5 matches found
From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and Microsoft .NET utilities
In this article 1. Attack chain overview 2. Mitigation and protection guidance 3. References 4. Learn more Microsoft Defender Experts identified an active cryptojacking campaign in which malicious download sites are surfaced not only through traditional search engine poisoning, but also through A...
Stolen Opera Code-Signing Certificate Used to Sign Malware
Opera Software said it was able to contain the impact of a security breach that resulted in the theft of an expired code-signing certificate used to sign malware distributed to Windows users during a 36-minute stretch on June 19. Opera developer Sigbjorn Vik said the browser maker was victimized ...
Adobe Plugs Several Buffer Overflow Holes in Shockwave Player
Adobe announced today it has repaired a host of critical buffer overflow vulnerabilities and an array out of bounds vulnerability in Shockwave Player and urges users to update to the latest version of the software, version 11.6.8.638. The company said it is not aware of active exploits. Both the...
Malware Signed by Adobe Certificate Only Used in Limited Targeted Attacks
Adobe’s revocation of a code-signing certificate that had been used by attackers to sign several malicious utilities sparked concerns in the security community about widespread malware attacks using those utilities. The key concern was that most antimalware systems will implicitly trust files tha...
Valid Adobe Certificate Used to Sign Malicious Utilities Common in Targeted Attacks
Adobe announced today it was the victim of an APT-style attack after two malicious utilities commonly used in targeted attacks for privilege escalation and pivoting within a network were discovered signed by a valid Adobe digital certificate. Adobe said it will revoke the certificate next week...