Posted: November 15, 2024
Overview The SonicWall Capture Labs threat research team has come across a variant of Thanos ransomware targeted at a police department in the United Arab Emirates (UAE). Thanos ransomware is a customizable and highly adaptable […]
Posted: November 13, 2024
Overview Microsoft’s November 2024 Patch Tuesday has 89 vulnerabilities, of which 51 are Remote Code Execution. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November2024 and […]
Posted: November 7, 2024
Overview The SonicWall Capture Labs threat research team became aware of CVE-2024-51378, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-51378 is a critical vulnerability with a CVSS score of 9.8 in CyberPanel […]
Posted: November 4, 2024
This week, the SonicWall Capture Labs threat research team analyzed a ransomware that not only encrypts files but also accuses the victim of harboring explicit content on their computer and then threatens to turn it […]
Posted: November 4, 2024
Summary This week, the SonicWall Capture Labs threat research team reviewed a sample of Stealc malware. This is an infostealer that digs through a victim’s system to extract credentials from browsers, cryptocurrency wallets and fileshare […]
Posted: November 1, 2024
Overview The SonicWall Capture Labs threat research team became aware of an authenticated SQL injection vulnerability affecting Ivanti Cloud Service Appliances (CSA). Identified as CVE-2024-9379 and with a moderate score of 6.5 CVSSv3, the vulnerability […]
Posted: October 25, 2024
The SonicWall Capture Labs threat research team has encountered a recently released ransomware from an Iranian team of hackers. The group has named themselves hackersadism. The group does not appear to be targeting large corporations […]
Posted: October 24, 2024
Overview The SonicWall Capture Labs threat research team became aware of a critical vulnerability in Grafana, assessed its impact and developed mitigation measures. Grafana is a multi-platform open-source analytics and visualization solution that can produce […]
Posted: October 23, 2024
Overview CVE-2024-38812 is a critical heap-overflow vulnerability identified in VMware vCenter Server’s implementation of the DCERPC (Distributed Computing Environment/Remote Procedure Call) protocol. This flaw allows a malicious actor with network access to the vCenter Server […]
Posted: October 18, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-37084, assessed its impact, and developed mitigation measures for this vulnerability. CVE-2024-37084 is a critical vulnerability affecting Spring Cloud Data Flow versions […]
Posted: October 14, 2024
Recently, the SonicWall Capture Labs threat research team came across a new Horus FUD (Fully Un-Detectable) malware crypter used for spreading different malware families including AgentTesla, Remcos, Snake, NjRat and many others. Here, we will be […]
Posted: October 11, 2024
Overview This week, the SonicWall Capture Labs threat research team investigated a sample of CoreWarrior malware. This is a persistent trojan that attempts to spread rapidly by creating dozens of copies of itself and reaching […]
Posted: October 9, 2024
Overview Microsoft’s October 2024 Patch Tuesday has 117 vulnerabilities, of which 42 are Remote Code Execution.SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2024 and […]
Posted: October 8, 2024
Recently, the SonicWall threat research team came across a new malware distribution service called Horus Protector. Horus Protector is claiming to be a Fully Undetectable (FUD) crypter. We have observed a variety of malware families […]
Posted: October 4, 2024
Embargo is a relatively new ransomware group that emerged in 2024. This group is known for using Rust-based malware and operating under a ransomware-as-a-service (Raas) model. Like many modern ransomware groups, Embargo employs double extortion […]
Posted: October 4, 2024
Overview The SonicWall Capture Labs threat research team became aware of multiple bugs leading to remote code execution in a CUPS-browsed system, assessed its impact, and developed mitigation measures. CUPS (Common Unix Printing System) is […]
Posted: September 30, 2024
Overview The SonicWall Capture Labs threat research team became aware of an insecure deserialization vulnerability in Veeam Backup & Replication, assessed its impact and developed mitigation measures. Veeam Backup & Replication is a proprietary backup […]
Posted: September 19, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-20017, assessed its impact and developed mitigation measures for the vulnerability. CVE-2024-20017 is a critical zero-click vulnerability with a CVSS 3.0 score […]
Posted: September 13, 2024
The SonicWall Capture Labs threat research team has been recently tracking ransomware known as Key Group. Key Group is a Russian-based malware threat group that was formed in early 2023. They have reportedly attacked various […]
Posted: September 11, 2024
Overview Microsoft’s September 2024 Patch Tuesday has 79 vulnerabilities, of which 30 are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2024 […]
Posted: September 6, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-23119, assessed its impact and developed mitigation measures for this vulnerability. CVE-2024-23119 is a high-severity SQL Injection vulnerability in Centreon, impacting Centreon […]
Posted: August 28, 2024
Overview The SonicWall Capture Labs threat research team became aware of an unauthenticated directory traversal vulnerability affecting FastAdmin installations. Identified as CVE-2024-7928 and with a moderate score of 5.3 CVSSv3, the vulnerability is more severe […]
Posted: August 27, 2024
Summary This week, the SonicWall Capture Labs threat research team observed an AutoIT-compiled executable that attempts to open Gmail login pages via MS Edge, Google Chrome and Mozilla Firefox. It has functionality to read clipboard […]
Posted: August 21, 2024
Overview The SonicWall Capture Labs threat research team became aware of an account takeover vulnerability in Cisco’s Smart Software Manager (SSM), assessed its impact and developed mitigation measures for the vulnerability. Identified as CVE-2024-20419 and […]
Posted: August 14, 2024
Overview Microsoft’s 2024 Patch Tuesday has 87 vulnerabilities, 36 of which are Elevation of Privilege vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of 2024 […]
Posted: August 6, 2024
Overview The SonicWall Capture Labs threat research team became aware of an arbitrary file upload vulnerability in Progress WhatsUp Gold, assessed its impact and developed mitigation measures. WhatsUp Gold is a software that monitors every […]
Posted: August 5, 2024
Overview A fake website seemingly distributing WinRar, a data compression, encryption, and archiving tool for Windows, has been seen also hosting malware. This fake website closely resembles the official website, uses typosquatting, and capitalizes on […]
Posted: July 31, 2024
Overview The SonicWall Capture Labs threat research team became aware of the threat CVE-2024-28747, a vulnerability in SmartPLC devices, assessed its impact and developed mitigation measures for this vulnerability. This vulnerability of hardcoded credentials affects […]
Posted: July 29, 2024
Overview The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in GeoServer, assessed its impact and developed mitigation measures. GeoServer is a community-driven project that allows users to share […]
Posted: July 17, 2024
Overview The SonicWall Capture Labs threat research team became aware of an arbitrary file read vulnerability affecting Splunk Enterprise installations. Identified as CVE-2024-36991 and given a CVSSv3 score of 7.5, the vulnerability is more severe […]
Posted: July 16, 2024
Overview The SonicWall Capture Labs threats research team has recently been tracking new ransomware known as LukaLocker. This malware has been seen in the wild over the last few weeks and is being distributed by […]
Posted: July 12, 2024
The SonicWall RTDMI ™ engine has recently protected users against the distribution of the “6.6” variant of DarkGate malware by a phishing email campaign containing PDF files as an attachment. DarkGate is an advanced Remote […]
Posted: July 10, 2024
Overview Microsoft’s July 2024 Patch Tuesday has 138 vulnerabilities, 59 of which are Remote Code Execution. The SonicWall Capture Lab’s threat research team has analyzed and addressed Microsoft’s security advisories for the month of July […]
Posted: July 8, 2024
Overview The SonicWall Capture Labs threat research team became aware of an XML External Entity Reference vulnerability affecting Adobe Commerce and Magento Open Source. It is identified as CVE-2024-34102 and given a critical CVSSv3 score […]
Posted: July 3, 2024
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. QR codes are increasingly popular due to their […]
Posted: July 3, 2024
Overview The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file […]
Posted: June 27, 2024
Overview This week, the SonicWall Capture Labs threat research team investigated a sample of Orcinius malware. This is a multi-stage trojan that is using Dropbox and Google Docs to download second-stage payloads and stay updated. […]
Posted: June 27, 2024
DarkMe RAT steals information from victims’ machines and responds to various commands received from its Command and Control (C&C) server. A spike in distributing DarkMe RAT was observed in February 2024, exploiting the zero-day (CVE-2024-21412) […]
Posted: June 24, 2024
The SonicWall Capture Labs threat research team has been tracking StrelaStealer for a long time. Recently, in the third week of June, we observed a huge spike in JavaScript spreading StrelaStealer. StrelaStealer specifically steals Outlook […]
Posted: June 20, 2024
Overview The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Windows-based PHP servers used in CGI mode. Identified as CVE-2024-4577 and given a CVSSv3 score of 9.8, […]
Posted: June 11, 2024
Overview Microsoft’s June 2024 Patch Tuesday has 49 vulnerabilities, 24 of which are Elevation of Privilege. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June […]
Posted: June 5, 2024
Overview The SonicWall Capture Labs threat research team became aware of an exploited-in-the-wild information disclosure vulnerability affecting the Check Point Security Gateways. Identified as CVE-2024-24919 and given a CVSSv3 score of 8.6, the vulnerability is […]
Posted: June 4, 2024
Overview This week, the SonicWall Capture Labs Research team analyzed a sample of Linux ransomware. The group behind this ransomware, called INC Ransomware, has been active since it was first reported a year ago. Infection […]
Posted: May 30, 2024
Overview The SonicWall Capture Labs threat research team became aware of a remote code execution vulnerability in the Atlassian Confluence Data Center and Server, assessed its impact and developed mitigation measures. Confluence Server is a […]
Posted: May 23, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability –an SQL injection in the WordPress plugin Automatic by ValvePress – assessed its impact and developed mitigation measures for it. Around […]
Posted: May 21, 2024
The SonicWall Capture Labs threat research team has been observing a growth of malware built using the Chaos ransomware builder. The sample we have analyzed here is built using this kit, however, it is not […]
Posted: May 14, 2024
Overview Microsoft’s May 2024 Patch Tuesday has 59 vulnerabilities, 25 of which are Remote Code Execution vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of […]
Posted: May 14, 2024
Overview This week, the SonicWall Capture Labs threat research team investigated a sample of the RemcosRAT that uses a PrivateLoader module to provide additional data and persistence on the victim’s machine. By installing VB scripts, […]
Posted: May 13, 2024
Overview The SonicWall Capture Labs threat research team became aware of CVE-2024-31984, which is a code injection vulnerability in XWiki’s management of space titles and has a critical CVSS score of 9.9. After assessing the […]
Posted: May 1, 2024
Overview SonicWall Capture Labs threat research team became aware of a fully unauthenticated server-side template injection vulnerability within CrushFTP, assessed its impact, and developed mitigation measures. CrushFTP is an enterprise file transfer tool. Such tools […]
Posted: April 30, 2024
Overview This week the SonicWall Capture Labs threat research team came across a sample purporting to be Windows Explorer. At a glance, everything checks out – it uses the legitimate Windows Explorer icon and the […]
Posted: April 29, 2024
Overview The SonicWall Capture Labs threat research team has been regularly sharing information about malware targeting Android devices. We’ve encountered similar RAT samples before, but this one includes extra commands and phishing attacks designed to […]
Posted: April 25, 2024
Overview The SonicWall Capture Labs threat research team became aware of a cross-site scripting vulnerability in GitLab, assessed its impact and developed mitigation measures. GitLab, an open-source code-sharing platform, published an advisory on this vulnerability […]
Posted: April 23, 2024
Overview SonicWall Capture Labs threat research team has observed fileless .Net managed code injection in a native 64-bit process. Native code or unmanaged code refers to low-level compiled code such as C/C++. Managed code refers […]
Posted: April 22, 2024
Overview The SonicWall Capture Labs threat research team has recently been tracking ransomware known as HydraCrypt. HydraCrypt originates from the CryptBoss ransomware family and was first seen in early 2016. The sample that we analyzed […]
Posted: April 19, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability—an Unauthenticated Template Injection —in Atlassian Confluence platforms, assessed its impact and developed mitigation measures for it. Atlassian’s Confluence Server and Data […]
Posted: April 9, 2024
Overview Microsoft’s April 2024 Patch Tuesday has 147 vulnerabilities, 68 of which are Remote Code Execution (RCE) vulnerabilities. The SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for April 2024 […]
Posted: April 5, 2024
Overview The SonicWall Capture Labs threat research team analyzed a malware purporting to be a Java utility. It arrives as an installer for Java Access Bridge, but ultimately installs the popular open-source cryptominer, XMRig. Infection […]
Posted: April 5, 2024
Overview The SonicWall Capture Labs threat research team became aware of a couple of remote code execution vulnerabilities in JumpServer, assessed their impact and developed mitigation measures. JumpServer is an open-source bastion host and a […]
Posted: April 3, 2024
Overview The SonicWall CaptureLabs threat research team have been recently tracking ransomware created using the Chaos ransomware builder. The builder appeared in June 2021 and has been used by many operators to infect victims and […]
Posted: April 2, 2024
Overview SonicWall Capture Labs threat research team has observed an updated variant of StrelaStealer. StrelaStealer is an infostealer malware known for targeting Spanish-speaking users and focuses on stealing email account credentials from Outlook and Thunderbird. […]
Posted: March 27, 2024
Overview The SonicWall Capture Labs threat research team became aware of a noteworthy vulnerability — an Unauthenticated Command Injection — in Progress Kemp Loadmaster, assessed its impact and developed mitigation measures for it. Kemp Technologies’ […]
Posted: March 25, 2024
Overview This week, the Sonicwall Capture Labs threat research team analyzed a new Golang malware sample. It uses multiple geographic checks and publicly available packages to screenshot the system before installing a root certificate to […]
Posted: March 20, 2024
Overview SonicWall Capture Labs threat research team became aware of a deserialization vulnerability with the Artica Proxy appliance, assessed its impact and developed mitigation measures. Artica Proxy is a comprehensive proxy solution performing tasks such […]
Posted: March 18, 2024
Overview This week, the Sonicwall Capture Labs threat research team analyzed a ransomware calling itself Lighter Ransomware. Upon execution, it opens up a window with a countdown timer instructing the victim to reach out immediately […]
Posted: March 18, 2024
Overview SonicWall Capture Labs threat research team has observed a new variant of WhiteSnake Stealer. This stealer poses significant risks to users and organizations as it can steal critical sensitive data from compromised systems, including […]
Posted: March 13, 2024
Overview The SonicWall RTDMI ™ engine has recently detected Windows Shortcut Files (LNKs) inside archives that execute LokiBot malware on the victim’s machine. The malicious LNK file is packed inside an archive along with a […]
Posted: March 12, 2024
Overview Microsoft’s March 2024 Patch Tuesday has 59 vulnerabilities – 26 of which are Elevation of Privilege. SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March […]
Posted: March 12, 2024
Overview The SonicWall Capture Labs threat research team recently observed an interesting variant of StopCrypt ransomware. The ransomware executes its malicious activities by utilizing multi-stage shellcodes before launching a final payload that contains the file […]
Posted: March 8, 2024
Overview The SonicWall Capture Labs threat research team has been tracking ransomware that has gained recent notoriety known as Medusa. Medusa surfaced as a Ransomware-as-a-Service (RaaS) platform in late 2022. The group behind Medusa predominantly […]
Posted: March 8, 2024
Overview The SonicWall Capture Labs Threat research team has regularly monitored hidden adware on Android. These misleading apps show ads and collect user data to make money from advertisements. They trick users into clicking on […]
Posted: March 7, 2024
Overview The SonicWall Capture Labs threat research team became aware of a couple of noteworthy vulnerabilities — an authentication bypass vulnerability and a path traversal vulnerability — in JetBrains TeamCity, assessed their impact and developed […]
Posted: March 4, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a sample of Marsilia malware, also known as Mallox. This is a multi-stage sample that, when functional, will have a first stage that enumerates […]
Posted: March 1, 2024
Overview Threat actors are continuously evolving their malware code to protect them against security defenses. SonicWall Capture Labs threat research team has observed that the latest variant of DBatLoader has included an old version of […]
Posted: February 29, 2024
Overview SonicWall Capture Labs Threat Research Team became aware of the MonikerLink Remote Code Execution vulnerability (CVE-2024-21413) in Microsoft Outlook, assessed its impact and developed mitigation measures for the vulnerability. Microsoft Outlook is a globally […]
Posted: February 22, 2024
SonicWall Capture Labs Threat Research Team became aware of the ClamAV VirusEvent command injection vulnerability (CVE-2024-20328), assessed its impact, and developed mitigation measures for the vulnerability. ClamAV is a notable, open-source anti-virus engine, widely recognized […]
Posted: February 16, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a ransomware targeting users who speak English and Standard Chinese. Its behavior is typical of ransomware – it encrypts the user’s files and provides […]
Posted: February 13, 2024
Overview Microsoft’s February 2024 Patch Tuesday has 72 vulnerabilities – 30 of which are Remote Code Execution. The vulnerabilities can be classified into the following categories: 30 Remote Code Execution Vulnerabilities 17 Elevation of Privilege […]
Posted: February 9, 2024
The SonicWall Capture Labs threat research team has been tracking ransomware that encrypts files and claims to charge only $100 for file retrieval. It is written in .NET and obfuscated using Ezirizs .NET Reactor. However, […]
Posted: February 8, 2024
Overview Ivanti disclosed a couple more vulnerabilities — server-side request forgery (CVE-2024-21893) and a privilege escalation (CVE-2024-21888) vulnerability. This disclosure comes only a few weeks after confirming an exploit chain impacting Ivanti Connect Secure and […]
Posted: January 31, 2024
Overview The SonicWall Capture Labs threat research team became aware of the Jenkins CLI (command-line-interface) arbitrary file read vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Jenkins is a Java-based automation tool […]
Posted: January 29, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a sample tied to the Blackwood APT group. This is a DLL that, when loaded onto a victim’s computer, will escalate privileges and attempt […]
Posted: January 25, 2024
Overview The SonicWall Capture Labs threat research team became aware of the Ivanti Connect Secure and Policy Secure Gateway authentication bypass vulnerability, assessed its impact and developed mitigation measures for the vulnerability. Ivanti Connect Secure, […]
Posted: January 18, 2024
Overview The SonicWall Capture Labs threat research team became aware of an account takeover via password reset vulnerability in GitLab, assessed its impact and developed mitigation measures for the vulnerability. GitLab, an open-source code-sharing platform, […]
Posted: January 18, 2024
Overview The SonicWall Capture Labs threat research team has recently observed a new variant of Diavol ransomware. The ransomware executes its malicious activities by utilizing bitmap objects containing binary code and paired JPEG objects containing […]
Posted: January 13, 2024
This week, the Sonicwall Capture Labs threat research team analyzed a full-featured infostealer and remote access trojan that also has ransomware functionality built in. This trojan is capable of terminating applications, logging keystrokes, opening web […]
Posted: January 9, 2024
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2024.
Posted: January 5, 2024
Overview The SonicWall Capture Labs threat research team has observed attackers targeting Simple Mail Transfer Protocol (SMTP) to send spoofed emails that can bypass traditional authentication mechanisms. A flaw tracked as three separate CVEs, CVE_2023_51764, […]
Posted: January 5, 2024
The Sonicwall Capture Labs threat research team has been tracking a new ransomware family known as Uransomware. This ransomware appears to be in early development. The sample we analyzed does not ask for payment for […]
Posted: January 2, 2024
Overview This week, the SonicWall Capture Labs threat research team analyzed a new sample of an infostealer dubbed ‘Heracles’, which has multiple evasion and persistence techniques. The malware is programmed to search for system credentials, […]
Posted: December 28, 2023
Overview SonicWall Capture Labs threat research team became aware of a command injection threat within OpenSSH versions before 9.6, assessed its impact, and developed mitigation measures for the vulnerability. OpenSSH is a widely used connectivity […]
Posted: December 27, 2023
Overview For the last three years, GuLoader has gained popularity among threat actors, due to its sophisticated, robust, and powerful defense techniques against security software. The SonicWall Capture Labs Threat Research team has observed that […]
Posted: December 21, 2023
Overview The SonicWall Capture Labs threat research team became aware of an unauthorized arbitrary file upload vulnerability in Apache Struts, assessed its impact and developed mitigation measures for the vulnerability. Apache Struts, an open-source MVC […]
Posted: December 20, 2023
Overview The SonicWall Capture Labs threat research team has been actively tracking malware campaigns deploying a formidable Android Remote Access Trojan (RAT). We encountered a variant of that malware equipped with extensive features such as […]
Posted: December 20, 2023
Overview The SonicWall Capture Labs threat research team has observed and detected a VBScript file which delivers XWorm3.1 to the victim’s machine. The trend of malware authors hiding behind a genuine tool is continuing, and […]
Posted: December 19, 2023
Overview The SonicWall Capture Labs threat research team has observed PDF files masquerading as Ring Central, which is a communication and collaboration platform. This is achieved by incorporating malicious URLs with the intention of executing […]
Posted: December 15, 2023
Overview This week, the Sonicwall Capture Labs threat research team analyzed a fake copy of AnyDesk. AnyDesk is a legitimate remote desktop application commonly used by tech support agents to troubleshoot computer problems remotely and […]
Posted: December 15, 2023
The Sonicwall Capture Labs threat research team has recently been tracking a new variant of Thanos ransomware. It is named after the Marvel supervillian and according to the FBI, is created by Moises Luis Zagala […]
Posted: December 15, 2023
Overview This week the SonicWall Capture Labs threat research team investigated a sample of malware that has multiple infostealer, monitoring and C2 capabilities. The name of the file is translated as ‘Easy Language Program’ from […]
Posted: December 13, 2023
The SonicWall Capture Labs Threat Research team has observed Remcos RAT (Remote Access Trojan) being distributed by adding malicious code in existing open-source software. This appears to be an attempt to evade Security products which […]
Posted: December 12, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2023.
Posted: December 7, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat CVE-2023-34048 (a vCenter Server out-of-bounds write vulnerability), assessed its impact, and developed mitigation measures for the vulnerability. VMware vCenter Server is a centralized […]
Posted: December 7, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting Splunk Enterprise. Splunk Enterprise does not safely sanitize extensible stylesheet language transformations (XSLT) that users supply. This means that […]
Posted: November 30, 2023
Overview This week, the SonicWall Capture Labs Threat Research Team became aware of a disclosure of sensitive information vulnerability in ownCloud’s GraphAPI application, assessed its impact and developed mitigation measures for the vulnerability. ownCloud, an […]
Posted: November 27, 2023
OVERVIEW Recently, the SonicWall Capture Labs Threat Research team has identified a new .NET Packer that is currently being widely used by the various stealers such as Lokibot, AgentTesla etc. In the ever-evolving landscape of […]
Posted: November 21, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the SysAid path traversal vulnerability, assessed its impact and developed mitigation measures for the vulnerability. On November 8, 2023, SysAid, an IT service management company, […]
Posted: November 18, 2023
Overview This week, the Sonicwall Capture Labs Research team has observed an increase in shortcut-based (LNK) malware. These seemingly legitimate LNK files execute PowerShell commands to download malware from a remote server. Infection Cycle The […]
Posted: November 15, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2023.
Posted: November 9, 2023
The SonicWall Capture Labs Threat Research team has observed AgentTesla infostealer being deployed using image(.jpg) files for last few months. We have observed multiple ZIP files with titles in European languages. Different IPs were seen […]
Posted: November 9, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting Apache ActiveMQ allowing a remote attacker with network access to a broker to run arbitrary shell commands by manipulating […]
Posted: November 3, 2023
The Sonicwall threat research team have recently been tracking a new ransomware family called Payola. This family of ransomware appeared in late August 2023. It is written in .NET and is easy to analyze as […]
Posted: November 3, 2023
Sunhillo SureLine versions before 8.7.0.1.1 contain an unauthenticated OS command injection vulnerability through the ipAddr or dnsAddr parameters within the networkDiag.cgi script.
Posted: October 26, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat Citrix Bleed, assessed its impact and developed mitigation measures for the vulnerability. Citrix NetScaler is an Application Delivery Controller (ADC) and load balancer […]
Posted: October 20, 2023
Overview The SonicWall Capture Labs Threat Research team has observed attackers targeting a critical vulnerability affecting on-premises instances of Confluence Server and Confluence Data Center allowing unauthorized users to get administrative-level privileges by creating unauthorized […]
Posted: October 16, 2023
This week, the SonicWall Capture Labs Research Team looked at a sample of Mystic Stealer. This is an infostealer that first appeared earlier in 2023. It has a variety of defensive techniques to evade detection […]
Posted: October 13, 2023
SonicWall Capture Labs Threat Research Team became aware of the threat, assessed its impact, and developed mitigation measures for the curl SOCKS5 heap buffer overflow vulnerability released this week. Overview Client URL, or curl, and […]
Posted: October 10, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2023.
Posted: October 6, 2023
Overview SonicWall Capture Labs Threat Research Team became aware of the threat, assessed its impact, and developed mitigation measures for JetBrains TeamCity Server. JetBrains TeamCity, a robust continuous integration (CI) and continuous deployment (CD) server, […]
Posted: September 28, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: phpPgAdmin is an open-source, web-based administration tool for managing PostgreSQL, an advanced, enterprise-class, and open-source relational database system. phpPgAdmin is written in PHP […]
Posted: September 22, 2023
Improper error message handling in Zyxel ZyWALL/USG,VPN,USG FLEX and ATP firmware series could allow an unauthenticated attacker to execute some OS commands remotely by sending crafted packets to an affected device.
Posted: September 22, 2023
This week, the Sonicwall Capture Labs Research team analyzed the latest Snatch ransomware. Snatch operates as a ransomware-as-a-service (RaaS), a business model where the malware authors lease out the ransomware program to affiliates who then […]
Posted: September 12, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2023.
Posted: September 8, 2023
The SonicWall Capture Labs threats research team has been tracking a recent family of ransomware called RZML. This ransomware appeared in the wild over the last 7 days and appears to be a variant of […]
Posted: September 8, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KSMBD is an integral server component within the Linux kernel. Its primary function is to implement the SMBv3 protocol, which is essential for […]
Posted: September 1, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Rockwell Automation’s ThinManager is designed for managing thin clients, mobile devices, cameras, and industrial devices. Comprising both client and server components, the client […]
Posted: August 25, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Redis stands as an in-memory, high-performance key-value data store that is both lightweight and non-volatile. Designed to offer quick access to simple yet […]
Posted: August 25, 2023
This week, the SonicWall Capture Labs Threat Research Team has observed the following threat: The Amadey botnet malware has been packaged with a Redline infostealer to infiltrate systems, extract a variety information, and enable control […]
Posted: August 18, 2023
RUCKUS Wireless Admin through 10.4 allows Remote Code Execution via an unauthenticated HTTP GET Request, as demonstrated by a /forms/doLogin?login_username=admin&password=password$(curl substring.
Posted: August 11, 2023
Bring Your Own Vulnerable Driver (BYOVD)
Posted: August 8, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2023.
Posted: August 4, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The Netgear ProSAFE Network Management System (NMS300) is a centralized and comprehensive management application designed for network administrators. It enables them to discover, […]
Posted: August 1, 2023
The SonicWall Capture Labs Research team has received a sample of a new variant from Chaos Ransomware family which is a customizable ransomware builder that emerged in underground forums, by falsely marketing itself as the […]
Posted: July 27, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: XWiki is recognized as a second-generation wiki platform, bringing together the conventional wiki functionality and the unique potential of an application development platform. […]
Posted: July 21, 2023
TP-Link Archer AX21 (AX1800) firmware versions before 1.1.4 contains a command injection vulnerability in the web management interface. By injecting malicious commands, the attacker could execute them as the root user, potentially gaining unauthorized access and control over the router.
Posted: July 11, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2023.
Posted: July 7, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: OpenEMR is a comprehensive open-source electronic health records (EHR) and medical practice management application. It provides an array of functionalities aimed at enhancing […]
Posted: July 5, 2023
SonicWall Capture Labs Research team recently observed an Agent Tesla malware that is being loaded by using Native Loader. Agent Tesla is an advanced Remote Access Trojan (RAT) developed using Microsoft .Net framework capable of stealing sensitive information. It has become one of the most prevalent malware families from the past couple of years.
Posted: June 30, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: OpenSSL stands as a renowned open-source library, primarily utilized for SSL and TLS. The Secure Socket Layer (SSL) and the Transport Layer Security […]
Posted: June 26, 2023
SonicWall Capture Labs Research team has discovered an ongoing instance of cryptocurrency fraud that utilizes legitimate Google services, specifically Google Script macros. Threat actors intentionally target these platforms because they are both convenient to use […]
Posted: June 23, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The Barracuda Email Security Gateway is a comprehensive email security solution developed to safeguard businesses from a multitude of email threats such as […]
Posted: June 21, 2023
SonicWall Capture Labs Threat research team recently discovered a campaign requesting users to provide their card details on a fraudulent bank application under the pretense of claiming rewards points. Additionally, they persuade users to enable […]
Posted: June 15, 2023
SonicWall Capture Labs Research team recently observed a new variant of Amadey malware. Amadey is a botnet with main objective of stealing sensitive information and to inject additional payload by receiving the commands from command & control server. In this variant we observed that it has modified its string decoding algorithm.
Posted: June 13, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2023.
Posted: June 9, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: MOVEit provides secure collaboration and automated file transfers of sensitive data and advanced workflow automation capabilities without the need for scripting. Encryption and […]
Posted: June 9, 2023
With the popularity of ChatGPT, an artificial intelligence (AI) chatbot, cybercriminals has been using it to lure unsuspecting victims to online scams. Recently, the Sonicwall Capture Labs Research team has come across a scam promising […]
Posted: June 2, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The vulnerability labeled as CVE-2023-2951 is a critical issue found in the “Code-Projects” Bus Dispatch and Information System version 1.0, specifically involving a […]
Posted: May 31, 2023
In this blog post, we will discuss
Unpacking of GuLoader’s shellcodes.
Understanding a new anti-debug technique deployed by GuLoader.
Deep dive into GuLoader’s custom Vectored Exception Eandler.
Writing an IDAPython script to deobfuscate the control flow of shellcode and to make GuLoader’s analysis easy and fast.
Posted: May 26, 2023
Vulnerability in the DCBI-Netlog-LAB v1.0 allows attackers to bypass authentication and execute arbitrary commands via a crafted request.
Posted: May 26, 2023
Recently, SonicWall Capture Labs Threat research team discovered a Dot Net stealer malware with enormous capabilities including stealing information from Browsers, VPNs, Steam profiles, installed Apps, Cryptocurrency wallets, Cryptocurrency wallets browsers extensions and sensitive device […]
Posted: May 19, 2023
LB-Link is a well-known company in the networking industry that specializes in the design, manufacturing, and distribution of wireless networking products. The company’s product portfolio includes a wide range of wireless routers, network adapters, Wi-Fi […]
Posted: May 19, 2023
The SonicWall Capture Labs threats research team has been tracking a newly discovered form of ransomware called “Akira”. This malicious software is actively targeting numerous organizations and stealing sensitive data. To maximize the likelihood of […]
Posted: May 9, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2023.
Posted: May 9, 2023
SonicWall Capture Labs Research team analyzed a Raspberry Robin, which is known for its endless anti-evasion’s techniques and multiple layers of packing. The layers have several anti-debugger, anti-sandbox, anti-VM and anti-emulator checks. Malware has kept evolving and intensified the hide-and-seek game over time and has improved this game with a variety of original evasions and tactics.
Posted: May 9, 2023
SonicWall Capture Labs Threat research team recently discovered a malware campaign that utilizes a Remote Access Trojan (RAT) with enormous capabilities, including keylogging, stealing sensitive device information, bypassing Google Authenticator, etc. These features allow the […]
Posted: May 5, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Adobe ColdFusion is a powerful web development platform that enables developers to create dynamic, data-driven websites and applications with ease. ColdFusion Markup Language […]
Posted: May 5, 2023
Overview: This week, SonicWall Capture Labs Threat Research Team analyzed a Linux backdoor sample, labelled as ‘Gafgyt’, that targets multiple platforms and acts as an enumeration tool, downloader, and C2 agent. This sample is a […]
Posted: April 28, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: vBulletin is written in PHP and uses MySQL as its database management system. It is designed to provide a robust platform for online […]
Posted: April 24, 2023
Delivering Malicious PDF documents as email attachments is the easiest way for threat actors to get into the victim’s machine be it phishing, or embedded scripts for delivering malware payloads. This time SonicWall Capture Labs […]
Posted: April 21, 2023
An externally controlled reference to a resource vulnerability exists in QNAP NAS running Photo Station. If exploited, this could allow an attacker to modify system files.
