Latest news with #KasperskyLab
Forbes
36 minutes ago
- Forbes
Microsoft Windows Cyberattack Warning — Do Not Open These Files
Beware these dangerous Windows LNK files. Windows users are under attack. Yes, I know, Windows users are always under attack, it's a byproduct of there being so many of them and threat actors focusing on such big platforms that can offer the potential for significant returns. While Linux and macOS systems are far from immune to such attacks, it's Microsoft users who get the brunt of it. Which is why it's so important to install updates that fix Windows vulnerabilities, and install them quickly. But what if the threat is not only well known among the cybercriminal community, has existed for many years, and still hasn't been given a Common Vulnerabilities and Exposures identifier? Welcome to the highly dangerous world of Windows LNK file cyberattacks that are happening right now. Do not open these files. The Common Vulnerabilities and Exposures system might not be perfect, but it does provide a standard and actionable method of identifying and prioritizing security vulnerabilities wherever they occur. Security vulnerabilities such as the one that impacts LNK shortcut files in the Windows operating system, and has done for many years now. Or at least it would have had the vulnerability in question been allocated a CVE identifier, which it hasn't. Alexander Kolesnikov, a malware analyst at Kaspersky Lab, has issued a warning to all Windows users as Kaspersky's Global Research and Analysis Team revealed the most noteworthy Windows vulnerability being exploited so far in 2025. ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited this year in zero-day attacks by cybercriminal and state-sponsored actors according to the security researchers at Trend Micro. ZDI-CAN-25373, the Windows LNK file vulnerability in question, has already been seen being exploited in zero-day attacks by cybercriminal and state-sponsored actors, according to security researchers at Trend Micro. Now, Kolesnikov has warned that it is being actively exploited and enables threat actors to launch attacks that are obfuscated from the victim. 'The main issue is that File Explorer does not fully display the data specified as parameters in application shortcuts,' Kolesnikov explained. What this means is that attackers can apply additional characters in the target field, things like spaces and line breaks for example, so that the user only sees the legitimate-looking path and has no cause for concern that anything is amiss. That's far from the reality though, as malicious commands added, but obscured from view in File Explorer, can be used to compromise the Windows system once the LNK file is executed. 'Only the first part of the path is shown in the shortcut's properties,' Kolesnikov reiterated, adding that 'the target field might include arguments at the end of the line that trigger a request to download a payload using 'As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognize and warn users about potentially harmful files,' a Microsoft spokesperson said.
Forbes
27-05-2025
- Forbes
Microsoft Email To Windows Users Includes A ‘Nasty Surprise'
Delete this email immediately. Microsoft Windows users are being urged to watch out for 'a genuine Microsoft email with a nasty surprise inside,' as a new wave of attacks is launched at PC owners. This type of attack has already hit Google's Gmail users and is now expanding. If you see one of these emails, you must delete it immediately. The warning comes courtesy of the research team at Kaspersky, which has discovered 'a hybrid email-and-phone scam in which attackers send emails from a genuine Microsoft email address.' This works by hijacking genuine Microsoft purchase notifications, inserting custom text, and then forwarding to potential victims at scale. If you receive the email, which will come from 'noreply@ it will thank you for a recent purchase that you will not recognize. It's likely to target you at work, panicking you that there's a large, unauthorized expense you need to handle. 'One more time, just so we're clear,' Kaspersky says, 'this is an honest-to-goodness email from Microsoft. The contents match a typical purchase confirmation. In the screenshot below, the company thanks the recipient for buying 55 Microsoft 365 Apps for Business subscriptions worth a total of $587.95.' Microsoft email includes a 'nasty surprise' The attackers replace the usual billing information within the original Microsoft email with their own phone number that a recipient can call for assistance — just what you will likely do when hit with a huge, unexpected bill. There is no email alternative, 'the victim is left with little choice but to call the phone number provided.' If you do call the number, you're likely to be asked to install some software to investigate and then resolve the issue. That download will be malware and will lead to all kinds of much more serious problems than a surprise $600 bill. According to user reports, the call handler may also ask you to log into your online back to facilitate a refund. This simply provides account details and credentials to the attacker. Kaspersky says the method deployed by the attackers to hijack a Microsoft email address 'is still something of a mystery,' but could be 'stolen credentials or trial versions to access Microsoft 365. By using BCC or simply entering the victim's email address when purchasing a subscription, they can send [the] messages… Whichever is true, the attackers' goal is to replace the billing information — the only part of the Microsoft notification they can alter — with their own phone number.' This almost exactly replicates the well-publicized fake Google emails doing the rounds from their own 'no-reply' email address. The Google advice was that they would never reach out with an account issue. This is smarter, a purchase email from a genuine address. But it's the same pattern — tricking users into calling scammers. Most such scams are tech support lures, which Guardio warns have already surged 137% in 2025. However, just as with Google, don't call the number provided and use standard, publicly available channels instead of you want to contact the company. If you don't recognize the transaction and there is no record in your account, then delete it right away.
Zawya
18-05-2025
- Zawya
Kaspersky reaffirms 100% anti-tampering protection in latest AV-Comparatives test
Kaspersky Next EDR Foundations – represented by Kaspersky Endpoint Security – once again demonstrated 100% tamper protection in the latest focus penetration test by AV-Comparatives. Attackers often attempt to disable security tools as an initial step in compromising business infrastructure. This makes tamper protection a key mechanism for preventing further compromise of the system. It safeguards the product from end-user and third-party changes, and protects services, processes, files, registry entries, and more from any unauthorized control attempts – even in the context of a privileged user (high or system integrity level). The Kaspersky solution met the strict certification requirements by successfully preventing all tampering attempts during testing. The Anti-Tampering Test was conducted on Windows 11 to identify weaknesses that could allow adversaries to disable or modify endpoint protection solutions. Participating vendors were not informed in advance about the attack techniques. Only those products that successfully blocked 100% of the attempts received certification and had their reports published. Kaspersky submitted Kaspersky Endpoint Security for assessment in April 2025 and earned the certification for the second consecutive time. The product effectively blocked all attempts by adversaries to disable, uninstall, or reconfigure the security software in order to prevent updates or enable attacker tools. "We continuously engage in independent testing to ensure our technologies withstand the latest threats while delivering a seamless experience,' says Alexander Liskin, Head of Threat Research at Kaspersky. 'The Anti-Tampering test is of great value since it puts stress on the product without prior knowledge of attack vectors. We take pride in knowing that Kaspersky Endpoint Security, as part of Kaspersky Next EDR Foundations, has once again achieved top scores.' Andreas Clementi, Founder and CEO of AV-Comparatives, added: "Our focus tests aim to highlight areas within the product worthy of improvement. Kaspersky has, again and again, displayed excellent resistance against agnostic approaches to tampering, reestablishing itself among the most secure endpoint solutions." To see the full AV-Comparatives Anti-Tampering test report 2025, please follow the link, and to learn more about the results of 2023, visit this link. Read more about Kaspersky Next on the website. About Kaspersky Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky's deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect individuals, businesses, critical infrastructure, and governments around the globe. The company's comprehensive security portfolio includes leading digital life protection for personal devices, specialized security products and services for companies, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help millions of individuals and over 200,000 corporate clients protect what matters most to them. Learn more at
