Hackers Use Excel Exploit to Hide XWorm 7.2 in JPEG Files, Hijack PCs

A new phishing campaign is spreading XWorm 7.2 via malicious Excel files, hiding the malware in Windows processes, and using AES encryption to steal passwords and Wi-Fi keys...

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...

📄 Abacre Restaurant Point of Sale 15.0.0.1656 Memory Scanner

Abacre Restaurant Point of Sale version 15.0.0.1656 memory scanner for sensitive data detection. This Python script is an advanced Windows memory scanning tool designed to detect sensitive data leaks within running processes. It performs deep memory analysis to identify patterns resembling produc...

EUVD-2020-28404

Malware in sbrugna...

CVE-2020-11639

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

CVE-2020-11639 Insufficient access control on Inter process communication,

An attacker could exploit the vulnerability by injecting garbage data or specially crafted data. Depending on the data injected each process might be affected differently. The process could crash or cause communication issues on the affected node, effectively causing a denial-of-service attack. T...

LinkedIn Spear-Phishing Campaign Targets Job Hunters

A threat group called Golden Chickens is delivering the fileless backdoor moreeggs through a spear-phishing campaign targeting professionals on LinkedIn with fake job offers, according to researchers at eSentire. The phishing emails try to trick a victim into clicking on a malicious .ZIP file by...

CVE-2020-8484

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

Design/Logic Flaw

Insufficient protection of the inter-process communication functions in ABB System 800xA for MOD 300 all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484 ABB System 800xA Inter process communication vulnerability - 800xA for DCI

Insufficient protection of the inter-process communication functions in ABB System 800xA for DCI all published versions enables an attacker authenticated on the local system to inject data, allowing reads and writes to the controllers or cause windows processes to crash...

CVE-2020-8484

ABB System 800xA for DCI contains an inter-process communication protection weakness that allows an authenticated local attacker to inject data, enabling reads/writes to controllers or causing Windows processes to crash. Affected products include System 800xA for DCI (all published versions). CVS...

Malicious USB Drives Infect 35,000 Computers With Crypto-Mining Botnet

Cybersecurity researchers from ESET on Thursday said they took down a portion of a malware botnet comprising at least 35,000 compromised Windows systems that attackers were secretly using to mine Monero cryptocurrency. The botnet, named "VictoryGate," has been active since May 2019, with infectio...

MemITM - Tool To Make In Memory Man In The Middle

The MemITM Mem In The Middle tool has been developped in order to easily intercept "messages" in Windows processes memory. We developped a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them ...

Memory Man in the Middle: MemITM

The MemITM Mem In The Middle tool has been developed in order to easily intercept “messages” in Windows processes memory. We developed a lot of custom memory interception tools in order to capture network messages before encryption, or IPC messages, and to be able to inspect them or alter them to...

Threat Roundup for July 20-27

Today, as we do every week, Talos is giving you a glimpse into the most prevalent threats we’ve observed this week — covering the dates between July 20 and 27. As with previous roundups, this post isn’t meant to be an in-depth analysis. Instead, we will summarize the threats we’ve observed by...

Latest TeslaCrypt Targets New File Extensions, Invests Heavily in Evasion

TeslaCrypt, like many of its ransomware cousins, doesn’t sleep on past success. Researchers at Endgame Inc., have found two updates for the cryptoransomware in the past two weeks that invest heavily in obfuscation and evasion techniques, and also target a host of new file extensions. These sample...

windows-processes.thefile.net XSS vulnerability

Vulnerable URL: http://windows-processes.thefile.net/regdet.php?id=%22%3E%3Csvg/onload=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 26.07.2017 Latest check for patch:| 26.07.2017 10:37 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...