Posted: April 18, 2023
Recently, the SonicWall Capture Labs Research team analyzed a ransomware called Money message. Written in C++, this ransomware encrypts the victim’s files without changing the filename or appending the extension, making it more difficult to […]
Posted: April 17, 2023
SonicWall Capture Labs threat research team has come across new C++ based variant of Laplas Clipper which targets the cryptocurrency users. Laplas clipper have been observed in the past with .NET and GO language variants. In this variant, the malware employs various anti debug, anti sandbox and anti analysis techniques to evade its detection.
Posted: April 12, 2023
Malware comes as the Zip bundle as legitimate software Advanced Port Scanner which contains multiple components related to software including malicious Dll.
Posted: April 11, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2023.
Posted: April 7, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: GitLab is a web-based platform for software development and collaboration, offering a comprehensive suite of tools for version control, continuous integration, and continuous […]
Posted: March 31, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Public Key Infrastructure (PKI) is a comprehensive framework for managing digital certificates and cryptographic keys, serving as the foundation for secure communication over […]
Posted: March 31, 2023
The 3CX application is delivered on the victim’s machine along with compromised DLLs “ffmpeg.dll” and “d3dcompiler_47.dll”
Posted: March 28, 2023
AsyncRAT latest variant has advances its capabilities by including additional commands support from C2, clipper module, cryptostealer module, keylogger module and ability to prevent system from going to sleep.
Posted: March 24, 2023
TerraMaster NAS devices running TOS version 4.2.29 suffer from a vulnerability which allows remote unauthenticated attackers to execute commands as root
Posted: March 23, 2023
The SonicWall Capture Labs threat research team has once again observed a surge in Emotet. This the notorious malware, which heavily targets large organizations, uses similar tactics and functionality observed in past variants. Originally a […]
Posted: March 22, 2023
The Snake keylogger final payload is wrapped by multiple layers of protection, to prevent its detection and analysis
Posted: March 15, 2023
What is CVE-2023-23397 CVE-2023-23397 is a Microsoft Outlook Elevation of Privilege Vulnerability. This allows for a NTLM Relay attack against another service to authenticate as the user. SonicWall provides protection against exploits targeting this vulnerability. […]
Posted: March 14, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2023.
Posted: March 14, 2023
The SonicWall RTDMI is detecting a surge of VBScript files for last few weeks which downloads and executes GuLoader shellcode on the victim’s machine
Posted: March 10, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: phpIPAM is a free and open-source web-based IP address management (IPAM) software application. It is designed to help organizations efficiently manage their IP […]
Posted: March 8, 2023
The SonicWall Capture Labs Threat Research team came across a malware campaign that steals device information, card information, and google authenticator code on Android devices. This malware uses famous Android app icons to mislead users and trick victims into installing the malicious app on their device
Posted: March 7, 2023
SonicWall RTDMI detected OneNote malicious file is not detected by any security providers available on popular threat intelligence sharing portals like the VirusTotal and the ReversingLabs
Posted: March 3, 2023
This week, the Sonicwall Capture Labs Research team analyzed a Trojan downloader targeting Linux environments. This Trojan has been around since 2019, but has not been active in the past year until recently. It uses […]
Posted: March 3, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Froxlor is a web-based server management panel that allows users to easily manage multiple web hosting accounts on a single server. It is […]
Posted: February 24, 2023
A command injection vulnerability allows an unauthenticated user to execute arbitrary code on a server running Cacti, if a specific data source was selected for any monitored device.
Posted: February 21, 2023
Vohuk Ransomware uses the genuine Windows tool Cipher.exe to overwrite the deleted files which make the recovery of the files impossible.
Posted: February 14, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2023.
Posted: February 14, 2023
SonicWall RDTMI detecting a spike of malicious OneNote files are being delivered to the victim’s machine as an email attachments.
Posted: February 10, 2023
LockBit 3.0, also known as LockBit Black, is a ransomware family that operates under the Ransomware-as-a-Service (RaaS) model, where the creators collaborate with affiliates who may not have the resources to create and deploy attacks. […]
Posted: February 10, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KSMBD stands for Kernel-based SMB Direct. It’s a Linux kernel module that provides the implementation of the SMBv3 protocol, allowing the Linux kernel […]
Posted: February 3, 2023
This week, the Sonicwall Capture Labs Research team analyzed a sample of Berbew, a trojan that has been seen used in connection with Download.Ject and FormBook to steal user passwords for banking and other financial […]
Posted: February 3, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: ManageEngine is a subsidiary of Zoho Corporation that provides IT management software for businesses. The company offers a range of products for network, […]
Posted: January 27, 2023
This week, the Sonicwall Capture Labs Research team analyzed a ransomware called Magniber. This ransomware has been around since 2017 as a successor to Cerber and initially only targeted a specific country when we first […]
Posted: January 27, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Adobe ColdFusion is an application development platform by Adobe Systems. It is an IDE used to develop web applications and supports a full […]
Posted: January 20, 2023
Control Web Panel 7 versions prior to 0.9.8.1147 suffer from an unauthenticated remote code execution vulnerability.
Posted: January 13, 2023
The SonicWall Capture Labs threat reseach team have tracking a well established ransomware family known as GPcode. GPcode ransomware is typically spread through email attachments or social engineering techniques, such as disguising the malware as a […]
Posted: January 10, 2023
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2023.
Posted: January 6, 2023
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: daloRADIUS is an advanced RADIUS web management application aimed at managing hotspots and general-purpose ISP deployments. It features user management, graphical reporting, accounting, […]
Posted: December 22, 2022
Command injection vulnerability exists in TOTOLink A3000RU routers which could allow attackers to execute arbitrary commands.
Posted: December 22, 2022
This week, the SonicWall Capture Labs Threat Research Team analyzed a new sample of Raspberry Robin. First observed in May 2022 by Red Canary, Raspberry Robin is a worm that has evolved to be a […]
Posted: December 16, 2022
This week, the Sonicwall Capture Labs Research team analyzed a ransomware called Cryptonite. It is an open-sourced ransomware that was once available on GitHub but has now been taken down. It exhibited behavior consistent of […]
Posted: December 13, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2022.
Posted: December 9, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Centreon is a network, system and application monitoring tool. Centreon is the only AIOps Platform Providing Holistic Visibility to Complex IT Workflows from […]
Posted: December 2, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Apache Airflow is an open-source workflow management platform. Apache Airflow is a flexible, scalable workflow automation and scheduling system for authoring and managing […]
Posted: November 23, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Delta Electronics InfraSuite Device Master is a tool for centralized monitoring and control of a large number of devices. Users create a human-machine […]
Posted: November 18, 2022
The Tenda AC1200 router does not perform proper validation of user-supplied input and is vulnerable to cross-site scripting attacks.
Posted: November 11, 2022
The SonicWall Capture Labs threat research team has recently been tracking a ransomware family called Black Basta. Black Basta first appeared in April 2022 and is believed to be operated by a well organized cybercrime […]
Posted: November 9, 2022
Introduction After several months of hiatus, Emotet is back. SonicWall Capture Labs threat research team has observed starting last week that the notorious malware, which heavily targets large organizations, has returned with similar tactics and […]
Posted: November 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2022.
Posted: November 3, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: The OpenSSL Project develops and maintains the OpenSSL software a robust, commercial-grade, full-featured toolkit for general-purpose cryptography and secure communication. OpenSSL contains an […]
Posted: November 2, 2022
Malware authors are extensively using C# code to build malware since last few years, due to its simplicity and rich Application Programming Interfaces (API). RedLine is a C# written advanced info stealer active in the wild since 2020.
Posted: October 28, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: KeySight N6854A Geolocation server software and the N6841A RF Sensor software provide an easy way to configure all of the RF Sensors in […]
Posted: October 20, 2022
An issue was discovered in Zimbra Collaboration (ZCS) 8.8.15 and 9.0. An attacker can upload arbitrary files through amavisd via a cpio loophole that can lead to incorrect access to any other user accounts.
Posted: October 14, 2022
The Sonicwall Capture Labs Research team came across a malware which purports to be a picture but has the intention to wipe the hard drive thus deleting data and programs. It is a multicomponent infection […]
Posted: October 11, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2022.
Posted: October 7, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Schneider Electric’s Interactive Graphical Supervisory Control and Data Acquisition (SCADA) System (IGSS) is used for monitoring and controlling industrial processes. According to the […]
Posted: September 30, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: mySCADA professional tools are for developing and managing HMI (Human-Machine Interface)/SCADA (Supervisory Control and Data Acquisition) industrial processes. myPRO is one tool in […]
Posted: September 30, 2022
Recently we have seen multiple droppers dropping infostealers or banking trojans along with ransomware. Few weeks ago our researchers at SonicWall labs observed a clipbanker i.e. Clipboard Hijacker being dropped by djvu(STOP) ransomware. Behaviour: The […]
Posted: September 30, 2022
Recent Microsoft Exchange Server zero day vulnerabilities are being exploited in the wild.
Posted: September 29, 2022
SonicWall Capture Labs Threat Research team has observed a PDF file getting detected by SonicWall Real Time Deep Memory Inspection (RTDMI), which comes as an e-mail attachment. The PDF file contains a link which downloads […]
Posted: September 23, 2022
Wavlink WN533A8 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page parameter
Posted: September 22, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about the malware threats targeting Android devices. SonicWall has tracked down some active trojan SMS applications. This Android SMS app purports to be a […]
Posted: September 13, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2022.
Posted: September 9, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: AVideo is a powerful base platform for uploading, curating, organizing, indexing, and distributing audio and video content. The plugin design allows you to […]
Posted: September 2, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Zimbra Collaboration is a collection of tools designed for collaboration. Tools within the suite include an email server, a chat server, a file […]
Posted: August 26, 2022
Overview: TightVNC is a remote desktop software application. It lets you connect to another computer and display its live remote desktop or control the remote computer with your mouse and keyboard, just as you would […]
Posted: August 22, 2022
SonicWall threat research team has observed a JavaScript file inside an archive is being delivered to the victim’s machine as an email attachment which further downloads Java based Remote Access Trojan (RAT) STRRAT to the victim’s machine.
Posted: August 19, 2022
A directory traversal vulnerability exists in Cisco’s Adaptive Security Appliance software and Firepower Threat Defense software web services
Posted: August 19, 2022
SonicWall Capture Labs Threat Research team has been observing Android adware that were available on the Google play store, they are now removed from the play store but are still being distributed via third-party platforms. […]
Posted: August 16, 2022
A new type of remote access trojan (RAT) has been identified by several AV companies. Dubbed ‘WoodyRAT’ due to the debugging information string, it is a multi-featured payload with a list of capabilities. As with […]
Posted: August 9, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2022.
Posted: August 5, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Ivanti Avalanche is a mobile device management system. The Avalanche Certificate Manager Server (CMS) enables the use of EAP-TLS wireless security and distribution […]
Posted: August 5, 2022
WhatsApp is being abused to target Indian customers for fraudulent attacks
Posted: July 29, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Apache Spark is a unified analytics engine for large-scale data processing. It provides high-level APIs in Java, Scala, Python and R, and an […]
Posted: July 22, 2022
The Sonicwall CaptureLabs threat research team has observed reports of the launch of a new ransomware family named Lilith. Lilith ransomware is written in C/C++ and targets 64-bit Windows machines. Encrypted files are marked with […]
Posted: July 22, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language (SQL) for querying and updating stored data. […]
Posted: July 21, 2022
A VBScript is used by the threat actor to deliver fileless AsyncRAT to the victim’s machine
Posted: July 14, 2022
SonicWall Capture Labs Threat Research team has observed a malicious PDF file, comes as an e-mail attachments, detected by SonicWall RTDMI ™ engine which is delivering REMCOS RAT as the final payload.
Posted: July 13, 2022
Sonicwall Capture Labs Threat Research team has observed many Android locker ransomware which asks to communicate using social media platforms. There is no assurance of getting the key even after paying the ransom amount, they […]
Posted: July 12, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2022.
Posted: July 8, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Advantech iView is a Simple Network Management Protocol-based element management software provided free-of-charge with intelligent FTTx, Optical Access, Media Conversion and eWorx Smart […]
Posted: July 1, 2022
An OS command injection vulnerability in the CGI program of Zyxel USG FLEX 100(W) firmware could allow an attacker to modify specific files and then execute some OS commands on a vulnerable device.
Posted: June 27, 2022
GuLoader is a file less shellcode based malware which downloads other malware and executes them under legitimate processes
Posted: June 24, 2022
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerability in Vacron NVR
Posted: June 23, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about malwares including spyware targeting Android devices. SonicWall has tracked down a huge number of fake applications disguised as legitimate Google update applications. Fig […]
Posted: June 22, 2022
SonicWall Capture Labs Threats Research team has been regularly sharing information about malware threats targeting Android devices. Recently we have observed some fake fantasy league betting applications in the wild. Google Play store banned all […]
Posted: June 21, 2022
SonicWall threat research team has observed an HTA file inside an archive is being delivered to the victim’s machine, which further downloads and executes Smoke Loader malware
Posted: June 14, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2022.
Posted: June 10, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: Atlassian Confluence is a collaboration platform that allows you to build a knowledge base for documentation, product requirements, create, collaborate, comment on pages, […]
Posted: June 10, 2022
The SonicWall Capture Labs threat research team analyzed the latest cryptomining and infostealing Trojan from a well-known malware group called TeamTNT. They are known to target vulnerable *nix systems and would deploy cryptominer and a […]
Posted: June 1, 2022
Overview: SonicWall Capture Labs Threat Research Team has observed the following threat: CVE-2022-30190 a.k.a Follina, The Microsoft Office zero-day vulnerability allows applications like Microsoft Word to execute code (without macros) by calling MSDT (Microsoft Support […]
Posted: May 27, 2022
Overview: WordPress is an open source, PHP-based Content Management System (CMS) that offers several features such as multiple users, editing, custom formatting of text and an architecture which supports plugins to further extend its functionality. […]
Posted: May 27, 2022
The SonicWall Capture Labs threat research team have read reports of a set of malicious scripts, still live online at the time of writing, that install crypto mining software on Linux servers. There are 3 […]
Posted: May 24, 2022
LokiBot is being delivered to the victim’s machine using a Windows Script File for last few weeks
Posted: May 20, 2022
On F5 BIG-IP undisclosed requests may bypass iControl REST authentication leading to remote command execution
Posted: May 10, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2022.
Posted: May 6, 2022
Overview: Parse platform, provides SDKs for various environments (Android, iOS, PHP, .NET, …) as well as managed cloud data storage. When creating mobile apps a lot of the development time goes into managing and scaling […]
Posted: May 2, 2022
This week the Sonicwall Capture Labs Research team has come across a malicious document template which delivered a remote access Trojan to unsuspecting victims. It guises as a mental health survey which silently drops a […]
Posted: April 29, 2022
Overview: WSO2 offers a platform of middleware products for agile integration, application programming interface (API) management, identity and access management, and smart analytics. A directory traversal vulnerability has been reported in WSO2 API Manager. The […]
Posted: April 22, 2022
Overview: VMware’s Workspace ONE Access, VMware Identity Manager (vIDM), vRealize Lifecycle Manager, vRealize Automation, and VMware Cloud Foundation products; contain a remote code execution vulnerability due to server-side template injection. A remote, unauthenticated attacker can […]
Posted: April 15, 2022
The Sonicwall CaptureLabs threat research team has observed reports of ransomware which, in the Antivirus community, goes by the name TargetCompany. The malware surfaced in June 2021. The current variant that we have obtained is […]
Posted: April 12, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2022.
Posted: April 8, 2022
D-Link DIR-806 Devices Command Injection attacks spotted in the wild.
Posted: April 1, 2022
Feature rich spyware for Android
Posted: April 1, 2022
Overview: A Spring MVC (Model-View-Controller) or Spring WebFlux (Parallel version of Spring MVC which supports non-blocking reactive streams) application running on JDK (Java Development Kit) 9+ may be vulnerable to Remote Code Execution (RCE) via […]
Posted: March 25, 2022
This week the Sonicwall Capture Labs Research team analyzed a ransomware sample that is rather unconventional. After encrypting the victim’s files, it does not demand payment but rather asks the victim to carry out certain […]
Posted: March 25, 2022
Overview: A denial-of-service vulnerability has been reported in the OpenSSL library. The vulnerability is due to insufficient validation in BN_mod_sqrt() function. A remote attacker could exploit the vulnerability by sending crafted packets to an OpenSSL […]
Posted: March 18, 2022
As the war between Russia and Ukraine rages on, the conflict has extended into the cyber domain. In mid-February, the Security Service of Ukraine reported that the country was the target of an ongoing “wave […]
Posted: March 18, 2022
A SQL injection vulnerability exists in WP Statistics Plugin for WordPress. The vulnerability is due to insufficient sanitization of the current_page_id and current_page_type parameter.
Posted: March 10, 2022
Contains capability to accept and execute commands
Posted: March 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2022.
Posted: March 4, 2022
The conflict between Russia and Ukraine has quickly escalated from the ground onto the cyberspace. Last week, the Sonicwall Capture Labs Research team has analyzed the HermeticWiper malware attack that was targeting Ukraine in this […]
Posted: March 4, 2022
Overview: Samba is an open-source implementation of file, print, and other network services suite known as SMB/CIFS (Server Message Block/Common Internet File System). Samba implements several protocols and services including NetBIOS over TCP/IP (NBT), SMB, […]
Posted: February 25, 2022
Overview: The H2 console application allows a user to access a SQL database using a browser interface. H2 is an open source Java SQL database that includes the following technology; JDBC, (Java Database Connectivity) is […]
Posted: February 25, 2022
The Sonicwall threat research team have recently observed a new variant of BitPyLock ransomware. This family of ransomware surfaced in early 2020. It encrypts files and also threatens extortion by claiming to have sent files […]
Posted: February 25, 2022
The SonicWall Capture Labs Threat Research team has analyzed a sample which is widely believed to be targeting Ukrainian organizations. The malware sample is digitally signed issued under the company name ‘Hermetica Digital Ltd’. There […]
Posted: February 18, 2022
SonicWall Threats Research Team received reports of an Android malware in the wild that was hosted on an active domain. This malware appears to be a Remote Access Trojan that has a number of capabilities. […]
Posted: February 17, 2022
Arbitrary command execution in formSysCmd via the sysCmd parameter exists in this Realtek SDK. Successful exploitation of this vulnerability allows remote attackers to achieve arbitrary code execution on the device.
Posted: February 11, 2022
The SonicWall Capture Labs Threat Research team has come across a ransomware with a bizaare demand in exchange for decryption. This ransomware calls itself “Black Eye” but instead of demanding for cryptocurrency as payment, it […]
Posted: February 8, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2022.
Posted: February 4, 2022
Overview: EmbedThis GoAhead is a popular compact web server intended and optimized for embedded devices. Despite its small size, the server supports HTTP/1.1, CGI handler among others. An unrestricted file upload vulnerability has been reported […]
Posted: February 4, 2022
The Sonicwall threat research team have recently seen reports of ransomware called Argos 2.0. The ransomware works like most others, encrypting files and demanding payment in bitcoin for file recovery. However, reverse engineering the malware […]
Posted: January 28, 2022
Overview: MySQL is a popular open-source implementation of a relational database that supports the Structured Query Language (SQL) for querying and updating stored data. Communication with the database occurs using the MySQL protocol. As with […]
Posted: January 21, 2022
A malicious variant already observed in the wild
Posted: January 19, 2022
Grafana is a multi-platform, open-source analytics and interactive visualization web application. It provides charts, graphs, and alerts for the web when connected to supported data sources. Directory Traversal Vulnerability Grafana versions 8.0.0-beta1 through 8.3.0 are […]
Posted: January 14, 2022
The Sonicwall Capture Labs threat research team has come across a linux variant of a ransomware early on this week. Avoslocker is another ransomware-as-a-service (RaaS) selling their ready-made ransomware to affiliates to carry out ransomware […]
Posted: January 11, 2022
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2022.
Posted: January 7, 2022
Overview: GitLab is web-based Git repository manager that includes additional features to handle all stages of the DevOps lifecycle including continuous integration and delivery, issue tracking, monitoring, and integration with many other applications. GitLab is […]
Posted: January 7, 2022
The SonicWall Capture Labs threat research team has come across data theft malware derived from the Mercurial password stealer family. This malware is open source and readily available on github for “educational purposes only”. Because […]
Posted: December 31, 2021
Overview: Apache Log4j is a logging library for Java. Log4j is a simple and flexible logging framework. With Log4j it is possible to enable logging at runtime without modifying the application binary. Apache Log4j is […]
Posted: December 29, 2021
Github is a platform which is commonly used to host open-source projects, many such projects are security focused. SonicWall Threats Research team recently identified an Android ransomware that was found to be hosted on Github […]
Posted: December 23, 2021
With Christmas weekend upon us and many are still looking for the best last-minute deals, we noticed we are receiving an increasing amount of holiday related spam emails. We have been monitoring the amount of […]
Posted: December 20, 2021
SonicWall Capture Labs threat research team observed attacks exploiting vulnerability in Yealink devices.
Posted: December 17, 2021
The SonicWall Capture Labs threat research team has been tracking ransomware, known to some in the antivirus community as GarrantDecrypt. The current variant of this ransomware appeared in late November 2021. The malware is aimed […]
Posted: December 15, 2021
ISO files are being abused by threat actors to deliver the payload to the victim’s machine, without being detected.
Posted: December 14, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2021.
Posted: December 10, 2021
Overview: Apache Log4j is a Java-based logging utility that can be configured through a configuration file or through Java code. Apache Log4j provides many features, such as reliability, extensibility, multiple configuration support including xml/json/yaml, excellent […]
Posted: December 10, 2021
Overview: ManageEngine ServiceDesk is an IT help desk platform that provides functionality to manage various aspects of an IT environment such as changes, incidents and assets and also incorporates a standard ITIL framework. ManageEngine SupportCenter […]
Posted: December 9, 2021
Contains multiple features including the ability to communicate with the attackers via Telegram
Posted: December 7, 2021
SonicWall Capture Labs Threats Research team has been detecting an ongoing phishing campaign which abuses users by pretending to be genuine software platform using their logo. Upon opening the PDF file, an image with instructions […]
Posted: December 3, 2021
Overview: Microsoft Exchange Server is an ASP.NET implementation of an email and calendaring server and is capable of handling most standard Internet protocols as well as numerous proprietary Microsoft protocols and formats. Microsoft Exchange Server […]
Posted: December 3, 2021
A number of WordPress websites have been infected with what appeared to be ransomware. The infected websites show a warning on its homepage saying the site has been encrypted and listing a bitcoin address on […]
Posted: December 2, 2021
SonicWall Capture Labs Threats Research team has been regularly sharing information about the malware threats targeting Android devices. SonicWall has tracked down the huge number of financial fraud applications. Since the start of the […]
Posted: November 19, 2021
This week the Sonicwall Capture Labs Research team analyzed malware samples that appear to be targeting one of the popular cloud computing platforms, Alibaba Cloud (Aliyun). Alibaba Cloud might not be the first name that […]
Posted: November 18, 2021
A command injection vulnerability exists in the web server of some Hikvision product
Posted: November 11, 2021
With the rise in popularity and investments in Crypto currency there has been a rise in Crypto related scams as well. SonicWall Threats Research team identified an Android crypto wallet stealing malicious Android application. […]
Posted: November 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2021.
Posted: November 5, 2021
Overview: The SolarWinds Orion Platform is the base platform used by numerous SolarWinds products such as Network Performance Monitor, Virtualization Manager, and Server Configuration Monitor. The platform is designed to seamlessly integrate all Orion-based products […]
Posted: November 5, 2021
The SonicWall Capture Labs threat research team has come across new ransomware known as Foxxy. This ransomware appeared in late October 2021 and the sample we have obtained appears to be a proof of concept […]
Posted: October 29, 2021
Overview: The Apache HTTP server is the most popular web server used on the Internet. The server is capable of being utilized with many different options and configurations. A wide variety of runtime loadable plug-in […]
Posted: October 29, 2021
A malicious PowerShell script steals and sends email addresses from Outlook contacts.
Posted: October 27, 2021
Contains a number of spyware functions
Posted: October 22, 2021
Even back in the day, cybercriminals have been masking malware within pictures, screensavers or games that can be downloaded for free. But now, since the Internet has grown immensely into a huge form of entertainment […]
Posted: October 21, 2021
SonicWall Capture Labs threat research team observed attacks exploiting SQL injection vulnerability in WordPress WooCommerce plugin.
Posted: October 12, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2021.
Posted: October 8, 2021
Overview: VMware vCenter Server is a data centre management server application developed by VMware Inc. VMware vCenter Server is designed primarily for vSphere, VMware’s platform for building virtualized cloud infrastructures. As part of a broader […]
Posted: October 1, 2021
Overview: OpenLDAP is an open-source implementation of the Lightweight Directory Access Protocol (LDAP) service. On a default installation, the OpenLDAP server uses TCP port 389 for communication. The OpenLDAP server has a modular architecture where […]
Posted: October 1, 2021
The SonicWall Capture Labs threat research team has observed a continued increase in ransomware used in double extortion schemes. The operators of ransomware known as AtomSilo have recently infiltrated a Brazilian pharmaceutical company. The malware […]
Posted: September 23, 2021
SonicWall Capture Labs threat research team observed attacks exploiting vulnerability in Buffalo routers.
Posted: September 14, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2021.
Posted: September 10, 2021
Overview: Atlassian Confluence is a collaboration platform written in Java. Users can create content using spaces, pages, and blogs which other users can comment on and edit. It is written primarily in Java and runs […]
Posted: September 3, 2021
Lockbit ransomware has been around since 2019 but recently released an updated version called Lockbit 2.0. It is another ransomware-as-a-service (RaaS) which is a subscription based model allowing partners to use a full-featured already developed […]
Posted: September 3, 2021
Overview: Centreon is an open source IT monitoring solution. Centreon open source solution is the foundation for the Centreon EMS software suite which offers additional licensed modules. Centreon open source solution includes integration tools for […]
Posted: August 27, 2021
Overview: Nagios is an open source host, service and network monitoring program. The product’s functionality is implemented through a number of server-side programs primarily written in PHP with a backend database running MariaDB, a drop-in […]
Posted: August 19, 2021
An unauthenticated command injection vulnerability exists in ZeroShell. SonicWall Capture Labs threat research team observed attacks exploiting this vulnerability.
Posted: August 12, 2021
The SonicWall Capture Labs threat research team has recently been tracking malware that does more than encrypt files and demand a ransom. In the ransomware space there has been an increase in malware that also […]
Posted: August 10, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2021.
Posted: August 6, 2021
Overview: Advantech R-SeeNet is a monitoring application that runs on a server and its job is to collect information from the routers, store it, process it and present it to a network administrator. R-SeeNet consists […]
Posted: July 30, 2021
Overview: 3S Smart Software Solutions CoDeSys is an IEC 61131-compliant PLC program development environment for multiple programming languages. CoDeSys supports PLC devices from over 250 device manufacturers. The CoDeSys Gateway Server is a service which […]
Posted: July 21, 2021
Malware writers often use trending topics to masquerade their malicious creations. Ever since early 2020 the Covid-19 pandemic has given fuel to malware writers and scamsters to use Covid related themes to hide malicious applications. […]
Posted: July 19, 2021
Cross-site scripting (XSS)Vulnerability exists in the web services interface of Cisco Adaptive Security Appliance (ASA) Software.
Posted: July 15, 2021
SonicWall Threats Research team has observed a highly obfuscated batch(BAT) file inside an archive which is downloaded to the victim’s machine. The BAT file executes a PowerShell script which downloads an archive file containing Metamorfo […]
Posted: July 13, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2021.
Posted: July 9, 2021
The recent Kaseya VSA server exploit incident has given an opportunity for cybercriminals to distribute fake Kaseya update programs. An unsuspecting user is tricked to downloading a program that appears to be from Kaseya but […]
Posted: July 9, 2021
Overview: Oracle Endeca Server is a hybrid search-analytical database. It organizes complex and varied data from disparate source systems into a flexible data model that reduces the need for upfront modeling. Oracle Endeca Server is […]
Posted: July 6, 2021
The SonicWall Capture Labs threat research team has analyzed the ransomware that is spreading using the exploitation of the Kaseya standalone on-premises VSA server and the subsequent supply-chain attacks. The attack starts with exploitation of […]
Posted: July 2, 2021
Overview: A new remote code execution (RCE) has been discovered in Microsoft Windows Print Spooler service. This vulnerability has been referred to publicly as PrintNightmare and assigned as CVE-2021-34527. According to the vendor, this vulnerability […]
Posted: July 2, 2021
Overview: Oracle E-Business Suite is a collection of applications for Enterprise Resource Planning (ERP), Customer Relationship Management (CRM), and Supply Chain Management (SCM) and contains several product lines intended for specific use cases. The E-Business […]
Posted: July 1, 2021
The SonicWall Capture Labs threat research team have been tracking ransomware that encrypts and gives files a “.snoopdog” filename extension. The operator charges 1 BTC for file retrieval. However, as with most ransomware today, the […]
Posted: June 25, 2021
Overview: Advantech iView application enables network managers to configure, update, manage and monitor B+B SmartWorx solutions from a central location. It is a Simple Network Management Protocol-based element management software provided free-of-charge with all intelligent […]
Posted: June 18, 2021
With multiple obfuscation layers
Posted: June 17, 2021
A CRLF injection vulnerability exists in BF-430, BF-431, and BF-450M TCP IP Converter devices.
Posted: June 11, 2021
The SonicWall Capture Labs Research team has been observing a massive increase in ransomware attacks with increasingly targeted attacks hitting mostly critical infrastructures. With companies willing to pay millions in ransom payment to restore operations, […]
Posted: June 8, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2021.
Posted: June 4, 2021
Overview: Multiple vulnerabilities have been discovered and reported in the VMware vSphere Client (HTML5), specifically in VMware vCenter Server vSAN Health Check plug-in product. Among these vulnerabilities, CVE-2021-21985 is a remote code execution vulnerability rated […]
Posted: June 4, 2021
Overview: Microsoft Visual Studio is an integrated development environment (IDE) from Microsoft. It can be used to develop console and graphical user interface (GUI) applications along with web sites, web applications, and web services. This […]
Posted: May 28, 2021
Overview: Netgear ProSAFE Network Management System NMS300 is a centralized and comprehensive management application for network administrators that enables them to discover, monitor, configure, and report on SNMP based enterprise-class network devices. The Netgear Network […]
Posted: May 27, 2021
The SonicWall Capture Labs threat research team have recently been tracking Conti ransomware. It has been reported that Conti has been connected with over 400 cyberattacks against organizations around the world. In addition to encrypting […]
Posted: May 21, 2021
F5 BIG-IP iControl REST interface has an unauthenticated remote command execution vulnerability
Posted: May 21, 2021
Contains hardcoded targets
Posted: May 14, 2021
The SonicWall Capture Labs Threat Research team has analyzed a multi-stage infostealer. If available on the victim’s machine, this Trojan steals various cryptocurrency data, credit card info, ftp server info and credentials on Discord, Telegram, […]
Posted: May 11, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2021.
Posted: May 7, 2021
Overview: Apache OFBiz is an open source enterprise resource planning (ERP) system. It provides a suite of enterprise applications that integrate and automate many of the business processes of an enterprise. Apache OFBiz is a […]
Posted: April 30, 2021
Overview: Eaton’s Intelligent Power Manager (IPM) software provides the tools needed to monitor and manage power devices in your physical or virtual environment keeping devices up and running during a power or environmental event. This […]
Posted: April 30, 2021
The SonicWall Capture Labs Threat Research Team has observed a new Microsoft Excel sample, which uses curl.exe to download AVE Maria Remote Admin Tool. This sample launches curl.exe using XLM Macro. cURL is a command-line […]
Posted: April 23, 2021
Targets mostly include a number of financial apps
Posted: April 23, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Runsomeaware RaaS actively spreading in the wild. Ransomware as a service (RaaS) is a subscription-based / free model that enables […]
Posted: April 22, 2021
Ignition versions prior to 2.5.2, as used in Laravel allows unauthenticated remote attackers to execute arbitrary code.
Posted: April 16, 2021
Snake KeyLogger malware is being distributed using malicious word documents
Posted: April 16, 2021
The Sonicwall Capture Labs Research team has observed another ransomware being circulated in the wild recently. To maintain communications with the compromised system this ransomware uses Discord’s built in webhooks function. Discord is much more […]
Posted: April 13, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2021.
