Showing 343 results for: Security Research ×

DanaBot Riding Fake MYOB Invoice Emails

Authors: Dr. Fahim Abbasi and Diana Lopera We recently observed phishing emails targeting Australian customers with fake MYOB invoices. Instead of the usual HTTP links, these emails were ridden with FTP links pointing to compromised FTP servers. While most of...

Inspecting Encrypted Network Traffic with JA3

Part of our job as security researchers is keeping up with new tools and techniques used to monitor for malicious or unauthorized activity. Strong encryption is an important security pillar that provides essential privacy and access controls, but of course...

Underground Code of Honor

"We are all honorable men here, we do not have to give each other assurances as if we were lawyers." ― Mario Puzo, The Godfather In the seedy depths of the dark web you will find an underground subculture brimming...

Breakdown of the EFAIL Email Vulnerabilities

hullabaloo [huhl-uh-buh-loo], noun, plural hullabaloos. a clamorous noise or disturbance; uproar. Recently there has been a hullabaloo about a vulnerability called EFAIL, that, as is the fashion these days, came with its own website, and logo, here. EFAIL generated intense...

CVE-2018-8174 and Forcing Internet Explorer Exploits

A zero day exploit was discovered targeting trade agencies and other related organizations in China toward the end of April. The vulnerability is a Use-After-Free (UAF) memory corruption bug in the Microsoft VBScript engine. By taking advantage of the vulnerability,...

CVE-2018-1000136 - Electron nodeIntegration Bypass

A few weeks ago, I came across a vulnerability that affected all current versions of Electron at the time (< 1.7.13, < 1.8.4, and < 2.0.0-beta.3). The vulnerability allowed nodeIntegration to be re-enabled, leading to the potential for remote code execution. If you're unfamiliar with Electron, it is a popular framework that allows you to create cross-platform desktop applications using HTML, CSS, and JavaScript.

WD My Cloud EX2 Serves Your Files to Anyone

Western Digital's My Cloud is a popular storage/backup device that lets users backup and store important documents, photos and media files. Unfortunately the default configuration of a new My Cloud EX2 drive allows any unauthenticated local network user to grab...

Fake ASIC Renewal Spam Delivers Malware to Australian Companies

The Australian Securities and Investment Commission (ASIC) is an independent government agency that is Australia's corporate, market and financial services regulator. ASIC provides several services including registration services for Australian companies. Opportunist Scammers taking advantage of the new year, leveraged...

Multi-Stage Email Word Attack Without Macros

Malware authors often distribute malware through code macros in Microsoft Office documents such as Word, Excel, or PowerPoint. Regardless of the particular Office version, macros can be executed whenever the user opens the file. By default users get warnings from...

Denial of Service Vulnerability in Brother Printers

A vulnerability in the web front-end of Brother printers (called Debut) allows an attacker to launch a Denial of Service attack. The attack is executed by sending a single malformed HTTP POST request. The attacker will receive a 500 error...

"Don't Mine Me" – Coinhive

What's worse than annoying ads on a website? Crypto Miner on a website! Over the last couple of weeks there has been a lot of talk about Coinhive, a service that claims to provide an alternative to advertising for monetizing...

Post-Soviet Bank Heists: A Hybrid Cybercrime Study

Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative...

Emotet lives another day using Fake O2 invoice notifications

Authors: Dr. Fahim Abbasi and Nicholas Ramos We witnessed a widespread phishing campaign targeting O2 customers, that surfaced on 18th August, 2017 and continued intermittently until 21st August, 2017. Telefonica UK Limited, trading as O2, is a major telco provider...

The Spam, JavaScript and Ransomware Triangle

Authors: Dr. Fahim Abbasi and Nicholas Ramos Introduction Our global spam honeypot sensors detected a pervasive email campaign that was leveraging a zipped attachment containing a malicious JavaScript. When opened, the JavaScript was used to infect victims with ransomware. This...

Chip Off the Old EMV

Recently, Jason Knowles of ABC 7's I-Team asked us, "What is the security risk if your EMV chip falls off your credit card? What could someone do with that?" My first thought was, "How in the hell does the chip...

Petya From The Wire: Detection using IDPS

Most malware that traverses a network do so with specific indicators, some of which look like legitimate network traffic and others that are completely unique to the malware. A single IDPS signature can have high confidence of detecting an infection...

A Computational Complexity Attack against Racoon and ISAKMP Fragmentation

Trustwave recently reported a remotely exploitable computational complexity vulnerability in the racoon isakmp daemon that is part of the ipsec-tools open-source project (http://ipsec-tools.sourceforge.net/). The vulnerability is present in the handling of fragmented packets. A computational complexity attack seeks to cause...