AV SCAMS |
| 2010-12-23 | Mark Hofman | Older AV Scam Active again. |
AV |
| 2024-03-28/a> | Xavier Mertens | From JavaScript to AsyncRAT |
| 2024-02-28/a> | Johannes Ullrich | Exploit Attempts for Unknown Password Reset Vulnerability |
| 2024-02-21/a> | Jan Kopriva | Phishing pages hosted on archive.org |
| 2024-02-09/a> | Xavier Mertens | MSIX With Heavily Obfuscated PowerShell Script |
| 2023-11-17/a> | Jan Kopriva | Phishing page with trivial anti-analysis features |
| 2023-09-23/a> | Guy Bruneau | Scanning for Laravel - a PHP Framework for Web Artisants |
| 2023-09-02/a> | Jesse La Grew | What is the origin of passwords submitted to honeypots? |
| 2023-05-20/a> | Xavier Mertens | Phishing Kit Collecting Victim's IP Address |
| 2023-02-24/a> | Brad Duncan | URL files and WebDAV used for IcedID (Bokbot) infection |
| 2022-06-16/a> | Xavier Mertens | Houdini is Back Delivered Through a JavaScript Dropper |
| 2022-06-01/a> | Jan Kopriva | HTML phishing attachments - now with anti-analysis features |
| 2022-03-31/a> | Johannes Ullrich | Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 |
| 2022-03-30/a> | Johannes Ullrich | Possible new Java Spring Framework Vulnerability (Updated: not a Spring problem) |
| 2022-03-30/a> | Johannes Ullrich | Java Springtime Confusion: What Vulnerability are We Talking About |
| 2022-01-18/a> | Jan Kopriva | Phishing e-mail with...an advertisement? |
| 2022-01-03/a> | Xavier Mertens | McAfee Phishing Campaign with a Nice Fake Scan |
| 2021-11-18/a> | Xavier Mertens | JavaScript Downloader Delivers Agent Tesla Trojan |
| 2021-10-21/a> | Brad Duncan | "Stolen Images Evidence" campaign pushes Sliver-based malware |
| 2021-10-16/a> | Guy Bruneau | Apache is Actively Scan for CVE-2021-41773 & CVE-2021-42013 |
| 2021-10-09/a> | Guy Bruneau | Scanning for Previous Oracle WebLogic Vulnerabilities |
| 2021-08-17/a> | Johannes Ullrich | Laravel (<=v8.4.2) exploit attempts for CVE-2021-3129 (debug mode: Remote code execution) |
| 2021-05-22/a> | Xavier Mertens | "Serverless" Phishing Campaign |
| 2021-05-18/a> | Xavier Mertens | From RunDLL32 to JavaScript then PowerShell |
| 2021-04-28/a> | Xavier Mertens | Deeper Analyzis of my Last Malicious PowerPoint Add-On |
| 2021-04-19/a> | Jan Kopriva | Hunting phishing websites with favicon hashes |
| 2021-03-02/a> | Russ McRee | Adversary Simulation with Sim |
| 2021-01-22/a> | Xavier Mertens | Another File Extension to Block in your MTA: .jnlp |
| 2020-11-13/a> | Xavier Mertens | Old Worm But New Obfuscation Technique |
| 2020-07-24/a> | Xavier Mertens | Compromized Desktop Applications by Web Technologies |
| 2020-07-08/a> | Xavier Mertens | If You Want Something Done Right, You Have To Do It Yourself... Malware Too! |
| 2020-06-11/a> | Xavier Mertens | Anti-Debugging JavaScript Techniques |
| 2020-04-03/a> | Xavier Mertens | Obfuscated with a Simple 0x0A |
| 2020-03-27/a> | Xavier Mertens | Malicious JavaScript Dropping Payload in the Registry |
| 2020-01-27/a> | Johannes Ullrich | Network Security Perspective on Coronavirus Preparedness |
| 2019-12-31/a> | Johannes Ullrich | Some Thoughts About the Critical Citrix ADC/Gateway Vulnerability (CVE-2019-19781) |
