Martijn Lammerts
My own digital place with a little of everything

Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info

A zero-day extensible markup language (XML) external entity (XXE) injection vulnerability in Microsoft Internet Explorer (IE) was recently disclosed by security researcher John Page. An attacker can reportedly exploit this vulnerability to steal confidential information or exfiltrate local files from the victim’s machine. Page tested the vulnerability in the latest version of IE (11) with current patches on Windows 7 and 10, and Windows Server 2012 R2 operating systems. We looked at its attack chain to better understand how the security flaw works and how it can be mitigated.

The post Zero-day XML External Entity (XXE) Injection Vulnerability in Internet Explorer Can Let Attackers Steal Files, System Info appeared first on .

Continue reading...

Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection

We discovered a potential targeted attack that makes use of legitimate script engine AutoHotkey,in combination with malicious script files. This file is distributed as an email attachment and disguised as a legitimate document with the filename “Military Financing.xlsm.” The user would need to enable macro for it to open fully, which would use AutoHotkey in loading the malicious script file to avoid detection.

The post Potential Targeted Attack Uses AutoHotkey and Malicious Script Embedded in Excel File to Avoid Detection appeared first on .

Continue reading...

Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec

Ransomware may have experienced a decline in 2018, but it seems to be getting back on track — only this time, attacks are looking to be more targeted. Coming on the heels of news about a ransomware attack against a U.S. beverage company which addressed the company by name in the ransom note, this blog post looks into a BitPaymer ransomware variant (detected by Trend Micro as Ransom.Win32.BITPAYMER.TGACAJ) that hit a U.S. manufacturing company.

The post Account With Admin Privileges Abused to Install BitPaymer Ransomware via PsExec appeared first on .

Continue reading...

Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse

We analyzed a malicious Monero miner using multiple methods for propagation and infection to systems and vulnerable databases. While initially found infecting systems in China beginning of the year, the malware is expanding to other countries with more infiltration techniques like EternalBlue and PowerShell abuse.

The post Miner Malware Spreads Beyond China, Uses Multiple Propagation Methods Including EternalBlue, Powershell Abuse appeared first on .

Continue reading...

April’s Patch Tuesday Fixes Two Vulnerabilities Being Exploited in the Wild

Microsoft’s April security update includes fixes for 74 CVEs, including two vulnerabilities that are actively exploited in the wild. Of the vulnerabilities patched in this update, 13 are rated Critical and 61 are rated Important.

The post April’s Patch Tuesday Fixes Two Vulnerabilities Being Exploited in the Wild appeared first on .

Continue reading...

Patch With March macOS Updates: Vulnerabilities May Expose Restricted Information, Enable Arbitrary Code Execution

Following Apple's March release of patches, Trend Micro reported two of the discovered vulnerabilities. Left unpatched, these macOS flaws can be used by attackers in escalating admin privileges to access restricted information or open systems to attacks.

The post Patch With March macOS Updates: Vulnerabilities May Expose Restricted Information, Enable Arbitrary Code Execution appeared first on .

Continue reading...

Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages

While doing a search for phishing pages with unique log-in characteristics, we came upon a phishing attack that involves using a legitimate tool called SingleFile as the obfuscation method to avoid detection.

The post Phishing Attack Uses Browser Extension Tool SingleFile to Obfuscate Malicious Log-in Pages appeared first on .

Continue reading...

Malware in Smart Factories: Top Security Threats to Manufacturing Environments

We tackle the top malware detections in manufacturing networks, based on data from the Trend Micro™ Smart Protection Network™ infrastructure, review the common security threats to the manufacturing industry, and discuss how cybersecurity can be improved.

The post Malware in Smart Factories: Top Security Threats to Manufacturing Environments appeared first on .

Continue reading...