New multi platform malware/adware spreading via Facebook Messenger

One good thing about having a lot of Facebook friends is that you simply act as a honey pot when your friends click on malicious things. A few days ago I got a message on Facebook from a person I very rarely speak to, and I knew that something fishy was going on. After just a few minutes analyzin...

Terror Evolved: Exploit Kit Matures

This post is authored by Holger Unterbrink and Emmanuel Tacheau Executive SummaryTalos is monitoring the major Exploit KitsEK on an ongoing basis. While investigating the changes we recently observed in the RIG EK campaigns, we identified another well known candidate: Terror Exploit Kit.Terror EK...

Session Hijacking, Cookie-Stealing WordPress Malware Spotted

Researchers have identified a strain of cookie stealing malware injected into a legitimate JavaScript file, that masquerades as a WordPress core domain. Cesar Anjos, a security analyst at Sucuri, a firm that specializes in WordPress security, came across the malware during an incident response...

PowerShell used for spreading Trojan.Laziok through Google Docs

Introduction Through our multi-flow detection capability, we recently identified malicious actors spreading Trojan.Laziok malware via Google Docs. We observed that the attackers managed to upload the payload to Google Docs in March 2016. During the brief time it was live, users accessing the...

[OMENS v1.17] The framework for distributing Actionable Intelligence

OMENS Object Monitor for Enhanced Network Security was born out of the intrusion and intrusion attempts analysis that I have been doing over many years. I consistently run into intrusion attempts that existing IDS systems have difficulty detecting. OMENS is my attempt to better detect and...

Unnamed Android Vulna Ad Library Abused to Steal User Data

A popular Android mobile ad library available on Google Play can be used to collect device data or execute malicious code, security researchers have discovered. The most alarming aspect to the library is that close to 2 percent of Android apps with more than 1 million downloads on Google Play use...

Attackers Using Fake Google Analytics Code to Redirect Users to Black Hole Exploit Kit

Injecting malicious code into the HTML used on legitimate Web sites is a key part of the infection lifecycle for many attack crews, and they often disguise and obfuscate their code to make it more difficult to analyze or so it appears to be legitimate code. The latest instance of this technique h...

Joomla Component com_rsgallery2 1.14.x/2.x Remote Backdoor Vuln

No description provided by source. Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all...