| 2019-11-23/a> | Guy Bruneau | Local Malware Analysis with Malice |
| 2019-08-09/a> | Xavier Mertens | 100% JavaScript Phishing Page |
| 2019-07-25/a> | Rob VandenBrink | When Users Attack! Users (and Admins) Thwarting Security Controls |
| 2019-06-20/a> | Xavier Mertens | Using a Travel Packing App for Infosec Purpose |
| 2019-06-10/a> | Xavier Mertens | Interesting JavaScript Obfuscation Example |
| 2019-05-29/a> | Xavier Mertens | Behavioural Malware Analysis with Microsoft ASA |
| 2019-04-02/a> | Johannes Ullrich | Fake AV is Back: LaCie Network Drives Used to Spread Malware |
| 2019-02-07/a> | Xavier Mertens | Phishing Kit with JavaScript Keylogger |
| 2019-02-02/a> | Guy Bruneau | Scanning for WebDAV PROPFIND Exploiting CVE-2017-7269 |
| 2018-11-20/a> | Xavier Mertens | VMware Affected by Dell EMC Avamar Vulnerability |
| 2018-07-17/a> | Xavier Mertens | Searching for Geographically Improbable Login Attempts |
| 2018-07-13/a> | Xavier Mertens | Cryptominer Delivered Though Compromized JavaScript File |
| 2018-06-18/a> | Xavier Mertens | Malicious JavaScript Targeting Mobile Browsers |
| 2017-11-03/a> | Xavier Mertens | Simple Analysis of an Obfuscated JAR File |
| 2017-10-06/a> | Johannes Ullrich | What's in a cable? The dangers of unauthorized cables |
| 2017-08-23/a> | Xavier Mertens | Malicious script dropping an executable signed by Avast? |
| 2017-06-22/a> | Xavier Mertens | Obfuscating without XOR |
| 2017-04-02/a> | Guy Bruneau | IPFire - A Household Multipurpose Security Gateway |
| 2017-03-24/a> | Xavier Mertens | Nicely Obfuscated JavaScript Sample |
| 2017-03-04/a> | Xavier Mertens | How your pictures may affect your website reputation |
| 2017-02-12/a> | Xavier Mertens | Analysis of a Suspicious Piece of JavaScript |
| 2016-08-28/a> | Guy Bruneau | Spam with Obfuscated Javascript |
| 2016-06-18/a> | Rob VandenBrink | Controlling JavaScript Malware Before it Runs |
| 2016-02-20/a> | Didier Stevens | Locky: JavaScript Deobfuscation |
| 2016-02-07/a> | Xavier Mertens | More Malicious JavaScript Obfuscation |
| 2016-01-15/a> | Xavier Mertens | JavaScript Deobfuscation Tool |
| 2015-11-09/a> | John Bambenek | ICYMI: Widespread Unserialize Vulnerability in Java |
| 2015-08-07/a> | Tony Carothers | Critical Firefox Update Today |
| 2015-06-16/a> | John Bambenek | CVE-2014-4114 and an Interesting AV Bypass Technique |
| 2014-12-06/a> | Rick Wanner | Google App Engine Java Security Sandbox bypasses |
| 2014-08-29/a> | Johannes Ullrich | False Positive or Not? Difficult to Analyze Javascript |
| 2014-07-15/a> | Daniel Wesemann | Oracle Java: 20 new vulnerabilities patched |
| 2014-07-13/a> | Tony Carothers | Oracle July 2014 Update Pre-Notification |
| 2014-07-06/a> | Richard Porter | Physical Access, Point of Sale, Vegas |
| 2014-07-05/a> | Guy Bruneau | Java Support ends for Windows XP |
| 2014-07-02/a> | Johannes Ullrich | Simple Javascript Extortion Scheme Advertised via Bing |
| 2014-05-27/a> | Kevin Shortt | Avast forums hacked |
| 2014-02-11/a> | Johannes Ullrich | Adobe February 2014 Patch Tuesday |
