Notorious Malware, Spam Host “Prospero” Moves to Kaspersky Lab

One of the most notorious providers of abuse-friendly "bulletproof" web hosting for cybercriminals has started routing its operations through networks run by the Russian antivirus and security firm Kaspersky Lab , KrebsOnSecurity has learned. Security experts say the Russia-based service provider...

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting

A Catalog of Hazardous AV Sites – A Tale of Malware Hosting By Trellix · May 23, 2024 This blog was written by Gurumoorthi Ramanathan Executive summary In mid-April 2024, Trellix Advanced Research Center team members observed multiple fake AV sites hosting highly sophisticated malicious files suc...

Millions of Malicious 'Imageless' Containers Planted on Docker Hub Over 5 Years

Cybersecurity researchers have discovered multiple campaigns targeting Docker Hub by planting millions of malicious "imageless" containers over the past five years, once again underscoring how open-source registries could pave the way for supply chain attacks. "Over four million of the repositori...

Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts

Threat actors are increasingly making use of GitHub for malicious purposes through novel methods, including abusing secret Gists and issuing malicious commands via git commit messages. "Malware authors occasionally place their samples in services like Dropbox, Google Drive, OneDrive, and Discord ...

Alert: Brazilian Hackers Targeting Users of Over 30 Portuguese Banks

A Brazilian threat actor is targeting more than 30 Portuguese financial institutions with information-stealing malware as part of a long-running campaign that commenced in 2021. "The attackers can steal credentials and exfiltrate users' data and personal information, which can be leveraged for...

Researchers Warns of Increase in Phishing Attacks Using Decentralized IPFS Network

The decentralized file system solution known as IPFS is becoming the new "hotbed" for hosting phishing sites, researchers have warned. Cybersecurity firm Trustwave SpiderLabs, which disclosed specifics of the spam campaigns, said it identified no less than 3,000 emails containing IPFS phishing UR...

Messaging Apps Tapped as Platform for Cybercriminal Activity

Cybercriminals are tapping the built-in services of popular messaging apps like Telegram and Discord as ready-made platforms to help them perform their nefarious activity in persistent campaigns that threaten users, researchers have found. Threat actors are tapping the multi-feature nature of...

U.S. Dept Of Defense: Unrestricted File Upload

Summary: The endpoint at https://███████/ui/core/index.html required authentication, but navigating to https://█████/ui/core/index.html?mode=publicexpl-tabl./SHARED/rpchllmd/CSAT allow for read/write access. Description: The endpoint at...

Data Pours from Cloud—And ‘The Enemy is Us’

Accenture, Verizon, Dow Jones and Deep Root Analytics are just the tip of the iceberg when it comes to the millions of private records and sensitive enterprise data exposed on cloud backends this year. And the problem is getting worse not better. “The enemy is us,” said Chris Vickery, director of...

Conceptronic Grab'n'Go Authorization Bypass

Security Advisory AA-005: Authorization Bypass Vulnerability in Password Reset Function Conceptronic Grab’n’Go Network Storage 0-day Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 6, 2012 Vulnerability Type= Authorization Bypass...

Sitecom Home Storage Center Directory Traversal

Security Advisory AA-004: Directory Traversal Vulnerability in Sitecom Home Storage Center Severity Rating: High Discovery Date: July 29, 2012 Vendor Notification: July 30, 2012 Disclosure Date: September 3, 2012 Vulnerability Type= Directory Traversal Impact= - System Access - Exposure of...

Conceptronic GrabnGo and Sitecom Storage Center - Password Disclosure

Conceptronic GrabnGo and Sitecom Storage Center - Password Disclosure Updated to include Sitecom MD-253 and MD254 Minor textual changes == Conceptronic Grab’n’Go and Sitecom Storage Center - Password disclosure Vulnerability - Security Advisory AA-002 Severity Rating: High Discovery Date: May 5,...

Dorifel Malware Encrypts Files, Steals Financial Data, May Be Related to Zeus or Citadel

While much of the world was focused yesterday on the Gauss malware saga, there was another interesting infection happening, mainly in the Netherlands, that researchers think may be related to the Zeus and Citadel attacks, though the motivation behind the attack is somewhat of a mystery. The new...

Blackhole Exploit Kit attack on WampServer & Wordpress sites

Blackhole Exploit Kit attack on WampServer & Wordpress sites Kimberly from Stopmalvertising found Blackhole Exploit Kit on Website of most popular Webserver software site WAMPSERVER. Almost at the bottom of the webpage they notice a Javascript requesting a file from jquery.googlecode.com. The URL...

London Stock Exchange website gets hacked with Malware Ads !

London Stock Exchange website gets hacked with Malware Ads ! THE LONDON STOCK EXCHANGE LSE website has been bombarded with fake insecurity software adverts that point to malware. It seems that dodgy security ads have been unknowingly hosted at the LSE website for at least a few months. An analysi...