Posted: April 9, 2021
Overview: VMware vRealize Operations Manager delivers intelligent operations management with application-to-storage visibility across physical, virtual, and cloud infrastructures. CVE-2021-21975 is an unauthenticated server-side request forgery (SSRF) vulnerability in VMware vRealize Operations API. The vulnerability was […]
Posted: April 9, 2021
The SonicWall Capture Labs threat research team have been tracking a ransomware family named Uniwinnicrypt. This malware is aimed at large corporations and the operators charge over $550k USD in crypto (Monero and Bitcoin) for […]
Posted: April 2, 2021
Overview: A denial of service vulnerability has been reported in OpenSSL library. An OpenSSL TLS server may crash if a remote attacker sends a maliciously crafted renegotiation ClientHello message (the exploit) from a client. If […]
Posted: March 26, 2021
Overview: SonicWall’s Capture Labs Threat Research Team, recently captured and evaluated a new malicious sample termed Spyder, from China’s “Winnti” hacking group. This backdoor is written in C++ and designed to run on 64-bit Windows. […]
Posted: March 26, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Hog ransomware actively spreading in the wild. The Hog ransomware encrypts the victim’s files with a strong encryption algorithm and […]
Posted: March 18, 2021
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerabilities in ZyXEL routers.
Posted: March 18, 2021
Infections continue even after gang member arrest
Posted: March 17, 2021
The SonicWall Capture Labs Threat Research Team has observed that a fake Space Starbase Invite is being circulated over email with a malicious excel document as an attachment. On opening the attachment, it will execute VBA […]
Posted: March 16, 2021
The SonicWall Capture Labs Threat Research team has received reports about a new Mirai botnet malware targeting network security devices. The Mirai botnet malware attack involves many different brands of connected network security devices that are […]
Posted: March 12, 2021
As Covid-19 vaccinations happen across the country, cybercriminals are riding the wave again using social engineering tactics purporting to be vaccine-related information to spread malware and steal user information. The Sonicwall Capture Labs Research team […]
Posted: March 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of March 2021.
Posted: March 8, 2021
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample for 8t_Dropper aka RoyalRoad. Royal Road is a tool shared by many targeted attack groups believed to belong to China. The sample below […]
Posted: March 5, 2021
The SonicWall Capture Labs Threat Research team has received reports that threat actors are actively exploiting the following Microsoft Exchange vulnerabilities: CVE-2021-26855 CVE-2021-26857 CVE-2021-26858 CVE-2021-27065 These vulnerabilities allow the attackers access to emails found in […]
Posted: March 5, 2021
The SonicWall Capture Labs threat research team has observed reports of a variant from the Crysis/Dharma ransomware family called Lotus. The operators of this malware charge 1 BTC ($49K USD at the time of writing this alert) for […]
Posted: March 5, 2021
Observing modifications in the techniques being used to distribute ZLoader using MS-Excel file
Posted: February 26, 2021
A critical remote code execution vulnerability has been reported in VMware’s vSphere/vCenter. The vulnerability is due to improper validation of paths in an uploaded tarball. A remote, unauthenticated attacker could exploit this vulnerability by sending […]
Posted: February 26, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Parasite ransomware actively spreading in the wild. The Parasite ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: February 18, 2021
This Android banker contains a multitude of malicious capabilities
Posted: February 18, 2021
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerability in Netgear DGN devices.
Posted: February 12, 2021
Obfuscation is a commonly used technique by malware authors to render their code unreadable to prevent easy interpretation of the program that might give clues on their intent or behavior. This week, the Sonicwall Capture […]
Posted: February 9, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of February 2021.
Posted: February 5, 2021
The SonicWall Capture Labs threat research team has observed reports of a variant of Paradise ransomware called Cukiesi. This ransomware family has been around since early 2018 and is reported to have originated from Russia. […]
Posted: January 14, 2021
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Babuk ransomware actively spreading in the wild. The Babuk ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: January 12, 2021
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of January 2021.
Posted: January 8, 2021
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for a Turla variant called GoldenSky. Turla has many names since 2014, aka: Turla, Snake, Venomous Bear, VENOMOUS Bear, Group 88, […]
Posted: January 6, 2021
Fake Cyberpunk apps are on the rise
Posted: January 3, 2021
CVE-2020-1472 Zerologon – A vulnerability in the cryptography of Microsoft’s Netlogon process that allows an attack against Microsoft Active Directory domain controllers, making it possible for a hacker to impersonate any computer, including the root […]
Posted: December 23, 2020
SonicWall Capture Labs Threat Research team has observed hackers actively targeting the recent remote code execution vulnerability in the Apache Struts framework. This vulnerability is due to insufficient input validation, leading to a forced double […]
Posted: December 18, 2020
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of Mobef ransomware actively spreading in the wild. The Mobef ransomware encrypts the victim’s files with a strong encryption algorithm just […]
Posted: December 14, 2020
Updated January 15, 2021 The U.S. Department of Homeland Security (DHS) and the Cybersecurity and Infrastructure Security Agency (CISA) have confirmed that malicious threat actors have been and are actively exploiting vulnerabilities in SolarWinds Orion […]
Posted: December 10, 2020
On December 8, 2020, Cyber Security Firm FireEye disclosed an incident that resulted in theft of their offensive security tools (OSTs) used by their Red-Team to test the security posture of their customers. Some of […]
Posted: December 9, 2020
Contains a number of hardcoded components as well
Posted: December 8, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of December 2020.
Posted: December 7, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Egregor Ransomware. The Egregor sample below is a library (DLL) that contains code and data that can be used by […]
Posted: December 4, 2020
Extracts sensitive information from user in exchange of fake promises
Posted: December 4, 2020
The Sonicwall Capture Labs Research team has observed another ransomware being circulated in the wild recently. It was first spotted earlier this year but has not gained much traction then. Interestingly, this not so popular […]
Posted: November 25, 2020
SonicWall Capture Labs Threat Research team has observed that the recent remote code execution vulnerability reported in Oracle WebLogic Server being exploited in the wild. This vulnerability is due to improper sanitization of user-supplied data […]
Posted: November 25, 2020
The SonicWall Capture Labs threat research team has observed reports of Hungarian PC users infected by Exerwa ransomware. It is reported that Exerwa is CTF malware that emerged from a Capture-the-Flag event where hackers are […]
Posted: November 20, 2020
The SonicWall Capture Labs Threat Research team observed reports of a new variant family of LOCKDOWN ransomware actively spreading in the wild. The LOCKDOWN ransomware encrypts the victim’s files with a strong encryption algorithm until […]
Posted: November 19, 2020
SonicWall Capture Labs threat research team observed attacks exploiting old vulnerabilities in Dasan GPON home routers.
Posted: November 12, 2020
Bahamut campaign aims at stealing sensitive user information from the device
Posted: November 10, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of November 2020.
Posted: November 6, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Ragnar Locker Ransomware. Cyberattacks using Ragnar Ransomware have impacted Biological E Ltd, Capcom, and Campari Group. A description of the […]
Posted: November 5, 2020
As the world watches for the outcome of the U.S. election and election night turns into election days, cybercriminals are riding the wave using social engineering tactics. The Sonicwall Capture Labs Research team has analyzed […]
Posted: October 30, 2020
WordPress is a free and open-source content management system written in PHP. WordPress is used by more than 60 million websites. 38% of the web is built on WordPress. Its plugin architecture allows users to extend […]
Posted: October 26, 2020
This new variant has a number of measures against emulator based execution
Posted: October 22, 2020
SonicWall Capture Labs threat research team has observed attacks exploiting command injection vulnerabilities in AVTECH devices
Posted: October 22, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of NIBIRU ransomware [NIBIRU.RSM] actively spreading in the wild. The NIBIRU ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: October 16, 2020
Does not appear to be for research purposes
Posted: October 13, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of October 2020.
Posted: October 9, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for Emotet. Emotet is an advanced, self-propagating modular malware. Historically, Emotet was a advanced banking malware with botnet capabilities and indicators. […]
Posted: October 4, 2020
SonicWall Capture Labs Threat Research team observes attackers actively exploiting the arbitrary remote code execution vulnerability reported in Tenda AC15 router. Tenda AC15 AC1900AC15 is an AC1900 Smart Dual-band Gigabit Wi-Fi Router designed for smart […]
Posted: October 2, 2020
The SonicWall Capture Labs threat research team have observed a new variant from the Phobos ransomware family. Like Sodinokibi, Phobos is sold on the criminal underground using the ransomware-as-a-service (RaaS) model. It is spread using […]
Posted: September 25, 2020
SonicWall Capture Labs Threat Research team observes attackers actively exploiting the recent remote code execution vulnerability reported in vBulletin. VBulletin is a popular forum software used by about 20,000 websites. It is written in PHP and uses the MySQL database. CVE-2020-17496 | Vulnerability: A remote code execution vulnerability has been reported in […]
Posted: September 25, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Zhen ransomware [Zhen.RSM] actively spreading in the wild. The Zhen ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: September 17, 2020
An elevation of privilege vulnerability exists when an attacker establishes a vulnerable Netlogon secure channel connection to a domain controller, using the Netlogon Remote Protocol (MS-NRPC)
Posted: September 16, 2020
Sends sensitive victim information from the device
Posted: September 9, 2020
This week the Sonicwall Capture Labs research team analyzed an infostealing Trojan that is a mash up of another infostealer Trojan and a ransomware. This Trojan, is called Anubis but borrowed most of its code from […]
Posted: September 8, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of September 2020.
Posted: September 4, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for: ECCENTRIC BANDWAGON, DPRK. The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. North […]
Posted: September 4, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Jackpot ransomware [Jackpot.RSM] actively spreading in the wild. The Jackpot ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 28, 2020
The SonicWall Capture Labs threat research team have observed a new family of ransomware called Darkside. The operators of this ransomware primarily target large corporations. Recently, a Canadian land developer and home builder, Brookfield Residential […]
Posted: August 27, 2020
Advantech WebAccess/NMS is a web browser-based software package for networking management systems (NMS). It is designed with SNMP and ICMP communication standards for managing all Ethernet-Enabled Advantech products and third-parties devices. NMS can bring users an […]
Posted: August 21, 2020
This spyware steals a lot of sensitive victim information
Posted: August 20, 2020
Improper access control in Citrix ADC and Citrix Gateway allows unauthenticated access to certain URL endpoints.
Posted: August 14, 2020
The popular social media app TikTok is getting banned in a number of countries. Fraudsters are using this opportunity to spread fake TikTok apps in an effort to infect and scam more victims. SonicWall Capture […]
Posted: August 14, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of VoidCrypt ransomware [VoidCrypt.RSM] actively spreading in the wild. The VoidCrypt ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 11, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of August 2020.
Posted: August 7, 2020
Overview: SonicWall Capture Labs Threat Research Team recently observed activity for the Chinese Remote Access Trojan Taidoor. Taidoor is composed of two stages, the loader and RAT module. The loader starts the service and decrypts […]
Posted: August 7, 2020
The Sonicwall Capture Labs Research team has come across a Chinese word processor that comes packaged with an infostealer. This word processor comes as a Nullsoft installer and appears to be a legitimate notepad or […]
Posted: July 31, 2020
BIG-IP F5’s BIG-IP is a product family comprises software, hardware, and virtual appliances designed around application availability, access control, and security solutions. BIG-IP software products run on top of F5’s Traffic Management Operation System® (TMOS), […]
Posted: July 31, 2020
The SonicWall Capture Labs threat research team have observed reports of new ransomware named Exorcist. It is reported to have surfaced over the past week on an underground Russian forum using the ransomware-as-a-service (RaaS) model with […]
Posted: July 23, 2020
Command-injection vulnerabilities(CVE-2020-14472) exists in the mainfunction.cgi file in Draytek Vigor3900, Vigor2960, and Vigor 300B devices before 1.5.1.1 . This can lead to remote code execution.
Posted: July 23, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of Reha ransomware [Reha.RSM] actively spreading in the wild. The Reha ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: July 17, 2020
SonicWall RTDMI engine recently detected an Android malware which pretends to look like a CoViD info app and has functionalities of Banking Trojan, Spyware, Keylogger and Ransomware.
Posted: July 16, 2020
Dialers, RATS and apps with suspicious functionalities were observed using the Covid theme
Posted: July 14, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of July 2020.
Posted: July 14, 2020
A remote code execution vulnerability exists in Windows Domain Name System servers when they fail to properly handle requests .
Posted: July 10, 2020
Overview: SonicWall Capture Labs Threat Research Team recently observed new activity for Valak. The Valak malware campaign is usually found lurking inside your email inbox or spam folder. The distribution of Valak is attached to […]
Posted: July 10, 2020
The pandemic has brought the world to a standstill but has not wavered the cybercriminals. It has been a boon to malware authors and has provided a platform to exploit. The Sonicwall Capture Labs Research […]
Posted: July 6, 2020
These improvements focus towards making the malware more stealthy
Posted: July 3, 2020
SonicWall Capture Labs Threat Research team has come across a new malspam campaign, that pretends to be a legitimate pdf but installs malware on the victim’s computer. When a user opens this PDF, they will be […]
Posted: July 1, 2020
The SonicWall Capture Labs threat research team have observed reports of ransomware that encrypts files and appends a “.BadBoy” extension to their names. This variant of the malware is new but is based on Spartacus […]
Posted: June 27, 2020
SonicWall Capture Labs Threat Research team observed attackers actively targeting Zyxel NAS (Network Attached Storage) and firewall products affected by a remote code execution vulnerability. Vulnerability | CVE-2020-9054 A NAS system is a storage device […]
Posted: June 25, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of COBRALOCKER ransomware [COBRALOCKER.RSM] actively spreading in the wild. The COBRALOCKER ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: June 22, 2020
An Android finance app has been uncovered that victimizes its users
Posted: June 18, 2020
Sonicwall Capture Labs threat research team observed Zorab ransomware posing as DJVU ransomware decryptor .
Posted: June 17, 2020
This simple Android locker now uses Coronavirus theme
Posted: June 12, 2020
Black Lives Matter protests have spread across the United States and worldwide. The core of the protests have been activists taking to the streets but in this very online age while also amidst a pandemic, […]
Posted: June 9, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of June 2020.
Posted: June 5, 2020
Overview: SonicWall, Capture Labs Threat Research Team; observed new activity from MUSTANG PANDA, using a unique infection chain related to the PlugX Trojan. The legitimate vulnerable binary is part of Adobe’s Suite which will load […]
Posted: June 5, 2020
Malware authors are using scams with attractive headlines such as – Flipkart lock down sale, Paytm limited period offer.
Posted: June 5, 2020
The SonicWall Capture Labs threat research team have observed reports of spam inviting people to view an “image” in which the email states they are present. The “image”, which in our case was named IMG148150.jpg.js is […]
Posted: June 5, 2020
The SonicWall Capture Labs threat research team have observed reports of spam inviting people to view an “image” in which they are supposedly present. The “image”, which in our case was named IMG148150.jpg.js is actually a […]
Posted: June 5, 2020
This threat continues to evolve
Posted: May 29, 2020
An insecure deserialization vulnerability has been reported in Oracle Weblogic. This vulnerability is due to insufficient validation of user requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a crafted request to a […]
Posted: May 28, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of DragonCyber ransomware [DRAGON.RSM] actively spreading in the wild. The DragonCyber ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: May 26, 2020
This coin-miner contains a number of components that work together
Posted: May 22, 2020
SonicWall Capture Labs threat research team observed Infostealer Trojan hiding in Covid-19 related email attachments.
Posted: May 20, 2020
These apps contain code related to Android spyware SpyNote
Posted: May 16, 2020
This week the Sonicwall Capture Labs research team received yet another Trojan capitalizing on the current Covid-19 pandemic. As more and more states require citizens to wear masks in public, it was inevitable that malware authors […]
Posted: May 12, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of May 2020.
Posted: May 8, 2020
Overview: SonicWall Capture Labs Threat Research Team has observed and trapped activity for the malware family called “Zeus Sphinx” banking Trojan. Sphinx, goes by many other names; as in ZLoader, Terdot, or DELoader. ZLoader, has […]
Posted: May 8, 2020
The SonicWall Capture Labs threat research team have come across new ransomware known to the antivirus community as Instabot. It is actively spreading and the webserver used by the operators is currently online at the […]
Posted: May 4, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PROJECTZORGO ransomware [PROJECTZORGO.RSM] actively spreading in the wild. The PROJECTZORGO ransomware has been specially designed by a team of underground […]
Posted: May 4, 2020
SonicWall Capture Labs Threat Research team has come across a new variant of Raccoon stealer (V1.5) that was used in a malicious COVID-19 campaign. While we wear masks to defend against coronavirus, a bandit masked raccoon seeks to take advantage of the coronavirus outbreak. Infection Cycle As with several other attacks, this campaign […]
Posted: April 23, 2020
SonicWall Capture Labs threat research team observed scams related to CoVid-19 in recent weeks.
Posted: April 23, 2020
Malicious Android apps using the name and icon of Zoom app surface during the lock-down
Posted: April 18, 2020
With stay-at-home orders implemented in several states and cities in the country in an effort to slow the spread of the novel coronavirus, internet data usage has spiked with more people being online and confined […]
Posted: April 14, 2020
SonicWall Capture Labs threat research team has analyzed and addressed Microsoft’s security advisories for the month of April 2020.
Posted: April 13, 2020
SonicWall RTDMI ™ engine detected the NetWire RAT the same day it was created and spread. The RAT is using AMSI bypassing module and Rzy Protector module.
Posted: April 13, 2020
Since the CoViD19 pandemic started, we have been seeing various malware families cashing in on the Covid scare for its distribution. Earlier, we had also posted an alert about the families milking this pandemic. Beware […]
Posted: April 10, 2020
The SonicWall Capture Labs threat research team have come across a new ransomware family known as Ada Covid. The sample we analysed appears to be in early stages of development and does not modify any […]
Posted: April 10, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in April for a downloader called GuLoader. GuLoader is used in conjunction with other malware components such as RATs (Remote Administration […]
Posted: April 8, 2020
Excel 4.0 macro being used to deliver Malware
Posted: April 3, 2020
UPDATED APRIL 8TH Scammers have devised numerous ways of defrauding people in connection with COVID-19. Some examples of scams linked to COVID-19 include treatment, testing, medical supplies, insurance, charity, work from home, investment, student loan, […]
Posted: April 2, 2020
The SonicWall Capture Labs threat research team observed reports of a new variant family of PROJECT23 ransomware [PROJECT23.RSM] actively spreading in the wild. The PROJECT23 ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: March 31, 2020
A Trojan that overwrites the MBR
Posted: March 28, 2020
SonicWall Capture Labs Threat Research team has come across another variant of Metamorfo banking trojan that tries to take advantage of the global crisis due to COVID-19 pandemic. This malware was first seen 2 days […]
Posted: March 25, 2020
Another CoronaVirus related app with malicious capabilities
Posted: March 23, 2020
This ransomware uses scare tactics to lure victims into paying the ransom
Posted: March 20, 2020
As the Corona virus pandemic unfolds, the Sonicwall Capture labs Research team also observe an increasing amount of malicious software actively exploiting this crisis. As we have previously reported, we have seen different malware families […]
Posted: March 20, 2020
The malware started using a new technique which redirects bitcoin transaction to malware author’s bitcoin address.
Posted: March 19, 2020
SonicWall Capture Labs Threat Research Team recently found a new RekenSom Ransomware. Injection Cycle. At the onset of execution, a named mutex “Rekensom” is created to ensure only one instance of the sample is running. […]
Posted: March 19, 2020
SonicWall Capture Labs Threat Research Team has observed a ransomware taking advantage of the Coronavirus fear.
Posted: March 19, 2020
Malware authors are misusing Coronavirus disease (COVID-19) pandemic scare to get into the victim’s machine.
Posted: March 17, 2020
This blog entry contains a constantly updated list of CoronaVirus related threats covered by the SonicWall Capture Labs Threats Research team: Android CoronaVirus Ransomware comes bundled with decryption code (March 23, 2020) IOCs: d1d417235616e4a05096319bb4875f57 GAV […]
Posted: March 17, 2020
Grandoreiro banking trojan is wildly active in Latin America and Europe which is now abusing Google Sites to host its C&C server address.
Posted: March 16, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in March for the “Corona-virus” binary below. Malware authors have taken advantage of the public’s desire for information on the COVID-19 […]
Posted: March 14, 2020
Websites that claim to contain CoronaVirus related information lead to download of Android RAT
Posted: March 13, 2020
A scareware that spreads using the name of Covid-19
Posted: March 13, 2020
The SonicWall Capture Labs Threat Research Team have been observing a family of ransomware called Ouroboros. The malware became prominent around late 2019 and has undergone various transformations over the last few months. It is based […]
Posted: March 12, 2020
A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 (SMBv3) protocol handles certain requests.
Posted: March 10, 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of March 2020.
Posted: March 6, 2020
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in March for the GigaCLR Trojan binary. It starts out as a self-extracting native executable, drops two binaries. One a .NET […]
Posted: March 5, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of MARRACRYPT ransomware [MARRACRYPT.RSM] actively spreading in the wild. The MARRACRYPT ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: February 29, 2020
SonicWall Capture Labs Threat Research team observes attackers actively probing for vulnerable Microsoft Exchange servers. Vulnerability | CVE-2020-0688: A remote code execution vulnerability has been reported in Microsoft Exchange Server. The weakness is due to […]
Posted: February 26, 2020
Android RAT spreads under the name Coronavirus
Posted: February 22, 2020
The Sonicwall Capture Labs Threat Research team has analyzed a malware purporting to be an installer of a popular VPN software. This is not the first time that malware has pretended to be a VPN […]
Posted: February 21, 2020
A remote code execution vulnerability exists in the way that the scripting engine handles objects in memory in Internet Explorer, aka ‘Scripting Engine Memory Corruption Vulnerability’
Posted: February 14, 2020
The SonicWall Capture Labs Threat Research Team have recently come across a new variant of Ako ransomware. The malware spreads via spam email and shares similarities to MedusaLocker. This has lead many to believe that the […]
Posted: February 11, 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of Feburary 2020.
Posted: February 8, 2020
Overview: SonicWall Capture Labs Threat Research Team analyzed a new sample found in (Feb. 2020) for a project named: “Androm” a backdoor Trojan. Trojans appear to contain benign or useful functionality, but also contain code […]
Posted: February 7, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of ENC ransomware [ENC.RSM] actively spreading in the wild. The ENC ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: February 6, 2020
VBscript files are being used for executing DanaBot on victim’s machine, which are delivered as an email attachment inside archive file.
Posted: February 5, 2020
The world is fighting against this deadly coronavirus and running various awareness campaigns and sharing document related to precautionary measures. Cyber threat actors are taking this as an opportunity to get benefits from the fear of people by distributing malware files and claiming them as awareness supporting document for the coronavirus.
Posted: February 1, 2020
Linear eMerge E3: Nortek Security & Control, LLC (NSC) is a leader in wireless security, home automation, and personal safety systems and devices. Nortek Security and Control LLC’s Linear eMerge E3 is an access controller that specifies […]
Posted: January 30, 2020
Android adware that is different from other
Posted: January 28, 2020
Maze ransomware with anti analysis techniques
Posted: January 28, 2020
Fake Antivirus apps detect risky apps based on static json files
Posted: January 24, 2020
Citrix NetScaler ADC/Gateway Directory Traversal Vulnerability CVE-2019-19781 is being actively exploited in the wild.
Posted: January 24, 2020
This week, the SonicWall Capture Labs Threat Research Team came across another cryptominer that pretends to be a media player and even loads a wav file to hide its real intent. Infection Cycle: This Trojan comes […]
Posted: January 17, 2020
The Sonicwall CaptureLabs Threats Research team have observed a newly released version of Cryakl ransomware. First seen in early 2014 spreading via email, Cryakl works like most ransomware by encrypting files and demanding a ransom […]
Posted: January 14, 2020
SonicWall protects its customer against the latest Windows CryptoAPI Spoofing Vulnerability CVE-2020-0601
Posted: January 14, 2020
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2020.
Posted: January 10, 2020
Overview: SonicWall Capture Labs Threat Research Team has been actively monitoring APT33, APT34, APT35, APT39, and tracking destructive malware in the Middle East and has found ZeroClear along with other destructive malware this week. The […]
Posted: January 10, 2020
SonicWall Threats Research Team has analyzed Dustman malware whose code has similarity with “ZeroCleare” malware and it is suspected to be developed by Iranian hackers.
Posted: January 9, 2020
SonicWall RTDMI ™ engine has recently detected a Nullsoft Scriptable Install System (NSIS) compiled executable file which executes new variant of ServHelper malware as a final payload
Posted: January 8, 2020
SonicWall malware research lab has discovered an ongoing phishing campaign which abuses genuine web-based software office suite platform like google docs
Posted: January 7, 2020
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of MZP ransomware [MZP.RSM] actively spreading in the wild. The MZP ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: January 4, 2020
SonicWall Capture Labs Threat Research Team observed large unusual scan activity looking for DVR NVMS-9000-series no-name type network-attached devices. Fig: Hits for the IPS signature […]
Posted: December 27, 2019
SonicWALL Capture Labs Threat Research team observed the below vulnerabilities most exploited by hackers in the year 2019. BlueKeep (CVE-2019-0708) SharePoint Server (CVE-2019-0604) Win32k (CVE-2019-0859) ThinkPhp (CVE not assigned) Atlassian Confluence (CVE-2019-3396) Drupal (CVE-2019-6340) Oracle […]
Posted: December 24, 2019
The EXIT spammer author started from sending emails to his own email address and now has evolved to send emails to multiple recipients by dynamically updating spamming link in the email body. SonicWall threat research team has captured it from scratch.
Posted: December 23, 2019
Christmas themed Android malware/adware
Posted: December 20, 2019
The SonicWall Capture Labs Threat Research Team observed reports of another variant of the Jigsaw ransomware spreading in the wild. The malware is written in .NET and appears to be Czech in origin. Payment is […]
Posted: December 20, 2019
Buffer Overflow vulnerability exists in CODESYS web server
Posted: December 18, 2019
Malware authors are using a new technique to run remote Microsoft Office (MS Office) files. SonicWall threat research team has observed a PDF file with embedded JavaScript, which is using MS Office URI scheme to […]
Posted: December 13, 2019
SonicWall RTDMI ™ engine has recently detected LALALA infostealer which uses batch and PowerShell scripting to steal the victim’s data.
Posted: December 12, 2019
Sonicwall Capture Research team has found an MS-Word file which is being used as initial vector for IcedId bot infection. The malicious word file is being circulated as an email attachment.
Posted: December 10, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of December 2019.
Posted: December 9, 2019
The 3LOSH RAT (Remote Access Trojan) uses Living Off The Land tactics and changes its infection chain based on the presence of Avast Antivirus on victim’s machine.
Posted: December 6, 2019
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity for the “Clop” ransomware. The unique parts of the sample use Asymmetric Encryption and use the Mersenne Twister pseudo-random number generator. […]
Posted: December 4, 2019
SonicWall Threats Research Team found a few Photo editor applications which were distributed via Google Play Store. Upon analysis, these apps were found to be Adware.
Posted: December 3, 2019
Android malware observed during Thanksgiving 2019
Posted: December 2, 2019
.NET Info Stealer sends the stolen user data through an email to the malware author.
Posted: November 27, 2019
What is Apache Solr? Apache Solr is a fast open-source Java search server. Solr enables you to easily create search engines which searches websites, databases and files. It’s been an industry player for almost a decade, offers real-time […]
Posted: November 26, 2019
Android malware that steals sensitive data from infected device
Posted: November 22, 2019
BAT file based ransomware is targeting people in China
Posted: November 22, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new version of the Jigsaw ransomware. The version analysed here appears to be an early debug build and sports a new interface, a significant […]
Posted: November 22, 2019
WiKID Enterprise 2FA (two factor authentication) Enterprise Server is vulnerable to SQL injection through the searchDevices.jsp . (CVE-2019-16917)
Posted: November 15, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of ANTEFRIGUS ransomware [ANTEFRIGUS.RSM] actively spreading in the wild. The ANTEFRIGUS ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: November 12, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of November 2019.
Posted: November 11, 2019
Loki-Bot is an information stealer which is active in the wild since 2015. The bot is now using image steganography and multi-layered protection as a part of its infection.
Posted: November 9, 2019
Introduction: Threat actors and malware authors use various anti-analysis techniques to keep initial access, execution, persistence, privilege escalation, credential access, lateral movement, command and control, and exfiltration of data hidden from the reverse engineers that […]
Posted: November 4, 2019
PHP-FPM (PHP Fast Process Manager) is a FastCGI handler for PHP scripts and applications, especially useful for busier sites. It’s commonly paired with web servers to serve applications which require a PHP framework, such as web forums or login […]
Posted: October 30, 2019
Variants of the Dtrack Remote Access Trojan in the wild
Posted: October 25, 2019
Webmin servers have been under attack after (August) the major disclosure of remote code execution vulnerability. SonicWall Threat Research Lab continues to observe attempts to exploit this vulnerability in the Webmin server. Webmin: With over […]
Posted: October 18, 2019
Attacks exploiting vBulletin Remote command execution vulnerability (CVE-2019-16759) are active in the wild.
Posted: October 17, 2019
Buran ransomware is being distributed via JavaScript file
Posted: October 17, 2019
Astaroth is an information stealer which is primarily affecting Brazilian citizens since 2018. This malware prominently known for using Living Off The Land tactics to become invisible from security software. The latest version of Astaroth uses Alternative Data Stream for storing content and uses Youtube for hosting content.
Posted: October 15, 2019
An android adware that communicates with a bunch of malicious domains and increases the network consumption on the device.
Posted: October 14, 2019
REMCOS designed as Remote Control and Surveillance tool for legitimate purpose but being used by malware authors since a few years. SonicWall RTDMI ™ engine has recently detected a malware file which is using REMCOS V2.5.0 as payload.
Posted: October 11, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new version of Nemty ransomware being delivered via the RIG exploit kit. Previous versions of Nemty have used a variety of methods to infect […]
Posted: October 8, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2019.
Posted: October 7, 2019
WSHRAT V2.0 is using obfuscated Javascript
Posted: October 7, 2019
Dridex now uses delaying techniques to avoid detection
Posted: October 4, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of LOCKID ransomware [LOCKID.RSM] actively spreading in the wild. The LOCKID ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: October 4, 2019
Overview: SonicWall Capture Labs Threat Research Team, recently found a unique Domain Generation Algorithm (DGA) inside a uniquely named file called “Rust Trainer.exe” the sample goes along with the Steam, PC Game called “(RUST)”. The […]
Posted: September 30, 2019
SonicWall Capture Labs Threat Research team spotted a new variant of adwind RAT, a cross-platform, multi-functional malware also known as JRAT that silently steals system information and credentials from the infected machines. This phishing campaign […]
Posted: September 20, 2019
SonicWall Capture Labs Threats Research Team has spotted Lokibot malware attacks in the wild.
Posted: September 19, 2019
A phishing campaign is targeting individuals who submit documents to The Guardian. A spyware laden Android app is being propagated from the site that strives towards confidentiality and anonymity.
Posted: September 10, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of September 2019.
Posted: September 4, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Hildacrypt ransomware [Hildacrypt.RSM] actively spreading in the wild. The Hildacrypt ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 30, 2019
What is HTTP/2? An HTTP/2 is an application-layer protocol running on top of a TCP connection. HTTP/2 is a major revision of the HTTP protocol. HTTP/1.0 allowed only one request to be outstanding at a […]
Posted: August 30, 2019
Android malware hides behind a music streaming player
Posted: August 24, 2019
This week, the SonicWall Capture Labs Threat Research Team has analyzed a malware sample purporting to be a NordVPN installer but was also distributing a Trojan. Purporting to be a legitimate software while slipping in […]
Posted: August 23, 2019
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in August for Simda. Simda steals information and is capable of modifying websites through injection. Microsoft first detailed Simda long ago, […]
Posted: August 16, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant of the Phobos ransomware trojan being served via a blog on a major education institution. A publicly accessible listing of one of the […]
Posted: August 16, 2019
Microsoft patched new wormable vulnerabilities in Windows Remote desktop Services on patch tuesday. SonicWALL provides protection against them.
Posted: August 13, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of August 2019.
Posted: August 12, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Ferrlock ransomware [Ferrlock.RSM] actively spreading in the wild. The FERRLOCK ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: August 9, 2019
The cachemgr.cgi web module of Squid is vulnerable to cross-site scripting via the user_name or auth parameter.
