Novel Email-Based Campaign Targets Bloomberg Clients with RATs

A new email-based campaign by an emerging threat actor aims to spread various remote access trojans RATs to a very specific group of targets who use Bloomberg’s industry-based services. Cisco Talos Intelligence researchers discovered the campaign, dubbing it and its perpetrator “Fajan,” and...

EDR in block mode stops IcedID cold

We are happy to announce the general availability of endpoint detection and response EDR in block mode in Microsoft Defender for Endpoint. EDR in block mode turns EDR detections into real-time blocking of malicious behaviors, malware, and artifacts. It uses Microsoft Defender for Endpoint’s...

Android Malware Bypasses 2FA And Targets Telegram, Gmail Passwords

Researchers have uncovered a threat group launching surveillance campaigns that target victims’ personal device data, browser credentials and Telegram messaging application files. One notable tool in the group’s arsenal is an Android malware that collects all two-factor authentication 2FA securit...

Microsoft Office365 Integrity Validation / Remote Code Execution

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

Microsoft Office 365 / ProPlus 16.0.11929.202.88 docx2docm Protection Bypass Vulnerability

Exploit Title: Microsoft Office365 Remote Code Execution Vulnerability Date: 2/11/19 Exploit Author: Social Engineering Neo - @EngineeringNeo Vendor Homepage: https://microsoft.com Software Link: https://office.com Version: Office365/ProPlus build 16.0.11727.20222, 16.0.11901.20170,...

LibreOffice < 6.0.7 / 6.1.3 - Macro Code Execution (Metasploit)

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LibreOffice Macro Code Execution', 'Description' = %q LibreOffice comes bundled with sample macros written in Python and allows the ability to bi...

Microsoft Windows Defender AV: Block Win32 imports from macro code in Office

This test checks the setting for policy OpenVAS Vulnerability Test $Id: winavblockwin32importoffice.nasl 11495 2018-09-20 10:06:25Z emoss $ Check value for Configure Attack Surface Reduction rules: Block Win32 imports from macro code in Office Authors: Emanuel Moss Copyright: Copyright c 2018...

New Trickbot Variant Touts Stealthy Code-Injection Trick

Trickbot has been around since 2016 – but a new variant of the infamous financial trojan has caught the eyes of researchers with a stealthy code-injection technique. Researchers at Cyberbit this week said that they have found a new Trickbot iteration that features a sneaky method of performing...

Nymaim Dropper Updates Delivery, Obfuscation Methods

A new variant of the Nymaim dropper has been identified that includes updated delivery and obfuscation methods, and the use of PowerShell routines to download its payloads. The updated dropper, used primarily to download banking Trojans in the past, has also been spreading ransomware, according t...

Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns

Throughout August, FireEye Labs has observed a few massive email campaigns distributing Locky ransomware. The campaigns have affected various industries, with the healthcare industry being hit the hardest based on our telemetry, as seen in Figure 1. Figure 1. Top 10 affected industries Numerous...

Debian DSA-1514-1 : moin - several vulnerabilities

Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2423 A cross-site-scripting vulnerability has been discovered in attachment handling. - CVE-2007-2637 Access...

DSA-1514-1 moin

Bulletin has no description...

Security Bulletin MS02-031: Cumulative Patches for Excel and Word for Windows (Q324458)

---------------------------------------------------------------------- Title: Cumulative Patches for Excel and Word for Windows Q324458 Date: 19 June 2002 Software: Microsoft Office for Windows Impact: Run Code of Attacker's Choice Max Risk: Moderate Bulletin: MS02-031 Microsoft encourages...