New NetWire RAT Variant Being Spread Via Phishing

A FortiGuard Labs Threat Analysis Background NetWire is a Remote Access Trojan (RAT) malware that has been widely used for many years. Recently, FortiGuard Labs noticed a malware spreading via phishing email, and during the analysis on it, we discovered that it was a new variant of NetWire RAT. In Continue Reading

ISPConfig 3.1.6 Released

What’s new in ISPConfig 3.1.6 This release adds remote API functions to set values in the global and system configuration and fixes some minor bugs. Download The software can be downloaded here: http://www.ispconfig.org/downloads/ISPConfig-3.1.6.tar.gz Changelog https://git.ispconfig.org/ispconfig/ispconfig3/issues?assignee_id=&author_id=&label_name=&milestone_title=3.1.6&scope=all&sort=id_desc&state=closed Known Issues Please take a look at the bug tracker: https://git.ispconfig.org/ispconfig/ispconfig3/issues BUG Reporting Please report Continue Reading

Spear Phishing Fileless Attack with CVE-2017-0199

Introduction CVE-2017-0199 is a remote code execution vulnerability that exists in the way that Microsoft Office and WordPad parse specially crafted files. An attacker who successfully exploits this vulnerability can take control of an affected system and then install programs, view, change, or delete data, or create new accounts with Continue Reading

Remote Password Change Vulnerability in HPE Vertica Analytic Database

Summary On March 24 2017, I discovered and reported on a remote password change vulnerability in Hewlett-Packard Enterprise’s (HPE) Vertica Analytic Database. This week, HPE released Security Bulletin HPESBGN03734, which contains the fix for this vulnerability and identifies it as CVE-2017-5802. Fueled by ever-growing volumes of Big Data found in Continue Reading

Teardown of Android/Ztorg (Part 2)

In the part 1 of this blog, we saw that Android/Ztorg.AM!tr silently downloads a remote encrypted APK, then installs it and launches a method named c() in the n.a.c.q class. In this blog post, we’ll investigate what this does. This is the method c() of n.a.c.q: This prints “world,” then waits for 200 Continue Reading

REMCOS: A New RAT In The Wild

Remcos is another RAT (Remote Administration Tool) that was first discovered being sold in hacking forums in the second half of 2016. Since then, it has been updated with more features, and just recently, we’ve seen its payload being distributed in the wild for the first time. This article demonstrates Continue Reading

CubeCart 6.1.2 Released – Download 6.1.3

An important security update is included with this release of CubeCart due to a remote code execution vulnerability found within the 3rd party phpMailer library. The phpMailer library is included in all releases of CubeCart from 5.0.0 and is responsible for the delivery of all store email.  How to patch without Continue Reading

CubeCart 6.1.2 Released

An important security update is included with this release of CubeCart due to a remote code execution vulnerability found within the 3rd party phpMailer library. The phpMailer library is included in all releases of CubeCart from 5.0.0 and is responsible for the delivery of all store email.  How to patch without Continue Reading

German Speakers Targeted by SPAM Leading to Ozone RAT

Remote Administration Tools (RAT) have been around for a long time. They provide users and administrators with the convenience of being able to take full control of their systems without needing to be physically in front of a device. In this age of global operations, that’s a huge deal. From Continue Reading

Deep Analysis of CVE-2016-3820 – Remote Code Execution Vulnerability in Android Mediaserver

Google patched some Android security vulnerabilities in early August. One of them was a remote code execution vulnerability in Mediaserver (CVE-2016-3820), which was discovered by me. This vulnerability could enable an attacker using a specially crafted file to cause memory corruption during media file and data processing. This issue was Continue Reading