Security Affairs

Pierluigi Paganini January 27, 2019
Using steganography to obfuscate PDF exploits

Experts discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. The exploit analysis firm EdgeSpot recently discovered PDF exploit that was using steganography to hide malicious JavaScript code in images embedded in PDF files. “Shortly after last week’s discovery of a PDF exploit which used the […]

Pierluigi Paganini January 26, 2019
Anatova ransomware – Expert believe it will be a dangerous threat

Security experts at McAfee have discovered a new malware, dubbed Anatova ransomware, that has been spotted infecting computers worldwide The name Anatova is based on a name in the ransom note that is dropped on the infected systems. The Anatova ransomware outstands for its obfuscation capabilities and ability to infect network shares, it has a […]

Pierluigi Paganini January 26, 2019
Upcoming Ukraine elections in the crosshairs of hackers

The Ukrainian authorities are observing a surge in allege state-sponsored attacks aimed at disrupting the upcoming presidential election. Ukraine reported a surge in cyber attacks aimed at disrupting the upcoming presidential election, the Government believes that Russian nation-state actors could be responsible for them. The news was reported by Reuters, attackers intensified attacks against the […]

Pierluigi Paganini January 26, 2019
Local privilege escalation bug fixed in CheckPoint ZoneAlarm

Check Point released a security update to address a flaw in its ZoneAlarm security software that could allow privilege escalation. Check Point released a security update to fix a vulnerability in its antivirus and firewall ZoneAlarm, the flaw could be exploited by attackers to escalate privileges on a system running it. The flaw was discovered […]

Pierluigi Paganini January 26, 2019
“Collection #1” Data Breach Analysis – Part 2

The cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on dataThe cyber security expert Marco Ramilli continues its analysis of the data leak known as Collection #1, he shared some interesting views on data On January 19th we downloaded Collection #1 to make statistics […]

Pierluigi Paganini January 25, 2019
The Story of Manuel’s Java RAT.

Security experts from Cybaze-Yoroi ZLab investigated two malicious spam campaigns delivering Java RAT that show some similarities. Introduction During the last weeks, the Cybaze-Yoroi ZLab researchers identified infection attempts aimed to install RAT malware directed to the naval industry sector. The malicious email messages contained a particular Adwind/JRat variant delivered via several methods tailored to […]

Pierluigi Paganini January 25, 2019
Two distinct campaigns spread GandCrab ransomware and Ursnif Trojan via weaponized docs

Security experts observed two distinct campaigns distributing the Ursnif malware, one of them also delivered the GandCrab ransomware. Experts pointed out that the cybercrime gangs behind the two campaigns are different, but they discovered many similarities in them. Attackers spread phishing messages using weaponized Microsoft Word document and leverages Powershell to deliver fileless malware. Ursnif is a banking […]

Pierluigi Paganini January 25, 2019
Microsoft Exchange zero-day and exploit could allow anyone to be an admin

The security expert Dirk-jan Mollema with Fox-IT discovered a privilege escalation vulnerability in Microsoft Exchange that could be exploited by a user with a mailbox to become a Domain Admin. The experts described the attack scenario in a blog post and published a proof-of-concept code. “In most organisations using Active Directory and Exchange, Exchange servers have […]

Pierluigi Paganini January 24, 2019
Kaspersky links GreyEnergy and Zebrocy activities

Security experts from Kaspersky Lab’s Industrial Control Systems Cyber Emergency Response Team (ICS CERT) linked the GreyEnergy malware with and the Zebrocy backdoor. Security researchers from Kaspersky Lab’s ICS CERT have discovered a link between GreyEnergy malware with and the Zebrocy tool. The activity of the GreyEnergy APT group emerged in concurrence with BlackEnergy operations, experts consider […]

Pierluigi Paganini January 24, 2019
New Russian Language Malspam is delivering Redaman Banking Malware

A still ongoing spam campaign that has been active during the last months has been distributing the Redaman banking malware. Experts at Palo Alto Networks continue to monitor an ongoing spam campaign that has been distributing the Redaman banking malware. The malware was first observed in the threat landscape in 2015, most of the victims […]