Posted: August 2, 2019
Jira is a proprietary issue tracking product developed by Atlassian that allows bug tracking and agile project management. It runs on a bundled Apache Tomcat application server and accessible via HTTP over port 8080/TCP or […]
Posted: August 1, 2019
There are new scams related to the viral FaceApp Andoird application
Posted: July 27, 2019
Exim remote command execution vulnerability has been exploited in the wild since June. This week, Security researchers have observed that Exim vulnerability (CVE-2019-10149) is being exploited to install a new Watchbog Linux malware variant. After successful […]
Posted: July 27, 2019
The SonicWall Capture Labs Threat Research Team has spotted Metamorfo malware known to distribute banking Trojans using a legitimate tool by Avast, a popular security product. The malware arrives as a seemingly harmless Adobe installer […]
Posted: July 19, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a variant of the BlackMoon banking trojan called SkyStars. BlackMoon was originally designed to steal user credentials from various South Korean banking institutions. In addition to […]
Posted: July 19, 2019
A new wave of malicious Office files are being used to distribute Banking Trojan belonging to the Ursnif family
Posted: July 19, 2019
The SonicWall Capture Labs Threat Research team observed Windows Win32k Elevation of Privilege Vulnerability (CVE-2019-0859) being actively exploited in the wild.
Posted: July 12, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Guesswho ransomware [Guesswho.RSM] actively spreading in the wild. The GUESSWHO ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: July 9, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2019.
Posted: July 6, 2019
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in July for the “FlawedAmmy”, Windows RAT, Malware Family. SonicWall has covered malicious MS-Office files being used to distribute “FlawedAmmy” in […]
Posted: July 3, 2019
This malware packs components of a malicious banker, ransomware, phishing, RAT in one malicious package.
Posted: July 1, 2019
SonicWall has observed a new wave of attacks targeting Huawei home routers in attempt to exploit the vulnerability CVE-2017-17215. The attack started by scanning internet-facing IP’s on port 37215 and then attempting to POST […]
Posted: June 28, 2019
This week, the Sonicwall Capture Labs team came across another cryptominer that targets the Linux platform. This Trojan arrives armed with functionalities to ensure successful infection including using rootkit and known Linux exploits. Infection Cycle […]
Posted: June 26, 2019
SonicWall Capture Labs Threat Research Team identified a new wave of malicious Office files being used to distribute Remote Administration Tool belonging to FlawedAmmyy family. It has been observed that both MS-Excel and MS-Word files […]
Posted: June 21, 2019
The SonicWall Capture Labs Threat Research Team have received reports of ransomware that encrypts files and gives them a .poop extenstion. The malware is created based on the open source platform known as HiddenTear. The operator […]
Posted: June 18, 2019
Attacks exploiting an one and half year old vulnerability in Microsoft office, are active in the wild again.
Posted: June 14, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of JURASIK ransomware [JSWormC.RMS] actively spreading in the wild. The JURASIK ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: June 11, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of June 2019.
Posted: June 7, 2019
Overview: SonicWall Capture Labs Threat Research Team recently found a new variant sample and activity in June for the TrickBot malware family. This family has been well known for many years, mainly focused on stealing […]
Posted: June 7, 2019
SonicWall Capture Labs Threats Research Team observed a highly obfuscated and packed Android malware which showed hints of anti-vm capabilities. Upon getting the malware to execute and studying its behavior this sample turned out to […]
Posted: May 31, 2019
This week, SonicWall Capture Labs Threat Research team observed a huge spike in the hits targeting the Microsoft SharePoint server flaw. These HTTP requests are made to command and control the hosts that are infected […]
Posted: May 31, 2019
The City of Baltimore remains paralyzed after a ransomware has hit 10,000’s of the city government’s computers holding their data hostage for the past couple of weeks now. The ransomware dubbed as Robbinhood has also […]
Posted: May 24, 2019
The SonicWall Capture Labs Threat Research Team have observed reports of Sodinokibi, ransomware that exploits a deserialization vulnerability in Oracle WebLogic servers (CVE-2019-2725) as its primary infection vector. The exploit has also been used by […]
Posted: May 23, 2019
SonicWall Capture Labs Threat Research team has observed a spam email campaign sending fake remittance advice emails that spreads Emotet malware through malicious Word document attachments. The message claims that a recent payment has been […]
Posted: May 23, 2019
Overview: The Microsoft Security Response Center (MSRC) stated, “On Microsoft’s Patch Tuesday”, that a remote code execution vulnerability exists in the Remote Desktop Services formerly known as Terminal Services when an unauthenticated attacker connects to […]
Posted: May 17, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new multi-component variant POS family named Tinypos Detected as GAV: Tinypos.A actively spreading in the wild. Contents of TinyPOS Malware Infection Cycle: Tinypos […]
Posted: May 14, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2019.
Posted: May 6, 2019
Overview: SonicWall Capture Labs Threat Research Team recently found a new sample and activity in May for GandCrab Ransomware. GandCrab is well known across 2018 and 2019 as ransomware-as-a-service (RaaS). The RaaS model allows affiliates […]
Posted: May 3, 2019
An insecure deserialization vulnerability has been reported in Oracle WebLogic server. This vulnerability is due to insufficient validation of XML data within the body of HTTP POST requests. A remote attacker can exploit this vulnerability […]
Posted: May 2, 2019
SonicWall Capture Labs Threats Research Team identified few fake apps that have a worm-like spreading capability via WhatsApp messages. These applications were not seen to be present on the Play Store, based on our analysis […]
Posted: April 29, 2019
SonicWall Capture Labs Threat Research team has observed a huge phishing campaign that spreads NanoCore Remote Access Trojan (RAT) through malicious attachments. As with many other attacks, this campaign starts with a phishing email that […]
Posted: April 26, 2019
The SonicWall Capture Labs Threat Research Team have received reports of ransomware that appears to be in early development called SadComputer. Although the malware only gives its victim 5 minutes to pay, it also provides […]
Posted: April 20, 2019
Overview: SonicWall Capture Labs Threat Research Team, recently found, MongoLock ransomware. MongoLock tries to remove files, along with formatting drives using special commands through “cmd” and targets databases with weak security settings. MongoLock will drop […]
Posted: April 19, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Phobos ransomware [Phobos.RSM] actively spreading in the wild. The Phobos ransomware encrypts the victim’s files with a strong encryption algorithm […]
Posted: April 10, 2019
Part 2 of our analysis on Gretel devices. In this blog we present our analysis of an actual Gretel device.
Posted: April 9, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of April 2019.
Posted: April 8, 2019
Part 1 of our analysis of Gretel A7 device which was report to contain pre-installed mawlare
Posted: April 5, 2019
Cryptocurrency has been the conduit for ransomware payments and its perceived anonymity has made this type of attack very lucrative for cybercriminals. This week the SonicWALL Capture Labs Research team has become aware of yet […]
Posted: April 5, 2019
Overview: SonicWall Capture Labs Threat Research Team, recently found, “VirLocker Generation 8” also known as “VirLock”, and “VirRansom”. This variation, has been updated with many new techniques and anti-debugging routines that make it even harder […]
Posted: April 3, 2019
MS Office files that are part of phishing emails are now spreading Gorloted malware. MS-Excel, MS-Word and RTF files were observed doing so.
Posted: April 2, 2019
Norsk Hydro, one of the largest aluminum producers in Norway have been hit by ransomware known as LockerGoga. The financial damage to the company is severe and is reported to exceed $40M. After temporarily shutting […]
Posted: March 27, 2019
WordPress is a free open-source content management system. It powers about 30% of all websites on the internet and 33% of the Top 10 Million Sites globally. There are over 50,000 WordPress plugins available to […]
Posted: March 23, 2019
WinRAR is the world’s most popular compression tool with over 500 million users worldwide. Last month, a critical WinRAR vulnerability, that existed for 19 years, was disclosed. This vulnerability is easy to exploit and all […]
Posted: March 22, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant POS family named GlitchPOS Detected as GAV: GlitchPOS.A actively spreading in the wild. GlitchPOS is a fake cat game which is embedded […]
Posted: March 13, 2019
Overview: SonicWall Capture Labs Threat Research Team discovered another generic MFC Virus which is capable of copying itself and has a detrimental effect on the system it’s executed on by corrupting the system and destroying […]
Posted: March 12, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of March 2019.
Posted: March 12, 2019
Malicious spyware and adware is spreading for Android using the name of the popular game Apex Legends
Posted: March 9, 2019
Over the past few years, the SonicWALL Capture Labs Threat Research team has observed an increase in malware attacks that use legitimate Windows tools to carry out its malicious activities. Malware authors have been leveraging […]
Posted: March 4, 2019
SonicWall has been observing a campaign targeting Brazil, which involves a malicious PDF file. The attack begins when a user receives a malicious PDF file as an attachment with legitimate looking email. Scripts are now […]
Posted: March 4, 2019
Overview: SonicWall Capture Labs Threat Research Team, recently found the VirLock, JPMorgan Chase Paymentech, BitCoin Ransomware active and floating around in 2019. VirLock, sometimes known as VirLocker or VirRansom is also known as metamorphic ransomware. […]
Posted: March 2, 2019
The SonicWall Capture Labs Threat Research Team have recently come across malware that appears to be targeting the Minecraft gaming community. Rather than encrypting files and holding them ransom for a fee, the aim of […]
Posted: February 23, 2019
A remote code execution vulnerability has been reported in WinRAR, exposing 500 million users to a possible attack. The vulnerability is due to improper handling of the relative path of a file in an ACE […]
Posted: February 21, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Protected Ransomware [Protected.RSM] actively spreading in the wild. This time hackers claim that they tried to save your personal files […]
Posted: February 14, 2019
This malware clips victim’s Bitcoin and Ethereum wallet addresses and replaces it with the attacker’s
Posted: February 12, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of February 2019.
Posted: February 9, 2019
Overview: The SonicWall Capture Labs Threat Research Team, recently discovered the “ORCA” remote access Trojan. ORCA, allows an attacker to manipulate various processes and services from the command line. The attacker can execute arbitrary commands […]
Posted: February 8, 2019
Since we have first reported seeing Jigsaw Ransomware back in 2016, we have seen several spinoffs of this ransomware. And because its source code can easily be downloaded from the world wide web we have […]
Posted: February 7, 2019
SonicWall has recently spotted a new Bank of America phishing campaign. The scam email claims to come from Bank of America Merrill Lynch, however the email includes a malicious Excel attachment. The Excel document has […]
Posted: February 1, 2019
The SonicWall Capture Labs Threat Research Team have recently discovered a build of an open source ransomware known as Arescrypt in the wild. The source code is hosted on github and is promised to be […]
Posted: January 30, 2019
EdgeScheduler is a simple looking VBScript Bot which has limitless power to control victim’s system and steal information from it. It is also capable of executing another payload downloaded from the CNC server.
Posted: January 25, 2019
SonicWall Capture Labs Threat Research team has recently observed that attackers are actively exploiting Horde IMP vulnerability. Over 3,000 firewalls have been hit with 20,000+ requests in the last two days. Successful exploit could allow […]
Posted: January 23, 2019
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of CrypRAT Infostealer [CrypRAT.A] actively spreading in the wild. Memory Snapshot of the CrypRAT Infostealer ( Raw and Encrypted Data […]
Posted: January 22, 2019
Overview: The SonicWall Capture Labs Threat Research Team would like to showcase the following spear phishing attempt with the attached .NET Nanocore Trojan. The following email details are below: — From: “E… V…”<a…@g…co.tz” Subject: contract […]
Posted: January 22, 2019
GandCrab v5.1 Ransomware is being distributed using obfuscated JavaScript files
Posted: January 18, 2019
The Sonicwall Capture Labs Research team has come across a spam campaign distributing not just one but two Remote Access Trojans (RATs). Both RATs have historically been seen propagated through spam independently as an email […]
Posted: January 16, 2019
An Android adware that shows advertisements on an infected device based on its connectivity status
Posted: January 8, 2019
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of January 2019.
Posted: January 8, 2019
Zazdi botnet boasts of 50 commands that can be used to steal data from infected devices
Posted: January 7, 2019
Overview: SonicWall Capture Labs Threat Research team has captured and observed the following sample: The “Yubby” Trojan is listed as a (Trojan, PUA or PUP) by many anti-virus outfits and help forums around the internet. […]
Posted: January 4, 2019
SonicWall Capture Labs Threat Research team has observed a new variant of the American Express phishing campaign. It starts with a phishing email pretending to come from American Express Fraud protection services. It then requests user […]
Posted: January 4, 2019
The SonicWall Capture Labs Threat Research Team have recently observed an unusual form of ransomware based on ShellLocker source code. Although this variant does do damage to its victim and contains the usual cryptographic capabilities […]
Posted: January 4, 2019
SonicWall RTDMI engine has recently detected a surge in archive files (~1600-8900 Bytes in size) floating in the network. Unavailability of the archive file in any of the popular threat intelligence sharing portals like the […]
Posted: December 22, 2018
ThinkPHP is a web application development framework based on PHP, distributed under the Apache2 open-source license. It focuses on rapid development of enterprise projects and is very popular in China where over 40,000 servers run […]
Posted: December 20, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Evolution Ransomware [Evolution.RSM] actively spreading in the wild. Evolution encrypts the victims files with a strong encryption algorithm until the […]
Posted: December 20, 2018
SonicWall Capture Labs Threat Research Team has addressed the recent Internet Explorer Zero Day CVE-2018-8653
Posted: December 13, 2018
Overview: SonicWall Capture Labs, (Threat Research Team): is announcing the: “Trojan variant called PcShare, with the Server “ups2 V1.0.2”. The older Forshare Trojan was announced around the time WannaCry and the EternalBlue Exploit were being […]
Posted: December 12, 2018
SonicWall Capture Labs Research team recently observed a malware campaign delivering a GandCrab ransomware hiding under JavaScript and PowerShell. The ransomware is capable of encrypting the files when installed on the victims computer and ask […]
Posted: December 11, 2018
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of December 2018.
Posted: December 11, 2018
SonicWall RTDMI engine detected a number of PDF files containing link to malicious archive file. The non-existence of this malicious file at the time of detection in popular malware search portals like the VirusTotal and […]
Posted: December 6, 2018
Archive file containing a downloader with multiple stages to reach the malicious file was caught by SonicWall RTDMI engine
Posted: December 6, 2018
SonicWALL Capture Labs provides protection against the recent Flash zero day.
Posted: December 5, 2018
Android Banker campaign Dew18 targets Korean banks
Posted: December 1, 2018
The first step in a web attack begins with mass-scanning the web for vulnerable applications and/or servers. When unpatched software is identified, an attempt is made to exploit the vulnerability. Any vulnerability in the web […]
Posted: November 30, 2018
The SonicWALL Capture Labs team has come across another cryptomining Trojan for Linux which runs a slew of commands to ensure it will run on the system and carry out its Monero-mining activity uninterrupted.
Posted: November 22, 2018
Two weeks ago, SonicWall Threat Research Lab had researched and blogged about a large malspam campaign delivering Emotet. Emotet has come back again for holiday season with different tactics and better obfuscation techniques. These spam […]
Posted: November 21, 2018
Overview: SonicWall, network sensor telemetry reported a malicious sample that displayed the following DNS and User-Agent information. So, lets take a deeper look into the sample: Static Sample Information: Sample SHA-256: 816f756d39c6cf9e885c76166e2e194377e475d46e23f61ea3582c3ab5340187 Reviewing some of […]
Posted: November 21, 2018
As retailers are gearing up with their Black Friday doorbuster deals, cybercriminals are also upping the ante to lure shoppers into clicking that malicious link or downloading that latest shopping app in exchange for deals and best prices on their most coveted items.
Posted: November 20, 2018
The SonicWall Capture Labs Threat Research Team have recently come across a fake ransomware trojan that pretends to hold a victim’s files hostage. Although its ransom message is intimidating and a Monero address is provided […]
Posted: November 16, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Argus Ransomware [Argus.RSM] actively spreading in the wild. Argus encrypts the victims files with a strong encryption algorithm until the […]
Posted: November 14, 2018
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of November 2018.
Posted: November 12, 2018
SonicWall Threat Research Lab has come across a recent spam email campaign sending fake invoice and payment receipt emails in large numbers. Email messages claim that the payment has already been made from the user’s […]
Posted: November 10, 2018
The SonicWALL Capture Labs Threat Research team has come across another Trojan that disguises itself as a legitimate application update file but installs a cryptominer in the background. This Trojan appears to arrive as a […]
Posted: November 2, 2018
Cisco Prime Infrastructure: Cisco Prime Infrastructure simplifies the management of wireless and wired networks. This single, unified solution provides wired and wireless lifecycle management, and application visibility and control. It also offers policy monitoring and […]
Posted: November 2, 2018
The SonicWall Capture Labs Threat Research Team have recently spotted a ransomware trojan calling itself SymmiWare. There have been other malware named “Symmi” in the past, however, this ransomware does not appear to be related. […]
Posted: October 27, 2018
A widely used jQuery plugin, ‘jQuery-File-Upload’, also called Blueimp contains a critical vulnerability that allows attackers to perform remote code execution. This vulnerability has been in existence for several years and potentially places 7,800 web […]
Posted: October 23, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of FILESLOCKER [FILESLOCKER.RSM] actively spreading in the wild. FILESLOCKER encrypts the victims files with a strong encryption algorithm until the […]
Posted: October 20, 2018
SonicWall Threat Research Lab has observed a phishing email campaign sending fake invoice emails in large numbers. Email messages and the documents have been crafted using social engineering tricks to lure recipients into opening the attached […]
Posted: October 17, 2018
Android adware campaign – Panini – consumes network data at a high rate once it begins execution
Posted: October 12, 2018
Interest in cryptocurrencies has not wavered despite a period of sinking market values. Cybercriminals are still ramping up efforts to obtain Blockchain assets in the hopes that their values could spike back up again in […]
Posted: October 10, 2018
SonicWall Capture Labs Threat Research Team has analyzed and addressed Microsoft’s security advisories for the month of October 2018.
Posted: October 5, 2018
The SonicWall Capture Labs Threat Research Team have been recently tracking new a ransomware family known as Kraken. This ransomware has reportedly been served by a compromised anti spyware site superantispyware.com. The operators demand 0.75 BTC […]
Posted: October 5, 2018
SonicWall Threat Research Lab has recently spotted a massive IOT attack, attempting to exploit a remote code execution vulnerability in Netgear DGN series routers. It seems to have started over the weekend and the detection rate […]
Posted: October 5, 2018
SonicWall RTDMI engine detected an archive attachment consisting of malicious word documents inside of spam email appearing to be from the IRS department.
Posted: September 29, 2018
SonicWall Threat Research Lab has observed the vulnerabilities that are actively being exploited from the beginning of this month. Please find below the list of vulnerabilities, vendor advisory information and the SonicWall signatures to protect against […]
Posted: September 27, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of LockBkdr [LockCrypt.BKR] actively spreading in the wild. LockBkdr encrypts the victims files with a strong encryption algorithm until the victim […]
Posted: September 22, 2018
SonicWall Threat Research Lab has recently observed a huge spike in detection for the XML-RPC remote code injection. ~100,000 hits observed in the last few days attempting to exploit ~3000 servers behind the SonicWall Firewalls. […]
Posted: September 21, 2018
A malware that seeks and removes cryptominers from an infected device.
Posted: September 15, 2018
The SonicWall Capture Labs Threat Research team has been observing an active spam campaign spreading a banking Trojan widely known as Feodo. This spam uses a very common tactic of sending a fake invoice or […]
Posted: September 12, 2018
SonicWall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of September 2018.
Posted: September 8, 2018
SonicWall has recently spotted a new phishing email campaign spreading actively in the last few days. Malicious email, disguised as a legitimate invoice payment or FedEx receipt, delivers a RAR attachment to the targeted users. […]
Posted: September 4, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of ECHELON [ECHELON.A] actively spreading in the wild. The Malware gathers confidential information from the computer such as login details, passwords […]
Posted: September 1, 2018
An OGNL vulnerability (CVE-2018-11776) has been discovered in Apache Struts 2. This is due to incorrect evaluation of the namespace component of a URL as an OGNL expression. This is exposed on servers running Struts under […]
Posted: August 29, 2018
An Android spyware that steals user related data from social apps and opens the device to be monitored remotely is still active in the wild
Posted: August 24, 2018
Over a billion worth of cryptocurrencies have been reportedly stolen this year so far and we continue to see reports of crypto theft daily. Every time a huge cyberheist is reported cryptocurrency prices slump but […]
Posted: August 23, 2018
The Apache HTTP Server, also called Apache or httpd is a free and open-source HTTP server. Apache is the most popular web server on the Internet for over two decades. Apache’s core functionality is to […]
Posted: August 17, 2018
The SonicWall Capture Labs Threat Research Team have come across a variant of the Ramnit trojan dropping a Monero Cryptocurrency miner onto the infected system. As cryptocurrency prices continue to drop (at the current time […]
Posted: August 15, 2018
Zero day CVE’s in the wild: Find below the two zero day CVE’s for which SonicWall has provided protection with the specified signatures CVE-2018-8414 Windows Shell Remote Code Execution Vulnerability This is publicly known and being […]
Posted: August 10, 2018
SonicWall is observing attackers leveraging a high risk vulnerability reported in Jenkins CI server. We strongly recommend all customers to update Jenkins to the latest version.
Posted: August 10, 2018
Fortnite releases for Android devices, but with some serious security loopholes
Posted: August 9, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of EVERBE [Everbe.RSM] actively spreading in the wild. EVERBE encrypts the victim’s files with a strong encryption algorithm until the victim […]
Posted: August 3, 2018
SonicWall RTDMI engine detects multiple targeted attacks towards Italy delivered via malicious Microsoft Excel document.
Posted: August 3, 2018
SonicWall is observing a massive Cryptojacking malware that is spreading aggressively throughout Brazil. The Malware attempts to exploit the vulnerability CVE-2018-14847 by targeting the unpatched versions of MikroTik RouterOS. Compromised MikroTik routers have been made […]
Posted: August 2, 2018
PowerGhost is a threat which uses obfuscated PowerShell scripts to silently mine cryptocurrency and spread to other machines via Eternal Blue Exploit.
Posted: July 30, 2018
A vulnerability in the Windows file type .SettingContent-ms has been reported last month that could allow arbitrary code execution on a targeted machine. “.SettingContent-ms” introduced in Windows 8 is a shortcut file that can link […]
Posted: July 27, 2018
SonicWall RTDMI engine observed a malware campaign delivering a new variant of AZORult Stealer. AZORult is an infostealer, which collects various information from the infected system and sends it to the server. The non-existence of […]
Posted: July 27, 2018
Running pirated software comes with risks. Counterfeit software packages commonly come bundled with adware or malware that can infect your system. But most importantly, using pirated copies is illegal and copyright infringement may result to […]
Posted: July 20, 2018
SonicWall sees an older PDF exploit being active and successful in tricking users into executing an arbitrary local program specified in a PDF document. This PDF does not require JavaScript to be enabled nor the […]
Posted: July 20, 2018
The Sonicwall Capture Labs Threats Research Team have come across malware purporting to be a mod for the popular online multiplayer game Fortnite. Mods for such popular games are commonplace and it is quite typical […]
Posted: July 16, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of EVIL LOCKER [EVILLOCKER.RSM] actively spreading in the wild. EVIL LOCKER encrypts the victims files with a strong encryption algorithm until […]
Posted: July 11, 2018
Sonicwall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of July 2018.
Posted: July 6, 2018
Fake Fortnite app promotions have infested YouTube videos and are scamming a number of gamers eager to get Fortnite working on Android. We take a look at different types of scams that are rampant these days.
Posted: July 6, 2018
SonicWall Threat Research Lab is seeing attempts to exploit the CVE-2018-1111 vulnerability – An OS command injection flaw in the Red Hat NetworkManager integration script included in its DHCP package. This is due to improper […]
Posted: June 30, 2018
SonicWall Threat Research lab is observing a fresh wave of PDF’s with a launch action command that runs PowerShell script to download a remote payload and execute it on the targeted device. Remote servers are […]
Posted: June 29, 2018
Cybercriminals these days have employed ingenious ways to steal cryptocurrencies. Cryptojacking has become a conventional money maker for tech savvy website owners and has also been the method of choice by hackers of vulnerable websites. Serving […]
Posted: June 22, 2018
SonicWall Threat Research lab is seeing a huge volume of RTF exploits with embedded OLE objects exploiting the Microsoft vulnerabilities (CVE-2017-11882 & CVE-2017-0199 ). CVE-2017-11882 is because of incorrect handling of embedded Equation Editor OLE objects in […]
Posted: June 22, 2018
The Sonicwall Capture Labs Threats Research team have been recently tracking malware deriving from Ransomware construction kits. Xorist, is one such ransomware where a kit is provided and an attacker can configure various features such […]
Posted: June 13, 2018
Sonicwall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of June 2018.
Posted: June 11, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of BitPaymer Ransomware [BitPaymer.RSM] actively spreading in the wild. BitPaymer Ransomware encrypts the victims files with a strong encryption algorithm until […]
Posted: June 8, 2018
Vulnerability Info: A zero day exploit was discovered in the Microsoft VBScript engine around the middle of April called “Double Kill”. The (RCE) Remote Code Execution vulnerability is labeled as a (UAF) Use-After-Free memory corruption […]
Posted: June 7, 2018
The Slempo campaign for Android dates back to 2014 following the code leak of GM Bot. We recently observed a spike in Slempo samples which is odd. Can this be a signal of new things to come for Slempo ?
Posted: June 2, 2018
SonicWall has been observing a new variant of Ramnit lately. Ramnit a persistent VBScript worm first appeared around 2010, known for spreading aggressively by self-replicating & injecting into other processes, executables, dll & html files. To give some […]
Posted: June 1, 2018
Ransomware has been so rampant that we receive multiple different variants daily. The SonicWall Capture Labs Threat Research Team has recently received a sample of the Jigsaw ransomware and at first glance is not different from […]
Posted: May 25, 2018
An out-of-bounds read vulnerability has been recently reported in the JPEG2000 component of the Adobe Acrobat Reader. This vulnerability is due to lack of validation while processing the embedded JPEG2000 image in the PDF document. […]
Posted: May 25, 2018
The SonicWall Capture Labs Threat Research Team have observed reports of ransomware named Sigrun, after the Norse mythological figure. As expected, this Trojan encrypts files and demands a ransom for recovery. To lighten the mood […]
Posted: May 22, 2018
SonicWall RTDMI engine identified a new malware campaign using malicious Microsoft Office Document files. The document file contains VBA macro code, which gets triggered once the document is opened. Upon execution the macro decrypts a […]
Posted: May 17, 2018
RIG EK has been the most popular exploit kit with many different malicious payloads. Compromised domains are injected with malicious iframes to redirect the users visiting those domains to Rig EK landing page. Rig EK can then exploit using Javascript, VBSscript or Flash vulnerabilities. After successfully exploiting, it drops more malicious payloads from Trojans to Ransomwares to execute in the victim’s environment.
Posted: May 16, 2018
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Gandcrab Ransomware [Gandcrab.RSM] actively spreading in the wild. Gandcrab Ransomware encrypts the victims files with a strong encryption algorithm until […]
Posted: May 9, 2018
Sonicwall Capture Labs Threats Research Team has analyzed and addressed Microsoft’s security advisories for the month of May 2018.
Posted: May 8, 2018
The Roaming Mantis campaign for Android spreads via hijacked router DNS. Once it infects a device, the malware keeps an eye on OTP codes coming from certain targeted apps. Many indicators point to this campaign’s likely geographical target – Asia.
Posted: May 5, 2018
The SonicWall Capture Labs Threat Research Team has observed a Trojan dropping an FTP client which is specially crafted to connect to a hardcoded remote FTP server. It steals stored password information from a victim’s machine using a multitude of scripts executed in succession to perform the entire infection cycle.
Posted: May 4, 2018
Joomla! is a free and open source content management system (CMS) used for publishing web content. An SQL injection vulnerability exists in the Joomla! com_users component due to insufficient input validation of one of the parameters passed in the HTTP request. A malicious user can craft a HTTP request with a value that modifies the constructed SQL query to perform operations that the programmer did not originally intend. Successful exploitation could result in disclosure of sensitive information.
Posted: April 26, 2018
Description The SonicWall Capture Labs Threat Research Team have received reports of a new variant of the Satan ransomware. The Satan ransomware has been around since early 2017 but it was not until late 2017 […]
Posted: April 26, 2018
Description NetGain Systems Enterprise Manager is an IT monitoring software. It implements a TFTP server for uploading and downloading configuration files. A directory traversal vulnerability (AKA CVE-2017-16597) was discovered in NetGain Enterprise Manager. An unauthenticated attacker […]
Posted: April 20, 2018
Description The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of PUBG Ransomware [Pubg.RSM] actively spreading in the wild. PUBG Ransomware encrypts the victims files and force them to play an hour of […]
Posted: April 12, 2018
Description SonicWall has analyzed and addressed Microsoft’s security advisories for the month of April 2018. A list of issues reported, along with SonicWall coverage information are as follows: Microsoft Coverages: CVE-2018-0870 Internet Explorer Memory Corruption Vulnerability […]
Posted: April 10, 2018
Description Crypto miners have been rampant on Android devices for the last few months. Compared to ransomwares, crypto miners are believed to be more lucrative in terms of the quick revenue they generate. Sonicwall Capture […]
Posted: April 6, 2018
Samba is a free software re-implementation of the SMB/CIFS networking protocol, providing file and print services for various Microsoft Windows clients. A Null pointer Denial of Service vulnerability exists on Samba print service for Samba Team Samba 4.0.0 to 4.4.x, 4.5.x to 4.5.16, 4.6.x to 4.6.14 and 4.7.x to 4.7.6, which may cause a remote Denial of Service.
When Samba’s deamon application, smbd, handling the printer server name, the 3 functions will be called: RpcEnumPrinterDrivers() -> _spoolss_EnumPrinterDrivers() -> canon_servername(). The RpcEnumPrinterDrivers request will be forwarded to the _spoolss_EnumPrinterDrivers() function to handle.
Posted: April 6, 2018
The SonicWall Capture Labs Threat Research Team receives reports of new strains and versions of ransomwares daily. This week we analyzed this ransomware called Lockcrypt.
Posted: April 5, 2018
Description SonicWALL Threat Research Labs recently received reports of attackers targeting websites with ransomware. Attackers are uploading malicious PHP files onto the websites. These PHP files allow the attacker to encrypt the website’s files and […]
Posted: March 31, 2018
Samba is a free software re-implementation of the SMB/CIFS networking protocol, providing file and print services for various Microsoft Windows clients and can integrate with a Microsoft Windows Server domain, either as a Domain Controller (DC) or as a domain member. As of version 4, it supports Active Directory and Microsoft Windows NT domains.
The Active Directory it supports, is a directory service used by Microsoft systems on Windows domain networks, in which Samba will provide user authentication services as the Active Directory Domain Controller (AC DC). To store the user privilege information, a object called nTSecurityDescriptor will be used.
Posted: March 30, 2018
Description Sonicwall RTDMI engine as part of Sonicwall Capture ATP service identified a new malicious Microsoft Office Document file embedded with a Java malware RAT (Remote Access Trojan) in real time. Among many of its […]
Posted: March 29, 2018
The SonicWall Capture Labs Threat Research Team have come across a fake ransomware Trojan that functions as a bootlocker. It is named Uselessdisk because of the debugging symbols and project name strings that the developer has left in the executable file. Its aim is simple: render the system unbootable and pretend that files on the system have been encrypted. Ask for $300 USD in bitcoin for file recovery.
Posted: March 23, 2018
Description Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over packet-switched, variable-latency data networks. In operation since before 1985, NTP is one of the oldest Internet protocols in current […]
Posted: March 23, 2018
Description The SonicWall Capture Labs Threat Research Team observed a new POS malware Called UDPOS [UDPOS.A]. UDPOS is a newly-discovered malware that preys upon credit card payment systems. UDPoS uses DNS tunneling to exfiltrate the data from […]
Posted: March 16, 2018
Description Because of the cryptocurrency market’s significant growth in the past couple of years, everyone wants a piece of that pie. Ransomare is still the most popular way for cybercriminals to generate that cryptocurrency income, […]
Posted: March 9, 2018
A deserialization vulnerability exists in the Red Hat JBoss Data Grid, allowing an attacker could inject a malicious serialized object via the cache, and execute arbitrary code with the privilege of the client application.
Posted: March 6, 2018
SonicWall Capture Labs Threats Research team observed an Android Remote Administration Tool (RAT) named Ahmyth which is being trojanized into other Android apps and is getting distributed in the wild. Upon infecting an Android device this RAT can send sensitive information present on the device like SMS and call logs as well as perform functions like taking a picture, sending a text message or record audio via the microphone.
