QR Phishing. Fact or Fiction?

October 2023’s Cyber Security Awareness Month led to a flurry of blog posts about a new attack called Quishing QR Code phishing and how new AI powered email gateways can potentially block these attacks. What’s the attack? To understand the attack you need understand the challenge that the attacke...

SMTP end-of-data uncertainty can be abused to spoof emails and bypass policies

Overview A vulnerability has been found in the way that SMTP servers and software handle the end-of-data sequences essentially the end of a single email message in mail messages. An attacker can use this inconsistency to craft an email message that can bypass SMTP security policies. Description...

Urgent FBI Warning: Barracuda Email Gateways Vulnerable Despite Recent Patches

The U.S. Federal Bureau of Investigation FBI is warning that Barracuda Networks Email Security Gateway ESG appliances patched against a recently disclosed critical flaw continue to be at risk of potential compromise from suspected Chinese hacking groups. It also deemed the fixes as "ineffective"...

Cisco Secure Email Gateway Malware Detection Evasion

This report is being published within a coordinated disclosure procedure. The researcher has been in contact with the vendor but not received a satisfactory response within a given time frame. As the attack complexity is low and exploits have already been published by a third party there must be ...

HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks

HTML smuggling, a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features, is increasingly used in email campaigns that deploy banking malware, remote access Trojans RATs, and other payloads related to targeted attacks. Notably, this technique was observe...

Crooks Tap Google Firebase in Fresh Phishing Tactic

A series of phishing campaigns using Google Firebase storage URLs have surfaced, showing that cybercriminals continue to leverage the reputation of Google’s cloud infrastructure to dupe victims and skate by secure email gateways. Google Firebase is a mobile and web application development platfor...

Phish Uses Google's URL Decoding to Swim Past Defenses

A phishing campaign that takes advantage of Google’s ability to decode non-ASCII URL data on the fly is making the rounds – looking to fool the unsavvy by effectively hiding the website address of the campaign’s phishing page. The campaign makes use of what’s called percentage-based URL encoding ...

New Dridex Variant Emerges With An FTP Twist

A variant of the Dridex banking trojan recently popped up in an email campaign, with an unusual twist: The attackers used compromised FTP sites for hosting malicious documents, according to researchers at Forcepoint. It was a notable departure from the norm of using HTTP links and could represent...

Clam Anti-Virus ClamAV 0.88.x UPX Compressed PE File Heap Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/19381/info ClamAV is prone to a heap buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer. This issue occurs when the...

多个Symantec产品RAR/TAR/ZIP文件扫描绕过漏洞

Bugraq ID: 35354 多个Symantec产品对畸形或特殊格式的压缩档文件如tar/zip/rar/缺少真确处理，可导致绕过扫描产品的检测。 攻击者构建恶意的文件，发送给目标用户，可绕过检测使应用程序展开并执行。 目前没有详细漏洞细节提供。 Symantec Symantec AntiVirus Scan Engine for Microsoft ISA 4.3.12 Symantec Symantec AntiVirus Corporate Edition 10.2 MR2 Symantec Scan Engine 5.1.6.31 Symantec Scan Engine...

CVE-2000-0238

Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL...