Overview Proofpoint researchers recently discovered a new downloader malware in a fairly large campaign (millions of messages) primarily targeting financial institutions. The malware, dubbed “Marap” (“param” backwards), is notable for its focused functionality that includes the ability to download other modules and payloads. The modular nature allows actors to add […]

Researchers from Trustwave have uncovered a malspam campaign targeting banks with the FlawedAmmyy RAT. The peculiarity of this malspam campaign is the unusual use of a Microsoft Office Publisher file to infect victims’ systems. Experts noticed an anomalous spike in the number of emails with a Microsoft Office Publisher file (a .pub attachment) and the subject line, “Payment Advice,” […]

Linux kernel maintainers have rolled out security updates for two DoS vulnerabilities tracked as SegmentSmack and FragmentSmack. Linux kernel maintainers have released security patches that address two vulnerabilities, tracked as two bugs are known as SegmentSmack (CVE-2018-5390) and FragmentSmack (CVE-2018-5391). potentially exploitable to trigger a DoS condition. The vulnerabilities reside the Linux kernel’s […]

A new privilege escalation vulnerability with Cortana allows an attacker with physical access to do unauthorized browsing on the locked system. Security researchers form Mcafee observed two different scenario’s, in the first scenario attackers, can force Microsoft Edge browser to navigate to the URL hosted in attacker’s server, with the second case […]

DDoS attack volumes have increased by 50% to an average of 3.3 Gbps during May, June and July 2018, compared to 2.2 Gbps during the previous quarter, according to Link11. Attacks are also becoming increasingly complex, with 46% of incidents using two or more vectors. While attack volumes increased, researchers recorded a […]

Piping botnet – Israeli researchers warn of a potential distributed attack against urban water services that uses a botnet of smart irrigation systems that water simultaneously. Ben-Gurion University of the Negev (BGU) cyber security researchers warn of a potential distributed attack against urban water services that uses a botnet of […]

Fake emails targeting Office 365 users via malicious links inserted into SharePoint documents are the latest trick phishers employ to bypass the platform’s built-in security, Avanan researchers warn. The cloud security company says that the phishing attack was leveraged against some 10% of its Office 365 customers in the past […]

Dans le cadre de notre partenariat avec Intel, nous avons été informés de la découverte d’un vecteur exploitant les failles de type « attaques par canal auxiliaire d’exécution spéculative » (speculative execution side-channel attaks). Cette nouvelle vulnérabilité,  L1 Terminal Fault (L1TF), ou Foreshadow, est donc apparentée aux failles Spectre et Meltdown dévoilées […]