Posted: March 2, 2018
The Sonicwall Capture Labs Threats Research team have come across Bosnian ransomware pretending to be from the Croatian Financial Agency (FINA). It is reported to arrive in the form of an email and demands an […]
Posted: March 2, 2018
A memory corruption vulnerability has been reported on Asterisk, allowing Denial-of-Service or remote code execution on the target server
Posted: February 23, 2018
The SonicWall Capture Labs Threat Research Team observed new malware called OlympicDestroyer [OlympicDestroyer.A].The Winter Olympics this year is being held in Pyeongchang, South Korea and OlympicDestroyer malware was designed to knock computers
offline by deleting critical system files, which would render the machines useless. This Malware was used in an attack on the opening ceremony of the Pyeongchang
Posted: February 23, 2018
A command injection vulnerability exists in Oracle Remote Diagnostics Agent, allowing an attacker to execute arbitrary code on the target server.
Posted: February 15, 2018
SonicWall has analyzed and addressed Microsofts security advisories for the month of Feburary 2018.
Posted: February 13, 2018
Another crypto-miner for Android comes with propagation capabilities. Reports suggest this malware comes with worm-like propagation capabilities making it more dangerous compared to the usual crypto-miners that are rising in numbers
Posted: February 9, 2018
A code execution vulnerability exists in PHP’s exif extension module, which could cause denial of service on the server side. An attacker can exploit this vulnerability by sending a certain crafted JPEG or TIFF file to a web application. The cause of this vulnerability is due to a null pointer exception during PHP parsing the exif part of a picture file. When handling the exif section, the PHP module will have a series of encoding converter functions.
Posted: February 9, 2018
An unsolicited email came with a link to download a fake UPS shipping label creator which dropped a malicious jar file. This week, the SonicWall Capture Labs Threat Research Team has seen a java-based trojan delivered via malware spam. These unsolicited emails came very similar as other malspam campaigns, disguised as important messages containing links to download official documents. The sample we analyzed however, came with a link to download a fake UPS shipping label creator.
Posted: February 9, 2018
desuCrypt variant named InsaneCrypt spotted in the wild. The Sonicwall Capture Labs Threats Research team have come across a variant of the DesuCrypt ransomware called InsaneCrypt. This variant uses RC4 encryption and encrypts files immediately upon execution. Unlike earlier ransomware, there are no threatening countdown timers and ransom payments amounts immediately presented to the victim. Instead, as is the growing trend with most ransomware today, the victim must communicate with the operator via email for further instructions.
Posted: January 27, 2018
An logic error exists in node.js before 4.8.5, 6.x before 6.11.5, and 8.x before 8.8.0, allowing an attacker to cause DoS on the server side by a certain crafted HTTP request.
Posted: January 11, 2018
SonicWall has analyzed and addressed Microsofts security advisories for the month of January, 2018.
Posted: January 8, 2018
Sonicwall Threats Research team observed a sudden spike in Android apps with hidden crypto miner functionality. Such apps masquerade themselves as legitimate apps – such as games, music or video apps but in the background they start mining cryptocurrency using the resources of the infected victim’s hardware.
Malicious Android apps with mining capability have been existing already but we saw a sudden surge in such apps on January 8, 2018. With the recent popularity of crypto-currencies like Bitcoin, Ethereum and Ripple the rise in such malware apps is not surprising.
Posted: January 5, 2018
The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog similar to our previous PayDay ransomware SonicAlert. This time we look at a ransomware threat known as Genasom where the operators use email to communicate and negotiate payment with their victims. In this case the operator wanted direct access to the infected machine in order to “fix” the problem after which a small donation is requested (according to them).
Posted: January 4, 2018
The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog similar to our previous PayDay ransomware SonicAlert. This time we look at a ransomware threat known as Genasom where the operators use email to communicate and negotiate payment with their victims. In this case the operator wanted direct access to the infected machine in order to “fix” the problem after which a small donation is requested (according to them).
Posted: January 2, 2018
The EMC Data Protection Advisor is a data protection management software to unify and automate monitoring, analysis and reporting across on-premises and cloud backup and recovery environments. An authentication bypass vulnerability exists in EMC Data Protection Advisor. The application has integrated several hidden, hardcoded accounts with privileges, with default passwords:
Posted: December 22, 2017
This week, the SonicWall Capture Labs Threat Research Team has received reports of a malicious android app which turns your mobile device into a cryptocurrency mining slave.
Posted: December 21, 2017
A directory traversal vulnerability has been reported in the Cisco Prime Network Analysis Module, allowing an attacker to delete any file accessible to the web service.
Posted: December 14, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of December, 2017.
Posted: December 14, 2017
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Cxor Malware [Cxor.A] actively spreading in the wild.
Posted: December 8, 2017
A privilege escalation vulnerability exists in Apache CouchDB, allowing an attacker to bypass the user access control.
Posted: December 8, 2017
The SonicWall Capture Labs Threat Research Team has conducted an experimental dialog with a ransomware operator using the PayDay ransomware trojan. PayDay, is a recent variant of the BTCWare ransomware trojan and has been in the wild for a few weeks. PayDay follows the current ransomware operator trend of using email to communicate with their victims in order to demand payment for file decryption. Payment has increased to an astronomical 0.5 Bitcoins (roughly $8000 USD at today’s prices). In this case however, the price could be negotiated lower.
Posted: December 7, 2017
SonicWall is a participant in Microsoft in MAPP (Microsoft Active Protections Program). Through this program, SonicWall Unified Threat Management provides comprehensive, accurate and timely protection for Microsoft products.
Posted: November 30, 2017
An insecure deserialization vulnerability exists in Red Hat JBoss Application Server, which could lead to arbitrary code execution in the security context of the root/system user.
Posted: November 30, 2017
A specially crafted document file pretending to be a coupon executed and downloaded multiple levels of scripts to carry on the full attack.
Posted: November 23, 2017
An arbitrary file upload vulnerability has been reported on HPE Intelligent Management Center.
Posted: November 22, 2017
Cybercriminals are shopping for your personal data as more consumers turn to online shopping for the upcoming Thanksgiving holiday weekend.
Posted: November 22, 2017
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of Letgo Malware [Letgo.A] actively spreading in the wild.
The Malware gathers confidential information from the computer such as login details, passwords; financial information sends it to its own CC Server.
Posted: November 16, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of November, 2017.
Posted: November 14, 2017
The month of November brings a lot of shopping deals thanks to Black Friday. The deals and discounts are in abundance online as well as in stores. However these days there is an app for everything, shopping is not far behind as there are apps from all major online retailers. Moreover there are specific apps that showcase the best deals from all around the marketplace.
Posted: November 10, 2017
The SonicWall Capture Labs Threat Research Team have come across ransomware that goes by the name GlobeImposter. It is also known as Fake Globe. GlobeImposter is distributed via a malicious spam campaign and as with all ransomware encrypts the victims files making them irrevocable without payment. Most ransomware have a built in file extension filter that will leave executable files intact. This ransomware however, encrypts executable files and renders the system unbootable as a result.
Posted: November 10, 2017
Adobe ColdFusion is a popular application development platform. A vulnerability CVE-2017-11284 has been reported in Adobe ColdFusion. Due to the lack of input validation on objects in the RMI Registry before deserialization, an attacker could execute arbitrary commands under the root privilege. The Adobe Systems ColdFusion 11 prior to update 13, and Adobe Systems ColdFusion 2016 release prior to update 5 are affected by this vulnerability.
Posted: November 2, 2017
An updated version of the Gh0stNet backdoor is spreading with the file less technique and it uses PowerShell script for its initial execution.
Posted: November 1, 2017
A remote code execution vulnerability has been reported on Apache Solr before version 7.1.
Posted: October 31, 2017
The Banking Trojan Retefe gets an update! It is now equipped with EternalBlue exploit that helps it spread further.
Posted: October 26, 2017
The Magnitude Exploit Kit is known for delivering the infamous Ransomware Cerber. The last version of the Cerber ransomware was also dropped by the Magnitude Exploit Kit in September 2017 but now the Magnitude Exploit Kit is also delivering a ransomware that has never been seen before.
The SonicWall Capture Labs Threat Research team recently became aware of Magniber and analyzed it. The name Magniber is derived from the names “Magnitude” and “Cerber”. The Magniber ransomware is different from the Cerber ransomware. The strange thing is that this ransomware is targeting a specific country as it performs encryption only in South Korea.
Posted: October 25, 2017
Yet another IoT malware is actively expanding and upgrading – the IoT Reaper. It is claimed exploiting more than 2 million IoT devices and still increasing.
Posted: October 24, 2017
Posted: October 20, 2017
The SonicWall Capture Labs Threat Research Team observed reports of a new variant family of RedBoot Ransomware [RedBoot.A] actively spreading in the wild.
Posted: October 17, 2017
Wifi KRACK vulnerability – what you should know about it
Posted: October 13, 2017
Ransomware targeting Linux systems
Posted: October 12, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of October, 2017.
Posted: October 6, 2017
Microsoft Edge is prone to an arbitrary code execution vulnerability CVE-2017-8671.
Posted: October 5, 2017
A new virtual machine detection method employed by malware to evade sandbox replication
Posted: September 29, 2017
Zapium Ransomware increases pressure to pay up!
Posted: September 27, 2017
Microsoft .net Framework is prone to a critical remote code execution vulnerability.
Posted: September 22, 2017
A memory disclosure vulnerability “Optionbleed” was reported on the Apache Server. A remote attacker can send a certain crafted HTTP OPTIONS request and reveal server memory.
Posted: September 22, 2017
Unlike most of the ransomwares we have seen in the past, NRansom is asking its victim to send nude pictures instead of demanding payment in cryptocurrency.
Posted: September 15, 2017
Mazarbot spreads via fake Raiffeisen bank webpages
Posted: September 13, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of September, 2017. A list of issues reported, along with SonicWall coverage information.
Posted: September 8, 2017
The SonicWall Capture Labs Threat Research team has received reports of a new variant family of InfoStealer Trojan [GAV: Cashandler.A] actively spreading in the wild.
Posted: September 7, 2017
The REST Plugin is using a XStreamHandler with an instance of XStream for deserialization without any type filtering and this can lead to Remote Code Execution when deserializing XML payloads.
Posted: September 1, 2017
The SonicWall Capture Labs Threat Research Team have observed a dropper Trojan that drops ransomware as well as crypto miner software. In this case, a variant of the Shade ransomware is dropped and a crypto coin miner that mines ZCash (ZEC).
Posted: September 1, 2017
A remote command vulnerability has been reported in the Symantec Messaging Gateway.
Posted: August 29, 2017
SonicWALL Threat Research Labs recently received reports of attackers targeting websites with ransomware. Attackers are uploading malicious PHP files onto the websites. These PHP files allow the attacker to encrypt the website’s files and then extort money from the site’s owner.
Posted: August 25, 2017
This ransomware is being distributed as a spam attachment. Once executed it will download a seemingly non-malicious image file but still manages to install a ransomware.
Posted: August 18, 2017
SpyNote evolves with an updated communication mechanism
Posted: August 18, 2017
Lets see how to analysis malicious PDF statically.
Posted: August 11, 2017
The SonicWALL Threats Research team observed reports of a new variant family of NewShell Ransomware [GAV: NewShell.RSM] actively spreading in the wild.
Posted: August 8, 2017
SonicWall has analyzed and addressed August 2017 Microsoft Security Updates.
Posted: August 4, 2017
The ransomware author appears to be carrying grudge against Ebay for its seeming lack of value for security and this is his way of digital revenge.
Posted: August 3, 2017
An integer underflow vulnerability has been reported in HPE Intelligent Management Center
Posted: July 28, 2017
Another android ransomware spreading as a codec installer
Posted: July 28, 2017
Microsoft Office allows remote attackers to execute arbitrary code via a crafted document described as Microsoft Office/WordPad Remote Code Execution Vulnerability.
Posted: July 22, 2017
The SonicWall threat research team has received reports of attackers targeting newly installed WordPress sites.
Posted: July 21, 2017
Amnesia ransomware continues high payment trend
Posted: July 14, 2017
The SonicWall Threats Research team observed reports of a new variant POS family named GAV: LockPOS.A actively spreading in the wild. LockPOS malware affecting point-of-sale systems has been discovered to rely on Windows Explorer to deliver stolen card data to the attackers.
Posted: July 14, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of July, 2017.
Posted: July 7, 2017
Since majority of (up and running) Windows systems support SMB2/SMB3, administrators should consider phasing out SMB1 entirely to increase network security.
Posted: July 7, 2017
This ransomware purports to be an Adobe Reader file and appends an extension to encrypted files using the victim computers HWID.
Posted: July 4, 2017
SonicWall has analyzed and addressed Microsofts security advisories for the month of July, 2017.
Posted: June 28, 2017
Wannacry copycat campaign spreads on Android
Posted: June 27, 2017
New Not Petya Ransomware Spreading Rapidly Worldwide
Posted: June 23, 2017
The SonicWall threat research team has intercepted multiple live exploit attack of the CVE-2017-0143 (MS17-010).
Posted: June 23, 2017
Master Ransomware nets $168K so far!
Posted: June 19, 2017
The SonicWALL Threats Research team observed reports of a new variant family of Dharma Ransomware [GAV: Dharma.RSM and Dharma.RSM_2] actively spreading in the wild.
Posted: June 19, 2017
The SonicWALL Threats Research team observed reports of a new variant family cryptocurrency miner Adylkuzz [GAV: Adylkuzz.A and Adylkuzz.B ] actively spreading in the wild.
Posted: June 15, 2017
The SonicWALL Threats Research team observed reports of a new variant family of Whycry Ransomware [GAV: Whycry.RSM] actively spreading in the wild.
Posted: June 13, 2017
June 2017 Microsoft Security Bulletin Coverage
Posted: June 12, 2017
SonicWALL Threats research has observed a new wave of email spam campaign carrying malicious PDF attachments which installs Jaff ransomware.
Posted: June 9, 2017
Like others that we have seen in the past, this ransomware exhibited predictable behavior only this time, its ransom note plays an eerie music in the background reminiscent of a horror film.
Posted: June 9, 2017
SQL injection vulnerability in Joomla! before 3.7.1 allows attackers to execute arbitrary SQL commands.
Posted: June 2, 2017
All versions of Samba from 3.5.0 onwards are vulnerable to a remote code execution vulnerability, allowing a malicious client to upload a shared library to a writable share, and then cause the server to load and execute it.
Posted: June 1, 2017
Android Marcher variants spotted with anti-emulation capabilities
Posted: May 26, 2017
Elmers Glue Locker demands $35k but fails to encrypt!
Posted: May 26, 2017
EternalRocks or MicroBotMassiveNet is a computer worm that infects Microsoft Windows SMB protocol. It uses seven exploits developed by the U.S. National Security Agency (NSA).
Posted: May 24, 2017
In this article, we will share some stories and insights for the “WannaCry” security incident.
Posted: May 11, 2017
A type confusion vulnerability exists mpengine.dll, a main component of the Malware Protection service. This can allow attacker to execute arbitrary code remotely.
Posted: May 9, 2017
May 2017 Microsoft Security Bulletin Coverage
Posted: May 5, 2017
An android botnet spreads via ordinary looking game guides
Posted: May 5, 2017
A memory corruption vulnerability exists Internet Explorer,which can allow attacker to execute arbitrary code remotely.
Posted: April 28, 2017
Hidden Tear kit gives birth to Karmen Ransomware
Posted: April 28, 2017
A remote, authenticated attacker can exploit this vulnerability by sending a crafted control channel message. Successful attack will lead to termination of the BIND named service.
Posted: April 20, 2017
The Sonicwall Threats Research team is actively researching the exploit and malware code released on Good Friday, (4/14/2017), by an anonymous group calling itself “Shadowbroker”, which claim to have stolen the cache of code and documents from a hacking team within the United States National Security Agency (NSA).
Posted: April 14, 2017
Microsoft Office allows remote attackers to execute arbitrary code via a crafted document, aka “Microsoft Office/WordPad Remote Code Execution Vulnerability w/Windows API.”
Posted: April 14, 2017
Hints of a new component for future Marcher samples emerge
Posted: April 12, 2017
Microsoft has released Security Updates on April 2017 Patch Day.
Posted: April 12, 2017
March 2017 Microsoft Security Bulletin Coverage
Posted: April 11, 2017
Buffer overflow vulnerability exists in the WebDAV service in Internet Information Services (IIS) which allows attackers to execute malicious code remotely.
Posted: April 7, 2017
A specially crafted email can cause Microsoft Outlook to crash.
Posted: April 7, 2017
This ransomware provided a translation of its ransom note in Mandarin and has recommended Bitcoin trading platforms in China.
Posted: March 29, 2017
Sage 2.2 updated with audio alert and reduced ransom
Posted: March 24, 2017
The Sonicwall Threats Research team observed reports of a new variant of Atros InfoStealer actively spreading in the wild.
Atros malware gathers confidential information from the computer such as login details, passwords; financial information sends it to its own CC Server.
Posted: March 24, 2017
A critical remote code execution vulnerability CVE-2017-5638 has been reported on Apache Struts2. A successful attack could execute arbitrary command on the web server.
Posted: March 17, 2017
Alma Ransomware delivered via RIG Exploit Kit
Posted: March 13, 2017
A new updated version of Terror Exploit Kit observed by SonicWall
Posted: March 10, 2017
A critical remote code execution vulnerability CVE-2017-5638 has been reported on Apache Struts2. A successful attack could execute arbitrary command on the web server.
Posted: March 8, 2017
PHPMailer allows website visitors to send emails to the websites owners or admins. Recently, there was vulnerability discovered that allows remote attackers to execute code.
Posted: March 6, 2017
The Mobile App Native Plugin for WordPress lets you turn your website into a mobile application in just a few minutes. Recently, there was a vulnerability discovered that allows attackers to execute remote code.
Posted: March 3, 2017
SonicWALL Threats research team has received reports of yet another ransomware variant calling itself the Trumplocker which is clearly capitalizing on all the buzz in the news about the current US Presidents administration.
Posted: February 24, 2017
Malicious Android banker targets a Russian bank
Posted: February 23, 2017
February 2017 Microsoft Security Bulletin Coverage
Posted: February 17, 2017
The SonicWALL Threats Research team observed reports of a new variant family of Sage Ransomware [GAV: Suspicious#polycrypt.1_2 and Sage.B] actively spreading in the wild.
Posted: February 16, 2017
Microsoft Postpones February Security Updates to March
Posted: February 10, 2017
Multiple vulnerabilities have been discovered in OpenSSL library
Posted: February 10, 2017
A new player has been observed in the wild but missed the most common trait of a ransomware – to provide instructions on how to send payment and regain files back.
Posted: February 3, 2017
Rig Exploit Kit via EiTest delivers buggy CryptoShield Ransomware
Posted: January 27, 2017
The Samsung SmartCam is a popular home monitoring device. 2 batches of critical vulnerabilities have been reported within several months.
Posted: January 27, 2017
Ciscos WebEx extension for Chrome allows remote code execution.
Posted: January 26, 2017
The Sonicwall Threats Research team observed reports of a new InfoStealer family named GAV: Artemis.A_43 and actively spreading in the wild.
Posted: January 20, 2017
Adobe Flash Player versions 24.0.0.186 and earlier have an exploitable memory corruption vulnerability due to a concurrency error when manipulating a display list. Successful exploitation could lead to arbitrary code execution.
Posted: January 17, 2017
New malware that users Super Marios name infect Android
Posted: January 10, 2017
Besides encrypting the victims files, this ransomware also gathers information from the compromised computer and sends thme out to a remote server.
Posted: January 10, 2017
January 2017 Microsoft Security Bulletin Coverage
Posted: January 6, 2017
BleedGreen FireCrypt Ransomware Kit fails at DDoS
Posted: January 3, 2017
Abstract: January 2016 Microsoft Security Bulletin Coverage
Posted: December 23, 2016
A command execution vulnerability has been reported in Vim. The vulnerability is due to a lack of input validation when processing modeline values for filetype, keymap, and syntax.
Posted: December 20, 2016
Specially crafted media files can lead to remote code execution in Linux desktops
Posted: December 15, 2016
The Floki bot is a banking Trojan based on Zeus that has been sold on cybercrime underground.
This time attackers implemented new feature such as DLL Injection into Explorer.exe to avoid detection by Anti-Virus programs.
Posted: December 13, 2016
December 2016 Microsoft Security Bulletin Coverage
Posted: December 9, 2016
An integer overflow exisits in Memcached
Posted: December 8, 2016
Malware writers use online tutorials to create a lockscreen malware
Posted: December 2, 2016
The Network Time Protocol daemon (NTPD) is prone to a DoS vulnerability CVE-2016-7434
Posted: December 1, 2016
Huge wave of Locky Ransomware spread via Javascript spam
Posted: November 30, 2016
Over the holiday weekend, the San Francisco Municipal Transportation Agency became a victim to a ransomware attack.
Posted: November 23, 2016
More shoppers are expected to shop online for gifts this holiday season and cyber criminals are also leveraging on this opportunity to take advantage of unsuspecting shoppers.
Posted: November 23, 2016
Cerber ransom payment doubles
Posted: November 21, 2016
Thanksgiving Day is upon us this week and Black Friday/Cyber Monday is right around the corner-your purchasing season begins
Posted: November 18, 2016
Behind the tool responsible for 2 of the largest DDoS attacks on record.
Posted: November 18, 2016
The Sonicwall Threats Research team observed reports of a new Variant of Ransomware family named GAV: Cryptoluck.A actively spreading in the wild.
Posted: November 8, 2016
November 2016 Microsoft Security Bulletin Coverage
Posted: October 31, 2016
CVE-2016-7855 is a use-after free vulnerability that allows for remote code execution
Posted: October 21, 2016
Android malware has capabilities to sneak into corporate networks
Posted: October 21, 2016
A buffer overflow vulnerability CVE-2016-7799 exists in ImageMagick. Successful exploitation could lead to arbitrary code execution.
Posted: October 13, 2016
With killer clown attacks all over the news lately, cyber criminals have clearly caught on with the clown craze.
Posted: October 11, 2016
Abstract: October 2016 Microsoft Security Bulletin Coverage
Posted: October 7, 2016
Posted: October 7, 2016
A year after the outbreaks, Dell SonicWALL still observes web traffic using export-grade ciphers.
Posted: September 30, 2016
An arbitrary code execution vulnerability has been discovered in HPE Network Automation software
Posted: September 23, 2016
The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, which encrypts the victims files and leaves an email address to be contacted to unlock victims files
Posted: September 23, 2016
Adobe Flash Player is prone to a use-after-free vulnerability CVE-2016-4228. This vulnerability affects Adobe Flash Player before 18.0.0.366, 19.x through 22.0.0.209 on Windows and OS X and before 11.2.202.632 on Linux. An attacker could exploit this vulnerability remotely by a certain crafted swf file, such as embedded in a HTML file. A successful attack could cause arbitrary code execution with the privilege of the current running process.
Posted: September 13, 2016
Abstract: September 2016 Microsoft Security Bulletin Coverage
Posted: September 9, 2016
Improper input validation in Recordings module leads to remote command execution and lack of validation of the display HTTP parameter in modulefunctions.class.php leads to SQL injection in FreePBX.
Posted: September 9, 2016
Unlock92 creators released a new version where files are encrypted with a randomly generated RSA-2048 public key.
Posted: September 2, 2016
A directory traversal vulnerability has been reported in WordPress.
Posted: September 2, 2016
RanserKD ransomware uses Imgur to store infection data
Posted: August 26, 2016
Multiple exploits of CVE-2016-0189 have been found in the wild.
Posted: August 25, 2016
The Dell Sonicwall Threats Research team observed reports of a new variant family of Cerber [GAV: Cerber.B_1] actively spreading in the wild.
Cerber encrypts the victims files with a strong encryption algorithm until the victim pays a fee to get them back.
Posted: August 23, 2016
The Dell Sonicwall Threats Research team observed reports of a new Ransomware family Named CryptoHost [GAV: Filecoder.A_118] actively spreading in the wild.
Posted: August 19, 2016
The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Ryzerlo which encrypts the victims files and leaves an email address to be contacted to unlock victims files.
Posted: August 19, 2016
This vulnerability is caused by the applications inappropriate handling of the sprmSDyaTop property – which indicates the height of the top margin of a document. When the property is set to a value larger than the height of the page, the process will read memory outside the allocated buffer, causing a memory corruption vulnerability.
Posted: August 10, 2016
Abstract: August 2016 Microsoft Security Bulletin Coverage
Posted: August 9, 2016
A new set of vulnerabilities have been discovered for Qualcomm based Android devices
Posted: August 5, 2016
Dell SonicWALL urges all our customers to review their environment and stop using Internet Explorer 10 and prior.
Posted: August 4, 2016
Drupal CMS Modules contain vulnerabilities leading to remote code execution.
Posted: August 1, 2016
Malware using Pokemons popularity is on the rise
Posted: July 29, 2016
Foxit Reader is a PDF reader that can create, edit, sign and print PDF files. A stack buffer overflow vulnerability exists in Foxit Reader. The vulnerability occurs due to improper handling of an overly large action link. A remote attacker can exploit this vulnerability by alluring the victim to opening a specially crafted PDF document and clicking on the action link. Succesful exploitation can lead to execution under the privileges of the the victim user. An unsuccessful explotation would lead to hang or termination of the Foxit Reader application.
Posted: July 28, 2016
The Dell Sonicwall Threats Research team observed reports of a new Spam wave of Locky Malware family named GAV: JScript.Nemucod.AY and JScript.Grabber.KM actively spreading in the wild.
Posted: July 25, 2016
Cybercriminals found a way to slip Lurk Trojan with Ammyy Admin program and distribute this malware through the companys official website.
Posted: July 22, 2016
PHP, Go, Apache HTTP Server, Apache Tomcat, HHVM, Lighttpd, Nginx and Python are susceptible to A traffic redirection vulnerability. Attacker can set the HTTP_PROXY environment variable using the Proxy HTTP header which can lead to man-in-the-middle attack.
Posted: July 15, 2016
FakeRansom: Deletes files then demands payment for nothing
Posted: July 12, 2016
Abstract: July 2016 Microsoft Security Bulletin Coverage
Posted: July 8, 2016
A remote, unauthenticated vulnerability exists in PHP, which can allow an attacker to execute arbitrary code on the web server.
Posted: July 1, 2016
Dell SonicWALL urges all our customers to review software settings in their environment and stop using SSLv2.0 immediately.
Posted: July 1, 2016
The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan, Bart which encrypts the system files by not using any encryption methods such as AES as we have seen earlier, but by just converting them to a password protected zip file.
Posted: June 24, 2016
Null pointer dereference is triggered while handling undesired crypto-NAK packets in Network Time Protocol daemon (NTPD). Attacker can send undesired crypto-NAK packet to exploit the vulnerability which can lead to denial of service.
Posted: June 16, 2016
A new wave of Android lockscreen malware has recently been observed
Posted: June 14, 2016
Abstract: April 2016 Microsoft Security Bulletin Coverage
Posted: June 14, 2016
Adobe Flash Player is vulnerable to a critical vulnerability. It is reported to be exploited in the wild.
Posted: June 9, 2016
The Dell Sonicwall Threats Research team observed reports of a second generation of Malware family named GAV: Antidetect.B actively spreading in the wild. A recently discovered variant of the Antidetect was found to use a legitimate digital signature to avoid detection from anti-virus systems.
Posted: June 3, 2016
A remote, unauthenticated vulnerability exists in Apache Struts. The vulnerability allows an attacker to execute arbitrary code on the server with the privileges of the user running the Java Web Container process (e.g. JBoss, Tomcat etc).
Posted: June 2, 2016
DMA Locker 4.0, yet another ransomware
Posted: May 25, 2016
Over the past year, Ransomware has proven to be a success for cybercriminals and has become very widespread that more versions are being released regularly. This new strain is even using a catchy phrase “BadBlock is on the Block!” in its help file to indicate successful infection.
Posted: May 24, 2016
Adobe Flash Player 21.0.0.226 and earlier allows remote attackers to execute arbitrary code.CVE-2016-4117 exploits have been spotted in the wild.
Posted: May 20, 2016
The Dell SonicWall Threats Research team has received reports of a new Russian Ransomware Trojan, which encrypts the user files and also deletes them if the payment is not made on time.
Posted: May 20, 2016
Integer signedness error in GD Graphics Library 2.1.1 (aka libgd or libgd2) allows remote attackers to cause a denial of service (crash) or potentially execute arbitrary code via crafted compressed gd2 data, which triggers a heap-based buffer overflow.
Posted: May 12, 2016
Dell SonicWALL protects against recent Microsoft and Adobe zero days
Posted: May 11, 2016
The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: Redosdru.V actively spreading in the wild. This time attackers used a dropper to download the original Malware that hides in encrypted DLL files to avoid detection by Firewalls.
Posted: May 10, 2016
Abstract: May 2016 Microsoft Security Bulletin Coverage
Posted: May 9, 2016
ImageMagick is a tool used to edit, convert and modify various image files. This makes it easier for web servers to resize, crop, blur, rotate, or even watermark image files. Here, we will explore the various ways an attacker can exploit ImageMagicks vulnerabilities to own the server.
Posted: May 6, 2016
Buffer overflow in Squid allows remote attackers to execute arbitrary code via crafted Edge Side Includes (ESI) responses.(CVE-2016-4054)
Posted: May 1, 2016
Does Edge outperform Internet Explorer form a security perspective?
Posted: April 29, 2016
Click-fraud Trojan deletes files and impairs systems
Posted: April 22, 2016
The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan. It encrypts the victims files with the extension .fun.
Posted: April 22, 2016
A memory corruption vulnerability found in QuickTime product which allows remote attackers to execute arbitrary code or cause a denial of service
Posted: April 15, 2016
A number of malware with Metasploit component have been spotted
Posted: April 12, 2016
An elevation of privilege vulnerability exists in the Security Account Manager (SAM) and Local Security Authority (Domain Policy) (LSAD) remote protocols. Microsoft and SAMBA are vulnerable to these attacks. The vulnerability is triggered when these protocols accept authentication levels that do not protect them adequately. It is caused by the way the SAM and LSAD remote protocols establish the Remote Procedure Call (RPC) channel.
Posted: April 12, 2016
Abstract: April 2016 Microsoft Security Bulletin Coverage
Posted: April 8, 2016
A critical vulnerability is reported in Adobes Flash Player. The CVE identifier for this vulnerability is CVE-2016-1019. This vulnerability applies to Windows, Mac, Linux, as well as Chrome OS. An attacker who successfully exploits this vulnerability can execute remote code and potentially take over the system. Versions 21.0.0.197 and before are vulnerable.
Posted: April 8, 2016
The Dell Sonicwall Threats Research team observed reports of a new multi-component InfoStealer family named GAV: Guatambu.AAB and GAV: Guatambu.POS actively spreading in the wild.
Posted: April 1, 2016
Improper processing of DNS cookies leads to denial-of-service in ISC BIND9.
Posted: March 30, 2016
Petya ransomware not only encrypts files, it overwrites the systems master boot record (MBR) effectively rendering the machine unusable unless payment is made.
Posted: March 25, 2016
Improper validation of user input leads to code execution in Microsoft Windows Media.
Posted: March 24, 2016
Runouce Trojan with IRC bot spreads via .eml files
Posted: March 18, 2016
The Dell SonicWall Threats Research team has received reports of a data stealing Trojan posing as a configuration file.
Posted: March 18, 2016
Remote Code Execution Vulnerability(CVE-2016-0034) exists in Microsoft Silverlight .
Posted: March 9, 2016
Posted: March 8, 2016
Abstract: March 2016 Microsoft Security Bulletin Coverage
Posted: March 8, 2016
FrameworkPOS malware affecting point-of-sale systems has been discovered to rely on DNS requests to deliver stolen card data to the attackers.
Posted: March 2, 2016
Researchers revealed a massive transport layer security (TLS) vulnerability that leaves millions of Internet users vulnerable to an attack that could expose passwords, credit card numbers and financial data.
Posted: February 26, 2016
This Trojan was reported to be created by the Sednit espionage group and is capable of remotely executing arbitrary commands and keylogging.
