Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000

The WannaCry and NotPetya outbreaks were by far among the most significant digital attack campaigns that took place in 2017. Together, the crypto-ransomware and wiper malware affected hundreds of thousands of computers all over the world. They achieved this reach by abusing EternalBlue. Allegedly developed by the U.S. National Security Agency (NSA) and leaked online … Read More The post Three Leaked NSA Exploits Rewritten to Affect All Windows OSes Since Windows 2000 appeared first on The State of Security.
Read more

Malicious Phishing Protection Achieved with Bromium’s Application Isolation

Use Bromium to stop malicious phishing and safely open any shared web link from email or chat clients Eliminate restrictive IT security policies that limit user access to shared URLs Protect remote and roaming endpoints from malicious links when outside of layered defenses The news isn’t good. Malicious phishing links in email and chat clients The post Malicious Phishing Protection Achieved with Bromium’s Application Isolation appeared first on Bromium.
Read more

CVE-2017-11882 serving RAT and encrypted phishing campaign

Introduction Malicious documents remain one of the most popular vectors for cybercriminals to deliver malware payloads on a user's system. While we continue to see many types of VBA macro-based malware, there has been an increasing trend in malicious documents using the DDE protocol for delivering malware executables, which we wrote about last month. Microsoft released a security update last week that should significantly reduce the number of DDE-based attacks: "Microsoft has released an update for Microsoft Office that provides enhanced security as a defense-in-depth measure. The update disables the Dynamic Update Exchange protocol (DDE) in all supported editions of Microsoft Word." - Microsoft Security Advisory Zscaler ThreatLabZ has been tracking a new vector involving malicious RTF document files weaponized with the recently disclosed Microsoft memory corruption vulnerability, CVE-2017-11882. In this blog, we will review a recent campaign leveraging this exploit and also share insights on encrypted phishing campaigns. Infection cycle In our research into this new exploit, we encountered spam phishing emails containing a malicious document attachment that leads to a Remote Access Trojan (RAT) and an encrypted phishing page. The complete workflow of this campaign is shown below: Fig 1: Workflow The malware is received by the victim in a phishing email with a password-protected archive as the attachment. An example of one...
Read more

Use TeamViewer? Fix this dangerous permissions bug with an update

A potentially dangerous permissions bug in TeamViewer grants unauthorised access to either the client or the server—and patches may take up to a week to fully roll out. Categories: Cybercrime Exploits Tags: bugclientexploitserverteamviewer (Read more...) The post Use TeamViewer? Fix this dangerous permissions bug with an update appeared first on Malwarebytes Labs.
Read more

Adobe Fixes Critical Flash Player Vulnerability Exploited in the Wild

Adobe Systems released an emergency patch for a critical vulnerability in Flash Player that was being exploited in the wild through Microsoft Word documents to infect computers with a known surveillance tool. The vulnerability, tracked as CVE-2017-11292, can lead to remote code execution and was fixed in Flash Player 27.0.0.170 for all supported platforms. The..
Read more

Fast-Food Chain Sonic Investigates Potentially Large Credit Card Breach

Sonic Drive-In, a fast-food chain with more than 3,500 restaurants across 45 U.S. states, is reportedly investigating a potential security breach on its payment systems that might have exposed millions of credit card. The company was informed about unusual activity on credit cards used at its locations by its payment processor. The scope of the..
Read more

Fake IRS notice delivers customized spying tool

Threat actors leverage a Microsoft Office exploit to spy on their victims. In this blog post, we will review its delivery mechanism and analyze the malware we observed, a modified version of a commercial Remote Administration Tool (RAT). Categories: Malware Threat analysis Tags: CP2000CVE-2017-0199docexploitIRSmalspammalwareOfficephishingratremote administration toolRMSspyword (Read more...) The post Fake IRS notice delivers customized spying tool appeared first on Malwarebytes Labs.
Read more
Page 1 of 212