Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Jessica spends 12 hours a day on the internet managing security for web assets and loves her macha tea
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter. Source link Jessica VenkatJessica spends 12 hours a day…
Sam Thomas, a security researcher from Secarma, has discovered a new exploitation technique that could make it easier for hackers to trigger critical deserialization vulnerabilities in PHP programming language using previously low-risk considered functions. The new technique leaves hundreds of thousands of web applications open to remote code execution attacks, including websites powered by some…
Well, there’s something quite embarrassing for Apple fans. Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible. The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access…
Bought a new Android phone? What if I say your brand new smartphone can be hacked remotely? Nearly all Android phones come with useless applications pre-installed by manufacturers or carriers, usually called bloatware, and there’s nothing you can do if any of them has a backdoor built-in—even if you’re careful about avoiding sketchy apps. That’s…
Security researchers at Check Point Software Technologies have discovered a new attack vector against the Android operating system that could potentially allow attackers to silently infect your smartphones with malicious apps or launch denial of service attacks. Dubbed Man-in-the-Disk, the attack takes advantage of the way Android apps utilize ‘External Storage’ system to store app-related…
With the release of Chrome 68, Google prominently marks all non-HTTPS websites as ‘Not Secure’ on its browser to make the web a more secure place for Internet users. If you haven’t yet, there is another significant reason to immediately switch to the latest version of the Chrome web browser. Ron Masas, a security researcher…
2018 has been quite a tough year for Intel. While the chip-maker giant is still dealing with Meltdown and Spectre processor vulnerabilities, yet another major speculative execution flaw has been revealed in Intel’s Core and Xeon lines of processors that may leave users vulnerable to cyber-attacks. Dubbed Foreshadow, alternatively called L1 Terminal Fault or L1TF,…
Phishing works no matter how hard a company tries to protect its customers or employees. Security researchers have been warning of a new phishing attack that cybercriminals and email scammers are using in the wild to bypass the Advanced Threat Protection (ATP) mechanism implemented by widely used email services like Microsoft Office 365. Microsoft Office…
Instagram has been hit by a widespread hacking campaign that appears to stem from Russia and have affected hundreds of users over the past week, leaving them locked out of their accounts. A growing number of Instagram users are taking to social media, including Twitter and Reddit, to report a mysterious hack which involves locking…