Posted: February 26, 2016
A Directory Traversal Vulnerability was identified in Oracle Enterprise Manager Application Testing Suite
Posted: February 25, 2016
Dell SonicWALL firewalls are not susceptible to the glibc buffer overflow vulnerability. The Dell SonicWALL Vulnerability Research team has created a signature that protects our customers from this attack and has already pushed the signature to Dell SonicWALL firewalls to protect infrastructure behind Dell SonicWALL firewalls that has active IPS subscription services. A potentially dangerous bug was discovered by researchers in glibc versions greater than 2.9. It is one of the most widely used componenet of many applications including hardware device software. A successful explotation can lead to malicious code execution, possibly leading to attackers taking control over the DNS server or to man-in-the-middle attacks.
Posted: February 19, 2016
Due improper handling of usernames in RADIUS Authentication requests, Network Policy Server is susceptible for Denial of Service.
Posted: February 12, 2016
The Dell SonicWall Threats Research team has received reports of a new Ransomware Trojan. Instead of locking the screen and denying access to the system, this Trojan leaves system access intact but encrypts all files on all drives on the infected system except for the system files.
Posted: February 10, 2016
Dell SonicWALL coverage of Financial Sector Cyber Intelligence Group (CIG) Circulars
Posted: February 10, 2016
Abstract: February 2016 Microsoft Security Bulletin Coverage
Posted: February 2, 2016
The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: FakeAV.DBG actively spreading in the wild.
Posted: January 29, 2016
This SonicAlert presents telemetry data for the relative prevalence of the various versions of Microsoft Windowstrade; Operating Systems as measured by Application Control signatures for the “HTTP User-Agent” application.
Posted: January 22, 2016
WMC allows remote attackers to read arbitrary files via a crafted .mcl file, aka “Windows Media Center Information Disclosure Vulnerability”
Posted: January 22, 2016
The Dell SonicWALL Threats Research team has observed a recent wave of malicious VBScript files targeting the Portuguese-speaking population.
Posted: January 22, 2016
Remote code execution vulnerability exists in Microsoft Office
Posted: January 15, 2016
Document with VBA Macro drops a variety of malware
Posted: January 8, 2016
There were multiple exploits of CVE-2015-8446 found in the wild and some of them are from Angler EK. The exploits were highly obfuscated.
Posted: January 8, 2016
The Dell Sonicwall Threats Research team observed reports of a Malware family named GAV: Serbbu.RAC actively spreading in the wild. This time attacker enables Remote Access Service feature to get Remote Access from target system after infection.
Posted: December 31, 2015
Knock!! Knock!! … CK Exploit kit is back.
Posted: December 31, 2015
The Dell SonicWall Threats Research team has received reports of a data stealing Trojan described as a JPG file.
Posted: December 29, 2015
Adobe released security update for CVE-2015-8651.
Posted: December 18, 2015
This Trojan is capable of stealing information, deleting data, downloading and installing more malware components and therefore victims will likely end up with multiple malware infections.
Posted: December 11, 2015
Dridex module leaks system info and potentially more
Posted: December 11, 2015
An insecure deserialization vulnerability (CVE-2015-8103) exists in the Jenkins CI Server due to deserialization of untrusted data that is processed by vulnerable version of Apache Commons Collections library. The vulnerability can be exploited by an unauthenticated remote attacker by sending specially crafted serialized object. Successful exploitation can lead to execution of arbitrary commands on the server.
Posted: December 8, 2015
Abstract: December 2015 Microsoft Security Bulletin Coverage
Posted: December 4, 2015
The Dell SonicWall Threats Research team has received reports of a data stealing Trojan posing as a Text document. Upon execution, the trojan downloads more malware onto the infected machine and also steals information from the system.
Posted: December 4, 2015
In this SonicAlert we will briefly discuss the seasonal increase in online shopping, and some of the types of malicious email campaigns that are taking advantage of the flurry of online shopping at this time of the year.
Posted: November 30, 2015
Cyber criminals take advantage of shoppers during this Thanksgiving Day weekend.
Posted: November 19, 2015
Vulnerabilities in ntpd can lead to compromise of underlying server.
Posted: November 19, 2015
The Dell Sonicwall Threats Research team observed reports of a new POS family named GAV: Abaddon.POS actively spreading in the wild.
Posted: November 10, 2015
Abstract: November 2015 Microsoft Security Bulletin Coverage
Posted: November 9, 2015
This campaign uses Google Play as a medium to extract Credit Card details of infected victims and targets certain banking apps to extract login credentials
Posted: November 6, 2015
Cryptowall now encrypts filenames and provides instructions in different file formats.
Posted: November 6, 2015
Denial of Service vulnerability exists in Squid.
Posted: October 30, 2015
There are Adobe Type Confusion Vulnerability CVE-2015-7645 Exploits in the Wild
Posted: October 28, 2015
The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: Heur.CFG actively spreading in the wild. This time attacker uses Self-Signed encryption for CC data communication to avoid detection by Anti-Virus programs
Posted: October 23, 2015
CVE-2015-5119 is a Use-after-free vulnerability in the ByteArray class in the ActionScript 3. Adobe first released the advisory for CVE-2015-5119 in July and the first exploit surfaced soon. We continue to observe new exploits in the wild.
Posted: October 23, 2015
Chimera Ransonware targets users in the German-speaking countries.
Posted: October 16, 2015
Info stealer module leaks process information
Posted: October 13, 2015
Abstract: September 2015 Microsoft Security Bulletin Coverage
Posted: October 9, 2015
Processing of very long Names in X.509 certificates in GnuTLS is vulnerable to double-free due to errors.
Posted: October 7, 2015
This time attacker attackers perform DLL Injection on Service Host or Svchost.exe to avoid detection by Anti-Virus programs.
Posted: October 2, 2015
The Dell Sonicwall Threats team recently observed the return of malicious macros in Microsoft Office documents.
These malicious macros are downloading the banking trojan, Dridex.
Posted: October 2, 2015
A heap buffer overflow vulnerability exists in the libzip component of PHP. Exploits for this CVE-2015-2331 have been spotted in the wild
Posted: September 25, 2015
PornDroid ransomware has evolved with some new components and features
Posted: September 18, 2015
There are hundreds of CVE-2015-5119 exploits observed in the wild after it was first released in July 2015
Posted: September 18, 2015
The Dell SonicWALL Threats Research team has received reports of a Linux-based Trojan called Tsunami which is used to perform DDoS attacks.
Posted: September 11, 2015
Posted: September 10, 2015
September 2015 Microsoft Security Bulletin Coverage
Posted: September 4, 2015
There is an integer overflow vulnerability in Adobe Flash Player 18.0.0.209 and earlier versions. Angler exploit kit has been cited to be using exploits for this vulnerability.
Posted: September 2, 2015
This time attacker uses an Encrypted JPG Image File to avoid detection by Anti-Virus programs.
Posted: August 28, 2015
Unravelled VBE script drops Banking Trojan
Posted: August 28, 2015
A denial of service vulnerability exist in OpenSSL X509_cmp_time.
Posted: August 18, 2015
Microsoft has released an out-of-band security advisory on Aug 18, 2015 to address a critical Memory Corruption Vulnerability.
Posted: August 18, 2015
The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: Antidetect.AB actively spreading in the wild. This time attacker uses Microsoft Register Server and Manipulates windows registry to avoid detection by Anti-Virus programs.
Posted: August 14, 2015
The Dell SonicWall Threats Research team received reports of the trojan in the wild which steals infomation from the infected machine.
Posted: August 13, 2015
Android malware that tries to sends 9000 SMS messages as soon as it is executed
Posted: August 12, 2015
August 2015 Microsoft Security Bulletin Coverage
Posted: August 6, 2015
Android malware hides a message meant for Security Researchers analyzing it
Posted: August 4, 2015
An elevation of privilege vulnerability exists in Adobe Type Manager Font Driver (ATMFD) when it fails to properly handle objects in memory.
Posted: August 3, 2015
The “Alternative Chains Certificate Forgery” in OpenSSL can lead to man-in-the-middle (MITM) attacks.
Posted: July 30, 2015
A new exploit for Android uses messaging to deliver potential malware code
Posted: July 30, 2015
PlugX or Korplug is an old Trojan that has been in existence since 2008. Dell SonicWALL threats Research team has received reports of this Trojan making a comeback.
Posted: July 24, 2015
The Dell Sonicwall Threats Research team observed reports of a New POS family named GAV: GamaPOS.ABC. The POS Malware contains features such as memory scrapping functions like popular Point-of-Sale Trojan BlackPOS.
Posted: July 20, 2015
Microsoft has released an out-of-band security advisory on July 20, 2015 to address a critical remote-code-execution vulnerability.
Posted: July 17, 2015
“Magic Malware” targets UK businesses. Incomplete features hint at future development.
Posted: July 16, 2015
July 2015 Microsoft Security Bulletin Coverage
Posted: July 16, 2015
Multiple CVE-2015-5119 Exploits have been observed in the wild
Posted: July 15, 2015
Following our previous blog on recent Adobe 0-day(CVE-2015-5119), there are now two more vulnerabilities that surfaced from the same HackingTeam data leak.
Posted: July 7, 2015
HackingTeam has discovered a 0-day exploit in the wild in Flash Player. This exploit works against the most recent version of Flash Player(18.0.0.194). The exploit triggers a use-after-free vulnerability that affects the flash player.
Posted: July 7, 2015
Method Handling HTTP requests in Apple CUPS Web Interface is vulnerable to cross site scripting.
Posted: July 7, 2015
The Dell Sonicwall Threats Research team observed reports of a New Malware family named GAV: Upatre.SMJ actively spreading in the wild. This time attackers used a dropper to download the original Malware that hides in Image (encrypted PNG) files to avoid detection by Firewalls.
Posted: June 25, 2015
Adobe released a Security update for Adobe Flash Player to cover a critical 0day Heap-based buffer overflow vulnerability
Posted: June 25, 2015
This time attackers used a Java Script .Js file dropped by an executable file. The malware uses Windows-based Script Host to run scripts on infected machine and hides behind a JavaScript file to avoid detection.
Posted: June 19, 2015
PHP ftp_genlist method is vulnerable to Integer overflow leading to heap overflow when reading FTP file listing
Posted: June 12, 2015
The POS Malware contains features such as memory scrapping functions like popular Point-of-Sale Trojan BlackPOS but this time the Malware targets Oracle Micros platform in the wild.
Posted: June 9, 2015
June 2015 Microsoft Security Bulletin Coverage
Posted: June 5, 2015
The Dell SonicWall Threats Research team has received reports of a data stealing Trojan posing as a PDF document. Upon execution, the trojan downloads more malware onto the infected machine and also steals information from the system.
Posted: May 28, 2015
Another major vulnerability Logjam in TLS was released last week.
Posted: May 28, 2015
The Trojan uses Windows Remote Management to establish a persistent connection to the victims computer and allows it to run PowerShell commands directly on the remote machine.
Posted: May 22, 2015
ProFTPD mod_copy module implements SITE CPFR and SITE CPTO commands, which can be used to copy files/directories from one place to another on the server. An access control weakness exists in mod_copy module, which allows an attacker to manipulate files on the target system.
Posted: May 22, 2015
TeslaCrypt joins the ransomware fee-for-file-recovery trend
Posted: May 22, 2015
Cyber criminals take advantage of deal-seeking individuals during this Memorial Day weekend.
Posted: May 20, 2015
The Dell Sonicwall Threats Research team observed reports of a Malware family named GAV: Runnerx.CHM (Trojan) Targets global financial services firm specially JPMorgan Chase Customers in the wild.This time attackers used an attached Microsoft Compiled HTML .chm file attached to spam messages.
Posted: May 14, 2015
Microsoft released April Security Bulletin on May 12th
Posted: May 8, 2015
UC Browser is a mobile web browser with a large market share in China, and India. It has versions for most of the popular mobile devices. As of 2015, they claim to support over 3,000 models of cell phone devices. The browser tunnels your web traffic via the UCWeb servers, using zip/gzip compression of web data to speed the connection. The Incognito mode allows user web surfing to evade firewall filtering. This article analyses UC Browser Incognito mode traffic from an Android smart phone.
Posted: May 5, 2015
The Dell SonicWALL Threats Research team analyzed a drive by download exploit kit targets Adobe Flash family named GAV: Angler.EK1 which leads to the download of additional malware on the target system upon successful exploit run.
Posted: May 1, 2015
The Dell Sonicwall Threats Research team observed reports of a POS bot family named GAV: POS.Punkey.A actively spreading in the wild. Punkey.A malware typically has the capability such as scraping memory to retrieve Credit Card Data during its scan.
Posted: April 28, 2015
0-day windows vulnerability is being exploited in the wild.
Posted: April 27, 2015
Current version of WordPress is vulnerable to stored cross-site scripting(XSS) attack.
Posted: April 23, 2015
DropperXSW.A: Registry only malware
Posted: April 21, 2015
Microsoft released April Security Bulletin on April 14th
Posted: April 15, 2015
The Dell SonicWall Threats Research team observed reports of a Dyre bot family named GAV: Dyre.L actively spreading in the wild.
Posted: April 10, 2015
A denial of service vulnerability exists in the implementation of Apache QPid. This occurs specifically when an unsupported control (session.gap) is sent without an establishment of a session.
Posted: April 8, 2015
Android Titanium malware hides all its malicious code in a Library file in a bid to escape anti-virus engines
Posted: April 8, 2015
This is a new variant of the NewPoSThings malware known for targeting payment processing systems has been released in the wild. This time the threat is directed at 64-bit machines with high version numbers.
Posted: April 3, 2015
In this Dell SonicWALL SonicAlert we will take a fun look at telemetry data for our Application Control signatures for the 2014 NCAA March Madness Basketball Tournament.
Posted: April 3, 2015
Laziok targeting mostly in the petroleum and gas industries, suggesting that the attackers have a strategic interest in the energy sector.
Posted: March 30, 2015
Poseidon.AB malware typically has the capability such as scraping memory to retrieve Credit Card Data during its scan.
Posted: March 27, 2015
There is a Type Confusion Vulnerability in Oracle Data Integrator which may cause arbitrary code execution.
Posted: March 27, 2015
After stealing information this Trojan deletes itself and leaves no files and signs of infection on the victims machine.
Posted: March 20, 2015
Microsoft to Phase Out Internet Explorer
Posted: March 19, 2015
Upatre used for political spam campaign
Posted: March 17, 2015
CryptoWall 3.0 Uses I2P Anonymity Network For CC Communications
Posted: March 12, 2015
March 2015 Microsoft Security Bulletin Coverage
Posted: March 9, 2015
This is the new Variant of Popular Parite which is a polymorphic file infecting virus that infects all portable EXE files found on local and shared network drives.
Posted: March 6, 2015
The Dell Sonicwall Threats Research team observed reports of a spam email which is downloading malware.
Posted: March 5, 2015
The private key used by Komodia SDK that comes pre-installed with some Lenovo laptops has been compromised, and presents a breakdown of trust between web browsers and secure websites.
Posted: March 5, 2015
FREAK is a MITM(Man-in-the-middle) attack that exploits a flaw in SSL/TLS implementations that downgrade connections to weak Export RSA keys.
Posted: March 4, 2015
A directory traversal vulnerability exists in ManageEngine Desktop Central MSP prior to and including build 9006. The vulnerability is due to lack of authentication and insufficient input validation of the filename parameter sent to the StatusUpdateServlet page when processing HTTP(S) requests. A remote, unauthenticated attacker can exploit this vulnerability by sending a specially crafted request to the target server. Successful exploitation could lead to arbitrary code execution under the security context of the System user.
Posted: February 27, 2015
This is the new Variant of Popular Bifrose which is a backdoor that connects to a remote IP address using TCP port 81 or a random port.
Posted: February 13, 2015
Cybercriminals up the ante as Valentines day approaches delivering Trojans to unsuspecting users.
Posted: February 12, 2015
Adware apps spread on both Google and non-Google app stores
Posted: February 11, 2015
February 2015 Microsoft Security Bulletin Coverage
Posted: February 6, 2015
One more avatar of Nuclear Exploit Kit
Posted: February 5, 2015
The Dell Sonicwall Threats Research team observed reports of a Dyre bot family named GAV: Dyre.E and Dyre.F actively spreading in the wild.
Posted: February 4, 2015
A same-origin policy bypass vulnerability has been reported in Microsoft Internet Explorer.
Posted: February 3, 2015
Adobe Flash Zero day (CVE-2015-0313) is being exploited in the wild.
Posted: January 30, 2015
Downloader Trojan that can drop multiple malware
Posted: January 29, 2015
Heap buffer overflow exists in GNU C Library aka GHOST Vulnerability CVE-2015-0235.
Posted: January 26, 2015
Adobe Flash Zero day (CVE-2015-0311) is being exploited in the wild.
Posted: January 22, 2015
Latest Adobe Flash Zero day (CVE-2015-0310)
Posted: January 22, 2015
Integer overflow vulnerability in Adobe Flash Player could lead to arbitrary code execution.
Posted: January 14, 2015
January 2015 Microsoft Security Bulletin Coverage
Posted: January 12, 2015
The Dell Sonicwall Threats team has recently came across a scam luring the innocent victims to turn on macros in Microsoft Office, thus downloading Dridex trojan through the malicious macros.
Posted: January 9, 2015
A policy bypass vulnerability exists in ManageEngine Desktop Central
Posted: January 2, 2015
A denial of service vulnerability exists in Asterisks res_pjsip_pubsub module
Posted: December 25, 2014
CloudAtlas infects Android devices and steals sensitive information
Posted: December 24, 2014
Cloud Atlas is a highly complex malware that targeted high level executives from the oil and financial industries as well as government organizations.
Posted: December 17, 2014
Windows OLE Automation Array Remote Code Execution Vulnerability CVE-2014-6332 attack have been seen in the wild.
Posted: December 12, 2014
Ransomware purports to be from National Security Bureau
Posted: December 11, 2014
A new use-after-free remote code execution vulnerability had been discovered in Microsoft Internet Explorer.
Posted: December 9, 2014
Dell SonicWALL has analyzed and addressed Microsofts security advisories for the month of December, 2014.
Posted: December 5, 2014
Vulnerability in BMC Track-It! could allow attackers to execute arbitrary code.
Posted: December 4, 2014
The malware tries to reside in the registry only and hides as a subkey in the computers registry rather than as an executable file
Posted: December 4, 2014
Another victim of a targeted destructive malware attack.
Posted: November 26, 2014
A man-in-the-middle technique called DoubleDirect surfaced recently.
Posted: November 26, 2014
Cybercriminals take advantage of holiday shoppers during this Thanksgiving Day weekend.
Posted: November 19, 2014
Cyber-crime Group Uses USB Malware to Steal Data from Isolated Networks
Posted: November 18, 2014
A new critical Elevation of Privilege has been discovered in Microsoft Windows Kerberos KDC service in multiple Microsoft Operating System.
Posted: November 17, 2014
Magnitude Exploit Kit using HTM5 canvas element to hide Iframe
Posted: November 12, 2014
Dell SonicWALL has analyzed and addressed Microsofts security advisories for the month of November, 2014.
Posted: November 7, 2014
Xposed Framweork module with spying capabilities
Posted: November 7, 2014
This Dell SonicWALL SonicAlert presents a graph showing the seasonal increase in online shopping during the final 3 months of 2013. The graph shows the number of DNS queries for amazon.com. It is meant as a reminder to security administrators to anticipate the holiday shopping season and to prepare end users for the increased exposure to phishing type attacks originating in unsolicited, fraudulent emails.
Posted: October 31, 2014
Multiple memory corruption vulnerabilities exist in HP Sprinter.
Posted: October 31, 2014
Rango Antivirus FakeAV makes a surge
Posted: October 28, 2014
A remote access Trojan (RAT) is a malware that includes a back door over the target computer.
Posted: October 24, 2014
The Dell SonicWall Threats Research team has discovered a malware posing as a game.
Posted: October 24, 2014
SQL injection vulnerability exists in Drupal core database abstraction API.
Posted: October 22, 2014
Microsoft advisory for CVE-2014-6352
Posted: October 16, 2014
The Sandworm attacks thorough a vulnerability in Windows known as CVE-2014-4114.
Posted: October 15, 2014
An information disclosure vulnerability has been discovered in SSL 3.0.
Posted: October 14, 2014
Dell SonicWALL has analyzed and addressed Microsofts security advisories for the month of October,2014.
Posted: October 11, 2014
The Dell SonicWALL Threats Research Team has recently encountered an interesting case of adware that includes some unexpected features, reminiscent of the Flame/SkyWiper cyber espionage malware.
Posted: October 10, 2014
Vulnerability in Android Browser could allow attackers to bypass same origin policy and steal sensitive information.
Posted: October 10, 2014
The malware could steal millions in cash from ATMs around the world without having to use a credit or debit card.
Posted: October 6, 2014
This is the new Variant of Popular CryptoLocker Ransomware which is digitally signed and distributed via advertising campaign on several top ranked Alexa Web sites.
Posted: October 6, 2014
Windseeker uses injection and hooking techniques to monitor chat messengers
Posted: October 3, 2014
GNU Bash is prone to several remote code execution vulnerabilities.
Posted: October 3, 2014
A critical arbitrary code execution vulnerability has been found in GNU Bash
Posted: October 3, 2014
Linux Trojan dropped via CVE-2014-6271 vulnerability
Posted: October 3, 2014
This Trojan comes compressed in ARJ file format, which was a popular compression format back in the 90s, and uses .arj as the file extension.
Posted: October 3, 2014
New Variant of Popular BlackPOS malware that struck Target Company also linked to Home Depot breach
Posted: October 3, 2014
The statistics for SQL Injection attacks indicates it is still active in year 2014
Posted: October 3, 2014
Metasploit modules used by malicious exploit kit in the wild
Posted: October 3, 2014
New Backdoor Trojan seen in the wild.
Posted: October 3, 2014
In our observation, in the last few weeks, number of attack attempts has dropped significantly.
Posted: September 11, 2014
Mini Duke sample that use Social Engineering to gain access to a target system
Posted: September 9, 2014
Dell SonicWALL has analyzed and addressed Microsofts security advisories for the month of September,2014.
Posted: September 5, 2014
Analysis of CVE-2014-1815
Posted: August 29, 2014
Dell SonicWALL keeps monitoring OpenSSL related news and reacts immediately.
Posted: August 29, 2014
Source code for Dendroid leaks online
Posted: August 29, 2014
Spammers take advantage of individuals looking for deals this Labor Day weekend.
Posted: August 22, 2014
Urelas spy Trojan drops multiple malware families
Posted: August 22, 2014
Vulnerability in Samba would cause arbitrary code execution or result in denial-of-service condition.
Posted: August 15, 2014
This fake resume Trojan is capable of downloading additional malware and sending sensitive information to a remote server.
Posted: August 13, 2014
Microsoft has released the August Patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: August 8, 2014
A use after free vulnerability exists in Google Chrome.
Posted: August 7, 2014
New POS bot family Backoff which combines information stealing and memory scrapping functionalities.
Posted: August 4, 2014
The Dell SonicWall threats research team recently spotted a backdoor being distributed as a drive-by-download.
Posted: August 1, 2014
A SQL injection vulnerability exists in clientreport.php in the management console in Symantec Web Gateway (SWG) which allows remote attackers to execute arbitrary SQL commands.
Posted: July 25, 2014
Browserlock is a malicious software designed to lock your browser until a sum of money is paid.
Posted: July 24, 2014
A Potential Push Made to Revive the Zeus Gameover Botnet
Posted: July 18, 2014
Vulnerability in Symantec Web Gateway could result in execution of arbitrary script in the victims browser.
Posted: July 18, 2014
Another Android Trojan that targets Korean Banks identified
Posted: July 12, 2014
SweetOrange Exploit Kit has been seen dropping Qakbot.
Posted: July 8, 2014
Microsoft has released the July Patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: July 3, 2014
Spammers take advantage of individuals looking for deals this Independence Day week.
Posted: June 30, 2014
Android Bankrypt steals and transmits sensitive information from the victims mobile device
Posted: June 27, 2014
Vulnerabilities in SAP Sybase ESP could result in arbitrary code execution or a denial of service condition.
Posted: June 27, 2014
Cryptowall Ransomware uses Bitcoin and TOR exclusively to make tracking harder for authorities.
Posted: June 26, 2014
Analysis of a recent Angler exploit kit drive by attack.
Posted: June 25, 2014
The Dell SonicWALL Threats Research Team recently encountered Ranbyus, a banking trojan related to the Zbot family, which targets Java-based remote banking apps.
Posted: June 20, 2014
Cross-site scripting vulnerability was found in CUPS web interface
Posted: June 13, 2014
As consumers are scrambling for last minute gift ideas for Fathers Day, cybercriminals are also increasing their efforts to divert advertising dollars into their hands.
Posted: June 13, 2014
Cybercriminals are sending fans unsolicited advertisements for free live online streaming of the event and fake world cup related promotions.
Posted: June 10, 2014
Microsoft has released the June Patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: June 10, 2014
First TOR-based File encrypting Android Ransomware.
Posted: June 6, 2014
OpenSSL released security advisory addressing multiple vulnerabilities.
Posted: June 6, 2014
A new Infostealer bot that combines FormGrabbing and Memory Scraping functionality into single malware family.
Posted: May 30, 2014
Dropper Trojan leaks user data and can download additional malware
Posted: May 30, 2014
A directory traversal vulnerability was found in CA ERwin Web Portal
Posted: May 23, 2014
Exploit Analysis of Zero Day Vulnerability Affecting Internet Explorer.
Posted: May 23, 2014
Cyber criminals take advantage of deal-seeking individuals during this Memorial Day weekend.
Posted: May 15, 2014
The Dell SonicWall Threats Research Team observed reports of an Android malware that locks up mobile devices until the victims pay a ransom to unlock the phone, called AndroidLocker.
Posted: May 13, 2014
Microsoft has released the May Patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: May 13, 2014
OpenSSL Heartbleed Vulnerability is still active, and some of the first evidence of hackers using Heartbleed has begun to surface this week.
Posted: May 12, 2014
New security bypass vulnerabilities have been identified in Apache Struts 2.
Posted: May 8, 2014
Eclipse Bot with myriad capabilities
Posted: May 2, 2014
The Dell SonicWall Threats Research Team recently encountered a family of .NET malware with Game of Thrones references that eventually drops a CyberGate remote access trojan.
Posted: May 2, 2014
Buffer overflow vulnerability in Adobe Flash Player could lead to arbitrary code execution.
Posted: May 2, 2014
Microsoft has released an out-of-band security advisory for Internet Explorer on April 26, 2014.
Posted: April 25, 2014
The Dell SonicWALL Threats Research team is seeing an active spam campaign involving an infostealer Trojan that arrives in the form of emails that masquerade as messages from service providers written in the German language.
Posted: April 25, 2014
Adobe Reader Mobile app Javascript code execution vulnerability.
Posted: April 21, 2014
Fareit Trojan drops multiple malware families
Posted: April 11, 2014
Malware spotted in the wild claiming to be Heartbleed vulnerability test tool
Posted: April 11, 2014
OpenSSL HeartBleed Bug is a Critical Information Disclosure Vulnerability.
Posted: April 8, 2014
Microsoft has released the April patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: April 4, 2014
Microsoft Word Zero Day Spotted In The Wild
Posted: April 4, 2014
Cutwail Botnet spam on the rise.
Posted: March 29, 2014
The Onkods botnet continues to propagate via fake JPG attachments, turning victim machines into spam outlets.
Posted: March 24, 2014
Microsoft has released a new Security Advisory, Dell SonicWALL has researched and released the signatures one the same day.
Posted: March 21, 2014
Trojan that steals sensitive system information and transmits it to the attacker
Posted: March 21, 2014
Vulnerabilities in multiple web applications could lead to information disclosure.
Posted: March 13, 2014
The Dell SonicWall Threats Research team has received reports of a Trojan posing as a Microsoft office update opportunely timed with Patch Tuesdays release two days ago.
Posted: March 11, 2014
Microsoft has released the March patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: March 7, 2014
iFrame Injection Attack is still popular as an attack method.
Posted: March 6, 2014
Adobe Flash Zero Day In The Wild
Posted: March 6, 2014
Parcim Trojan steals system information
Posted: February 28, 2014
The Dell SonicWall Threats Research Team has spotted a malicious sample packed with a legitimate installer for Adobe Flash player.
Posted: February 21, 2014
Vulnerability and Exploit Analysis of Latest IE Zero Day.
Posted: February 21, 2014
The Dell SonicWall Threats Research Team has spotted the latest malware being served via the recent CVE 2014-0322 attack.
Posted: February 14, 2014
Zero day Exploit targeting Internet Explorer 10 spotted In the Wild.
Posted: February 14, 2014
Worm gathers sensitive system information and sends it to the attacker
Posted: February 12, 2014
Microsoft has released the February patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: February 9, 2014
Latest Adobe Flash Integer Underflow Vulnerability.
Posted: February 7, 2014
Analysis of a recent Neutrino exploit kit drive by attack.
Posted: February 5, 2014
Malware exploiting CVE-2013-2465 in the wild.
Posted: January 31, 2014
The long running IceFog campaign now spotted targeting US companies
Posted: January 30, 2014
An arbitrary file upload vulnerability exists in the EMC Connectrix Manager Converged Network Edition (CMCNE).
Posted: January 24, 2014
A closer look at XtremeRATs keylogging functionality.
Posted: January 23, 2014
Microsoft IE vulnerability(CVE-2013-2551) used in the latest attacks.
Posted: January 22, 2014
Cryptolocker Ransomware holds files hostage for cash. 300 USD gets your files back.
Posted: January 22, 2014
An aggressive spamming malware found in the wild.
Posted: January 14, 2014
Microsoft has released the January patch-Tuesday bulletins, Dell SonicWALL has researched and released our updates the same day.
Posted: January 10, 2014
Analysis of attack utilizing a combination of Adobe Reader, CVE-2013-3346 and Windows, CVE-2013-5065 Vulnerabilities.
Posted: January 7, 2014
Description
Over the past week we’ve received a massive amount of virus infected spam, which appear to be from the Clerk to the Court claiming recipients must appear in court on a specified date.
Spammers are spreading spam under the guise of prestigious law firms like Latham Watkins, Perkins Coie, Baker Botts, Hogan Lovells,etc.
Posted: January 3, 2014
A fake flash player extension for the Google Chrome browser has been seen hijacking Facebook user accounts to like fan pages the victims want nothing to do with.
Posted: January 3, 2014
Vulnerability in Cisco Prime DCNM could expose sensitive information.
Posted: December 27, 2013
New Tor-based Information stealing Trojan spotted in the wild.
Posted: December 20, 2013
Vulnerability in ABB MicroSCADA could result in remote code execution.
Posted: December 19, 2013
Ticket related spam mails are on the rise over the past few days
Posted: December 13, 2013
New Bitcoin infostealer Trojan spotted in the wild.
Posted: December 10, 2013
Microsoft has released the December patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: December 6, 2013
A new security bypass vulnerability has been identified in Android 4.3 and prior versions
Posted: December 5, 2013
Microsoft Windows privilege escalation vulnerability (CVE-2013-5065) exploit attacks spotted in the wild.
Posted: November 27, 2013
Remote Code Execution Vulnerability in JBOSS EJBInvokerServlet and JMXInvokerServlet
Posted: November 27, 2013
An Elevation of Privilege vulnerability has been identified in Microsoft Windows Kernel component.
Posted: November 27, 2013
Cyber criminals take advantage of savvy shoppers during this Thanksgiving Day weekend.
Posted: November 22, 2013
Infostealer Trojan tracks and reports user activity
Posted: November 20, 2013
Microsoft InformationCardSigninHelper Class ActiveX Exploit spotted in the Wild.
Posted: November 13, 2013
P2P Zeus Trojan has been observed in targeted e-mail spam campaign
Posted: November 12, 2013
Microsoft has released the November patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: November 11, 2013
Increase in Bitcoin mining malware as price soars
Posted: November 11, 2013
A remote code execution vulnerability has been identified in Microsoft Graphics Component.
Posted: November 8, 2013
Vulnerability in IBM iNotes ActiveX control could result in remote code execution.
Posted: November 8, 2013
Antivirus Security Pro FakeAV Downloader Trojan variants being actively spammed in the wild.
Posted: November 1, 2013
Malware exploiting CVE-2013-2465 in the wild.
Posted: November 1, 2013
A Fake excel spreadsheet being distributed through compromised legitimate websites has been seen installing a Backdoor Trojan and overwriting a Windows system file.
Posted: October 25, 2013
An arbitrary file-upload vulnerability exists in the HP Intelligent Management Center Branch Intelligent Management Software (BIMS) module.
