Qualys Top 20 Most Exploited Vulnerabilities

The earlier blog posts showcased an overview of the vulnerability threat landscape that is either remotely exploited or most targeted by attackers. A quick recap – We focused on high-risk vulnerabilities that can be remotely exploited with or without authentication, and with the view on the time ...

New campaign uses government, union-themed lures to deliver Cobalt Strike beacons

By Chetan Raghuprasad and Vanja Svajcer. Cisco Talos discovered a malicious campaign in August 2022 delivering Cobalt Strike beacons that could be used in later, follow-on attacks. Lure themes in the phishing documents in this campaign are related to the job details of a government organization i...

Top CVEs Trending with Cybercriminals

Criminal small talk in underground forums offer critical clues about which known Common Vulnerabilities and Exposures CVEs threat actors are most focused on. This, in turn, offers defenders clues on what to watch out for. An analysis of such chatter, by Cognyte, examined 15 cybercrime forums...

dateame.co Improper Access Control vulnerability OBB-1257892

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

lejeune.bookoo.com Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-970624 Security Researcher KhanJanny Helped patch 3061 vulnerabilities Received 9 Coordinated Disclosure badges Received 38 recommendations , a holder of 9 badges for responsible and coordinated disclosure, found a security vulnerability affecting lejeune.bookoo.com websit...

Spy Campaign Spams Pro-Tibet Group With ExileRAT

A cyber-espionage campaign has been spotted targeting recipients of a mailing list run by the Central Tibetan Administration CTA. India’s CTA is an organization officially representing the Tibetan government-in-exile. The territory of Tibet is administered by the People’s Republic of China – but...

ExileRAT shares C2 with LuckyCat, targets Tibet

Warren Mercer, Paul Rascagneres and Jaeson Schultz authored this post. Executive summary Cisco Talos recently observed a malware campaign delivering a malicious Microsoft PowerPoint document using a mailing list run by the Central Tibetan Administration CTA, an organization officially representin...

Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox

This blog post was authored by Edmund Brumaghin and Holger Unterbrink with contributions from Emmanuel Tacheau. Executive Summary Cisco Talos has discovered a new malware campaign that drops the sophisticated information-stealing trojan called "Agent Tesla," and other malware such as the Loki...

An attacker with Office vulnerability propagation FELIXROOT Backdoor-vulnerability warning-the black bar safety net

! One, the attack event details 2017 9 months, in response to Ukrainian attacks, FireEye found FELIXROOT Backdoor this malicious payload, and feedback to our intelligence perception of the customers. The attack activities using some malicious Ukrainian banks document that contains a macro, used t...

FELIXROOT Backdoor Resurfaces in Environmental Spam Campaign

After a few months of absence, the FELIXROOT backdoor malware has been spotted in a fresh malspam campaign. The campaign uses weaponized lure documents claiming to contain seminar information on environmental protection efforts. This backdoor has a range of functions, including the ability to...

Stealthy Malware Hidden in Images Takes to GoogleUserContent

Malware that uses Exchangeable Image File Format EXIF data to hide its code has migrated to a new platform: GoogleUserContent sites, such as Google+ and blogger forums. In this technique, previously seen on Pastebin and GitHub, hackers embed malicious code within uploaded images – a stealthy...

fitnessdigital.ie XSS vulnerability

Open Bug Bounty ID: OBB-554663 Description| Value ---|--- Affected Website:| fitnessdigital.ie Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Disclosure Standard:| Coordinated Disclosure...

Korea In The Crosshairs

This blog post is authored by Warren Mercer and Paul Rascagneres and with contributions from Jungsoo An. A one year review of campaigns performed by an actor with multiple campaigns mainly linked to South Korean targets. Executive Summary This article exposes the malicious activities of Group 123...

Gaza Cybergang – updated activity in 2017:

1. Summary information The Gaza cybergang is an Arabic-language, politically-motivated cybercriminal group, operating since 2012 and actively targeting the MENA Middle East North Africa region. The Gaza cybergang's attacks have never slowed down and its typical targets include government...

KB4014793: Microsoft Wordpad Remote Code Execution vulnerability (April 2017)

The remote Windows host is missing security update KB4014793. It is, therefore, affected by a remote code execution vulnerability in Windows WordPad due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, by convincing a user to open a specially...

Microsoft Excel - OLE Arbitrary Code Execution Exploit

Exploit for windows platform in category dos / poc Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016...

Microsoft Excel - OLE Arbitrary Code Execution

Microsoft Excel - OLE Arbitrary Code Execution Title: MS Office Excel all versions Arbitrary Code Execution Vulnerability Date: September 30th, 2017. Author: Eduardo Braun Prado Vendor Homepage: http://www.microsoft.com/ Software Link: https://products.office.com/ Version: 2007,2010,2013,2016 32/...

Fake IRS notice delivers customized spying tool

While macro-based documents and scripts make up for the majority of malspam attacks these days, we also see some campaigns that leverage documents embedded with exploits. Case in point, we came across a malicious Microsoft Office file disguised as a CP2000 notice. The Internal Revenue Service IRS...

Microsoft Word vulnerability: hackers can use the automatic update link to install the malicious software-vulnerability warning-the black bar safety net

According to foreign media news, the SANS Internet Center a freelance security consultant and Handler in Microsoft Word, found a very interesting vulnerability that allows an attacker to abuse the Word program to automatically update the link function. This is one of the default start function,...

When combining exploits for added effect goes wrong

IntroductionSince public disclosure in April 2017, CVE-2017-0199 has been frequently used within malicious Office documents. The vulnerability allows attackers to include Ole2Link objects within RTF documents to launch remote code when HTA applications are opened and parsed by Microsoft Word.In...