Word Attachment Delivers FormBook Malware, No Macros Required

A new wave of document attacks targeting inboxes do not require enabling macros in order for adversaries to trigger an infection chain that ultimately delivers FormBook malware. Researchers at Menlo Security are reporting a wave of attacks that began last month that are targeting financial and...

Cisco Secure Access Control Server Detection (HTTP)

Detection of running version of Cisco Secure Access Control Server. This script sends an HTTP GET request and tries to get the version from the response. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

CVE-2018-0218

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0207

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0207

CVE-2018-0207 affects the Cisco Secure Access Control Server web-based UI (pre-5.8 patch 9). It’s an XXE handling flaw in XML parsing that could let an unauthenticated, remote attacker gain read access to certain information by enticing an administrator to import a crafted XML file. Concrete affe...

CVE-2018-0218

CVE-2018-0218 affects Cisco Secure Access Control Server (ACS) web UI prior to 5.8 patch 9. The issue arises from improper handling of XML External Entities (XXEs) when parsing XML files, enabling an unauthenticated, remote attacker to read information from the system. Connected sources identify ...

CVE-2018-0207

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

CVE-2018-0218

A vulnerability in the web-based user interface of the Cisco Secure Access Control Server prior to 5.8 patch 9 could allow an unauthenticated, remote attacker to gain read access to certain information in the affected system. The vulnerability is due to improper handling of XML External Entities...

Cisco Secure Access Control Server XML External Entity Injection Vulnerability

The Cisco Secure Access Control Server provides a comprehensive identity-based access control solution for Cisco intelligent information networks. An XML external entity injection vulnerability exists in the web-based user interface of Cisco Secure Access Control Server. The vulnerability occurs...

CHM Help Files Deliver Brazilian Banking Trojan

Security researchers are warning of a new spam campaign targeting Brazilian institutions that contain Compiled HTML file attachments that are used to deliver a banking Trojan. Spam messages contain a malicious CHM attachment called “comprovante.chm”, wrote Rodel Mendrez, senior security researche...

Newly Observed Ursnif Variant Employs Malicious TLS Callback Technique to Achieve Process Injection

Introduction TLS Thread Local Storage callbacks are provided by the Windows operating system to support additional initialization and termination for per-thread data structures. As previously reported, malicious TLS callbacks, as an anti-analysis trick, have been observed for quite some time and...

BankBot Returns On Play Store – A Never Ending Android Malware Story

Even after so many efforts by Google for making its Play Store away from malware, shady apps somehow managed to fool its anti-malware protections and infect people with malicious software. A team of researchers from several security firms has uncovered two new malware campaigns targeting Google...

Mitigating and eliminating info-stealing Qakbot and Emotet in corporate networks

The threat to sensitive financial information is greater than ever. Data breaches, phishing attacks, and other forms of information theft are all too common in today’s threat landscape. Point-of-sale systems and ATMs have been targeted by hackers. Information-stealing trojans pose a risk to data...

System Compromise

npm-script-demo compromises the system. It is possible because the module can create an unauthorized connection to a command and control server when it is installed...

Malicious Chrome Extension Steals Data Posted to Any Website

Malicious browser extensions continue to bear fruit for hackers who have been using them to spread banking malware and adware, and hijacking popular add-ons to spread other nasty code. The latest abuse involves a Google Chrome extension being spread in phishing emails that steals any data posted...

First Android Malware Found Exploiting Dirty COW Linux Flaw to Gain Root Privileges

Nearly a year after the disclosure of the Dirty COW vulnerability that affected the Linux kernel, cybercriminals have started exploiting the vulnerability against Android users, researchers have warned. Publicly disclosed last year in October, Dirty COW was present in a section of the Linux...

Graftor - But I Never Asked for This…

This post is authored by Holger Unterbrink and Matthew MolyettOverviewFree software often downloaded from large freeware distribution sites is a boon for the internet, providing users with functionality that otherwise they would not be able to use. Often users, happy that they are getting somethi...

Gazer: A New Backdoor Targets Ministries and Embassies Worldwide

Security researchers at ESET have discovered a new malware campaign targeting consulates, ministries and embassies worldwide to spy on governments and diplomats. Active since 2016, the malware campaign is leveraging a new backdoor, dubbed Gazer, and is believed to be carried out by Turla advanced...

Mobile WireX DDoS Botnet 'Neutralized' by Collaboration of Competitors

A collaboration between leading content delivery networks and technology companies—some of them competitors—is in the midst of shutting down the largest botnet of mobile devices ever recorded. The WireX botnet was detected on Aug. 17 after businesses in a number industries, most notably...

Tech Firms Team Up to Take Down ‘WireX’ Android DDoS Botnet

A half dozen technology and security companies -- some of them competitors -- issued the exact same press release today. This unusual level of cross-industry collaboration caps a successful effort to dismantle 'WireX,' an extraordinary new crime machine comprising tens of thousands of hacked...