Security Experts:

Kaspersky Patches Vulnerability That Can Lead to Unbootable System

Microsoft Phishing Messages Come From Kaspersky Email Address

Kaspersky published two advisories on Monday to warn customers about a vulnerability that can lead to unbootable systems and a phishing campaign involving messages sent from a Kaspersky email address.

The vulnerability, reported to the cybersecurity firm by researcher Abdelhamid Naceri through Trend Micro’s Zero Day Initiative (ZDI), affects the Windows versions of Kaspersky Anti-Virus, Internet Security, Total Security, Small Office Security, Security Cloud, and Endpoint Security products.

The issue, tracked as CVE-2021-35053, is related to Firefox and it can be exploited for denial-of-service (DoS) attacks.

“Possible system denial of service in case of arbitrary changing Firefox browser parameters. An attacker could change specific Firefox browser parameters file in a certain way and then reboot the system to make the system unbootable,” Kaspersky explained in an advisory.

The company has released patches for each of the impacted products. ZDI has yet to publish an advisory describing this vulnerability, but it’s worth noting that the firm is preparing three advisories for vulnerabilities discovered by Naceri in Kaspersky products in August.

Phishing messages sent from Kaspersky email address

Kaspersky warned on Monday that a recent spear-phishing campaign targeting Office 365 credentials involved emails apparently sent by the company. The phishing emails inform recipients about a new fax and they are designed to lure users to websites set up to phish Microsoft credentials.

Phishing emails coming from Kaspersky address

“These phishing attempts rely on a phishing kit we named ‘Iamtheboss’ used in conjunction with another phishing kit known as ‘MIRCBOOT’,” Kaspersky explained. “The activity may be associated with multiple cybercriminals.”

Some of these emails come from the address “noreply(at)sm.kaspersky.com.” An investigation revealed that the emails were sent using Amazon’s Simple Email Service (SES) and a legitimate SES token that was issued to a third-party during the testing of Kaspersky’s 2050.earth website, which is hosted by Amazon. The site is “about the future as seen through the eyes of futurologists, scientists, and Internet users from all corners of the globe.”

“Upon discovery of these phishing attacks, the SES token was immediately revoked. No server compromise, unauthorized database access or any other malicious activity was found at 2050.earth and associated services,” Kaspersky said.

Related: Kaspersky Password Manager Generated Passwords That Could Quickly Be Brute-Forced

Related: Vulnerabilities Disclosed in Kaspersky, Trend Micro Products

Related: Kaspersky: Exploits for MS Office Flaws Most Popular in Q1 2021

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.