In a deep analysis of RIG, Cisco Talos team outlined the way the exploit kit combines different web technologies such as DoSWF, JavaScript, Flash and VBscript to obfuscate attacks.
Tag Archives: Javascript
Five Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters
Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes – two rates as high.
Locky and the fine art of namedropping
It’s a very common occurrence to open your email box and say, “I’ve been spammed!” But it’s a much rarer occurrence to say, “My name’s been spammed!”
The post Locky and the fine art of namedropping appeared first on Avira Blog.
Core Windows Utility Can Be Used to Bypass AppLocker
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
WordPress Infections Leading to TeslaCrypt Ransomware
A massive string of WordPress compromises are redirecting victims to the Nuclear Exploit Kit and Teslacrypt ransomware.
Ransom32 — First JavaScript-powered Ransomware affecting Windows, Mac and Linux
Here’s New Year’s first Ransomware: Ransom32.
A new Ransomware-as-a-service, dubbed Ransom32, has been spotted that for the first time uses a ransomware written in JavaScript to infect Mac, Windows as well as Linux machines.
Ransom32 allows its operators to deploy the malware very quickly and easily. It has a dashboard that enables operators to designate their Bitcoin addresses to which
JavaScript DDoS Attack Peaks at 275,000 Requests-Per-Second
CloudFlare reports a massive JavaScript-based DDoS attack against one its customers, likely carried out by unsuspecting mobile browsers served a malicious ad.
WordPress Patches Serious Shortcodes Core Engine Vulnerability
WordPress upgraded to 4.3.1, patching a pair of vulnerabilities in the core engine, including a cross-site scripting issue enabled by a vulnerability in shortcodes.
URL-Spoofing: Apple Safari Can Be Manipulated Easily
What it’s about
All you need to do so is a bit of Javascript. With just a few lines of it Safari users can be deceived by what’s commonly known as URL-spoofing: During such an attack, a computer user innocently visits a web site and sees a familiar URL in the address bar such as http://www.avira.com but is, in reality, sending information to an entirely different location that would typically be monitored by a cybercriminal.
The security issue was discovered by David Leo, who put together a proof-of-concept for it. When clicking on OK a new website is being loaded. While the address bar tells you that you are visiting dailymail.co.uk the actual page is definitely a different one.
The URL-spoofing itself is done with just a few lines of code:
function f()
{
location=”http://www.dailymail.co.uk/home/index.html?random=”+Math.random();
}
setInterval(“f()”,10);
The last part, setInterval(“f()”,10); , makes sure that the address bar is reloaded ever 10 milliseconds (so you might as well say, that it’s kind of a DDoS attack, too), just before the browser can get the real page and so the user sees the “real” web address instead of the fake one. This causes the spoofed URL to flicker; sometimes it’s even possible to briefly see the actual URL.
What you can do
Your first step should always be to make sure that your browser is up to date so that security updates can be installed once available. In addition to that open up the Safari settings, go to the advanced tab, and choose “Show full website address”. The browser will then show the results of MathRandom in the address bar.
Alternatively you could also just use another browser for the time being: The code will not work in Google Chrome and Mozilla Firefox.
The post URL-Spoofing: Apple Safari Can Be Manipulated Easily appeared first on Avira Blog.
Details on WordPress Zero Day Disclosed
A Finnish researcher has disclosed details on an unpatched stored cross-site scripting vulnerability in the WordPress core engine.