Posted: October 25, 2013
Malware switches Bank account number from clipboard to attackers account number
Posted: October 18, 2013
Wave of Zortob Backdoor Trojan discovered in the wild
Posted: October 17, 2013
CVE-2013-1347 is being actively exploited in the wild serving malware upon successful exploit run.
Posted: October 11, 2013
A recent wave of IRC Bots posing as Chrome are seen in the wild downloading additional malware.
Posted: October 10, 2013
CVE-2013-3897 is being actively exploited in the wild serving malware upon successful exploit run.
Posted: October 10, 2013
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of February, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-003 Cumulative Security Update for Internet Explorer (2482017) CVE-2010-3971 – […]
Posted: October 10, 2013
Microsoft has released the October patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: October 4, 2013
Gone with the wings ngrBot dropper active in the wild.
Posted: October 4, 2013
Vulnerability in SIMENS Solid Edge ST4 ActiveX control could result in remote code execution.
Posted: October 1, 2013
Microsoft has released the September patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: September 30, 2013
MAPP released Security Advisory 2887505 regarding an issue that affects all Internet Explorer versions
Posted: September 27, 2013
Microsoft IE vulnerability(CVE-2013-3893) used in the latest attacks.
Posted: September 27, 2013
Vulnerability in HP LoadRunner ActiveX control could result in remote code execution.
Posted: September 26, 2013
CVE-2013-3893 is being actively exploited in the wild serving a malicious Trojan upon successful exploit run.
Posted: September 13, 2013
A fake image file silently installs a commercial keylogger.
Posted: September 6, 2013
An Android malware which can transmit sensitive user information using SMTP
Posted: September 6, 2013
New Zeus dropper Trojan is actively being spammed in the wild using targeted e-mail campaigns.
Posted: September 6, 2013
Latest Java Vulnerability that exploits CVE-2013-2473 is seen in the wild
Posted: August 30, 2013
A new Trustezeb variant is being actively spammed in the wild.
Posted: August 30, 2013
Old IE Vulnerability in the wild.
Posted: August 27, 2013
Citadel Trojan masquerades as UPS Invoice download
Posted: August 22, 2013
Vulnerability in Samba would cause memory exhaustion and result in the denial-of-service condition.
Posted: August 16, 2013
Sites that have been compromised, including some government websites in the Asia Pacific, have been observed redirecting their visitors to an explicit website.
Posted: August 13, 2013
Microsoft has released the August patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: August 9, 2013
New variant of Glupteba Trojan actively served in the wild via Blackhole exploit kits.
Posted: August 9, 2013
A use-after-free vulnerability exists in Mozilla Firefox. Mozilla Firefox before 22.0 do not properly handle onreadystatechange events.
Posted: August 2, 2013
A heap buffer overflow exists in Trimble Navigations SketchUp.
Posted: August 2, 2013
Madang Virus searches and infects executables on the system
Posted: July 26, 2013
Recslurp Trojan steals FTP and Email credentials.
Posted: July 26, 2013
An integer overflow vulnerability exists in Adobe Flash Player which may allow attackers to construct a specially crafted SWF file in order to execute arbitrary code remotely.
Posted: July 19, 2013
A stack-based buffer overflow exists in Corel PDF Fusion which may allow remote attackers to execute arbitrary code by constructing a specially crafted XPS file.
Posted: July 19, 2013
A password stealing Trojan for a popular Chinese online game was seen using a legitimate proxy server in its installation.
Posted: July 12, 2013
New Spambot Trojan with Backdoor functionality spotted in the wild.
Posted: July 11, 2013
Microsoft has released the July patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: July 5, 2013
Vulnerability in Apple QuickTime could result in remote code execution.
Posted: July 5, 2013
Malware capable of stealing Mail and Browser passwords
Posted: July 3, 2013
Cyber criminals take advantage of deal-seeking individuals during this Independence Day week.
Posted: June 28, 2013
New Banker Trojan targeting Brazilian government site spotted in the wild.
Posted: June 28, 2013
Infostealer Trojan with Bitcoin mining and DDoS features spotted in the wild.
Posted: June 26, 2013
A memory corruption vulnerability exists in Apple QuickTime.
Posted: June 26, 2013
Latest Java Vulnerabilities employed in a Drive-By-Download attack.
Posted: June 21, 2013
A variant of the Athena IRCBot spotted in the wild.
Posted: June 21, 2013
A use-after-free vulnerability exists in Microsoft Internet Explorer
Posted: June 14, 2013
Cyber criminals take advantage of shoppers during this Fathers Day weekend.
Posted: June 14, 2013
New Adware Trojan plays continuous audio ads through users speakers
Posted: June 12, 2013
Microsoft has released the June patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures the same day.
Posted: June 7, 2013
This Trojan steals sensitive user information and tries to hinder analysis
Posted: May 31, 2013
Vulnerability in JRE and JDK could result in remote code execution.
Posted: May 24, 2013
Vulnerability in nginx could result in denial of service condition.
Posted: May 24, 2013
Cyber criminals take advantage of deal-seeking individuals during this Memorial Day weekend.
Posted: May 23, 2013
Multiple zero-days have been found in Oracle Java productions in year 2013
Posted: May 17, 2013
DarkKomet Trojan resurfaces in the wild
Posted: May 15, 2013
Microsoft has released the May patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures at the same day.
Posted: May 10, 2013
VertexNet equipped with DDoS command and additional capabilities
Posted: May 9, 2013
With Mothers Day approaching we are seeing an increase in Spam mails with that theme
Posted: May 8, 2013
A remote code execution vulnerability has been identified in Internet Explorer 8.
Posted: May 3, 2013
Stack Buffer Overflow Vulnerability was identified in Oracle Java Products
Posted: May 1, 2013
New Russian botnet discovered
Posted: April 26, 2013
Observed increase in Andromeda botnet spam discovered
Posted: April 19, 2013
Vulnerability in Honeywell HscRemoteDeploy ActiveX control could result in remote code execution.
Posted: April 17, 2013
Malicious RedKit Exploit kit URLs being spammed using Boston bomb blast video lure
Posted: April 12, 2013
Look at a new Delphi Infostealer Trojan found in the wild.
Posted: April 9, 2013
Microsoft has released the April patch-Tuesday bulletins, Dell SonicWALL has researched and released the signatures at the same day.
Posted: April 5, 2013
The Squid Proxy server is an open source internet proxy and web caching application. It is utilized to speed up web servers by caching web pages and other network resources. Squid proxy supports numerous network […]
Posted: April 5, 2013
Checks browser history to report activity about an explicit website
Posted: April 4, 2013
Chinese botnet leaks sensitive system info and awaits instructions
Posted: April 4, 2013
A look at malware invloved in cyberattacks targeting South Korean Banks and broadcasting companies.
Posted: March 29, 2013
Microsoft Computer Browser service is used to share information about workgroups, domains, and the hosts within them. This is an essential Windows service for hosts that wish to browse shared resources. The Browser protocol defines […]
Posted: March 29, 2013
Easter related Spam campaign on the rise
Posted: March 25, 2013
A vulnerability exists in the MySQL Envelope() function when handling serialized Geometry objects.
Posted: March 15, 2013
AyaBot with DDoS capabilities and an additional set of commands
Posted: March 12, 2013
Microsoft has released the March Patch Day bulletins, Dell SonicWALL has researched and released the signatures at the same day
Posted: March 8, 2013
A cross-site scripting vulnerability exists in the way mod_proxy_balancer module of Apache HTTP server handles the URL string for the balancer-manager web interface.
Posted: March 8, 2013
A look at latest variant of Vobfus worm.
Posted: March 1, 2013
Vulnerabilities in SAP NetWeaver can be exploited by malicious people to compromise a vulnerable system.
Posted: February 25, 2013
Bank of America CashPro customers targeted by Tepfer variant.
Posted: February 22, 2013
Vulnerability in Nagios XI Autodiscovery could lead to arbitrary command execution.
Posted: February 21, 2013
An Android Malware that drops Malware on a Windows PC and gathers sensitive information about the user.
Posted: February 14, 2013
A look at spear-phishing attack involving Limitless Keylogger.
Posted: February 12, 2013
Dell SonicWALL has analysed and addressed Microsoft’s security advisories for the month of February, 2013. A list of issues reported, along with Dell SonicWALL coverage information follows: MS13-009 Cumulative Security Update for Internet Explorer CVE-2013-0015 […]
Posted: February 11, 2013
Novell eDirectory is a multi-platform Lightweight Directory Access Protocol (LDAP) server. It is a component of an identity management solution. It utilizes the Novell NetWare Core Protocol (NCP) for communication. NCP manages access to server […]
Posted: February 10, 2013
New Dorkbot adds suite of new features
Posted: February 1, 2013
Rise in Tepfer spam campaigns in last one week that is known for stealing sensitive information and dropping other malware binaries.
Posted: January 30, 2013
A stack based buffer overflow vulnerability has been identified in an officially released Snort rule.
Posted: January 25, 2013
New Trojan uploads photos, adds victims to groups without their knowledge
Posted: January 23, 2013
A stack-based overflow vulnerability has been identified in the Novell eDirectory server.
Posted: January 18, 2013
Red October cyber-espionage malware uses MS Office exploits
Posted: January 16, 2013
During the past weeks several RoR vulnerabilities have emerged.
Posted: January 14, 2013
New Java 0-day drive-by exploit already integrated into Blackhole Exploit Kit
Posted: January 11, 2013
Toll Fraud malware of Android discovered, smuggles contact list and other vital device information
Posted: January 9, 2013
Microsoft January 2013 Security Advisories and Dell SonicWALL Coverage
Posted: January 4, 2013
Vulnerability in Squid could lead to a denial of service condition.
Posted: January 3, 2013
Microsoft has released an out-of-band Advisory on Dec 29th, 2012 addressing an IE vulnerability
Posted: January 2, 2013
Watering hole attacks found employing new use after free vulnerability in Internet Explorer
Posted: December 22, 2012
New File Wiper Trojan targeting Iran
Posted: December 21, 2012
Apple iTunes is a digital media player application used for playback and organization of digital media content. It is also used to manage content on Apple devices such as iPod, iPhone, iPod Touch and others. […]
Posted: December 21, 2012
Adobe Photoshop is an image editor capable of handling numerous image file formats and is available on multiple platforms. One of the file formats supported by Photoshop is the Tagged Image File Format (TIFF). TIFF […]
Posted: December 14, 2012
A botnet that uses Tor services to cloak its communication with servers has been discovered
Posted: December 11, 2012
Dell SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2012. A list of issues reported, along with Dell SonicWALL coverage information follows: MS12-077 Cumulative Security Update for Internet Explorer CVE-2012-4781 […]
Posted: December 6, 2012
A stack buffer overflow vulnerability exists in MySQL database server
Posted: December 6, 2012
A Trojan with advanced features was discovered being served through malicious links in Facebook messages
Posted: December 3, 2012
Vobfus Worm spreads via removable drives and remote shares
Posted: November 27, 2012
A file retrieval vulnerability exists in Novell File Reporter
Posted: November 21, 2012
Trojan that uses Google Docs service to cloak its communication with the server discovered in the wild
Posted: November 20, 2012
A command-injection vulnerability exists in Webmin File Manager Module
Posted: November 16, 2012
Multiple spam campaigns involving new Tepfer Infostealer variants discovered in the wild.
Posted: November 14, 2012
Microsoft November 2012 Security Advisories and Dell SonicWALL Coverage
Posted: November 9, 2012
Vulnerability in UMPlayer could lead to arbitrary command execution in the security context of the logged-in user.
Posted: November 8, 2012
Dark Comet RAT Trojan being served though a Java drive by monitors your keystrokes
Posted: November 2, 2012
Information stealing Cridex Trojan discovered to be spreading through IRS spam mails
Posted: November 1, 2012
A heap memory buffer overflow vulnerability exists in Oracle Java products
Posted: October 31, 2012
Beware of scams and phony charitable requests when you help people in need after Hurricane Sandy
Posted: October 26, 2012
eFax spam uses delivers info stealer Trojan
Posted: October 26, 2012
Vulnerability in Samsung Kies could result in arbitrary command execution.
Posted: October 19, 2012
New Dorkbot variant targeting Skype users spotted in the wild.
Posted: October 19, 2012
Vulnerability in Novell ZENworks Asset Management could expose sensitive information.
Posted: October 12, 2012
Neglemir reports to botnet infrastructure and performs DDOS attacks on selected targets in China
Posted: October 10, 2012
Microsoft October 2012 Security Advisories and Dell SonicWALL Coverage
Posted: October 5, 2012
Trend Micro Control Manager is a centralized security outbreak management console. It is meant to consolidate the coordination of actions and the management of Trend Micro products and services. It is a central command center […]
Posted: October 5, 2012
System Progressive Protection claims that the system is infected with malware and tries to sell the software to the user
Posted: October 5, 2012
An android malware named LuckyCat has been discovered that steals user information and transmits it to the attacker. Moreover it opens a backdoor on the device and enables the attacker to execute commands remotely.
Posted: October 2, 2012
Research Paper: Blackhole Exploit Kit – Rise and Evolution
Posted: September 28, 2012
CrimeSpider Botnet serves up explicit webpages on compromised machines
Posted: September 27, 2012
Directory Traversal vulnerability in HP SiteScope 11.10 through 11.12 allows remote attackers to execute arbitrary code via unknown vectors.
Posted: September 21, 2012
An integer-overflow vulnerability has been found in Novell GroupWise Client application. Dell SonicWALL UTM Research team has released IPS signature to address this issue.
Posted: September 17, 2012
New use-after-free zero day vulnerability in Internet Explorer is being targeted in the wild
Posted: September 12, 2012
Microsoft September 2012 Security Advisories and Dell SonicWALL Coverage
Posted: September 7, 2012
A FakeAV called Win 8 Security System that utilizes a rootkit has been discovered.
Posted: September 6, 2012
Vulnerability GE Proficy KeyHelp ActiveX could result in remote code execution.
Posted: August 29, 2012
Multiple buffer overflow vulnerabilities have been found in EMC AutoStart
Posted: August 28, 2012
Blackhole exploit kit updates to use New Java Zero Day exploit.
Posted: August 24, 2012
SAP NetWeaver is an application framework which forms the base for SAP’s Business Suite. It includes a development and runtime environment for SAP and custom applications. NetWeaver uses the ABAP programming language specifically designed for […]
Posted: August 24, 2012
Psychlo NewBoss v1.0 bot analysis
Posted: August 17, 2012
New Cridex banking Trojan variant discovered that uses banking webpage injection to steal credentials.
Posted: August 14, 2012
Microsoft August 2012 Security Advisories and Dell SonicWALL Coverage
Posted: August 9, 2012
This is the summary of notable 0 day vulnerabilities found in 2012 first half year
Posted: August 3, 2012
Vulnerability in Symantec Web Gateway could result in remote compromise.
Posted: July 31, 2012
Government surveillance tool seen in targeted spear phishing emails
Posted: July 27, 2012
A look at possible Chinese bot using Taliban lure.
Posted: July 27, 2012
Vulnerability in HP Data Protector Express could result in arbitrary code execution.
Posted: July 20, 2012
Java is a programming platform owned by Oracle, which is used for developing cross-platform applications. Java programs run in multiple environments including embedded devices, and smart phones. Java is distributed as the Java Runtime Environment […]
Posted: July 20, 2012
Multiple spam campaigns involving Cridex Banking Trojan, Gamarue worm, and other malware families seen in past week.
Posted: July 13, 2012
New variant of Cridex Banking Trojan was observed in multiple spam themes
Posted: July 11, 2012
Microsoft Security Bulletin coverage of July 2012
Posted: July 6, 2012
A unspecified vulnerability has been found in Oracle’s AutoVue Office product
Posted: July 6, 2012
Observed increase in Blackhole Drive-By-Downloads infections.
Posted: June 29, 2012
A stack buffer overflow has been discovered in Apple QuickTime
Posted: June 29, 2012
Yoshi Bitcoin Mining Botnet discovered in the wild signifies growing threat of Bitcoin mining Trojans.
Posted: June 22, 2012
Vulnerability in MSXML could result in arbitrary code execution.
Posted: June 20, 2012
New FakeAV variant observed spreading through compromised webpages
Posted: June 15, 2012
Increase in number of spam campaigns involving Blackhole exploit sites serving Cridex banking Trojan
Posted: June 13, 2012
Microsoft Security Bulletin coverage of June 2012
Posted: June 8, 2012
Symantec Web Gateway offers web content filtering as well as protection against data loss and malware. It is also capable of SSL decryption, URL filtering and application control. The product exposes a web interface that […]
Posted: June 8, 2012
New Craigslist spam campaign uses Blackhole Exploit to download Cridex Banking Trojan
Posted: June 5, 2012
New sophisticated and modular Flamer Worm was seen in targeted attacks.
Posted: June 1, 2012
SAP NetWeaver is a software framework that provides the foundation for applications in SAP’s Business Suite. It includes development and runtime environments for SAP and custom applications. NetWeaver uses the ABAP programming language developed by […]
Posted: May 25, 2012
New German Ransomware Trojan being spammed in the wild.
Posted: May 25, 2012
A heap-based buffer overflow is found in the Ole API in IBM Rational ClearQuest
Posted: May 18, 2012
New Bitcoin miner Trojan spotted in the wild.
Posted: May 17, 2012
A security bypass vulnerability exists in Digium Asterisk
Posted: May 17, 2012
Microsoft Security Bulletin coverage of May 2012
Posted: May 11, 2012
Malicious links lead to Goblin File Infector Virus
Posted: May 11, 2012
New Adobe Flash Player exploits spotted in the wild targeting recently patched APSB12-09 vulnerability
Posted: May 11, 2012
New ZBot variant discovered in the wild aimed at stealing banking info
Posted: May 11, 2012
Spammers employ fire safety spam schemes to trick users
Posted: May 11, 2012
Brief analysis of AryaN bot builder and an active botnet.
Posted: May 11, 2012
Wire Transfer cancellation spam theme used to deliver Zeus Trojan
Posted: May 11, 2012
AryaN IRC Botnet discovered in the wild can spread through USB removeable drives
Posted: May 11, 2012
New Android Trojan contacts a command and control server and sends premium rate messages
Posted: May 11, 2012
Microsoft has released 6 advisories addressing 11 vulnerabilities for April 2012 Patch Day
Posted: May 11, 2012
Wells Fargo users being targeted by a spam campaign involving a malicious Downloader Trojan
Posted: May 11, 2012
New LockScreen Ransomware Trojan discovered in the wild.
Posted: May 11, 2012
Specially crafted malicious PDF spammed in the wild
Posted: May 11, 2012
Zeus spam campaigns using Blackhole exploit kit compromised websites to target Intuit Inc. and Better Business Bureau users
Posted: May 11, 2012
FakeAV spam campaign continues with Smart Protection 2012
Posted: May 11, 2012
Trustezeb Trojan comes disguised in hotel reservation spam campaign
Posted: May 11, 2012
A new Banker Trojan variant being spammed in the wild.
Posted: May 11, 2012
Newer variant of Zbot of Trojan spammed in the guise of Chinese new year wishes
Posted: May 4, 2012
Vulnerabilities in Oracle GlassFish Administration Console could result in script execution in the browser.
Posted: April 27, 2012
LANDesk Lenovo ThinkManagement Suite is an application for monitoring and maintaining the availability of devices on the network. It forms the foundation of other LANDesk products such as Lenovo Hardware Password Manager, Security Suite, and […]
Posted: April 20, 2012
IBM Tivoli Provisioning Manager Express automates management of software distribution. It helps identify non-compliant users and deploy software updates to reduce user downtime and the need for support. IBM Tivoli Provisioning Manager Express runs a […]
Posted: April 5, 2012
There is a type safety vulnerability in the Java Runtime Environment, and it has been used by virus Flashback Trojan.
Posted: March 30, 2012
Microsoft Security Bulletin coverage of March 2012
Posted: March 29, 2012
Vulnerability in IBM Tivoli Provisioning Manager Express allows an attacker to grant Administrator privileges.
Posted: March 23, 2012
Stack buffer overflow vulnerability in VLC Media Player may allow the attacker to execute arbitrary code with the privileges of the VLC Media Player process.
Posted: March 9, 2012
The Java software platform owned by Oracle is a system for developing cross-platform applications. Java is distributed in the form of various tools such as the Java Runtime Environment (JRE) and the Java Development Kit […]
Posted: March 1, 2012
A heap buffer overflow is found in PHP
Posted: February 24, 2012
A stack overflow vulnerability exists in the zip utility libraries distributed with the Java Runtime Environment
Posted: February 15, 2012
Microsoft Security Bulletin coverage of February 2012
Posted: February 10, 2012
Vulnerability in Apache HTTP server’s mod_log_config module could result in DoS condition
Posted: February 3, 2012
Apache Struts is a framework for building Java-based web applications. There are two major versions of the Struts framework, Struts, and Struts 2. The framework enables web application developers to separate business logic from user […]
Posted: February 3, 2012
Compromised Wordpress sites use Black-Hole Exploit for Drive-by Infection
Posted: January 27, 2012
Trend Micro Control Manager is a command center for management of virus infections and other suspicious events. It consolidates the coordination of outbreak prevention actions and management of Trend Micro products and services. Control Manager […]
Posted: January 20, 2012
Fake Canada Post Spam campaign leads to Trojan to steals potentially sensitive information.
Posted: January 18, 2012
An Integer Underflow vulnerability is found in Apple QuickTime
Posted: January 13, 2012
Multiple spam campaigns involving new Zeus Trojan variants spotted in the wild.
Posted: January 12, 2012
Microsoft has released 7 advisories addressing 8 vulnerabilities during January Black Friday.
Posted: January 6, 2012
Newer variant of MokesLoader Trojan downloader being spammed in DHL spam campaign
Posted: January 5, 2012
Vulnerability in InduSoft Web Studio can result in arbitrary file creation or code execution.
Posted: January 3, 2012
Microsoft has released an out-of-band bulletin MS11-100 to cover four vulnerabilities.
Posted: December 22, 2011
New American Arlines Ticket Spam campaign spreads well known FakeAV: XP Home Security 2012.
Posted: December 21, 2011
Microsoft Publisher is a document design application for print, web, and various other formats. Publisher is available individually or as part of the Microsoft Office suite. The default file extension for Publisher files is pub. […]
Posted: December 16, 2011
New Banking Trojan infects bootloader and steals banking data
Posted: December 14, 2011
Zero-Day exploit for critical vulnerability in Adobe Reader and Acrobat spotted in wild.
Posted: December 13, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of December, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-087 Vulnerability in Windows Kernel-Mode Drivers Could Allow Remote Code […]
Posted: December 8, 2011
A code execution vulnerability exists in Cisco WebEx Player.
Posted: December 2, 2011
A policy bypass vulnerability is found in Apache HTTP server.
Posted: December 1, 2011
New Trojan ironically uses anti malware tool to disable Anti-virus software by deleting files.
Posted: November 23, 2011
HP Data Protector Media Operations facilitates tracking and management of storage media, as well as data recovery. It tracks online and offline media such as magnetic tapes. HP Data Protector Media Operations includes an administration […]
Posted: November 23, 2011
UPS Invoice Notification spam campaign seen in the wild
Posted: November 18, 2011
Oracle’s Hyperion is composed of various business performance management and business intelligence software. The Hyperion Financial line of products includes financial reporting and analysis components. Installation of Hyperion Financial on Windows systems will result in […]
Posted: November 18, 2011
Botnet operators leveraging CPU cycles of infected machines to mine Bitcoins
Posted: November 10, 2011
Rejected Federal Tax payment spam campaign delivering Downloader Trojan in the wild.
Posted: November 8, 2011
November 2011 Microsoft Security Bulletin Coverage
Posted: November 8, 2011
A remote code execution vulnerability has been found in Microsoft Windows Win32k TrueType font parsing engine
Posted: November 8, 2011
New Banker Trojan redirects logon credentials to remote server
Posted: November 8, 2011
Vulnerability in Oracle AutoVue could result in arbitrary file creation.
Posted: November 8, 2011
An arbitrary file creation vulnerability exists in Safari’s use of the WebKit rendering engine.
Posted: November 8, 2011
New backdoor trojan seen in the wild
Posted: November 8, 2011
New USPS email spam seen in the wild.
Posted: November 8, 2011
An integer overflow vulnerability exists in Oracle Outside In
Posted: November 8, 2011
A new Android Malware masquerading as Netflix application found in the wild.
Posted: November 8, 2011
October 2011 Microsoft Security Bulletin Coverage
Posted: October 7, 2011
Vulnerability in Novell GroupWise Internet Agent could result in arbitrary code execution.
Posted: October 6, 2011
New GPU based Bitcoin Trojan creates pool of miners to generate bitcoins.
Posted: September 30, 2011
The Apache HTTP server is the most popular web server used on the Internet. The server comes bundled with optional plug-in modules which are loaded at run-time to extend its functionality. Two technologies supported by […]
Posted: September 29, 2011
Flashback Backdoor Trojan masquerades as Adobe flash player installer
Posted: September 23, 2011
Microsoft SharePoint Server is an ASP.NET product intended for collaboration, file sharing, web publishing and other social networking functions. The server runs on the Microsoft IIS web server. SharePoint farms host web sites, intranets, extranets, […]
Posted: September 21, 2011
Fake AV authors targets Skype users via automated VOIP calls.
Posted: September 13, 2011
New SpyEye variant targets android devices and intercepts your messages.
Posted: September 13, 2011
There are five bulletins are released on September 2011 Microsoft Patch Day.
Posted: September 9, 2011
New Screen Lock Ransomware poses as Microsoft License Manager
Posted: September 8, 2011
A format string vulnerability exists in an ActiveX component of Broadwin Technology’s WebAccess client.
Posted: September 1, 2011
Vulnerability in Apache HTTP server could lead to denial-of-service condition
Posted: August 31, 2011
A new worm spreading through RDP seen in the wild.
Posted: August 25, 2011
Vulnerability in RealPlayer could lead to arbitrary code injection and execution
Posted: August 25, 2011
Ramnit evolves into a Financial malware exhibiting Zeus-like MitB functionality.
Posted: August 19, 2011
Mozilla Firefox is a web browser developed by the Mozilla Foundation. Firefox is capable of rendering multiple types of content such as HTML, XML, XUL, JavaScript, and popular media formats among others. Firefox is distributed […]
Posted: August 18, 2011
A new variant of Android Malware Nickispy seen in the wild.
Posted: August 11, 2011
Banker Trojan steals information via compromised webservers
Posted: August 10, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-057 Cumulative Security Update for Internet Explorer Window Open Race […]
Posted: August 4, 2011
Spygold trojan found listening in on android phone communications
Posted: August 1, 2011
A memory corruption vulnerability has been found in the WebKit component of Safari
Posted: July 28, 2011
Wrong Hotel transaction spam campaign delivering Fake AV Downloader Trojan in the wild.
Posted: July 28, 2011
An integer buffer overflow vulnerability exists in libsndfile
Posted: July 22, 2011
Oracle Warehouse Builder (OWB) is an Extract, Transform, and Load (ETL) tool for managing data for business intelligence systems. Every Oracle 11g database product includes OWB as a bundled component. The Oracle Database supports querying […]
Posted: July 21, 2011
New banking Trojan found in the wild.
Posted: July 14, 2011
The trend of FakeAV software continues with XP Internet Security 2011.
Posted: July 13, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of July, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-053 Vulnerability in Bluetooth Stack Could Allow Remote Code Execution […]
Posted: July 8, 2011
New FakeAV being spammed in financial spam campaign
Posted: July 8, 2011
Vulnerabilities in Citrix Provisioning Services could lead to arbitrary code execution
Posted: June 30, 2011
Fake Credit Card and IRS notices delivering Chepvil Trojan being spammed in the wild.
Posted: June 30, 2011
Vulnerability in ISC BIND could lead to crash of named process
Posted: June 23, 2011
Vulnerability in Adobe Shockwave player could lead to arbitrary code injection and execution
Posted: June 23, 2011
New McDonald’s free dinner e-mail spam leads to FakeAV
Posted: June 17, 2011
Fake MS Removal Tool forces users to buy Fake AV software by rendering the system unusable.
Posted: June 15, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of June, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-037 Vulnerability in MHTML Could Allow Information Disclosure (2544893) MHTML […]
Posted: June 10, 2011
A denial of service vulnerability was found in Microsoft Host Integration Server
Posted: June 8, 2011
New fake windows recovery malware observed in the wild
Posted: June 2, 2011
A command execution vulnerability exists in HP Data Protector Client
Posted: June 1, 2011
New Facebook clickjacking worm targeting Mac and Windows users.
Posted: May 27, 2011
RealNetworks operates a digital games service that includes downloadable and online games and subscription services. RealNetworks RealGames provides games for PC, mobile and social networks. RealGames owns multiple gaming brands such as RealArcade, Zylom, Gamehouse, […]
Posted: May 25, 2011
Fake VirusTotal website serves Malware via Drive-by Download
Posted: May 24, 2011
Malicious java applet leads to infection
Posted: May 22, 2011
FakeXvid.A – Spam links perform drive-by infections.
Posted: May 20, 2011
Postfix is a mail server for Unix-like platforms commonly used as a replacement for Sendmail. The SMTP protocol defines a set of commands that are used to deliver email messages between connected systems. The full […]
Posted: May 10, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of May, 2011
Posted: May 6, 2011
A pointer manipulation vulnerability exists in Microsoft Excel
Posted: May 4, 2011
Rogue AV targeting Mac users spotted in the wild.
Posted: May 3, 2011
SCADA systems are growing, and the security issues come at the same time
Posted: April 29, 2011
Spam from your Facebook account worm propagating in the wild.
Posted: April 29, 2011
A SQL Injection vulnerability exists in CA Total Defense Suite that can lead to disclosure of sensitive information.
Posted: April 22, 2011
A code execution vulnerability exists in Adobe Flash Player and the “authplay.dll” file that ships with Adobe Reader and Acrobat X products. The vulnerability could allow a remote attacker to inject and execute arbitrary code on the affected system.
Posted: April 21, 2011
Fakerean_7 is malicious fake antivirus software that attempts to scare users into buying the product.
Posted: April 13, 2011
Rayon worm was found propagating in the wild
Posted: April 12, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of April, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-018 Cumulative Security Update for Internet Explorer (2497640) CVE-2011-0094 – […]
Posted: April 12, 2011
March 2011 Microsoft security bulletins coverage
Posted: April 8, 2011
IBM solidDB is a relational database management system comprised of an in-memory, as well as traditional database. solidDB listens on two ports by default, TCP/1315 or TCP/2315. The format of the protocol used for network […]
Posted: April 8, 2011
Rise in Oficla spam campaigns in past two weeks.
Posted: April 1, 2011
Mass SQL injection compromised millions of websites
Posted: March 31, 2011
Design error in Cisco Secure Desktop could lead to arbitrary code execution
Posted: March 25, 2011
Delf.EP Trojan steals online banking passwords via remote webserver.
Posted: March 25, 2011
A code execution vulnerability exists in Novell Netware FTP Server.
Posted: March 18, 2011
New variant of Momibot worm propagating in the wild.
Posted: March 17, 2011
New Adobe Flash 0-day exploit being used in the wild
Posted: March 11, 2011
Tedroo trojan was discovered spamming new Spyeye variant
Posted: March 4, 2011
New sophisticated banking Trojan resembling functionality of Zeus and SpyEye found in the wild.
Posted: March 3, 2011
A heap buffer overflow vulnerability is discovered in VLC Media player
Posted: February 25, 2011
New variant of Instant Messenger worm spreading through Windows Live Messenger.
Posted: February 18, 2011
Microsoft Windows Active Directory is a directory service running on Windows domain controllers. Active Directory utilizes the Computer Browser service technology to collect, distribute, and obtain information about workgroups, domains, and individual hosts on a […]
Posted: February 18, 2011
Buzus.GDEF spreads in the wild
Posted: February 18, 2011
Koobface.HJV – A new worm spreading in the wild.
Posted: February 11, 2011
SEO poisoning techniques used to spread FakeAV
Posted: February 4, 2011
There was huge network traffic during the passed holiday season, let uss look at the spikes we got.
Posted: January 27, 2011
New variant of Trojan Ransomware seen in the wild
Posted: January 25, 2011
A code execution vulnerability exists in RealPlayer IERPPlugin ActiveX control
Posted: January 21, 2011
HP OpenView consists of a suite of network and system management software applications developed by HP. It includes several optional modules and components, such as OpenView Quality Manager, OpenView Performance Insight, and OpenView Network Node […]
Posted: January 20, 2011
New malicious PDF being spammed in the wild
Posted: January 14, 2011
A new Trojan spreading in the wild the silently installs system configuration application.
