Showing 1248 results

Patch Tuesday, September 2018

September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash. Across the...

Advanced Deception with BEC Fraud Attacks

Background Business Email Compromise (BEC) email fraud, also known as "CEO Fraud" or "Whaling", has become a major financial cyber threat, affecting businesses of all sizes globally. In such attacks a fraudster impersonates an executive of an organization to trick...

Drupal Cache Poisoning SA-CORE-2018-005

(Analysis by Lena Frid, Bar Menachem and Victor Hora) Shortly after the recent Drupalgeddon vulnerabilities hit the popular content management system, new vulnerabilities were discovered. As reported by PortSwigger Web Security, Drupal versions 8.x are vulnerable to cache poisoning, by...

CVE-2018-8006: XSS in Apache ActiveMQ

A cross site scripting (XSS) vulnerability exists in Apache ActiveMQ prior to version 5.15.5. Apache ActiveMQ is a popular open source message broker acting as a middle man to communicate data between other software. The vulnerability is a reflected XSS...

Bank Malspam Revisited

Last week we wrote about some malicious spam containing Microsoft Publisher files, leading to the FlawedAmmyy RAT, where the actors behind the campaign were targeting banks. The same actors have resumed business today, however this time, they embedded the Publisher...

Malspam Campaign Targets Banks Using Microsoft Publisher

It's very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and...

Patch Tuesday, August 2018

Patch Tuesday, August 2018 Just as Defcon/BSides/BlackHat wraps up in Las Vegas, August's Patch Tuesday is here to remind us of the importance of patching. Today's release brings with it 4 "Defense in Depth" Advisories and patches for 60 CVEs....

SingHealth Data Breach – An Analytical Perspective

Executive Summary On July 20th 2018, the Singapore authorities announced1 that Singapore's largest healthcare group SingHealth was targeted by a major cyber-attack, resulting in a breach which affected about 1.5 million patients' records. The breach was described as unprecedented in...

Malicious SettingContent now delivered through PDF

Recently, a proof-of-concept emerged on how the filetype SettingContent can be abused when getting embedded in Microsoft Office Documents. SettingContent is a feature in Windows 10 which acts as a shortcut to different system settings. Legitimate examples of this can...

DanaBot Riding Fake MYOB Invoice Emails

Authors: Dr. Fahim Abbasi and Diana Lopera We recently observed phishing emails targeting Australian customers with fake MYOB invoices. Instead of the usual HTTP links, these emails were ridden with FTP links pointing to compromised FTP servers. While most of...

Inspecting Encrypted Network Traffic with JA3

Part of our job as security researchers is keeping up with new tools and techniques used to monitor for malicious or unauthorized activity. Strong encryption is an important security pillar that provides essential privacy and access controls, but of course...