196 matches found
TREASUREHUNT: A Custom POS Malware Tool
Since early 2015, FireEye Threat Intelligence has observed the significant growth of point-of-sale POS malware families in underground cyber crime forums. POS malware refers to malicious software that extracts payment card information from memory and usually uploads that data to a command and...
CenterPOS: An Evolving POS Threat
Introduction There has been no shortage of point-of-sale POS threats in the past couple of years. This type of malicious software has gained widespread notoriety in recent time due to its use in high-profile breaches, some of which involved well-known brick and mortar retailers and led to the...
SlemBunk Part II: Prolonged Attack Chain and Better-Organized Campaign
Introduction Our follow-up investigation of a nasty Android banking malware we identified at the tail end of last year has not only revealed that the trojan is more persistent than we initially realized – thus making for a much more dangerous threat – but that it is also being used as part of an...
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...
LATENTBOT: Trace Me If You Can
FireEye Labs recently uncovered LATENTBOT, a new, highly obfuscated BOT that has been in the wild since mid-2013. It has managed to leave hardly any traces on the Internet, is capable of watching its victims without ever being noticed, and can even corrupt a hard disk, thus making a PC useless...
Zemra Botnet CnC Web Panel Remote Code Execution Exploit
This Metasploit module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra. This module requires Metasploit: http://metasploit.com/downlo...
Zemra Botnet CnC Web Panel Remote Code Execution
This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Zemra Botnet CnC Web Panel Remote Code Execution', 'Description' = %q This module exploits the CnC web panel of Zemra Botnet which...
Zemra Botnet CnC Web Panel Remote Code Execution
This module exploits the CnC web panel of Zemra Botnet which contains a backdoor inside its leaked source code. Zemra is a crimeware bot that can be used to conduct DDoS attacks and is detected by Symantec as Backdoor.Zemra. This module requires Metasploit: https://metasploit.com/download Current...
Cisco 路由器后门 SYNful Knock
影响范围涉及4个国家及常见型号通常来说,思科路由器的植入后门以前经常被认为是理论可行或较难实现,但近日有国外安全公司Fireeye发现这种针对路由器的植入式后门正悄然流行,涉及Cisco 1841/Cisco 2811/Cisco...
Attackers Replacing Firmware on Cisco Routers
Cisco routers are built into the fabric of the Internet and enterprise networks, a fact that makes them highly attractive targets for attackers. Researchers at FireEye have come across attacks recently in which hackers have been modifying the firmware of Cisco routers and using that foothold to...
Energy Watering Hole Attack Used LightsOut Exploit Kit
A recent watering-hole attack targeted firms in the energy sector using a compromised site belonging to a law firm that works with energy companies and led victims to a separate site that used the LightsOut exploit kit to compromise their machines. The attack, which was active during late Februar...
'Sanny' Malware Targeting Russian Space, IT, Telecom Industries
Attackers, purportedly hailing from Korea, have been targeting individuals in Russia’s aerospace, IT, education and telecommunication industries with hopes of extracting their passwords and credentials. According to a post on FireEye’s Malware Intelligence Lab by researchers Alex Lanstein and Ali...
New Java Zero Day Being Used in Targeted Attacks
There is a newly discovered zero day vulnerability in Java 7 that is being used in some targeted attacks right now. The vulnerability works against Internet Explorer and Firefox and researchers say that attackers are exploiting in the wild and installing a version of the Poison Ivy RAT on...
Lessons From the Rustock Takedown
As a follow-up to the Rustock botnet news, Microsoft have identified themselves as the key instigators of the takedown. This is the second time Microsoft’s legal team has been actively involved in combating the botnet menace – and they obviously learned from their previous attempt at trying to...
New Malware, JKDDOS, Targets Commodities Investment Firms
Researchers at Arbor Networks say they have discovered unique samples of a new family of malware that is targeting large investmen firms with holdings in the commodities markets, especially the mining industry. The malware, dubbed ‘JKDDOS,’ is used to launch distributed denial of service DDOS...
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution
CNC Technology BizDB 1.0 - bizdb-search.cgi Remote Command Execution source: https://www.securityfocus.com/bid/1104/info BizDB is a web databse integration product using perl CGI scripts. One of the scripts, bizdb-search.cgi, passes a variable's contents to an unchecked open call and can therefor...