Threat analysis – Page 3 – WindowsTechs.com

Malware analysis: decoding Emotet, part 1

Posted on May 25, 2018 by Vishal Thakur

In the first part of this two-part analysis of Emotet, we look at the VBA code, where you’ll learn how to recognize and discard “dead” code thrown in to complicate the analysis process.
Categories:

Malware
Threat analysis

Tags: code variationem… Continue reading Malware analysis: decoding Emotet, part 1→

New Mac cryptominer uses XMRig

Posted on May 22, 2018 by Thomas Reed

New Mac cryptominer malware is using the XMRig library to mine Monero on infected Macs.
Categories:

Mac
Threat analysis

Tags: ApplecryptominercryptominingmacMac cryptominerXMRig

(Read more…)

The post New Mac cryptominer uses XMRig ap… Continue reading New Mac cryptominer uses XMRig→

A look into the Drupalgeddon client-side attacks

Posted on May 18, 2018 by Jérôme Segura

Back-to-back Drupal zero-day vulnerabilities are being monetized with malicious web cryptominers.
Categories:

Cryptomining
Threat analysis

Tags: CMScontent management systemsdrupaldrupalgeddonmalicious cryptomining

Adobe Reader zero-day discovered alongside Windows vulnerability

Posted on May 15, 2018 by Jérôme Segura

A new Adobe Reader zero-day exploit has been discovered, including a full sandbox escape.
Categories:

Exploits
Threat analysis

Tags: 0dayadobeAdobe ReaderCVE-2018-4990CVE-2018-8120zero day

Internet Explorer zero-day: browser is once again under attack

Posted on May 10, 2018 by Jérôme Segura

Internet Explorer is yet again leveraged for a zero-day exploit delivered via Office document—the first zero-day observed for IE in over two years.
Categories:

Exploits
Threat analysis

Tags: 0dayCVE-2018-8174zero day

Netflix phish claims your membership is on hold

Posted on May 9, 2018 by Christopher Boyd

We take a look at a new Netflix phish in circulation, using the time-honored trick of claiming the recipient is about to lose access unless they hand over some personal information.
Categories:

Social engineering
Threat analysis

Tags: Appleemai… Continue reading Netflix phish claims your membership is on hold→

Kuik: a simple yet annoying piece of adware

Posted on May 8, 2018 by Malwarebytes Labs

Kuik adware, which forces affected machines to join a domain controller, is using this unusual technique to push Google Chrome extensions and coin miner applications. In this blog, we’ll provide technical analysis of the adware and custom removal … Continue reading Kuik: a simple yet annoying piece of adware→

Internet Shortcut used in Necurs malspam campaign

Posted on May 3, 2018 by Malwarebytes Labs

The Necurs gang tries out a new trick to load malware and bypass security defenses.
Categories:

Criminals
Threat analysis

Tags: botnetmalspamnecurssambaSMBspam

(Read more…)

The post Internet Shortcut used in Necurs malspam campaign a… Continue reading Internet Shortcut used in Necurs malspam campaign→

6 Steps to Quickly Defang Reported Phishing Emails

Posted on May 3, 2018 by Dane Boyd

So here it is… the first one you’ve received. Everything has been building up to this.
You spent days preparing the business case, weeks designing the training program… and it’s finally paid off.
The first user-reported phi… Continue reading 6 Steps to Quickly Defang Reported Phishing Emails→