Adobe on Thursday patched a zero-day vulnerability in Flash Player that has been used in targeted attacks carried out by a new APT group operating primarily against high-profile victims in Russia and Asia. Researchers at Kaspersky Lab privately disclosed the flaw to Adobe after exploits against the zero-day were used in March by the ScarCruft APT gang...

An underground market peddling hacked servers was a unique find, even for a seasoned researcher such Juan Andres Guerrero-Saade of Kaspersky Lab. But there it was, xDedic[.]biz selling access to tens of thousands of servers for pennies on the dollar. A Russian-speaking hacker group was meticulously managing this trading platform and selling for as little...

Criminals and advanced attackers for two years have had at their disposal an extensive trading platform selling access to hacked servers worldwide. For as little as $6 USD, attackers can purchase access to a compromised machine and launch attacks or get a one-time peek at all the data on a server. Researchers at Kaspersky Lab...

Adobe today said it will patch Flash Player this week, addressing a vulnerability being exploited in “limited, targeted attacks.” The flaw, CVE-2016-4171, exists in versions of Flash prior to, and including, 21.0.0.242 on Windows, Macintosh, Linux and ChromeOS platforms. “Successful exploitation could cause a crash and potentially allow an attacker to take control of the...

For close to a month, the master encryption key unlocking files ravaged by TeslaCrypt has been publicly available, putting an end to a profitable strain of ransomware. In the weeks since, various decryptors have been developed that can be used to unlock files. Kaspersky Lab, for one, updated its Rakhni utility to include TeslaCrypt v3...

Russian law enforcement has made 50 arrests in connection with a five-year operation to steal three billion rubles (just shy of $45 million USD) from the country’s largest bank, Sberbank. The hackers are alleged to have exploited websites, including popular news sites, to infect victims with the Lurk Trojan, a downloader that grabs more malware...

A Microsoft Office vulnerability patched six months ago continues to be a valuable tool for APT gangs operating primarily in Southeast Asia and the Far East. Researchers at Kaspersky Lab today published a report describing how attackers continue to flourish exploiting CVE-2015-2545, a remote code execution vulnerability where an attacker crafts an EPS image file...

When exploits kits, in particular Angler, spread ransomware infections, people get nervous. The latest strain to appear in the virulent Angler kit is CryptXXX, which researchers at Proofpoint and Fox IT tied to the same group dropping old-school Reveton ransomware and Bedep click-fraud malware. CryptXXX asks for a steep $500 in Bitcoin to unlock files...

Malware that targets Steam accounts has proliferated the gaming platform and become what researchers are calling a “booming business” for cybercriminals over the last few months. The popular platform, owned by Valve, boasts 140 million users and is so ripe for attacks that according to the company, nearly 77,000 of them are tricked into giving up...

It’s likely that the first functional ransomware for OS X is a dud. Discovered on Friday by researchers at Palo Alto Networks, the KeRanger ransomware sits dormant for three days before encrypting files from a comprehensive list of 300 file extensions; today would be Day 3. The malware was included in a Trojanized version of...