Showing 1257 results

Taking Advantage of AJAX for Account Enumeration

Context AJAX stands for Asynchronous JavaScript And XML. It's a set of web development techniques using many web technologies on the client side to create asynchronous web applications. In some cases, XML is not used, but JavaScript is almost always...

Microsoft Patch Tuesday, November 2018

The second to last Patch Tuesday of 2018 is here with patches for 55 CVEs. This includes 11 rated "Critical", 42 rated "Important" and one each rated "Moderate" and "Low". The release also contains three advisories including the standard patch...

ModSecurity v3.0.3: What To Expect

At precisely 155 commits ahead of the latest version, ModSecurity version 3.0.3 contains a number of improvements and features to enhance the ModSecurity experience. In this blog post, we'll explain some of the new capabilities in the latest release. Better...

Decoding Hancitor Malware with Suricata and Lua

Many types of malware send and receive data via HTTP. They may either be sending updates back to their command and control (CnC) centers or they may receive updates. Typically these won't be sent in plain text but rather with...

10 Years On – A Look Back at MS08-067

It has been ten years since the release of MS08-067. Unlike many of the other incidents over the years, this vulnerability has developed a celebrity life of its own (even including pillow shams!). It has a warm place in the...

The Underground Job Market

"Leave your ego at the door every morning, and just do some truly great work. Few things will make you feel better than a job brilliantly done." Robin S. Sharma The last time we visited the cybercriminal underground, we introduced...

Microsoft Patch Tuesday, October 2018

October's Patch Tuesday is here and with it come patches for 49 CVEs and a "Defense in Depth" Advisory for Microsoft Office. Among the patches 12 are rated "Critical," 34 are rated "Important," two rated "Moderate," and one rated as...

Credential Leak Flaws in Windows PureVPN Client

Using a VPN (Virtual Private Network) can bring many advantages, particularly when you want to access remote resources, or you are using a network you don't fully trust, for example, a coffee shop or an airport. In the recent years,...

Patch Tuesday, September 2018

September's Patch Tuesday is here with patches for 61 CVEs and two roll up patches, one for multiple Denial of Service vulnerabilities in Windows and one for the ever present Remote Code Execution (RCE) vulnerabilities in Adobe Flash. Across the...

Advanced Deception with BEC Fraud Attacks

Background Business Email Compromise (BEC) email fraud, also known as "CEO Fraud" or "Whaling", has become a major financial cyber threat, affecting businesses of all sizes globally. In such attacks a fraudster impersonates an executive of an organization to trick...

Drupal Cache Poisoning SA-CORE-2018-005

(Analysis by Lena Frid, Bar Menachem and Victor Hora) Shortly after the recent Drupalgeddon vulnerabilities hit the popular content management system, new vulnerabilities were discovered. As reported by PortSwigger Web Security, Drupal versions 8.x are vulnerable to cache poisoning, by...

CVE-2018-8006: XSS in Apache ActiveMQ

A cross site scripting (XSS) vulnerability exists in Apache ActiveMQ prior to version 5.15.5. Apache ActiveMQ is a popular open source message broker acting as a middle man to communicate data between other software. The vulnerability is a reflected XSS...

Bank Malspam Revisited

Last week we wrote about some malicious spam containing Microsoft Publisher files, leading to the FlawedAmmyy RAT, where the actors behind the campaign were targeting banks. The same actors have resumed business today, however this time, they embedded the Publisher...

Malspam Campaign Targets Banks Using Microsoft Publisher

It's very unusual for malware authors to utilize publishing software like Microsoft Publisher which is mainly used for fancy documents and desktop publishing tasks. So when we saw an email sample with a .pub attachment (Microsoft Office Publisher file) and...