Home Tags Dynamic Link Library

Tag: Dynamic Link Library

VU#838200: Telerik Web UI contains cryptographic weakness

The Telerik Web UI,versions R2 2017(2017.2.503)and prior,is vulnerable to a cryptographic weakness which an attacker can exploit to extract encryption keys.

Heavily armed police raid company that seeded last week’s NotPetya outbreak

Operation that hit thousands was “thoroughly well-planned and well-executed.”

From BlackEnergy to ExPetr

To date, nobody has been able to find any significant code sharing between ExPetr/Petya and older malware.

Given our love for unsolved mysteries, we jumped right on it. Wersquo;d like to think of this ongoing research as an opportunity for an open invitation to the larger security community to help nail down (or disprove) the link between BlackEnergy and ExPetr/Petya.

Fileless malware attack against US restaurants went undetected by most AV

Ongoing campaign shows more hackers are adopting sneaky attack technique.

The security is still secure

Recently WikiLeaks published a report that, among other things, claims to disclose tools and tactics employed by a state-sponsored organization to break into users' computers and circumvent installed security solutions.

The list of compromised security products includes dozens of vendors and relates to the whole cybersecurity industry.

Unraveling the Lamberts Toolkit

The Lamberts is a family of sophisticated attack tools that has been used by one or multiple threat actors against high-profile victims since at least 2008.

The arsenal includes network-driven backdoors, several generations of modular backdoors, harvesting tools, and wipers.

ATMitch: remote administration of ATMs

In February 2017, we published research on fileless attacks against enterprise networks.

This second paper is about the methods and techniques that were used by the attackers in the second stage of their attacks against financial organizations – basically enabling remote administration of ATMs.

Lazarus Under The Hood

Today we'd like to share some of our findings, and add something new to what's currently common knowledge about Lazarus Group activities, and their connection to the much talked about February 2016 incident, when an unknown attacker attempted to steal up to $851M USD from Bangladesh Central Bank.

PetrWrap: the new Petya-based ransomware used in targeted attacks

This year we found a new family of ransomware used in targeted attacks against organizations.

After penetrating an organization's network the threat actors used the PsExec tool to install ransomware on all endpoints and servers in the organization.

The next interesting fact about this ransomware is that the threat actors decided to use the well-known Petya ransomware to encrypt user data.

Now’s the time to get caught up on Windows and Office...

There were almost no patches from Microsoft in February, and the ones that were released haven’t caused any problems.
So it makes a lot of sense to apply those few patches now, since… who knows what could happen next.A tiny Windows 7 security patch was released in January, and there were no Windows 7 patches at all in February. Meanwhile, the list of problems is growing; two zero-day exploits in IE and Edge were confirmed in February—the gdi32.dll heap boundary error and the CSS token sequence/JavaScript table header bug.

The vulnerability that caused SMBv3 protocol crashes hasn’t been fixed, either. So there is likely a lot of stuff ready to hit the fan.To read this article in full or to leave a comment, please click here

How Security Products are Tested – Part 1

The demand for tests appeared almost simultaneously with the development of the first antivirus programs.

Demand created supply: test labs at computer magazines started to measure the effectiveness of security solutions, and later an industry of specialized companies emerged with a more comprehensive approach to testing methods.

New(ish) Mirai Spreader Poses New Risks

A cross-platform win32-based Mirai spreader and botnet is in the wild and previously discussed publicly. However, there is much information confused together, as if an entirely new IoT bot is spreading to and from Windows devices.

This is not the case.
Instead, an accurate assessment is that a previously active Windows botnet is spreading a Mirai bot variant.