jQuery plugin vulnerability actively exploited for few years (October 27, 2018)

A widely used jQuery plugin, ‘jQuery-File-Upload’, also called Blueimp contains a critical vulnerability that allows attackers to perform remote code execution. This vulnerability has been in existence for several years and potentially places 7,800 web application forked from this project at risk. Hackers have been actively exploiting this vulnerability but was disclosed only recently. SonicWall…Learn More

FlawedAmmyy RAT delivered through fake invoice emails in large numbers (October 20, 2018)

SonicWall Threat Research Lab has observed a phishing email campaign sending fake invoice emails in large numbers. Email messages and the documents have been crafted using social engineering tricks to lure recipients into opening the attached files and enabling macros. FlawedAmmyy RAT seems to be the final payload. Figure 1: Infection chain of the phishing campaign On…Learn More

Most exploited vulnerabilities in this month (September 29, 2018)

SonicWall Threat Research Lab has observed the vulnerabilities that are actively being exploited from the beginning of this month. Please find below the list of vulnerabilities, vendor advisory information  and the SonicWall signatures to protect against these exploits  CVE-2017-11882 | Microsoft Office EQNEDT32 Stack Buffer Overflow This is a stack buffer overflow vulnerability in Microsoft Office…Learn More

Major attempt to exploit XML-RPC remote code injection vulnerability is observed (September 22, 2018)

SonicWall Threat Research Lab has recently observed a huge spike in detection for the XML-RPC remote code injection. There are 3000+ hits in the last two days attempting to exploit 100+ web servers behind the SonicWall Firewalls. All these attacks are coming from one IP address 96.68.165.185 targeting servers in different countries. XML-RPC? XML-RPC is…Learn More