Month: April 2019

by: Samuel P Wang (Fraud Researcher) We discovered a new technical support scam (TSS) campaign that makes use of iframe in combination with basic pop-up authentication to freeze a user’s browser. Since this technique is new and unfamiliar, it can potentially evade detection. Like many TSS campaigns, it disguises itself as a legitimate or well-known… Continue reading Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn about schemes used in phishing and other email-based attacks. Also, learn how ransomware continues to make a significant impact in the threat landscape. Read on: New… Continue reading This Week in Security News: Phishing Attacks and Ransomware

By Augusto II Remillano Our honeypot sensors recently detected an AESDDoS botnet malware variant (detected by Trend Micro as Backdoor.Linux.AESDDOS.J) exploiting a server-side template injection vulnerability (CVE-2019-3396) in the Widget Connector macro in Atlassian Confluence Server, a collaboration software program used by DevOps professionals. We discovered that this malware variant can perform DDoS attacks, remote code… Continue reading AESDDoS Botnet Malware Exploits CVE-2019-3396 to Perform Remote Code Execution, DDoS Attacks, and Cryptocurrency Mining

by Marco Dela Vega, Jeanne Jocson and Mark Manahan Over the years, Emotet, the banking malware discovered by Trend Micro in 2014, has continued to be a prevalent and costly threat. The United States government estimates that an Emotet incident takes an organization US $1 million to remediate. Unfortunately, it is a widespread and particularly resilient… Continue reading Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers

by Santosh Subramanya and Raghvendra Mishra                  Apache Tomcat, colloquially known as Tomcat Server, is an open-source Java Servlet container developed by a community with the support of the Apache Software Foundation (ASF). It implements several Java EE specifications, including Java Servlet, JavaServer Pages (JSP), Java Expression Language (EL), and WebSocket, and provides a “pure… Continue reading Uncovering CVE-2019-0232: A Remote Code Execution Vulnerability in Apache Tomcat

by Llallum Victoria (Threats Analyst) Windows Installer uses Microsoft Software Installation (MSI) package files to install programs. Every package file has a relational-type database that contains instructions and data required to install or remove programs. We recently discovered malicious MSI files that download and execute other files and could bypass traditional security solutions. Malicious actors… Continue reading Analysis: Abuse of Custom Actions in Windows Installer MSI to Run Malicious JavaScript, VBScript, and PowerShell Scripts

By Mohamad Mokbel For the past few years, the security industry’s very backbone — its key software and server components — has been the subject of numerous attacks through cybercriminals’ various works of compromise and modifications. Such attacks involve the original software’s being compromised via malicious tampering of its source code, its update server, or… Continue reading Analyzing C/C++ Runtime Library Code Tampering in Software Supply Chain Attacks

By: Ranga Duraisamy and Kassiane Westell (Vulnerability Researchers) A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine. Page tested the vulnerability… Continue reading Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. This week, learn how baby monitors may be susceptible to hacking. Also, learn about a medical flaw that enables hackers to hide malware. Read on: Is Your Baby Monitor… Continue reading This Week in Security News: Medical Malware and Monitor Hacks

On April 6, 2019, a ten-bit counter rolled over. The counter, a component of many older satellites, marks the weeks since Jan 1, 1980. It rolled over once before, in the fall of 1999. That event was inconsequential because few complex systems relied on GPS. Now, more systems rely on accurate time and position data:… Continue reading What Did We Learn from the Global GPS Collapse?