Masslogger Trojan Upgraded to Steal All Your Outlook, Chrome Credentials

A credential stealer infamous for targeting Windows systems has resurfaced in a new phishing campaign that aims to steal credentials from Microsoft Outlook, Google Chrome, and instant messenger apps. Primarily directed against users in Turkey, Latvia, and Italy starting mid-January, the attacks...

Widespread Malvertising Campaign Hijacks 300 Million Sessions

A massive malvertising campaign targeting iOS devices hijacked a whopping 300 million browser sessions in just 48 hours. Researchers at Confiant recorded the campaign Nov. 12, and said that the threat actor behind the campaign is still active to this day. A malicious landing page According to...

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

Criminals behind the Retefe banking Trojan have added a new component to their malware that uses the NSA exploit EternalBlue. The update makes Retefe the latest malware family to adopt the SMBv1 attack against a patched Windows vulnerability, and could signal an emerging trend, said researchers a...

Rotten Apples: Resurgence

In June 2016, we published a blog about a phishing campaign targeting the Apple IDs and passwords of Chinese Apple users that emerged in the first quarter of 2016 referred to as the “Zycode” phishing campaign. At FireEye Labs we have an automated system designed to proactively detect newly...

Rotten Apples: Apple-like Malicious Phishing Domains

At FireEye Labs we have an automated system designed to proactively detect newly registered malicious domains. This system observed some phishing domains registered in the first quarter of 2016 that were designed to appear as legitimate Apple domains. These phony Apple domains were involved in...

Surge in Spam Campaign Delivering Locky Ransomware Downloaders

FireEye Labs is detecting a significant spike in Locky ransomware downloaders due to a pair of concurrent email spam campaigns impacting users in over 50 countries. Some of the top affected countries are depicted in Figure 1. Figure 1. Affected countries As seen in Figure 2, the steep spike start...

New Google Drive Phishing Scam Uncovered

Phishers have again leveraged users’ trust in Google with a newly discovered campaign designed to steal credentials that grant access to the multitude of Google’s online services. New phishing pages hosted on Google Drive were discovered by researcher Aditya K. Sood of Elastica Cloud Threat Labs...

Potentially Malicious Web Site

Some Web sites include heavily-obfuscated JavaScript code, hidden redirection iframe, and other methods to cause unintended browser behavior. This protection blocks such potentially-malicious code from being downloaded to the user's browser...

PDF Containing Obfuscated JavaScript Code (CVE-2010-0188; CVE-2010-2883)

New exploits were released for several remote code execution vulnerabilities that were discovered in the way Adobe Acrobat Reader and Foxit Reader handle specially crafted PDF files. Although various security products provide coverage against many malformed PDF files vulnerabilities, these new...

RelateIQ: RelateIQ GWT based application visible to unauthenticated users

When a legitimate user authenticates to the RelateIQ application, since it is a GWT based application, a request is sent to the URL https://app.relateiq.com/app/app.nocache.js. This detects the browser and then a corresponding request is sent to the URL...

TP-Link Cross Site Request Forgery Vulnerability

This write up goes into detail about how real world cross site request forgery attacks can be used to hijack DNS on TP-Link routers. I. Introduction Today the majority of wired Internet connections is used with an embedded NAT router, which allows using the same Internet connection with several...

New Clickjacking Scam Uses Facebook, Javascript, Our Primate Brain To Spread

A researcher at Kaspersky Lab is warning of a new scam that pastes racy photos to victims’ Facebook pages while forcing them to view Web-based advertisements promoted by the scammers. Writing on the Securelist blog, Kaspersky Lab Expert David Jacoby said that the scam was circulating among Facebo...

Storm Botnet Returns as Part of New Year's Attacks

A new spam campaign that appeared shortly before the New Year is part of a new effort by the crew behind the Storm/Waledac botnet and is using some rather elementary tactics–in combination with fast-flux–to attempt to compromise unsuspecting users. The new attack emerged late last week and is...

30,000 legit websites hit by malware infection

From The Register Dan Goodin A nasty infection that attempts to install a potent malware cocktail on the machines of end users has spread to about 30,000 websites run by businesses, government agencies and other organizations, researchers warned Friday websense.com. The infection sneaks malicious...

Backdoor in com_rsgallery2 gallery extension for joomla

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Joomla RSGallery2 Backdoor

Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all sorts of obfuscated junk all the...

Joomla Component com_rsgallery2 1.14.x/2.x Remote Backdoor Vuln

No description provided by source. Vulnerability: Remote code execution back doors Software: RSGallery2 - Gallery Extension for Joomla! We are currently working on a new website. All files are still available at the JoomlaCode project page. Severity: Not a big deal. Joomla components contain all...