CVE-2021-31608

CVE-2021-31608 affects Proofpoint Enterprise Protection prior to 18.8.0 and enables bypass of a security control. The available documents state the impact as a bypass but do not provide root-cause details, exploit steps, or a confirmed fix/version, and the exploitation status is not specified. CV...

Fake Reservation Links Prey on Weary Travelers

A longtime threat group identified as TA558 has ramped up efforts to target the travel and hospitality industries. After a lull in activity, believed tied to COVID-related travel restrictions, the threat group has ramped up campaigns to exploit an uptick in travel and related airline and hotel...

Disrupting SEABORGIUM’s ongoing phishing operations

The Microsoft Threat Intelligence Center MSTIC has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state...

Threat Actors Pivot Around Microsoft’s Macro-Blocking in Office

Threat actors are finding their way around Microsoft’s default blocking of macros in its Office suite, using alternative files to host malicious payloads now that a primary channel for threat delivery is being cut off, researchers have found. The use of macros-enabled attachments by threat actors...

The vulnerability of the Proofpoint Insider Threat Management Agent for Windows software lies in the use of a potentially dangerous function that allows a hacker to execute arbitrary code with system privileges.

The vulnerability of the Proofpoint Insider Threat Management Agent for Windows software is related to the use of a potentially dangerous function. Exploiting this vulnerability could allow an attacker to execute arbitrary code with system privileges...

Novel ‘Nerbian’ Trojan Uses Advanced Anti-Detection Tricks

A newly discovered and complex remote access trojan RAT is spreading via malicious email campaigns using COVID-19 lures and includes numerous features to evade analysis or detection by researchers, Proofpoint has found. Dubbed Nerbian RAT, the novel malware variant is written in the OS-agnostic G...

Experts Uncover New Espionage Attacks by Chinese 'Mustang Panda' Hackers

The China-based threat actor known as Mustang Panda has been observed refining and retooling its tactics and malware to strike entities located in Asia, the European Union, Russia, and the U.S. "Mustang Panda is a highly motivated APT group relying primarily on the use of topical lures and social...

Emotet is Back With New Tricks to Spread Malware

Emotet malware attacks are back after a 10-month “spring break” – with criminals behind the attack rested, tanned and ready to launch a new campaign strategy. That new approach includes more targeted phishing attacks, different from the previous spray-and-pray campaigns, according to new research...

New Backdoor Targets French Entities via Open-Source Package Installer

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attribute...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

Code injection

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

Proofpoint Insider Threat Management Server 安全漏洞

Proofpoint Insider Threat Management Server is a server-side application from U.S.-based Proofpoint, Inc. that is used to prevent malicious operations by enterprise insiders. A security vulnerability exists in the Windows-based Proofpoint Insider Threat Management Agent prior to version 7.12.1 th...

CVE-2022-25294

CVE-2022-25294 affects the Windows agent of Proofpoint Insider Threat Management. The vulnerability arises because the component relies on an inherently dangerous function, enabling an unprivileged local Windows user to execute arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 a...

CVE-2022-25294

Proofpoint Insider Threat Management Agent for Windows relies on an inherently dangerous function that could enable an unprivileged local Windows user to run arbitrary code with SYSTEM privileges. All versions prior to 7.12.1 are affected. Agents for MacOS and Linux and Cloud are unaffected...

Unusual ‘Donald Trump’ Packer Malware Delivers RATs, Infostealers

A new .NET malware packer being used to deliver a variety of remote access trojans RATs and infostealers has a fixed password named after Donald Trump, giving the new find its name, “DTPacker.” DTPacker was discovered by researchers at Proofpoint who, since 2020, have observed it being used by...

North Korean Hackers Found Behind a Range of Credential Theft Campaigns

A threat actor with ties to North Korea has been linked to a prolific wave of credential theft campaigns targeting research, education, government, media and other organizations, with two of the attacks also attempting to distribute malware that could be used for intelligence gathering. Enterpris...

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

The criminal threat group known as TA551 has added the Sliver red-teaming tool to its bag of tracks – a move that may signal ramped up ransomware attacks ahead, researchers said. According to Proofpoint researchers, TA551 aka Shathak has been mounting cyberattacks that start with email thread...

TA505 Gang Is Back With Newly Polished FlawedGrace RAT

The TA505 cybercrime group is whirring its financial rip-off machinery back up, pelting malware at a range of industries in what was initially low-volume waves that researchers saw spiral up late last month. They do bad things, but they’re so tricky that tracking them is a ton of fun, said Sherro...

CVE-2021-40842

Proofpoint Insider Threat Management Server contains a SQL injection vulnerability in the Web Console. The vulnerability exists due to improper input validation on the database name parameter required in certain unauthenticated APIs. A malicious URL visited by anyone with network access to the...