Blog Posts Tagged with "Javascript"


Nemucod Malware Downloader Evolves into Ransomware

April 26, 2016 Added by:Ionut Arghire

Nemucod, a previously known JavaScript malware family designed to download additional malicious software onto the compromised computers, has evolved into ransomware and is now using 7-Zip to encrypt its victims’ files.

Comments  (0)


Crisis Malware Threatens Virtualized Environments

August 24, 2012 Added by:Pierluigi Paganini

Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...

Comments  (0)


Attack with Power... Point That Is

August 16, 2012 Added by:f8lerror

There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...

Comments  (0)


The Rise of Multi-Platform Malware

July 12, 2012 Added by:Pierluigi Paganini

Using a JAR, the malware is able to identify the OS and download the right files to infect the targeted machine. After identifying the type of operating system a unit is running, a Java class file will download the appropriate malware, with the purpose to open a backdoor to allow remote access to the machine...

Comments  (0)


Symantec: Blackhole Exploit Kit Upgrade Revealed

July 03, 2012 Added by:Headlines

"The Blackhole JavaScript code on compromised sites now dynamically generates pseudo-random domains, based on the date and other information, and then creates an iframe pointing to the generated domain... The code then creates a hidden iframe, using the previously-generated domain as the source..."

Comments  (0)


How Fast Can Your Password Be Cracked? Instantly...

July 02, 2012 Added by:f8lerror

Instantly with a JavaScript keylogger. In this brief tutorial, we show you how we can use the Metasploit JavaScript Keylogger auxiliary module in a penetration testing phishing campaign or user awareness training. This is intended for informational and/or educational purposes only...

Comments  (0)


Applications vs. the Web: Enemy or Friend?

March 16, 2012 Added by:Danny Lieberman

A minimum of two languages on the server side (PHP, SQL) and three on the client side (Javascript, HTML, CSS) turns developers into frequent searchers for answers on the Internet driving up the frequency of software defects relative to a single language development platform...

Comments  (0)


New Drive-By Malware Spam Infects Upon Opening Email

February 01, 2012 Added by:Pierluigi Paganini

According the announcement from researchers at Eleven, a German security firm, it is sufficient that a communication is merely opened in the email client to infect the target without the user clicking on a link or opening an attachment...

Comments  (0)


Mobile Application Security: New Platforms, Old Mistakes

January 24, 2012 Added by:Fergal Glynn

While Android may be a new platform, some of the security issues we found are reminiscent of old mistakes we have seen developers make. One example of this was the practice of hard-coding cryptographic keys directly into the application...

Comments  (0)


How to Avoid Being Miscast in a SOPA Opera

January 20, 2012 Added by:Kevin McAleavey

LOIC was originally written in C#, but a later variant was created in Javascript which permits it to be deployed from any internet connected device. LOIC and its JS variant are simple toys, but in the hands of enough people they can create a formidable DDOS attack on a site...

Comments  (2)


Significance of 'Death of the Document Web' to Security

January 18, 2012 Added by:Rafal Los

Infosec pros just started getting comfy with profiling, analyzing, and defending web-based apps from a server, consumed by a human, and used in a browser. Hang on tight because the world just took a sharp left and if you're not buckled in you're bound to be thrown from the bus...

Comments  (2)


Following the Trail of Web-Based Malware

December 15, 2011 Added by:Mark Baldwin

The main.php script contained javascript that attempted to exploit several potential vulnerabilities. I downloaded the script and analyzed it. By inserting an “alert” statement into the script prior to the actual execution of the code, we can get a good idea of what the script does...

Comments  (0)


Lockheed Warns Adobe of New Exploit in the Wild

December 07, 2011 Added by:Headlines

"This U3D memory corruption vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows..."

Comments  (0)


Free From Defect Software License

November 22, 2011 Added by:Keith Mendoza

This is a question that I would like to pose to the open-source software community: Assuming that we can ignore the lawyers for a second, what amount of effort would you be willing to put to produce software that is free of defect from workmanship? How will you go about making sure?

Comments  (2)


OS X Lion Captive Portal Hijacking Attack

October 07, 2011 Added by:Tom Eston

OS X Lion's new feature poses a security risk. When an OS X laptop joins a network which contains a captive portal, a window is automatically opened to prompt the user to interact with it. This presents a major security risk if an attacker can control this functionality...

Comments  (1)


Congressmen Call for FTC Investigation on Supercookies

September 28, 2011 Added by:Headlines

“I am very disturbed by news that supercookies are being used to collect vast amounts of information about consumers’ online activities without their knowledge. Companies should not be behaving like supercookie monsters, gobbling up personal, sensitive information without users’ knowledge..."

Comments  (1)

Page « < 1 - 2 > »