Xfinity, McAfee Brands Abused by Parked Domains in Active Campaigns

Parked domains, which act as aliases and redirect to other websites, can send visitors to malicious or unwanted landing pages or turn entirely malicious at any point in time – as evidenced by a recent Emotet campaign, a separate effort abusing Comcast and McAfee brands, and an election-themed...

Taurus Project stealer now spreading via malvertising campaign

For the past several months, Taurus Project—a relatively new stealer that appeared in the spring of 2020—has been distributed via malspam campaigns targeting users in the United States. The macro-laced documents spawn a PowerShell script that invokes certutil to run an autoit script ultimately...

This Week in Security News: Microsoft Fixes 129 Vulnerabilities for September’s Patch Tuesday and Trend Micro’s XDR Offerings Simplify and Optimize Detection and Response

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, read about this month’s Patch Tuesday update from Microsoft. Also, learn about Trend Micro’s Worry-Free XDR: a new version of its XDR platfo...

Purple Fox EK Adds Microsoft Exploits to Arsenal

The Purple Fox exploit kit EK has added two new exploits targeting critical- and high-severity Microsoft vulnerabilities to its bag of tricks – and researchers say they expect more attacks to be added in the future. The Purple Fox EK was previously analyzed in September, when researchers said tha...

Magnitude exploit kit – evolution

Exploit kits are not as widespread as they used to be. In the past, they relied on the use of already patched vulnerabilities. Newer and more secure web browsers with automatic updates simply do not allow known vulnerabilities to be exploited. It was very different back in the heyday of Adobe Fla...

vasto

This is a copy of the VASTO exploit kit for virtualization platforms. The kit consists of two modules: Abiquo Guest Stealer and Abiquo Poison. Abiquo Guest Stealer is a module that exploits a path traversal vulnerability in Abiquo's REST APIs to retrieve files on the remote system under the Tomca...

This Week in Security News: Operation Overtrap Targets Japanese Online Banking Users and Everything You Need to Know About Tax Scams

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about the number of ways Operation Overtrap can infect or trap victims with its payload. Also, read about how to protect your personal...

‘Highly Competitive' Buer Loader Emerges in Underground Markets

A previously undocumented modular loader has emerged as a lucrative tool for cybercriminals in a variety of campaigns. Researchers say the “highly competitive” loader, dubbed Buer, is intended for use by actors seeking a turn-key, off-the-shelf solution. Researchers say they have spotted the load...

Raccoon Stealer Malware Scurries Past Microsoft Messaging Gateways

Criminals behind malware dubbed Raccoon Stealer have adopted a simple and effective technique to circumvent Microsoft and Symantec anti-spam messaging gateways. The technique has been used in a recent campaign targeting financial institutions via business email compromise BEC attacks. According t...

Threat Analysis Unit (TAU) Threat Intelligence Notification: AsyncRAT

AsyncRAT is a Remote Access Tool RAT designed to remotely monitor and control other computers through a secure encrypted connection. It is an open source remote administration tool, however, it could also be used maliciously because it provides functionality such as keylogger, remote desktop...

This Week in Security News: Amazon Echo Hacked at Pwn2Own Tokyo 2019 and Ransomware Attacks Hit Spanish Companies

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about a ransomware that is attacking Spanish companies and how nearly 50 adware apps were found on Google Play. Also, read about how a...

Purple Fox Exploit Kit Landing Page

Purple Fox exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

Capesand Exploit Kit Landing Page

Capesand exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

Cynet’s free vulnerability assessment offering helps organizations significantly increase their security

Long before a cyberattack is underway, organizations need to be focused on improving their security. Part of this is to always be monitoring their environment, on the lookout for weaknesses and ready to take action if they are found. This is the best way to ensure the organization remains immune ...

Radio Exploit Kit Landing Page

Radio exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

The Hidden Bee infection chain, part 1: the stegano pack

About a year ago, we described the Hidden Bee miner delivered by the Underminer Exploit Kit. Hidden Bee has a complex and multi-layered internal structure that is unusual among cybercrime toolkits, making it an interesting phenomenon on the threat landscape. That's why we're dedicating a series o...

A week in security (July 29 – August 4)

Last week on Malwarebytes Labs we discussed the security and privacy changes in Android Q, how to get your Equifax money and stay safe doing it, and we looked at the strategy of getting a board of directors to invest in government cybersecurity. We also reviewed how a Capital One breach exposed...

Lord Exploit Kit Landing Page

Lord exploit kit is a web exploit kit that operates by delivering malicious payload to the victim's computer. Successful infection will allow the attacker to download additional malware to the target...

Say hello to Lord Exploit Kit

Just as we had wrapped up our summer review of exploit kits, a new player entered the scene. Lord EK, as it is calling itself, was caught by Virus Bulletin's Adrian Luca while replaying malvertising chains. In this blog post, we do a quick review of this exploit kit based on what we have collecte...

Malvertising Campaigns Skirt Ad Blockers, Serve Up Mac Malware

Two fresh malvertising campaigns are making the scene that are abusing the convoluted underpinnings of the internet economy to find malware victims. One is a large-scale exploit kit EK campaign designed to circumvent traditional safeguards, such as ad blockers, and the other uses web redirects to...