Kaspersky Cybercrime
Beware: The Top 5 Cybercrime Schemes Running Amid the Tokyo Olympics
Image sourced from T3. After an unprecedented year-long delay, the 2020 Tokyo Summer Olympics began in earnest last week. This time, all the events will take place with no spectators, which reduces physical risks – in terms of health and from a cybersecurity point of view (such as data theft using the vulnerabilities of public Wi-Fi at the stadium). However, sports enthusiasts should not forget that cybercriminals will aim to take advantage of fans’ eagerness to watch the Olympic Games by instigating various online fraud schemes. To get a better overview of how scammers are trying to monetise viewers’ interest, Kaspersky experts analysed Olympic-related phishing websites designed to steal users’ credentials. As a result, Kaspersky researchers found fake pages offering to stream various Oly...
Kaspersky Discovers Various Malicious Apps Disguising as Bestselling Game Minecraft
Sourced from Stuff. Recognised as the world’s top-selling game of all time, Minecraft attracts the attention of enthusiastic players around the world but also draws the interest of fraudsters. Earlier, Kaspersky researchers discovered more than 20 applications advertised on app stores offering additional Minecraft features. Though these malicious apps were deleted from official stores, Kaspersky experts have found newly developed ones, which exploit the game to further fraudster’s objectives. Malware on Google Play Store Kaspersky researchers analysed various apps, including those which are available for download on the Google Play store and claimed to be modpacks (user-created packages with additional gameplay elements) for the game. As a result, the company’s experts found various malici...
Vulnerabilities in Windows and Chrome Used in Series of Highly Targetted Attacks
In April, Kaspersky experts discovered a number of highly targeted attacks against multiple companies utilising a previously undiscovered chain of Google Chrome and Microsoft Windows zero-day exploits. One of the exploits was used for remote code execution in the Chrome web browser, while the other was an elevation of privilege exploit fine-tuned to target the latest and most prominent builds of Windows 10. The latter exploits two vulnerabilities in the Microsoft Windows OS kernel: Information Disclosure vulnerability CVE-2021-31955 and Elevation of Privilege vulnerability CVE-2021-31956. Microsoft has patched both today as part of Patch Tuesday. Zero-Day Attacks Recent months have seen a wave of advanced threat activity exploiting zero-days on the internet. In mid-April, Kaspersky experts...
