said it "Expects to see an increase in attacks using this vulnerability."

Using data gathered by its Privacy Checker website, Kaspersky has been able to pinpoint areas of concern for visitors seeking to improve their privacy posture. Using data gathered over nearly two years, Kaspersky said that its Privacy Checker website indicates that most visitors are concerned over mobile operating system privacy and the privacy of their data captured by Google.

With Kanye West's latest album, "Donda," due out imminently, cybersecurity company Kaspersky has taken the time to investigate whether cybercriminals were taking advantage of the hype to spread malicious files, a la "Black Widow." It found that, while the number of scams wasn't huge, they do exist and take several different forms. In the case of Kanye's latest release, Kaspersky found fake downloads just like those found in the days immediately preceding the release of "Black Widow." Two particular adware files were named by Kaspersky, Download-File-KanyeWestDONDA320.

Security researchers at Kaspersky have identified a widespread cyberespionage campaign that targets government offices in Asia; the cybersecurity attack starts with a spearphishing email. Kaspersky analysts explained the LuminousMoth attack on the SecureList blog and suggested that the lopsided numbers between the two countries could be due to an additional and unknown infection vector used only in the Philippines.

On the eve of its actual release, the scams have begun anew. Superhero film "Black Widow" is finally getting its official release on July 9, and Kaspersky is warning that scammers are using the highly anticipated movie as a way to make off with watcher's credit card information and commit other cybercrimes.

A vulnerability in the Kaspersky Password Manager resulted in the created passwords being weak enough to allow an attacker to brute-force them in seconds, a security researcher claims. Developed by Russian security firm Kaspersky, the Kaspersky Password Manager allows users not only to securely store passwords and documents, but also to generate passwords when needed.

Last year, Kaspersky Password Manager users got an alert telling them to update their weaker passwords. Three months later, a team from security consultancy Donjon found that KPM didn't manage either task particularly well - the software used a pseudo-random number generator that was insufficiently random to create strong passwords.

The password generator included in Kaspersky Password Manager had several problems. All the passwords it created could be bruteforced in seconds.

Threat hunters at Kaspersky are sounding a warning for an Iranian APT actor that has been silently conducting domestic cyber-surveillance operations for the last six years. The newly discovered APT, which Kaspersky calls Ferocious Kitten, has been active since at least 2015 and has used clever computer infection tricks to hijack Telegram and Chrome installations to deploy a malicious payload. The Russian cybersecurity vendor said it also observed signs that Android implants have been used to target mobile users in Iran.

Exploits for vulnerabilities in Microsoft's Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report. Microsoft Office exploits accounted for more than half of the observed exploits, with CVE-2017-11882 remaining the most commonly targeted vulnerability.