Blog Posts Tagged with "Javascript"
Nemucod Malware Downloader Evolves into Ransomware
April 26, 2016 Added by:Ionut Arghire
Nemucod, a previously known JavaScript malware family designed to download additional malicious software onto the compromised computers, has evolved into ransomware and is now using 7-Zip to encrypt its victims’ files.
Comments (0)
Crisis Malware Threatens Virtualized Environments
August 24, 2012 Added by:Plagiarist Paganini
Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...
Comments (0)
Attack with Power... Point That Is
August 16, 2012 Added by:f8lerror
There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...
Comments (0)
The Rise of Multi-Platform Malware
July 12, 2012 Added by:Plagiarist Paganini
Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...
Comments (0)
Symantec: Blackhole Exploit Kit Upgrade Revealed
July 03, 2012 Added by:Headlines
"The Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain... The code then creates a hidden iframe, using the previously-generated domain as the source..."
Comments (0)
How Fast Can Your Password Be Cracked? Instantly...
July 02, 2012 Added by:f8lerror
Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...
Comments (0)
Applications vs. the Web: Enemy or Friend?
March 16, 2012 Added by:Danny Lieberman
A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...
Comments (0)
New Drive-By Malware Spam Infects Upon Opening Email
February 01, 2012 Added by:Plagiarist Paganini
According the announcement from researchers at Eleven, a German security firm, it is sufficient that a communication is merely opened in the email client to infect the target without the user clicking on a link or opening an attachment...
Comments (0)
Mobile Application Security: New Platforms, Old Mistakes
January 24, 2012 Added by:Fergal Glynn
While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...
Comments (0)
How to Avoid Being Miscast in a SOPA Opera
January 20, 2012 Added by:Kevin McAleavey
LOIC was originally written in C#, but a later variant was created in Javascript which permits it to be deployed from any internet connected device. LOIC and its JS variant are simple toys, but in the hands of enough people they can create a formidable DDOS attack on a site...
Comments (2)
Significance of 'Death of the Document Web' to Security
January 18, 2012 Added by:Rafal Los
Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...
Comments (2)
Following the Trail of Web-Based Malware
December 15, 2011 Added by:Mark Baldwin
The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...
Comments (0)
Lockheed Warns Adobe of New Exploit in the Wild
December 07, 2011 Added by:Headlines
"This U3D memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows..."
Comments (0)
Free From Defect Software License
November 22, 2011 Added by:Keith Mendoza
This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?
Comments (2)
OS X Lion Captive Portal Hijacking Attack
October 07, 2011 Added by:Tom Eston
OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...
Comments (1)
Congressmen Call for FTC Investigation on Supercookies
September 28, 2011 Added by:Headlines
“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge..."
Comments (1)
- University of Arizona Researchers Going on Offense and Defense in Battle Against Hackers
- Securing the Internet of Things (IoT) in Today's Connected Society
- What Is Next Generation SIEM? 8 Things to Look For
- Cybersecurity and Online Trading: An Overview
- Artificial Intelligence: The Next Frontier in Information Security
- Five Main Differences between SIEM and UEBA
- For Cybersecurity, It’s That Time of the Year Again
- Myth Busters: How to Securely Migrate to the Cloud
- Microsoft Makes OneDrive Personal Vault Available Worldwide
- Human-Centered Security: What It Means for Your Organization