Microsoft Patches Word Zero-Day Spreading Dridex Malware

Microsoft on Tuesday released a patch for a zero-day vulnerability that was discovered late last week and used to spread the Dridex banking Trojan. Attacks were spreading via a massive spam campaign where emails contain Microsoft Word documents with malicious attachments that exploited a...

Malware Evades Detection with Novel Technique

Researchers have found a new strain of document-based macro malware that evades discovery by lying dormant when it detects a security researcher’s test environment. The malware, according to researcher Caleb Fenton with security firm SentinelOne, evades detection simply by counting the number of...

Microsoft Fixes 47 Vulnerabilities with September Patch Tuesday

Microsoft patched 47 vulnerabilities as part of 14 security bulletins, seven critical, with its monthly Patch Tuesday updates today. The company is warning users that if left unpatched, 10 of the issues can lead to remote execution. The updates resolve issues in Microsoft Windows, Office, Office...

AdGholas Malvertising Campaign Leveraged Steganography, Filtering

For over a year attackers were able to carry out a malvertising campaign that managed to draw between one and five million client hits a day, according to researchers. The scam infected thousands a day using a one-two-punch of filtering and steganography, the art of hiding information inside...

Jkanime Site Infected, Redirecting to Exploit Kit, Ransomware

An anime site popular in Mexico and South America was this week infected with malware redirecting visitors to a Neutrino Exploit Kit landing page. The site, Jkanime, streams anime video and has 33 million monthly visitors. Neutrino is currently the top dog among exploit kits after two of the bigg...

Necurs Botnet is Back, Updated Locky and Dridex

The notorious Necurs botnet is back in business, after mysteriously going dark for nearly a month. Researchers report the Necurs has returned to spewing massive volumes of email containing an improved version of the potent Locky ransomware and the Dridex banking Trojan. According to Proofpoint...

Nuclear, Angler Exploit Kit Activity Has Disappeared

Criminal hackers are fickle about their attack vectors. You need to look no further for evidence of this than their constant migration from one exploit kit to another. And while there is an expansive menu of exploit kits, attackers do seem to congregate around a precious few. Researchers who stud...

Updated CryptXXX Ransomware Big Money Potential

CryptXXX ransomware has received a major overhaul by its authors, putting it on the fast track to unseat Locky as top moneymaker for criminals. Researchers at Proofpoint said that on May 26, cybercriminals released an updated CryptXXX 3.100 version of the ransomware that includes a new StillerX...

CVE-2 0 1 6-1 0 1 9: a Magnitude attack tool flash vulnerability-vulnerability warning-the black bar safety net

Last month, Proofpoint has a security researchers found the Magnitude of attack tools there appears to be some new stuff. So in their cooperation we analyzed the sample and found that Magnitude EK added before exist in the Adobe Flash Player Vulnerability, cve-2 0 1 6-1 0 1 9, and then the wild u...

Proofpoint Warns Of New MSIL/Crimson Tied To Cyber Espionage

Diplomats and military personnel in India have been victimized in targeted espionage attacks that use a number of means of infection including phishing and watering hole sites. Researchers at Proofpoint this week published a report on Operation Transparent Tribe, which was ongoing as of Feb. 11...

Attackers Peddling Malware Through CareerBuilder

Attackers have recently taken to the job-search website CareerBuilder to spread Microsoft Word documents that appear to be job hopefuls’ resumes, but in reality, are laden with malware. Researchers at the firm Proofpoint discovered the campaign and discussed their findings in a blog post. In the...

Dridex Campaign Evades Detection with AutoClose Function

Pushers of the Dridex banking malware have gone old-school for some time now, moving the malware through phishing messages executed by macros in Microsoft Office documents. While macros are disabled by default since the release of Office 2007, the malware includes somewhat convincing social...

Malicious Ads on Yahoo, AOL, Trigger CryptoWall Infections

Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,00...

Bitcoin Phishing Scam Takes Aim at 400 Organizations

More than 400 organizations were recently targeted by a Bitcoin phishing campaign that intended to con users into disclosing their wallet passwords. According to Proofpoint, a California-based email security firm that recapped the campaign Wednesday, 12,000 messages were recently sent in two wave...

SOL14371 - Apache Axis vulnerability CVE-2012-5784

Vulnerability Recommended Actions If you are using iControl Assembly 11.2 and earlier, the Apache axis.jar file is vulnerable to CVE-2012-5784. To eliminate this vulnerability, upgrade to iControl Assembly 11.3. To do so, download the latest version of the iControl Assembly package at . Note: A...

CVE-2011-1903

SQL injection vulnerability in an unspecified function in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary SQL commands via unknown vectors...

CVE-2011-1905

Multiple cross-site request forgery CSRF vulnerabilities in unspecified administrative modules in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allow remote attackers to hijack the authentication ...

CVE-2011-1901

The mail-filter web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to bypass authentication via unspecified vectors...

CVE-2011-1902

Directory traversal vulnerability in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to read arbitrary files via unspecified vectors...

CVE-2011-1904

An unspecified function in the web interface in Proofpoint Messaging Security Gateway 6.2.0.263:6.2.0.237 and earlier in Proofpoint Protection Server 5.5.3, 5.5.4, 5.5.5, 6.0.2, 6.1.1, and 6.2.0 allows remote attackers to execute arbitrary commands via unknown vectors, related to a "command...