36 matches found
Obfuscating Code Vulnerabilities against Static Analysis in JavaScript Code
Code obfuscation is widely adopted in modern software development to protect intellectual property and hinder reverse engineering, but it also provides attackers with a powerful means to conceal malicious logic inside otherwise legitimate JavaScript code. In a software supply chain where a single...
EUVD-2024-2007
Malicious code in bioql PyPI...
browsersploit
This is an advanced browser exploit pack for internal and external pentesting, aiming to gain access to internal computers. The tool is not for script kiddies or non-advanced coders, as it contains bugs and is intended for experienced users. The pack includes various techniques to bypass antiviru...
MintsLoader Drops GhostWeaver via Phishing, ClickFix — Uses DGA, TLS for Stealth Attacks
The malware loader known as MintsLoader has been used to deliver a PowerShell-based remote access trojan called GhostWeaver. "MintsLoader operates through a multi-stage infection chain involving obfuscated JavaScript and PowerShell scripts," Recorded Future's Insikt Group said in a report shared...
Google Chrome 安全漏洞
Google Chrome is a web browser from Google, an American company. A code execution vulnerability exists in Google Chrome prior to version 134.0.6998.88, which stems from type obfuscation in V8 and can be exploited by an attacker to cause heap corruption...
13,000 MikroTik Routers Hijacked by Botnet for Malspam and Cyberattacks
A global network of about 13,000 hijacked Mikrotik routers has been employed as a botnet to propagate malware via spam campaigns, the latest addition to a list of botnets powered by MikroTik devices. The activity "takes advantage of misconfigured DNS records to pass email protection techniques,"...
Evasive maneuvers: HTML smuggling explained
Microsoft Threat Intelligence Center MSTIC last week disclosed “a highly evasive malware delivery technique that leverages legitimate HTML5 and JavaScript features” that it calls HTML smuggling. HTML smuggling has been used in targeted, spear-phishing email campaigns that deliver banking Trojans...
Securing REST with free API Firewall How-to guide
In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully...
Securing REST with free API Firewall. How-to guide
In our modern world, web applications are becoming ever more important. Bad actors know this and they target them more frequently than ever before. This is not likely to stop any time soon as the number of web applications the world needs will only go up with its reliance on technology. To fully...
Catch Me if You Can—JavaScript Obfuscation
While conducting threat research on phishing evasion techniques, Akamai came across threat actors using obfuscation and encryption, making the malicious page harder to detect. The criminals were using JavaScript to pull this off...
GreenFlash Sundown exploit kit expands via large malvertising campaign
Exploit kit activity has been relatively quiet for some time, with the occasional malvertising campaign reminding us that drive-by downloads are still a threat. However, during the past few days we noticed a spike in our telemetry for what appeared to be a new exploit kit. Upon closer inspection ...
Mac-Focused Malvertising Campaign Abuses Google Firebase DBs
A malvertising group named VeryMal that targets Mac users has changed up its tactics, ditching steganography as its obfuscation technique. Instead, it’s using ad tags that fetch a payload from Google Firebase in order to redirect users to malicious pop-ups. Confiant estimates that close to 1...
Suspicious JavaScript Obfuscation Chunks Technique
Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...
JavaScript Malicious Shifting Obfuscation Technique
Known exploits could potentially bypass security products by using JavaScript obfuscation techniques. Obfuscated exploits might not be detected by IDS and IPS systems, thus allowing attackers to successfully attack the target web client...
ASUS Net4Switch ipswcom.dll ActiveX Stack Buffer Overflow
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
MS13-009 Microsoft Internet Explorer SLayoutRun Use-After-Free
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...
Microsoft Internet Explorer - textNode Use-After-Free (MS13-037) (Metasploit)
Microsoft Internet Explorer - textNode Use-After-Free MS13-037 Metasploit This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)
Microsoft Internet Explorer - SLayoutRun Use-After-Free MS13-009 Metasploit 1 This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...
Microsoft Internet Explorer - SLayoutRun Use-After-Free (MS13-009) (Metasploit) (1)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 "Microsoft Interne...
IBM Lotus iNotes dwa85W ActiveX Buffer Overflow
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 HttpClients::IE,...