RIG Exploit Kit Rotator

RIG exploit kit rotator is a web exploit kit server that operates by delivering malicious URL's to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

GandCrab ransomware distributed by RIG and GrandSoft exploit kits (updated)

This post was authored by Vasilios Hioueras and Jérôme Segura Update 2018-02-02: GandCrab is delivered via Necurs malicious spam 1. Update 2018-02-01: GandCrab is now also spread via the EITest campaign 2 3. - - Late last week saw the appearance of a new ransomware called GandCrab. Surprisingly, ...

A coin miner with a “Heaven’s Gate”

You might call the last two years the years of ransomware. Ransomware was, without a doubt, the most popular type of malware. But at the end of last year, we started observing that ransomware was losing its popularity to coin miners. It is very much possible that this trend will grow as 2018...

A week in security (January 8 – January 14)

It's very early in the year, yet everyone has already had a complete meltdown pun intended over a number of serious vulnerabilities found in legacy and modern microprocessors. Last week, rightly so, vendors released patches for hardware and OSes to help mitigate these threats. However, problems i...

RIG exploit kit campaign gets deep into crypto craze

There isn't a day that goes by without a headline about yet another massive spike in Bitcoin valuation, or a story about someone mortgaging their house to purchase the hardware required to become a serious cryptocurrency miner. If many folks are thinking about joining the 'crypto craze' movement,...

Cobalt Strike Payload Remote Code Execution

Cobalt Strike is an exploit kit that operates by delivering malicious payload to the victim's computer...

Terdot Trojan likes social media

We usually advise people that have fallen victim to banker Trojans to change all their passwords, especially the ones that are related to their financial sites and apps. Besides the dangers of re-used passwords, there are other reasons why this is important. This advice is especially applicable t...

Banking Trojan Gains Ability to Steal Facebook, Twitter and Gmail Accounts

Security researchers have discovered a new, sophisticated form of malware based on the notorious Zeus banking Trojan that steals more than just bank account details. Dubbed Terdot, the banking Trojan has been around since mid-2016 and was initially designed to operate as a proxy to conduct...

Disdain exploit kit and a side of social engineering deliver Neutrino Bot

Today we picked up new activity from an exploit kit that was first discovered back in August of this year. The Disdain exploit kit, simply identified by a string of the same name found in its source code, is being distributed again after a short interruption via malvertising chains. Disdain EK...

Magnitude EK actor goes for Bitcoin multiplier scam (updated)

It is well known that hot commodities tend to attract scammers and online criminals. The continuous rise of Bitcoin over the past year valued at over USD $7,188 at the time of writing is generating frenzy amongst fans of cryptocurrencies as well as those watching from the sidelines. While the...

Malvertising Campaign Redirects Browsers To Terror Exploit Kit

Security experts are warning some “Quit Smoking” and “20 Minute Fat Loss” ads online are delivering more than sales pitches. According to researchers at Zscaler, ads are redirecting browsers to malicious landing pages hosting the Terror exploit kit. The campaigns have been sustained, with the...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

dotCMS 4.1.1 XSS Vulnerability

dotCMS is prone to a stored cross-site scripting XSS vulnerability. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:dotcms:dotcms...

Magniber Ransomware Wants to Infect Only the Right People

Introduction Exploit kit EK use has been on the decline since late 2016; however, certain activity remains consistent. The Magnitude Exploit Kit is one such example that continues to affect users, particularly in the APAC region. In Figure 1, which is based on FireEye Dynamic threat Intelligence...

Magniber ransomware: exclusively for South Koreans

The Magnitude exploit kit has been pretty consistent over the last few months, dropping the same payload—namely, the Cerber ransomware—and targeting a few select countries in Asia. Strangely, Magnitude EK disappeared in late September, and for a while we wondered whether this was yet another...

The flaws exploit the bug using the kit Exploit Kit simple history introduction-vulnerability warning-the black bar safety net

Malicious Trojan virus software as well as the rest of the unpopular French there are many ways to get into your computer, but in snapped past few years, the most popular of the two wrist is an e-mail to seduce and application vulnerability flaws bug the application kit. Now, the scum mail of...

Porn Site Becomes Hub for KovCoreG Group Malvertising Campaigns

Pornhub, a top-20 ranked U.S. website according to Alexa, was serving up large-scale malvertising attacks exposing millions of visitors to click-fraud. Behind the attacks is the KovCoreG Group, best known for distributing Kovter click-fraud malware. The campaigns, spotted by researchers at...

FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY

FireEye recently detected a malicious Microsoft Office RTF document that leveraged CVE-2017-8759, a SOAP WSDL parser code injection vulnerability. This vulnerability allows a malicious actor to inject arbitrary code during the parsing of SOAP WSDL definition contents. FireEye analyzed a Microsoft...

A week in security (August 28 – September 3)

Last week, we looked at what actions Kronos can perform in the final installment of a 2-part post. We also dived into Locky, again, a ransomware that just made a comeback, and found that its latest variant as of this writing has anti-sandboxing capabilities. This means that once Locky has...

RIG exploit kit distributes Princess ransomware

We have identified a new drive-by download campaign that distributes the Princess ransomware AKA PrincessLocker, leveraging compromised websites and the RIG exploit kit. This is somewhat of a change for those tracking malvertising campaigns and their payloads. We had analyzed the PrincessLocker...