News
Malicious Code
16 de maio de 2024
IPv6 Stockpiling: A Trojan Horse in Our Midst?
The current combination of RIPE policies and rules for RIPE NCC membership enable IPv6 stockpiling. And what might sound like an unlikely activity is not only happening, but is actually on the rise. Here we look at the trends and some of the potential consequences and ask where we go from here.
15 de maio de 2024
Inside Poland's groundbreaking effort to reckon with spyware abuses
Poland was once a “dark spot” on spyware abuse, but a probe, victim notifications and more has made it a potential model for other nations. The post Inside Poland's groundbreaking effort to reckon with spyware abuses appeared first on CyberScoop.
15 de maio de 2024
How attackers deliver malware to Foxit PDF Reader users
Threat actors are taking advantage of the flawed design of Foxit PDF Reader's alerts to deliver malware via booby-trapped PDF documents, Check Point researchers have warned. Exploiting the issue The researchers have analyzed several campaigns using malicious PDF files that are targeting Foxit Reader users. The attackers are leveraging a variety of .NET and Python exploit builders, the most popular of which is the “PDF Exploit Builder”, to create PDF documents with macros that execute … More → The post How attackers deliver malware to Foxit PDF Reader users appeared first on Help Net Security.
15 de maio de 2024
Russian Actors Weaponize Legitimate Services in Multi-Malware Attack
The threat actor, likely located in the Commonwealth of Independent States (CIS), strategically targeted a spectrum of operating systems and computer architectures in the credential harvesting campaign, including Windows and macOS.
14 de maio de 2024
QakBot attacks with Windows zero-day (CVE-2024-30051)
In April 2024, while researching CVE-2023-36033, we discovered another zero-day elevation-of-privilege vulnerability, which was assigned CVE-2024-30051 identifier and patched on May, 14 as part of Microsoft's patch Tuesday. We have seen it exploited by QuakBot and other malware.
14 de maio de 2024
TROJANSPY.WIN64.EMOTET.A / Arbitrary Code Execution
Posted by malvuln on May 14Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2024 Original source: https://malvuln.com/advisory/f917c77f60c3c1ac6dbbadbf366ddd30.txt Contact: malvuln13 () gmail com Media: twitter.com/malvuln Threat: TrojanSpy.Win64.EMOTET.A Vulnerability: Arbitrary Code Execution Description: The malware looks for and executes a x64-bit "CRYPTBASE.dll" PE file in its current directory. Therefore, we can hijack the DLL and execute our own...