Software Vulnerabilities January 20, 2023

Dissecting and Exploiting TCP/IP RCE Vulnerability “EvilESP”

10 min read - September’s Patch Tuesday unveiled a critical remote vulnerability in tcpip.sys, CVE-2022-34718. The advisory from Microsoft reads: “An unauthenticated attacker could send a specially crafted IPv6 packet to a Windows node where IPsec is enabled, which could enable a remote code…

Endpoint July 1, 2021

Hunting for Windows “Features” with Frida: DLL Sideloading

8 min read - Offensive security professionals have been using Frida for analyzing iOS and Android mobile applications. However, there has been minimal usage of Frida for desktop operating systems such as Windows. Frida is described by the author as a “Dynamic instrumentation toolkit…

News April 28, 2021

QBot Malware Spotted Using Windows Defender Antivirus Lure

2 min read - Attackers are using fake Windows Defender Antivirus emails to distribute QBot malware. The QBot Attack Campaign In late August 2020, Bleeping Computer revealed that QBot had begun using a new template in its email attacks. This template also used stolen…

June 1, 2020

Trickbot Replaces ‘Mworm’ Propagation Method With New ‘Nworm’ Module

2 min read - Security researchers discovered that the Trickbot Trojan has replaced its "mworm" propagation method with a new "nworm" module.

June 1, 2020

Weekly Security News Roundup: Average Ransomware Demand Grew 14 Times in One Year

3 min read - Researchers revealed that the average ransomware demand grew 14 times over a one-year period from 2018 to 2019. Read on to learn what else happened last week in security news.

May 12, 2020

Thunderspy Vulnerabilities Put Some Thunderbolt Users at Risk of Data Theft

2 min read - Millions of Windows and Linux-based devices could be hit by what researchers call Thunderspy attacks, where flaws in Thunderport interfaces are exploited in a matter of minutes.

May 11, 2020

‘Blue Mockingbird’ Attempts to Distribute Monero Miners to Enterprise Targets

2 min read - A grouping of similar threat activity dubbed "Blue Mockingbird" attempted to distribute Monero-mining malware payloads across its enterprise targets.

April 21, 2020

Emotet Gets a Redesign to Improve Its Evasion Capabilities

2 min read - Emotet has returned with additional modules that have been specifically designed to improve the malware's evasion capabilities, a cybersecurity researcher warned.

April 8, 2020

Mshta Replaces PowerShell in New Ursnif Campaign

2 min read - Security researchers observed that a new attack campaign replaced PowerShell with mshta as a means to distribute Ursnif malware.

April 6, 2020

Weekly Security News Roundup: MS-SQL Servers Targeted by ‘Vollgar’ Campaign

2 min read - Researchers uncovered an attack campaign that spent the past two years targeting Windows machines running MS-SQL servers. Read on to learn what else happened last week in security news.