Showing 23 results for: March 2014 ×

Stupid Spammer Tricks – Multi-Character Set Text

Looking to refinance your house? Install solar panels? Hey, this email about refinancing (or solar power) looks good. But is it really? Is it legitimate or just spam for a fly-by-night outfit? Spammers are constantly trying new tricks to make...

An Intro to NetSupport Manager Scripts

On a recent gig I was hit with hundreds of hosts running a service on port TCP 5405, the NetSupport remote management application. Running a version port scan on them revealed nothing more than: 5405/tcp open netsupport NetSupport PC remote...

Old School Code Injection in an ATM .dll

During our last ATM review engagement, we found some interesting executable files that were run by Windows Services under Local System account. These binaries had weak file permissions that allowed us to modify them using the standard ATM user account....

[Honeypot Alert] JCE Joomla Extension Attacks

Our web honeypots picked up some increased exploit attempts for an old Joomla Content Editor (JCE) Extension vulnerability. Although this vulnerability is a few years old, botnet owners are heavily scanning for sites that are vulnerable and attempting to exploit...

SpiderLabs Radio: March 20, 2014

In this episode we talk about the Windigo malware campaign, how a well-intentioned hacker brought down the Google Play Store twice, Trustwave acquires Cenzic, vulnerability disclosure mailing list Full Disclosure shuts down, the final results of the Pwn2Own competition and...

ColdFusion Admin Compromise Analysis (CVE-2010-2861)

In a previous blog post, I provided "Method of Entry" analysis for a ColdFusion compromise baed on sanitized data from a SpiderLabs IR/Forensics team investigation which resulted in the attacker's installing a malicious IIS module that captured customer credit card...

SpiderLabs Radio: March 13, 2014

In this episode we talk about Microsoft Patch Tuesday providing patches for an Internet Explorer 0-day as well as the sunset of Windows XP. We'll talk about the newest iOS update from Apple, a DDoS attack utilizing a feature in...

WordPress XML-RPC PingBack Vulnerability Analysis

There were news stories this week outlining how attackers are abusing the XML-PRC "pingback" feature of WordPress blog sites to launch DDoS attacks on other sites. This blog post will provide some analysis on this attack and additional information for...

TrustKeeper Scan Engine Update - March 12, 2014

Summary The latest update to the TrustKeeper Scan Engine is now available. It adds detection for more than a dozen vulnerabilities, as well as adding detection for SSH servers that appear to allow logins for any username-password combination. Additionally, we...

Deep Analysis of CVE-2014-0502 – A Double Free Story

A lot has already been said about CVE-2014-0502, the Adobe Flash Player zero-day that was part of a targeted attack that infected several nonprofit organizations’ websites. Several interesting aspects of the exploit were covered in various blog posts; including its...

Touchlogging Part 3 - Final Thoughts

This is the third and final part on the subject of Touchlogging. I do recommend reading part one and part two before reading this final part. The previous parts described the technical details of the touchlogging attacks. In this part,...

Microsoft Patch Tuesday, March 2014

March’s Patch Tuesday includes five bulletins, two rated “Critical” and three rated “Important”. The first of the two “Critical” bulletins is MS14-012. This patch fixes many memory corruption vulnerabilities including a zeroday vulnerability in Internet Explorer being exploited in the...

SpiderLabs Radio: March 7, 2014

In this episode we talk about a new Russian rootkit called Uroburos, another bitcoin exchange closes doors due to hacking, a serious vulnerability is discovered in a common open source encryption library, The Russia/Ukraine conflict spills over to the Internet...

Microsoft Advance Notification for March 2014

The Microsoft Security release for March will include patches for Windows, Internet Explorer and Silverlight. There will be a total of five bulletins with two rated "Critical" and three rated "Important". Four of the bulletins affect Windows two of which...