Security

If you have been following our blog for a while, you know something about what problems you may encounter installing our products and how to solve them. We have already examined what happens when the system requirements are not observed, but there is another common reason why installation may fail. Here in Kaspersky Lab Technical Support, we call it “leftovers”. For those who speak literary English, we will paraphrase it as “system files and registry keys remaining after a previously installed Kaspersky Lab product had been removed.” If a previous version of a product was not uninstalled completely, you may be unable to install a newer version.

Where do the leftovers come from? First of all, they may appear because of the operating system errors. If your Windows copy is damaged and works incorrectly, it may result in the malfunction of the Windows Installer […]

eBay Inc., the well-known digital auction house where users can purchase anything from concert memorabilia to an automobile, announced on Wednesday that the company suffered a cyberattack. The attack that occurred in late February and early March (but was first discovered 2 weeks ago), compromised a database containing encrypted passwords, email addresses, physical addresses, phone numbers and dates of birth, according to the company’s official public statement.

eBay is urging its 150 million active users to change their passwords immediately. The company said there’s no evidence that the compromise has led to unauthorized activity on user accounts. Nor has the breach given hackers access to financial data, which is stored and encrypted on a separate database. Finally, no information used on PayPal, a subsidiary of eBay Inc. that allows for hassle free payments online, was compromised.

The attack was first detected two weeks ago after a “small number of […]

Targeted attacks have several stages, sometimes called the APT kill chain. At McAfee Labs we prefer the model described by Lockheed Martin:

As part of the weaponizing phase, attackers often put a payload into a file that, once installed, will connect in the C2 (command and control) phase to the attacker. A very common payload used by many password-stealing malware is a keylogger. The purpose of keylogging is to capture the users’ keystrokes, and gather credentials and links to internal and external resources. The stolen credentials can later be used to weaponize another file or serve as part of the actions phase of the APT kill chain.

One example we recently ran into is the malware Marmoolak, an Iranian keylogger with the MD5 F09D2C65F0B6AD55593405A5FD3A7D91.

We traced the first appearance of this keylogger to a Middle-East forum:

Although some keyloggers may capture […]

Some reissued SSL certificates use the same vulnerable key as the ones they replace, and some sites moved to a vulnerable version of OpenSSL

(IDG News Service)

Despite taking prompt action to defend against the Heartbleed attack, some sites are no better off than before — and in some cases, they are much worse off.

Many of the sites that patched vulnerable OpenSSL installations after the Heartbleed attack was revealed on April 7 then went on to revoke compromised SSL certificates and order new ones. But 30,000 sites are now using replacements based on the same compromised private key as the old certificate, according to a study by Internet services company Netcraft released Friday.

That means that anyone who managed to steal the private key of such a server before it was patched could still use the key to impersonate the server in […]