CVE-2015-2545: overview of current threats
...SP1. The error enables an attacker to execute arbitrary code using a specially crafted EPS image file. The exploit uses PostScript and can evade Address Space Layout Randomization (ASLR) and... more…Operation AppleJeus: Lazarus hits cryptocurrency exchange with fake installer and macOS malware
...updater. Installation package download page We have analyzed the following Windows version of the installation package: MD5: 9e740241ca2acdc79f30ad2c3f50990a File name: celastradepro_win_installer_1.00.00.msi File type: MSI installer Creation time: 2018-06-29 01:16:00 UTC... more…Same Old yet Brand-new: New File Types Emerge in Malware Spam Attachments
...old yet rarely used file types in spam campaigns. Spam continues to be a cybercriminal favorite – this old-school infection vector makes up more than 48 percent of all email... more…
Website Cross-contamination: Blackhat SEO Spam Malware
...named “runner.php”. This file was inserted on another website in the same shared hosting environment. The important point to take from this is the actual payload file just happens to... more…CVE-2018-3211: Java Usage Tracker Local Elevation of Privilege on Windows
...Log information about the Java virtual machine (JVM) start up configuration parameters. Dump the data into a log file or redirect it to a UDP server. Allow log values for... more…SYSCON Backdoor Uses FTP as a C&C Channel
...same threat actor. Decoding each Base64 string results in a cabinet file. One string contains a 32-bit version of the malware; the other contains a 64-bit version. The appropriate version... more…Unfolding the Mystery of Cerber Ransomware’s Random File Extension
...(.caz) that contains code to decrypt the Cerber file. A component of NSIS follows: The file .ch is the encrypted Cerber file. The first DWORD of the file is the... more…The Ventir Trojan: assemble your MacOS spy
...We got an interesting file (MD5 9283c61f8cce4258c8111aaf098d21ee) for analysis a short while ago. It turned out to be a sample of modular malware for MacOS X. Even after preliminary... more…Backdoor-carrying Emails Set Sights on Russian-speaking Businesses
...dynamic-link library (DLL) file related to these attacks was uploaded to VirusTotal last June 6, 2017. This somewhat coincides with the spate of emails we saw during the period between... more…Janus Android App Signature Bypass Allows Attackers to Modify Legitimate Apps
...other apps and access the information of the user. Vulnerability analysis The installation packages of Android apps (.APK files) are actually .ZIP files. The .ZIP file format has several characteristics... more…McAfee Uncovers Operation Honeybee, a Malicious Document Campaign Targeting Humanitarian Aid Groups
...the implants described in our analysis. Technical Analysis Let’s start with an overview of the attack: We continue with the components involved in this operation. The malicious Word file is... more…Polyglot – the fake CTB-locker
...infected file is launched, nothing appears to happen. However, the cryptor copies itself under random names to a dozen or so places, writes itself to the autostart folder and to... more…ChessMaster Adds Updated Tools to Its Arsenal
...an email with an attached malicious document using the doc, docx, rtf, csv and msg formats. The email title and attached file name were written in Japanese and contain general... more…Facebook malware: tag me if you can
...worldwide. The first stage of the attack started when the user clicked on the “mention”. A malicious file seized control of their browsers, terminating their legitimate browser session and replacing... more…Tinymce PHP file Manager, Remote File upload vulnrablity
...Title :Tinymce PHP file Manager, Remote File upload vulnrablity server : LinuxAuthor: NoentryPHC Type : webapp Exploit Hamr : remote shell upload Dork : inurl:/file_manager.php?type=img Goto google.com and type... more…A malicious pairing of cryptor and stealer
...there: some versions of RAA also include a Pony Trojan file, which steals confidential information from the infected computer. Using the stolen data, the cybercriminals can gain access to the... more…Kam dál?
- Symantec uses vulnerability to take out part of the ZeroAccess botnet
- US, UK Detail Networking Protocols Abused by Russian Cyberspies
- Should we care if over a million schoolkids have been fingerprinted?
- Microsoft Publisher CVE-2013-1329 Remote Code Execution Vulnerability
- Keeping Your Remote Workforce Safe and Secure This Summer
- Advent tip #11: Ask permission to post photos, not forgiveness!
- Nordea Phishing Campaign Continues
- Machine behaviors that threaten enterprise security
- Critical Vulnerability Breaks Android Full Disk Encryption
- Microsoft Kills SHA-1 Support in Edge, Internet Explorer 11