AXIS Communications - Cross-Site Scripting / Content Injection(CVE-2015-8258)

Technical Details The variable "imagePath=" that is prone to XSS in a large range of products also can be used to resource injection intents. If inserted a URL in this variable will be made an GET request to this URL, so this an interesting point to request malicious codes from the attacker...

Attackers Dropping Kasidet Bot via Office Macros

It’s well documented that attackers have reignited their love affair with the Office macro, using it as a vector for spreading banking malware and even the BlackEnergy Trojan as of late. According to researchers at the San Jose security company zScaler, the bot Kasidet, also known as Neutrino, ha...

Salesforce Warns Customers of Dyreza Banker Trojan Attacks

Salesforce.com is warning its customers that the Dyreza banker Trojan is now believed to be targeting some of the company’s users. The Trojan, which has the ability to bypass SSL, typically goes after customers of major banks, but seems to be expanding its reach. Dyreza is relatively new among th...

Dyreza Banker Trojan Seen Bypassing SSL

Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...