111 matches found
Brand-New SystemBC Proxy Malware Spotted Using SOCKS5 for Stealth
A previously undocumented proxy malware, dubbed “SystemBC,” is upping the stealth game by using SOCKS5 to evade detection. It’s being distributed by the Fallout and RIG exploit kits EKs, according to researchers. Proofpoint researchers said on Thursday that in the most recently tracked example, t...
Malvertising Campaigns Skirt Ad Blockers, Serve Up Mac Malware
Two fresh malvertising campaigns are making the scene that are abusing the convoluted underpinnings of the internet economy to find malware victims. One is a large-scale exploit kit EK campaign designed to circumvent traditional safeguards, such as ad blockers, and the other uses web redirects to...
Exploit kits: spring 2019 review
Exploit kit activity remains fairly unchanged since our last winter review in terms of active distribution campaigns. But this spring edition will feature a new exploit kit and another atypical EK, in that it specifically goes after routers. The main driver behind these drive-by download attacks...
Exploit kits: winter 2019 review
Active malvertising campaigns in December and the new year have kept exploit kit activity from hibernating in winter 2019. We mostly observed Fallout and RIG with the occasional, limited GrandSoft appearance for wider geo-targeting. In addition, narrowly-focused exploit kits such as Magnitude,...
A week in security (January 14 – 20)
Last week on the Malwarebytes Labs blog, we took a look at how the government shutdown is influencing cybersecurity jobs, Advanced Persistent Threats group APT10, the comeback of Fallout EK, the hosting of malicious sites on legitimate servers, and the Collection 1 data breach. Other cybersecurit...
Fallout EK Retools for a Fresh New 2019 Look
A new version of the Fallout exploit kit EK has emerged, featuring new exploits and fresh payloads, including the GandCrab ransomware. The development shows that EKs have a lot of life yet left in them, researchers say. The Fallout EK generally finds its victims by way of malvertising campaigns,...
Improved Fallout EK comes back after short hiatus
Edit 2019-01-24 Fallout EK introduces a new dropper to facilitate the final payload retrieval. This update replaces the plain MZ we saw for a little while. -- After a short hiatus in early January, the Fallout exploit kit is back in business again with some new features for the new year. During i...
Exploit kits: fall 2018 review
Exploit kit EK activity continues to surprise us as the weather cools, the leaves change, and we move into the fall of 2018. Indeed, shortly after our summer review, a new exploit kit was discovered, and while no new vulnerabilities were added to the current EKs, several malvertising chains are...
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
Towards the end of August 2018, FireEye identified a new exploit kit EK that was being served up as part of a malvertising campaign affecting users in Japan, Korea, the Middle East, Southern Europe, and other countries in the Asia Pacific region. The first instance of the campaign was observed on...
Exploit kits: summer 2018 review
The uptick trend in cybercriminals using exploit kits that we first noticed in our spring 2018 report has continued into the summer. Indeed, not only have new kits been found, but older ones are still showing signs of life. This has made the summer quarter one of the busiest we've seen for exploi...
Magniber ransomware improves, expands within Asia
This blog post was authored by @hasherezade and Jérôme Segura. The Magnitude exploit kit is one of the longest-serving browser exploitation toolkits among those still in use. After its inception in 2013, it enjoyed worldwide distribution with a liking for ransomware. Eventually, it became a priva...
Joomla Ek Rishta Component SQL Injection (CVE-2018-12254)
An SQL injection vulnerability exists in Joomla Ek Rishta 2.10. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system...
Joomla Ek rishta 2.10 Component - SQL Injection Vulnerability
Exploit for php platform in category web applications Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...
Joomla Component Ek Rishta 2.10 - SQL Injection
Joomla Component Ek Rishta 2.10 - SQL Injection Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download:...
Harmis Ek rishta SQL Injection Vulnerability in Joomla!
Joomla! is an open source content management system CMS developed by the Open Source Matters team in the U.S. The system provides RSS feeds, site search, etc. Harmis Ek rishta aka ek-rishta is used in one of the wedding dating site plugin. A SQL injection vulnerability exists in the router.php fi...
Joomla Ek Rishta 2.10 SQL Injection
Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download: https://extensions.joomla.org/extension/ek-rishta/ CVE: CVE-2018-12254...
Joomla! Component Ek Rishta 2.10 - SQL Injection
Title: SQL Injection Joomla Component Ek rishta 2.10 - SQL Injection Date: 2018-06-14 Exploit Author: Guilherme Assmann Vendor Homepage:https://www.joomla.org/ Version: 2.10 Tested on: MacOSX, Safari, Chrome Download: https://extensions.joomla.org/extension/ek-rishta/ CVE: CVE-2018-12254...
Exploit kits: Spring 2018 review
Since our last report on exploit kits, there have been some new developments with the wider adoption of the February Flash zero-day, as well as the inclusion of a new exploit for Internet Explorer. We have not seen that many changes in the drive-by landscape for a long time, although these are th...
CVE-2018-12254
router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...
CVE-2018-12254
router.php in the Harmis Ek rishta aka ek-rishta 2.10 component for Joomla! allows SQL Injection via the PATHINFO to a home/requesteduser/Sent%20interest/ URI...