59 matches found
SUSE CVE-2021-40444
unknown...
Cybercriminals Exploit Microsoft Word Vulnerabilities to Deploy LokiBot Malware
Microsoft Word documents exploiting known remote code execution flaws are being used as phishing lures to drop malware called LokiBot on compromised systems. "LokiBot, also known as Loki PWS, has been a well-known information-stealing Trojan active since 2015," Fortinet FortiGuard Labs researcher...
Hackers Using PowerPoint Mouseover Trick to Infect Systems with Malware
The Russian state-sponsored threat actor known as APT28 has been found leveraging a new code execution method that makes use of mouse movement in decoy Microsoft PowerPoint documents to deploy malware. The technique "is designed to be triggered when the user starts the presentation mode and moves...
Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite
Trellix Global Defenders: Defending against Cyber Espionage Campaigns – Operation Graphite By Ben Marandel, Arnab Roy · June 20, 2022 Cyber Espionage campaigns by nature are targeted attacks that can go undetected for prolonged periods of time. Cyber Espionage campaigns often involve adversaries...
Exploit for CVE-2022-30190
MS-MSDT Follina CVE-2022-30190 PoC Malicious docx generator t...
MSHTML Flaw Exploited to Attack Russian Dissidents
A spearphishing campaign targeting Russian citizens and government entities that are not aligned with the actions of the Russian government is the latest in numerous threats that have emerged since Russia invaded the Ukraine in February. Researchers from MalwareBytes identified a campaign last we...
New spear phishing campaign targets Russian dissidents
This blog post was authored by Hossein Jazi. -- Updated to clarify the two different campaigns Cobalt Strike and Rat Several threat actors have taken advantage of the war in Ukraine to launch a number of cyber attacks. The Malwarebytes Threat Intelligence team is actively monitoring these threats...
Weekly Threat Digest: 14 – 20 March 2022
For a detailed threat digest, download the pdf file here Published Vulnerabilities Interesting Vulnerabilities Active Threat Groups Targeted Countries Targeted Industries ATT&CK TTPs 567 22 5 36 15 60 The third week of March 2022 witnessed the discovery of 567 vulnerabilities out of which 22 gain...
New Threat Actor Exotic Lily acting as Initial Access Broker for Conti and Diavol ransomware group
THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. Exotic Lily was first discovered exploiting a zero-day vulnerability in Microsoft MSHTML CVE-2021-40444, which piqued the curiosity of researchers as a potentially sophisticated threat actor. Following additional analysis, it...
Meet Exotic Lily, access broker for ransomware and other malware peddlers
The Google Threat Analysis Group TAG has shared their observations about a group of cybercriminals called Exotic Lily. This group has specialized itself as an initial access broker, which means they find a vulnerability in an organizations defenses, exploit that vulnerability, and sell the access...
Google Uncovers 'Initial Access Broker' Working with Conti Ransomware Gang
Google's Threat Analysis Group TAG took the wraps off a new initial access broker that it said is closely affiliated to a Russian cyber crime gang notorious for its Conti and Diavol ransomware operations. Dubbed Exotic Lily, the financially motivated threat actor has been observed exploiting a...
Hackers Exploited MSHTML Flaw to Spy on Government and Defense Targets
Cybersecurity researchers on Tuesday took the wraps off a multi-stage espionage campaign targeting high-ranking government officials overseeing national security policy and individuals in the defense industry in Western Asia. The attack is unique as it leverages Microsoft OneDrive as a...
Exploit for Path Traversal in Microsoft
Fully Weaponized CVE-2021-40444 Malicious docx generator to e...
New Exploit Lets Malware Attackers Bypass Patch for Critical Microsoft MSHTML Flaw
A short-lived phishing campaign has been observed taking advantage of a novel exploit that bypassed a patch put in place by Microsoft to fix a remote code execution vulnerability affecting the MSHTML component with the goal of delivering Formbook malware. "The attachments represent an escalation ...
Exploit for Path Traversal in Microsoft
Microsoft-Office-Word-MSHTML-Remote-Code-Exe...
Metasploit Wrap-Up
Word and Javascript are a rare duo. Thanks to thesunRider. you too can experience the wonder of this mystical duo. The sole new metasploit module this release adds a file format attack to generate a very special document. By utilizing Javascript embedded in a Word document to trigger a chain of...
Microsoft Office Word MSHTML Remote Code Execution Exploit
This Metasploit module creates a malicious docx file that when opened in Word on a vulnerable Windows system will lead to code execution. This vulnerability exists because an attacker can craft a malicious ActiveX control to be used by a Microsoft Office document that hosts the browser rendering...
Microsoft Office Word MSHTML Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Office Word Malicious MSHTML RCE', 'Description' = %q This module creates a malicious docx file that when opened in Word on a vulnerabl...
Hackers Using Microsoft MSHTML Flaw to Spy on Targeted PCs with Malware
A new Iranian threat actor has been discovered exploiting a now-addressed critical flaw in the Microsoft Windows MSHTML platform to target Farsi-speaking victims with a previously undocumented PowerShell-based information stealer designed to harvest extensive details from infected machines. "The...
Exploit for Path Traversal in Microsoft
CVE-2021-40444 PoC Malicious docx generator to exploit CVE-20...