Jérôme Segura – Page 4 – WindowsTechs.com

Old MS Office feature weaponized in malspam attacks

Posted on October 17, 2017 by Jérôme Segura

An old Microsoft Office feature has been brought back to the forefront as way to distribute malware without relying on macros or exploits.
Categories:

Malware
Threat analysis

Tags: DDEDDEAUTOmacromalspammalwaremicrosoftOfficeword

Decoy Microsoft Word document delivers malware through a RAT

Posted on October 13, 2017 by Jérôme Segura

A Remote Administration Tool (RAT) is delivered via an unusual route: a benign-looking Microsoft Word document with an ulterior motive.
Categories:

Exploits
Threat analysis

Tags: CVE-2017-0199CVE-2017-8759exploitsratWord exploits

Compromised LinkedIn accounts used to send phishing links via private message and InMail

Posted on September 12, 2017 by Jérôme Segura

A recent attack uses existing LinkedIn user accounts to send phishing links to their contacts via private message but also to external members via email.
Categories:
Social engineering
Threat analysis
Tags: gmailinmailLinkedInmalwarephishingscamSocia… Continue reading Compromised LinkedIn accounts used to send phishing links via private message and InMail→

Expired domain names and malvertising

Posted on September 5, 2017 by Jérôme Segura

A look at how expired domain names can be turned into a lucrative malicious traffic redirection tool.
Categories:
Malware
Threat analysis
Tags: domainmalvertisingmalwareregistrantregistrartech support scam

(Read more…)

The post Expired domain na… Continue reading Expired domain names and malvertising→

RIG exploit kit distributes Princess ransomware

Posted on August 31, 2017 by Jérôme Segura

A new campaign via the RIG exploit kit is pushing the Princess ransomware.
Categories:
Cybercrime
Exploits
Tags: exploit kickmalwareprincess ransomwareransowmareRIG

(Read more…)

The post RIG exploit kit distributes Princess ransomware appeared f… Continue reading RIG exploit kit distributes Princess ransomware→

Cerber ransomware delivered in format of a different order of Magnitude

Posted on August 9, 2017 by Jérôme Segura

We review a trick that the Magnitude exploit kit uses to bypass security scanners.
Categories:
Exploits
Threat analysis
Tags: binary paddingcerberexploit kitgateMagnigatemagnitude EKransomwareXML

(Read more…)

The post Cerber ransomware delivered… Continue reading Cerber ransomware delivered in format of a different order of Magnitude→

Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain

Posted on August 2, 2017 by Jérôme Segura

This post shines some light on a ‘gate’ belonging to the geo-targeted Magnitude exploit kit.
Categories:
Cybercrime
Exploits
Tags: cerberEKexploit kitkoreaMagnigateMagnitudemalvertisingransomware

(Read more…)

The post Enemy at the gates: Reviewi… Continue reading Enemy at the gates: Reviewing the Magnitude exploit kit redirection chain→

AdGholas malvertising thrives in the shadows of ransomware outbreaks

Posted on July 5, 2017 by Jérôme Segura

Several large malvertising campaigns went unnoticed amidst the news of the latest ransomware outbreak.
Categories:
Cybercrime
Exploits
Tags: adgholasastrumEKexploit kitmalvertising

(Read more…)

The post AdGholas malvertising thrives in the shado… Continue reading AdGholas malvertising thrives in the shadows of ransomware outbreaks→

The numeric Tech Support Scam campaign

Posted on June 13, 2017 by Jérôme Segura

A new tech support scam campaign is being pushed in lieu of exploit kits. We take a look at its distribution method and how it is able to bring browsers to their knees.
Categories:
Social engineering
Threat analysis
Tags: eitestexploit kitmalvertisin… Continue reading The numeric Tech Support Scam campaign→