Posted: January 11, 2011
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of January, 2011. A list of issues reported, along with SonicWALL coverage information follows: MS11-001 Vulnerability in Windows Backup Manager Could Allow Remote Code […]
Posted: January 7, 2011
A stack-based buffer-overflow vulnerability exists in HP Photo Creative ActiveX control audio.Record
Posted: January 5, 2011
A new variant of IM worm spreading in the wild through Yahoo Messenger, AIM, MSN as well as in Social Networking site- Facebook.
Posted: December 23, 2010
Fake Desktop Utilities seen in the wild
Posted: December 21, 2010
Use-After-Free vulnerability in Internet Explorer would result in arbitrary code injection
Posted: December 16, 2010
Wikileaks popularity being exploited by cyber criminals
Posted: December 15, 2010
Microsoft December 2010 Security Bulletins Coverage
Posted: December 10, 2010
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. It consists of a Cell Manager, backup agents, and backup device servers. The Cell Manager is the central point from which […]
Posted: December 9, 2010
Gbot Trojan can steal user information.
Posted: December 3, 2010
Microsoft Internet Explorer (IE) is one of the most popular web browsers on the Internet. Internet Explorer is capable of rendering both static and dynamic web contents, such as DHTML. It can also be used […]
Posted: December 3, 2010
Zbot Returns with new variants seen in the wild
Posted: November 24, 2010
New variant of Peer-to-Peer (P2P) Worm spreading in the wild.
Posted: November 23, 2010
A stack buffer overflow exists in Novell iPrint Client. A remote attacker can leverage this vulnerability by enticing a target user to open a specially crafted web page.
Posted: November 22, 2010
Rise in Black Hat Search Engine Optimization campaign targeting holiday shopping season related search terms.
Posted: November 18, 2010
A buffer-overflow vulnerability exists in the Novell GroupWise Internet Agent service.
Posted: November 12, 2010
New Fake Antivirus malware that masquerades as “Microsoft Security Essentials”
Posted: November 9, 2010
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of November, 2010. A list of issues reported, along with SonicWALL coverage information follows: MS10-087 Vulnerabilities in Microsoft Office Could Allow Remote Code Execution […]
Posted: November 5, 2010
Microsoft Excel is a spreadsheet application released as a component of the Microsoft Office suite. The application can create complex spreadsheets with multiple workbooks, formulas, and various data sources. The file format used for storing […]
Posted: November 5, 2010
New Internet Explorer 0-day Vulnerability being exploited in the wild.
Posted: October 29, 2010
A policy bypass vulnerability has been reported in IBM Rational Quality Manager and Test Lab Manager.
Posted: October 28, 2010
New Adobe Acrobat 0-day Vulnerability being exploited in the wild
Posted: October 22, 2010
NULL pointer dereference vulnerability in HP Data Protector Media Operations could result in Denial of Service
Posted: October 21, 2010
New Bandok Trojan seen in the wild
Posted: October 15, 2010
Qbot Infostealer Trojan being spammed in the wild
Posted: October 13, 2010
Microsoft Patch Day for October 2010
Posted: October 8, 2010
A new file infector seen in the wild.
Posted: October 7, 2010
A memory corruption vulnerability exists in Apple Safari.
Posted: October 1, 2010
New variant of Oficla Trojan seen in Facebook spam campaign
Posted: October 1, 2010
HP OpenView Storage Data Protector is a backup solution for enterprise and distributed environments. The Data Protector environment consists of various components and services controlled by a management console. The management console provides quick access […]
Posted: September 27, 2010
Resume spam containing a new variant of Fake AV Downloader Trojan seen in the wild.
Posted: September 24, 2010
Lotus Domino is an IBM server product that provides enterprise e-mail and collaboration capabilities. The server can be used as an application server for Lotus Notes applications as well as a web server. One of […]
Posted: September 16, 2010
New FakeAV Spam campaign seen in the wild
Posted: September 15, 2010
September 2010 Microsoft Security Bulletins Coverage
Posted: September 11, 2010
New variant of Autorun worm seen propagating in the wild
Posted: September 9, 2010
Vulnerabilities in MySQL would cause the database server to terminate abnormally.
Posted: September 3, 2010
Bamital Trojan installer being distributed in the wild as part of Pay-Per-Install campaign by malware authors.
Posted: September 3, 2010
A code execution vulnerability is found in Apple QuickTime player web browser plugin
Posted: August 25, 2010
A Use-after-free vulnerability in WebKit in Apple Safari.
Posted: August 25, 2010
A new PS3 Jailbreak Trojan seen being distributed in the wild.
Posted: August 20, 2010
The Microsoft Windows operating system ships with an implementation of the Server Message Block (SMB) protocol. SMB is a widely used protocol that allows for sharing network devices and remote procedure calls, among other things. […]
Posted: August 19, 2010
New variant of Ackantta Trojan seen in Twitter spam campaign
Posted: August 12, 2010
A new variant of Yahos worm spreading in the wild through Yahoo Messenger, AOL, Skype and MSN as well as in Social Networking site- Facebook.
Posted: August 11, 2010
SonicWALL has analyzed and addressed Microsoft’s security advisories for the month of August, 2010. A list of issues reported, along with SonicWALL coverage information follows: MS10-047 Vulnerabilities in Windows Kernel Could Allow Elevation of Privilege […]
Posted: August 6, 2010
Rise in Bredolab spam campaigns in the last 24 hours
Posted: August 5, 2010
Vulnerability in Symantec Alert Management System 2 could lead to arbitrary command execution
Posted: August 2, 2010
Rise in Zeus spam campaigns in last 24 hours
Posted: July 29, 2010
Vulnerability in Apache Struts2 could lead to arbitrary command execution
Posted: July 26, 2010
The Ipswitch IMail Server is a mail server geared towards medium to large size organizations. It implements the POP3, IMAP4, and SMTP protocols. The SMTP server module is installed and started in a default installation. […]
Posted: July 23, 2010
New variant of Peer-to-Peer (P2P) Worm Prolaco spreading in the wild.
Posted: July 16, 2010
Microsoft Outlook email client is an implementation of all popular email protocols such as SMTP, POP3 and IMAP, as well as Microsoft’s own proprietary standards. Attachments, rich text or HTML emails are transferred between email […]
Posted: July 16, 2010
New wave of spam emails involving Bredolab Trojan
Posted: July 9, 2010
Multiple spam campaigns involving new Oficla Trojan variants spotted in last few days.
Posted: July 8, 2010
A remote code execution vulnerability exists in VMware SpringSource Spring Framework
Posted: July 1, 2010
Vulnerability in Windows Help and Support Center (CVE-2010-1885) being exploited in the wild
Posted: July 1, 2010
A denial of service vulnerability is found in the Novell iManager web application.
Posted: June 25, 2010
A new Rogue AV – Defense Center being spammed in the wild.
Posted: June 25, 2010
Vulnerability in HP OpenView NNM could lead to arbitrary code execution
Posted: June 18, 2010
New malware targeting Facebook users.
Posted: June 18, 2010
Vulnerability in ISC DHCP Server allows attackers to terminate the service
Posted: June 10, 2010
A Cross Site Scripting vulnerability is found in Microsoft Windows Help and Support Center application.
Posted: June 8, 2010
Zero-Day exploit for critical vulnerability in Adobe Flash player spotted in wild.
Posted: June 4, 2010
A new Rogue AV – Protection Center being spammed in the wild.
Posted: June 4, 2010
A new Rogue AV – Desktop Security 2010 spotted in the wild.
Posted: June 3, 2010
A buffer-overflow vulnerability is found in “One time Passwords In Everything” (OPIE)
Posted: May 28, 2010
Adobe Photoshop is a multi-platform graphics editor developed and published by Adobe Systems. Adobe Photoshop is capable of handling numerous types of image file formats. One of the formats it can handle is ABR. ABR […]
Posted: May 28, 2010
A fairly new crimeware toolkit that has ability to kill Zeus
Posted: May 21, 2010
MySQL is an open-source implementation of a relational database. The database uses the MySQL protocol to communicate with clients over the network. MySQL has a number of built-in SQL functions which are designed to help […]
Posted: May 21, 2010
A new Keylogger being distributed in the wild.
Posted: May 14, 2010
New Zbot Trojan variant being spammed via fake email messages pretending to contain a Amazon order tracking number.
Posted: May 14, 2010
Vulnerability in HP OpenView NNM could lead to arbitrary code execution
Posted: May 5, 2010
Vulnerability in Microsoft Windows SharePoint Services allows cross-site scripting.
Posted: April 29, 2010
An SQL Injection vulnerability exists in the Oracle Database server
Posted: April 28, 2010
New PDF malware spam targeting an unfixed Adobe PDF flaw being seen in the wild.
Posted: April 23, 2010
FakeAV Spam Continues its surge with different themes
Posted: April 22, 2010
A memory corruption vulnerability exists in the SMB on Microsoft Windows
Posted: April 16, 2010
Windows Media Player (WMP) is a digital media player and media library application developed by Microsoft. The player is capable of playing audio, video, viewing images among other media related functions. Windows Media Player can […]
Posted: April 15, 2010
New Banker Trojan spam campaign involving fake McAfee E-mail Protection alert.
Posted: April 14, 2010
Vulnerability in Java Web Start could result in execution of arbitrary code
Posted: April 9, 2010
Bredolab spam campaigns involving DHL parcel email and Facebook password reset continues.
Posted: April 9, 2010
New spammed wave of Storm emails was discovered
Posted: April 9, 2010
The Novell Netware operating system provides file sharing and other services such as printing and email. Netware includes an FTP server which facilitates the transfer of files to and from Netware volumes. File transfers can […]
Posted: April 9, 2010
New Spam Campaign involving DHL Tracking services email and Facebook password reset is being actively used by authors of Bredolab to spam new variants of this Trojan.
Posted: April 5, 2010
SonicWALL UTM Research team observed reports of a new Trojan targeting Vietnamese speakers.
Posted: April 1, 2010
Using social engineering techniques attackers can run arbitrary code in Adobe Reader.
Posted: March 26, 2010
New ZBot Trojan variant being spammed via previously seen Fake IRS notice spam theme in order to take advantage of the Tax period deadline.
Posted: March 25, 2010
Vulnerability in SAP GUI could result in execution of arbitrary commands
Posted: March 22, 2010
Facebook Password Reset Email spam wave continues
Posted: March 18, 2010
A heap buffer overflow exists in Opera.
Posted: March 11, 2010
Rise in Rogue Antivirus Black hat Search Engine Optimization campaign
Posted: March 10, 2010
An Invalid Pointer Release vulnerability was found in Microsoft Internet Explorer.
Posted: March 5, 2010
The IBM Informix is a family of relational database management system (RDBMS) products. The Informix Dynamic Server (IDS) is an online transaction processing data server. Numerous RPC services included in the IDS are provided through […]
Posted: March 2, 2010
New variant of Pushbot worm targetting MSN as well as Yahoo Messenger users.
Posted: February 26, 2010
Bredolab Trojan spam going strong with a new “settings file” theme
Posted: February 26, 2010
Symantec Antivirus and Symantec Client Security are applications designed to protect against the threat of viruses, malware, and other intrusion attempts. These applications use the Microsoft Windows COM framework to implement some of their functionality. […]
Posted: February 18, 2010
Kneber Botnet making buzz in the news.
Posted: February 18, 2010
Vulnerability in Windows ShellExecute() function could lead to arbitrary command execution
Posted: February 16, 2010
Sharp increase in Bredolab spam campaigns in last two days.
Posted: February 11, 2010
Vulnerability in Microsoft SMB client implementation could result in arbitrary code injection and execution
Posted: February 4, 2010
An Information Disclosure exists in Microsoft Internet Explorer.
Posted: January 27, 2010
A command execution vulnerability exists in Oracle WebLogic Server’s Node Manager utility
Posted: January 22, 2010
Oracle Secure Backup is a centralized tape backup management suite. It comprises of a server that allows an administrator to centrally manage data on network-attached storage devices and distributed multi-platform hosts. The transfer of data […]
Posted: January 18, 2010
Updated BlackEnergy DDos Botnet kit employs spamming emails and facilitates online banking fraud.
Posted: January 18, 2010
New Internet Explorer zero-day vulnerability being exploited in the wild via specially crafted web pages.
Posted: January 15, 2010
A 0day memory corruption vulnerability, codenamed Aurora, in the Internet Explorer browser has been disclosed. Most versions of the product are affected by the flaw. The vulnerability can be leveraged by accessing a freed or […]
Posted: January 8, 2010
A design weakness exists in Symantec VERITAS Web Server which allows attackers to bypass authentication and run arbitrary web application.
Posted: January 8, 2010
Bredolab Trojan authors continues their spam campaigns involving MySpace password reset and Facebook password reset, first one in year 2010, to spam new variants of this Trojan.
Posted: December 30, 2009
A memory corruption vulnerability exists in VideoLAN VLC Media Player, which can be exploited by attackers to compromise a vulnerable system.
Posted: December 30, 2009
New Year greeting card spam pretending to contain a link to the e-card that leads to a malicious website.
Posted: December 22, 2009
A stack buffer overflow vulnerability is found in Intellicom NetBiter Config utility
Posted: December 18, 2009
A global buffer overflow exists in webappmon.exe application of HP OpenView Network Node Manager.
Posted: December 16, 2009
New Adobe 0-day vulnerability being exploited in the wild via specially crafted PDF files.
Posted: December 11, 2009
A new variant of Koobface worm was found in the wild. This time around the fake video poses as a message from Santa.
Posted: December 11, 2009
Microsoft Internet Explorer version 8, the latest version to date, contains a memory corruption vulnerability. The flaw exists due to an inproper handling of script modified DOM structures. DOM defines an object oriented structure of […]
Posted: December 4, 2009
The Adobe Illustrator is a comprehensive vector graphics environment. It supports numerous vector file formats such as CDR, PDF, and PS/EPS, among others. PostScript (PS) is a programming language that is mostly utilized as a […]
Posted: December 1, 2009
New ZBot Trojan variant being spammed via fake email message pretending to arrive from U.S. Centers for Disease Control (CDC) regarding H1N1 program.
Posted: November 25, 2009
A memory corruption vulnerability was found in Microsoft Internet Explorer web browser. And the 0day exploit is circulating in the wild.
Posted: November 25, 2009
New MSN messenger worm found in the wild with very low detection
Posted: November 18, 2009
A stack-based buffer overflow vulnerability exists in the Ser-U Web Server.
Posted: November 17, 2009
New Zbot variant spammed targeting Verizon wireless customers.
Posted: November 13, 2009
New Banker Trojan targeting BBVA Group customers being spammed via fake e-mail message pretending to arrive from BBVA Group.
Posted: November 12, 2009
A vulnerability has been reported in Microsoft Windows Web Services on Devices API (WSDAPI), which can be exploited by attackers to compromise a vulnerable system.
Posted: November 12, 2009
A vulnerability has been reported in the Symantec Altiris Deployment Solution, which can be exploited by attackers to compromise a vulnerable system.
Posted: November 3, 2009
Yet another example of the Rogue AV authors using search engine optimization technique to infect web users.
Posted: October 30, 2009
The Oracle Database Server ships preloaded with extra packages to extend its functionality. These packages are in the forms or procedures, functions, variables, etc. The packages are essentially sets of SQL statements stored on the […]
Posted: October 30, 2009
New social engineering tactics involving Facebook and Myspace related fake emails is being actively used by the authors of Bredolab and Zbot to spam new variants of the Trojan.
Posted: October 23, 2009
The Advanced Systems Format (ASF) is an extensible file format designed for storing and playing synchronized digital media streams. The ASF file is organized in multiple sections called objects. All ASF objects begin with a […]
Posted: October 23, 2009
New FakeAV Trojan variant being spammed via fake email message pretending to arrive from Microsoft Windows computer safety division.
Posted: October 16, 2009
New FakeAV Trojan variant being spammed via fake email message pretending to arrive from 123Greetings.com.
Posted: October 16, 2009
Google Apps is prone to a vulnerability that lets attackers inject commands through “googleapps.url.mailto” handler.
Posted: October 9, 2009
New ZBot Trojan variant being spammed via fake email message pretending to contain a notice from IRS.
Posted: October 8, 2009
PKERNEL.NLM module of Novell Netware is prone to buffer overflow vulnerability.
Posted: October 6, 2009
Mariposa botnet, identified in May 2009, is now found in 50 of Fortune 100 companies.
Posted: October 6, 2009
A new Merond worm variant is being spammed in the wild via fake Twitter invitation e-mail messages.
Posted: October 6, 2009
An argument injection vulnerability is found in IBM Installation Manager
Posted: October 6, 2009
There is a remote file execution vulnerability found in Symantec Altiris Deployment Solution.
Posted: September 22, 2009
New Trojan Murlo.CBA being spammed via fake email message pretending to contain postal parcel tracking number of an online order.
Posted: September 18, 2009
A new Trojan found in the wild that uses Google Groups newsgroups for control commands.
Posted: September 18, 2009
The QuickTime multimedia player supports a wide range of media formats. It is capable of parsing and displaying images as well as audio and video files. One of the image file formats supported by QuickTime […]
Posted: September 14, 2009
Microsoft Windows operating systems ship with an implementation of the Server Message Block (SMB) protocol. SMB allows for sharing network devices and facilitates RPC among other functions. The service listens on TCP ports 139 and […]
Posted: September 14, 2009
Strong increase in Bredolab.X spam campaigns.
Posted: September 3, 2009
Stack-based buffer overflow in IIS FTP server allows attackers to execute arbitrary code or crash the service.
Posted: September 1, 2009
New Trojan intercepts Skype audio conversations and relays it back to the hacker.
Posted: August 27, 2009
Vulnerability in Microsoft Office Web Components (OWC) could lead to arbitrary code injection and execution.
Posted: August 25, 2009
Malware authors have developed a cross-site scripting worm that’s spreading across a Chinese social networking website.
Posted: August 20, 2009
A denial of service vulnerability exists in Firebird database server
Posted: August 18, 2009
Social networking sites like Twitter, Jaiku, Tumblr being used to control a Botnet.
Posted: August 13, 2009
A double free vulnerability is discovered in Microsoft Windows Workstation service.
Posted: August 11, 2009
A new variant of Koobface worm was found in the wild.
Posted: August 7, 2009
Microsoft Internet Explorer browser provides web developers with the ability to dynamically modify, and style, a web page via the Document Object Model (DOM) and Cascading Style Sheets (CSS). The Document Object Model is a […]
Posted: August 7, 2009
New Bredolab Trojan variant being spammed via fake email message pretending to contain a UPS invoice.
Posted: August 5, 2009
Fake anti-virus software continues to evolve and pose threat to users.
Posted: July 31, 2009
Security-bypass vulnerability in multiple browsers allows attackers to perform man-in-the-middle attacks.
Posted: July 24, 2009
New Adobe Flash 0-day exploit being used in the wild via malicious drive-by sites
Posted: July 24, 2009
Cross-site scripting vulnerability in WebLogic Server allows attacks to inject arbitrary HTML or script code
Posted: July 16, 2009
New ZBot variant Downloader Trojan being spammed in the wild
Posted: July 13, 2009
A zeroday vulnerability has been published today affecting the Microsoft Office Web Components ActiveX controls. The flaw exists in the controls used by IE to display Excel spreadsheets. Exploitation requires enticing the target user to […]
Posted: July 7, 2009
ActiveX controls in msvidctl.dll are prone to buffer overflow vulnerability.
Posted: July 2, 2009
A buffer overflow vulnerability exists in Apple iTunes which could lead to arbitrary code execution or crash of application.
Posted: June 26, 2009
New Trojan Downloader being spammed taking advantage of the news of Michael Jackson’s death
Posted: June 25, 2009
The CA ARCserve Backup products offer data protection for distributed servers, clients, databases and applications. They offer centralized control over backup and restore operations among other services. CA ARCserve Backup Message Engine is one of […]
Posted: June 23, 2009
New critical Outlook update spam links to a Zbot Trojan.
Posted: June 19, 2009
A vulnerability has been discovered in the Microsoft Internet Explorer web browser. The problem exists in the browser’s method of handling certain DHTML objects. Several event types have been identified as problematic when repeatedly called […]
Posted: June 11, 2009
A DHTML memory corruption vulnerability for IE was released on Microsoft Patch Day.
Posted: June 10, 2009
New Trojan Downloader being spammed in the wild
Posted: June 5, 2009
New Trojan downloader spam campaigns involving subjects like Outlook Setup Notification, TheBat Setup Notification, Microsoft Outlook Setup Notification, and Postcard from a Family Member.
Posted: June 4, 2009
Apple QuickTime media player movie file vulnerabilities summary
Posted: May 29, 2009
New Zbot Trojan variant being spammed in fake email message pretending to contain a UPS invoice.
Posted: May 28, 2009
A new Information Disclosure vulnerability was found in the WebDAV extension module of IIS product.
Posted: May 26, 2009
Posted: May 22, 2009
The Oracle Database Server is an enterprise-level relational database application suite. To extend the functionality of the Oracle Database Server, extra packages are included in the suite such as procedures, constants, cursors, and exceptions, in […]
Posted: May 21, 2009
Google result-manipulating Gumblar exploit picking up steam.
Posted: May 15, 2009
New Fake codec malware drive-by site active in the wild.
Posted: May 14, 2009
getAnnots Function in Adobe Acrobat is prone to memory corruption vulnerability.
Posted: May 11, 2009
New ZBot Trojan being spammed via fake email message pretending to be arriving from Western Union money transfer service or Amazon Team.
Posted: May 7, 2009
Stack-based buffer overflow in Oracle WebLogic Server Apache Connector could lead to remote code execution.
Posted: May 1, 2009
New MSN Messenger based Dropper Trojan variant in the wild
Posted: May 1, 2009
A buffer-overflow vulnerability was found in Symantec Alert management System 2 (AMS2) Package.
Posted: April 23, 2009
A SQL injection vulnerability is found in Oracle DBMS_AQADM_SYS package.
Posted: April 17, 2009
The Oracle Application Server is a multi-platform application development and deployment system. With every installation of the Application Server comes the Oracle Process Manager and Notification Server (OPMN), which, among other tasks, manages the starting, […]
Posted: April 16, 2009
Waledac switched to using SMS Spy software trial theme: by pretending to offer software that allows the user to read other people’s SMS.
Posted: April 10, 2009
The Microsoft PowerPoint presentation application is capable of creating and playing complex presentations utilizing audio visual components. Files created by the application are typically assigned the file extension ppt. PowerPoint presentation files use the proprietary […]
Posted: April 9, 2009
New Conficker variant discovered a week after the Conficker.C update algorithm became active.
Posted: April 3, 2009
Vulnerability in Mozilla Firefox’s XSL engine could lead to arbitrary code execution.
Posted: April 2, 2009
A map of Conficker infected computers, compiled by Conficker Working Group.
Posted: March 31, 2009
Conficker.C will start using the new algorithm to locate potential update servers on April 1st, 2009.
Posted: March 27, 2009
app.Collab.getIcon Function in Adobe Reader is prone to buffer overflow vulnerability
Posted: March 27, 2009
New Buzus Trojan being spammed via fake email message pretending to be arriving from DHL International Customer Service.
Posted: March 20, 2009
A memory corruption vulnerability was found in Oracle Secure Backup.
Posted: March 18, 2009
Waledac switched to using a terror attack theme: it claims a “dirty bomb” exploded and at least 12 people have been killed.
Posted: March 16, 2009
New Infostealer Trojan being spammed via fake email message pretending to be arriving from Bank of America Support system system.
Posted: March 13, 2009
There are three Security Bulletins released by Microsoft this week.
Posted: March 6, 2009
Nullsoft Winamp is a widely used multimedia player application that is capable of playing numerous media file formats. In addition to playing CD tracks, MPEG, and the popular MP3 format, Winamp also plays Apple’s Core […]
Posted: March 6, 2009
New Injector Trojan being spammed in fake email message pretending to be arriving from Delta Airlines ticket system.
Posted: March 3, 2009
Waledac switched to using coupons theme: by making copies of couponizer.com and sending emails that link to the spoofed look-alike sites.
Posted: March 3, 2009
Adobe products are used for creating, distributing, authoring and viewing Portable Document Format (PDF) documents. The Adobe Reader and Adobe Acrobat are examples of such products. The PDF file format was created and is controlled […]
Posted: March 3, 2009
SQL Injection Vulnerability in ProFTPD could lead to unauthorized access to the FTP server and the underlying database.
Posted: March 3, 2009
This week we observed new variants of Waledac worm spreading in the wild and using Valentine theme to trick potential victims. A potential victim is sent a fake e-greeting card with a link to view an e-card.
Posted: March 3, 2009
MS09-002 exploit in the wild that exploits CVE-2009-0075 vulnerability in Internet Explorer 7.
Posted: March 3, 2009
Coverage of MS09-001 ~ MS09-005
Posted: March 3, 2009
New ZBot variant being distributed in the wild via drive-by download sites.
Posted: February 9, 2009
Hackers are using fake parking violation warnings to trick motorists into visiting infected websites.
Posted: February 6, 2009
New buffer overflow issue was found in Oracle OLAP module.
Posted: February 6, 2009
There is a heap-buffer overrun vulnerability found in Nullsoft Winamp.
Posted: January 30, 2009
New Autorun.inf worm variant seen in wild that includes RxBot functionality.
Posted: January 23, 2009
The Oracle Secure Backup product is a centralized tape backup management solution. The server acts as a management host for network connected storage devices as well as multi-platform distributed hosts. Communication between the server and […]
Posted: January 23, 2009
New Waledac Trojan being spammed in the wild using the love theme, three weeks before the valentine’s day.
Posted: January 21, 2009
New Trojan being spammed in fake email message pretending to be arriving from Northwest Airlines Ticket system.
Posted: January 16, 2009
The TimesTen In-Memory Database product from Oracle is used for real-time data management in performance-critical environments. Amongst other applications, it can be used as a high performance cache for an Oracle Database. The product includes […]
Posted: January 9, 2009
New Renos Trojan being spammed via YouTube Messaging service.
Posted: January 8, 2009
In SAP’s 3-tier architecture of database, application server and client, SAPGUI (client) is the platform used for remote access to the SAP central server in a company network. SAPGUI for Windows environment is shipped with […]
Posted: January 8, 2009
Microsoft SQL Server is a relational database management system. It uses Transact-SQL (T-SQL) for querying and modifying data and managing databases. SQL Server provides a wide range of stored procedures. A stored procedure is a […]
Posted: December 18, 2008
A new ZBot Trojan variant was spammed on Dec 18, 2008. SonicWALL blocks it as ZBot.GAB (Trojan)
Posted: December 17, 2008
The JavaScript Code Injection signatures have proactively detected zero-day exploits.
Posted: December 16, 2008
New exploits circulating in the wild targeting a zero-day vulnerability in Microsoft Internet Explorer have been observed.
Posted: December 5, 2008
The VLC Media Player is an open source, multiplatform multimedia player. The player is capable of processing multiple audio and video formats such as MPEG, MP3, and Wave as well as streaming media. Among the […]
Posted: December 2, 2008
New Banker Trojan being spammed in fake email message pretending to be arriving from McDonalds, Coca-Cola, or Hallmark.
Posted: November 26, 2008
The multi-platform Mozilla Firefox browser is capable of interpreting and rendering many types of content published on the Internet. Some of the widely used formats are HTML, XML,and XUL. XUL (XML User Interface Language) is […]
Posted: November 25, 2008
New Trojan Downloader being spammed via Bank of America phishing campaign.
Posted: November 24, 2008
New File URI Scheme buffer overflow is found in Opera Browser.
Posted: November 21, 2008
New Zbot Trojan variant being spammed in fake email message pretending to contain a UPS invoice.
Posted: November 18, 2008
New Downloader Trojan being spammed in fake email message pretending to be arriving from Airline Ticket system.
Posted: November 12, 2008
An XSS information disclosure vulnerability in MS XML Core Services has been released on the lastest MS Patch Day.
Posted: November 7, 2008
Buffer overflow in Javascript util.printf function of Adobe Reader could lead to code injection and execution
Posted: November 5, 2008
A new spam campaign follows the US presidential election pretending to offer a video of Obama’s speech.
Posted: October 30, 2008
Stack-based buffer overflow in Oracle BEA WebLogic Server Apache Connector could lead to remote code execution.
Posted: October 28, 2008
New ZBot Trojan variant being spammed in the wild using two different spam campaigns.
Posted: October 27, 2008
A vulnerability has been reported in the Server service of most versions of Microsoft Windows. This service facilitates file, print, and named-pipe sharing over the network for Windows-based computers. These remote access facilities are often […]
Posted: October 24, 2008
Attacks using the latest Microsoft Windows Server Service vulnerability seen in the wild
Posted: October 17, 2008
The Internet Printing Protocol (IPP) is a standard network protocol for managing remote printing. IPP is built on HTTP/1.1 and supports access control, encryption and authentication. The Microsoft IPP implementation consists of an ISAPI extension […]
Posted: October 17, 2008
New Trojan being spammed in fake email message pretending to contain a Statement document.
Posted: October 10, 2008
The summary of SQL Injection Attacks for the past two months.
Posted: October 7, 2008
New Downloader Trojan being spammed in fake email message pretending to contain Angelina Jolie porn video.
Posted: October 2, 2008
New IPS signagture for DATAC Control RealWin SCADA System Server BO Vulnerability.
Posted: October 2, 2008
New Downloader Trojan being spammed in fake email message pretending to be arriving from ICS Monitoring team.
Posted: October 2, 2008
Buffer overflow vulnerability in openwsman could lead to remote code execution.
Posted: September 29, 2008
New downloader trojan being spammed in email as a password protected zip file attachment
Posted: September 19, 2008
A remotely exploitable vulnerability has been reported in the IBM DB2 Database product. The DB2 product consists of a set of separate services that provide data processing functions. The main database engine process is contained […]
Posted: September 17, 2008
SonicWALL UTM Research team observed a new spam
campaign starting on Wednesday, Sep 17 at 00:41:58 PST,
which uses fake legal paperwork as social engineering.
Posted: September 12, 2008
A new spam campaign uses the US presidential election as a social engineering mechanism to install a Trojan.
Posted: September 11, 2008
New signatures are created for the Microsoft Office OneNote handler vulnerability.
Posted: September 11, 2008
New ZBot variant being spammed via UPS Invoice emails.
Posted: September 4, 2008
Multiple Trojans spammed in last one week with fake emails pretending to contain Western Union Money Transfer bounced invoice, Airmail Express Tracking invoice, Online Flight Ticket invoice, and Fedex Tracking invoice.
Posted: September 4, 2008
Google Chrome Automatic File Download and Undefined Handler DoS vulnerabilities
Posted: August 28, 2008
The Symantec Veritas Storage Foundation is a storage management suite. The product is composed of several services and agents. One of the services included in this suite is the Scheduler service which listens on TCP […]
Posted: August 21, 2008
Flash banner ads hijack clipboards for use in rogue security software attacks.
Posted: August 21, 2008
This article introduces the SonicWALL IPS signatures related to IBM Lotus products, and shows hits statistics.
Posted: August 20, 2008
A new downloader trojan being spammed as an e-mail attachment
Posted: August 15, 2008
Remote desktop software can increase productivity. However, misusing it could bring up security issues.
Posted: August 15, 2008
New “BBC” spam campaign mocks Georgia’s President and spreads new malware
Posted: August 15, 2008
Posted: August 11, 2008
A flaw has been discovered in the Cisco Webex Meeting Manager ActiveX control. The flaw creates an exploitable vulnerability that may be leveraged by remote attackers. The affected ActiveX control exposes one method called NewObject, […]
Posted: August 1, 2008
This article introduces the recent SQL Injection Attacks and The related IPS signatures created by SonicWALL team.
Posted: August 1, 2008
New storm wave campaign uses fake messages involving the FBI and Facebook.
Posted: August 1, 2008
New spammed wave of Storm e-mails was discovered in the wild on July 21, 2008
Posted: July 30, 2008
There exists a stack based buffer overflow vulnerability in Sun Java Web Start. The vulnerability has been assigned CVE-2008-3111.
Posted: July 30, 2008
Scammers released a new new bogus scanner: Antivirus 2009
Posted: July 30, 2008
A vulnerability found in numerous Adobe products may allow malicious PDF files to exploit a vulnerable system with user privileges. The vulnerability is being actively exploited. The vulnerability has been assigned CVE-2007-5659.
Posted: July 22, 2008
SonicWALL protects against phishing attack, delivered via fake subpoena emails.
