CVE-2017-11882 – WindowsTechs.com

SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign

Posted on December 9, 2020 by Tara Seals

Convincing email-credentials phishing, emailed backdoors and mobile apps are all part of the groups latest effort against military and government targets. Continue reading SideWinder APT Targets Nepal, Afghanistan in Wide-Ranging Spy Campaign→

CISA: LokiBot Stealer Storms Into a Resurgence

Posted on September 23, 2020 by Tara Seals

The trojan has seen a big spike in activity since August, the Feds are warning. Continue reading CISA: LokiBot Stealer Storms Into a Resurgence→

Protect Before You Detect: FlawedAmmyy and the Case for Isolation

Posted on July 5, 2019 by Ratnesh Pandey

Posted by Ratnesh Pandey, Alex Holland and Toby Gray. In June 2019, Microsoft issued warnings about a phishing campaign delivering a new variant of the FlawedAmmyy remote access Trojan (RAT), and a spike in the exploitation of CVE-2017-11882&… Continue reading Protect Before You Detect: FlawedAmmyy and the Case for Isolation→

AgentTesla keylogger as fileless malware.

Posted on June 21, 2019 by Myonlinesecurity

I am seeing a somewhat different to usual AgentTesla malspam campaign this morning. This is using a multistage downloader eventually resulting in the AgentTesla keylogger / infostealer being run on the victim’s computer as a fileless malware. It … Continue reading AgentTesla keylogger as fileless malware.→

Remcos Rat via fake invoice using multiple delivery methods.

Posted on June 19, 2019 by Myonlinesecurity

I have heard of the “Belt and Braces ” approach to delivering malware before, but this malware campaign delivering Remcos Rat is using the belt and 2 pairs of braces to try make sure the malware gets delivered. The email is a fairly typica… Continue reading Remcos Rat via fake invoice using multiple delivery methods.→

Microsoft Warns of Email Attacks Executing Code Using an Old Bug

Posted on June 10, 2019 by Tara Seals

The flaw affected all versions of Microsoft Office, Microsoft Windows and architecture types dating back to 2000, and was patched in November 2017. Continue reading Microsoft Warns of Email Attacks Executing Code Using an Old Bug→

Microsoft warns of time-travelling equation exploit – are you safe?

Posted on June 10, 2019 by Paul Ducklin

An Office bug that was squashed back in 2017 is still in widespread use – make sure your computer hasn’t slipped through the patch cracks! Continue reading Microsoft warns of time-travelling equation exploit – are you safe?→

multiple malware delivered from compromised website run on a domestic BT IP address

Posted on May 24, 2019 by Myonlinesecurity

As I mentioned earlier in the week, we aren’t seeing massive amounts of malware, especially in the UK at the moment BUT we do see a steady lowish volume stream of commodity malware. These are they standard easy to purchase and use malware tools l… Continue reading multiple malware delivered from compromised website run on a domestic BT IP address→

Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.

Posted on May 21, 2019 by Myonlinesecurity

Over the last month or 6 weeks we, along with many other researchers, have noticed quite a drop in Malspam, in fact in spam generally. Nobody quite knows why but generally this means one or other of the major spam sending botnets has been taken down or… Continue reading Hawkeye keylogger via fake receipt. Stolen data sent to another keylogger site.→

Lokibot via fake purchase order but won’t run in W7 or W8.1

Posted on May 8, 2019 by Myonlinesecurity

I have got a very unusual and somewhat difficult to analyse set of malware files here. I received 2 different versions of this email. The first with just an XLSX attachment, the second with both an XLSX and a .rar attachment. Running the xlsx file thro… Continue reading Lokibot via fake purchase order but won’t run in W7 or W8.1→