Kaspersky Vulnerability Could Break System

Kaspersky published two advisories warning customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.

The vulnerability, reported through Trend Micro’s Zero Day Initiative, affects the Windows versions of Kaspersky Anti-Virus, Internet Security, Total Security, Small Office Security, Security Cloud, and Endpoint Security products.

The issue, tracked as CVE-2021-35053, is related to Firefox and it can be exploited for DoS attacks.

Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable.

Kaspersky Statement

Phishing messages sent from Kaspersky email address

Kaspersky warned on Monday that a recent spear-phishing campaign targeting Office 365 credentials involved emails apparently sent by the company. The phishing emails inform recipients about a new fax and they are designed to lure users to websites set up to phish Microsoft credentials.

These phishing attempts rely on a phishing kit we named ‘Iamtheboss’ used in conjunction with another phishing kit known as ‘MIRCBOOT’,”. The activity may be associated with multiple cybercriminals.

Some of these emails come from the address “noreply(at)sm.kaspersky.com.” An investigation revealed that the emails were sent using Amazon’s Simple Email Service (SES) and a legitimate SES token that was issued to a third-party during the testing of Kaspersky’s 2050.earth website, which is hosted by Amazon. The site is “about the future as seen through the eyes of futurologists, scientists, and Internet users from all corners of the globe.”

Upon discovery of these phishing attacks, the SES token was immediately revoked. No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services.