Threat Analysis: Recent Attack Technique Attempts to Bypass Whitelisting by Leveraging MS Office Document Macros, MSBuild, Certutil

Carbon Black continues to monitor and track evolving techniques that attackers leverage. Over the last several years, there has been an increase in attackers leveraging open source frameworks and proof of concept POC techniques that are released publically by researchers. A document was recently...

E013 - WiFi Password Stealer (For Microsoft Windows)

A little VBScript that steal Wifi passwords from Windows Into the file WifiName.txt you can see the password of every saved wifi available on every windows computer that support VBscript Download E013...

Microsoft Windows Multiple Vulnerabilities (KB4074592)

This host is missing a critical security update according to Microsoft KB4074592 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074596)

This host is missing a critical security update according to Microsoft KB4074596 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Updates for Windows Server 2008 (February 2018)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - An information disclosure vulnerability exists when the Windows kernel improperly handles objects in memory. An attacker who successfully exploited this vulnerability could obtain...

Microsoft Windows Multiple Vulnerabilities (KB4074591)

This host is missing a critical security update according to Microsoft KB4074591 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Windows Multiple Vulnerabilities (KB4074594)

This host is missing a critical security update according to Microsoft KB4074594 SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Description of the security update for the Windows scripting engine vulnerability in Windows Server 2008, WES09, and POSReady 2009: February 13, 2018

Description of the security update for the Windows scripting engine vulnerability in Windows Server 2008, WES09, and POSReady 2009: February 13, 2018 Summary An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attack...

Windows Scripting Engine Memory Corruption Vulnerability

An information disclosure vulnerability exists when VBScript improperly discloses the contents of its memory, which could provide an attacker with information to further compromise the user’s computer or data. To exploit the vulnerability, an attacker must know the memory address of where the...

KB4074587: Windows 7 and Windows Server 2008 R2 February 2018 Security Update

The remote Windows host is missing security update 4074587 or cumulative update 4074598. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer. The vulnerability...

Targeted Attacks In The Middle East

This blog post is authored by Paul Rascagneres with assistance of Martin Lee. Executive Summary Talos has identified a targeted attacks affecting the Middle East. This campaign contains the following elements, which are described in detail in this article. The use of allegedly confidential decoy...

Microsoft Windows VBScript Filter Function Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Threat Analysis: Malicious Microsoft Word Documents Being Used in Targeted Attack Campaigns

A Microsoft Word document .doc believed to be malicious was recently submitted to Carbon Black’s Threat Analysis Unit TAU. The submitting organization did not feel that that document and subsequent payload was fully executing in their analysis environment, and questioned whether or not it was...

Microsoft Internet Explorer Scripting Engine Memory Corruption (CVE-2017-11886)

A remote code execution vulnerability exists in Microsoft Explorer. The vulnerability is in the way that Microsoft browser VBScript engines render content when handling objects in memory. The vulnerability could corrupt memory in such a way that an attacker could execute arbitrary code in the...

Microsoft Windows VBScript Join Function Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows VBScript VT_BSTR Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Microsoft Windows VBScript VT_BSTR Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

World's Biggest Botnet Just Sent 12.5 Million Emails With Scarab Ransomware

A massive malicious email campaign that stems from the world's largest spam botnet Necurs is spreading a new strain of ransomware at the rate of over 2 million emails per hour and hitting computers across the globe. The popular malspam botnet Necrus which has previously found distributing Dridex...

Microsoft Windows VBScript Join Function Integer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

VBScript Content Injection in marked

Versions 0.3.2 and earlier of marked are affected by a cross-site scripting vulnerability even when sanitize:true is set. Proof of Concept IE10 Compatibility Mode Only xss link will get a link xss link Recommendation Update to version 0.3.3 or later...