| 2014-02-05/a> | Johannes Ullrich | To Merrillville or Sochi: How Dangerous is it to travel? |
| 2013-12-23/a> | Rob VandenBrink | How-To's for the Holidays - Java Whitelisting using AD Group Policy |
| 2013-10-28/a> | Daniel Wesemann | Exploit cocktail (Struts, Java, Windows) going after 3-month old vulnerabilities |
| 2013-10-15/a> | Rob VandenBrink | Java Quarterly Updates |
| 2013-10-08/a> | Johannes Ullrich | Anti-Virus Company Avira Homepage Defaced |
| 2013-09-10/a> | Swa Frantzen | More Black Tuesday workload |
| 2013-08-07/a> | Johannes Ullrich | Firefox 23 and Mixed Active Content |
| 2013-04-23/a> | Russ McRee | Microsoft's Security Intelligence Report (SIRv14) released |
| 2013-04-19/a> | Russ McRee | Java 8 release schedule delayed for renewed focus on security |
| 2013-04-16/a> | Rob VandenBrink | Java 7 Update 21 is available - Watch for Behaviour Changes ! |
| 2013-03-07/a> | Guy Bruneau | Apple Blocking Java Web plug-in |
| 2013-03-05/a> | Richard Porter | Java j6u43 update #YAJU http://www.oracle.com/technetwork/java/javase/6u43-relnotes-1915290.html |
| 2013-03-04/a> | Richard Porter | Java 7u17 update #YAJU http://www.oracle.com/technetwork/java/javase/7u17-relnotes-1915289.html |
| 2013-03-01/a> | Jim Clausing | And the Java 0-days just keep on coming |
| 2013-02-26/a> | Rob VandenBrink | All I need Java for is .... |
| 2013-02-25/a> | Johannes Ullrich | Trustwave Trustkeeper Phish |
| 2013-02-20/a> | Johannes Ullrich | Update Palooza |
| 2013-02-19/a> | Johannes Ullrich | Oracle Updates Java (Java 7 Update 15, Java 6 update 41) |
| 2013-02-12/a> | Swa Frantzen | Adobe Feb 2013 Black Tuesday patches |
| 2013-02-08/a> | Kevin Shortt | Is it Spam or Is it Malware? |
| 2013-02-01/a> | Jim Clausing | Oracle quitely releases Java 7u13 early |
| 2013-01-19/a> | Guy Bruneau | Java 7 Update 11 Still has a Flaw |
| 2013-01-15/a> | Rob VandenBrink | When Disabling IE6 (or Java, or whatever) is not an Option... |
| 2013-01-13/a> | Stephen Hall | Java 0-Day patched as Java 7 U 11 released |
| 2013-01-12/a> | Stephen Hall | Java 0-day impact to Java 6 (and beyond?) |
| 2013-01-10/a> | Johannes Ullrich | Java is still exploitable and is likely going to remain so. |
| 2012-11-01/a> | Daniel Wesemann | Patched your Java yet? |
| 2012-10-18/a> | Rob VandenBrink | Another Java update! Java SE 1.6.0_37 Available ==> http://www.oracle.com/technetwork/java/javase/releasenotes-136954.html |
| 2012-10-17/a> | Rob VandenBrink | Time to update - Java version 7 update 9 (JRE 7u9, JDK 7u9) is out! Release notes here - http://www.oracle.com/technetwork/java/javase/7u9-relnotes-1863279.html |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-27/a> | Kevin Liston | Quick Bits about Today's Java 0-Day |
| 2012-08-05/a> | Daniel Wesemann | Phishing for Payroll with unpatched Java |
| 2012-06-25/a> | Guy Bruneau | Using JSDetox to Analyze and Deobfuscate Javascript |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2012-06-12/a> | Swa Frantzen | Java 7u5 and 6u33 released |
| 2012-05-22/a> | Johannes Ullrich | nmap 6 released |
| 2012-05-16/a> | Johannes Ullrich | Avira Antivirus false positives http://forum.avira.com/wbb/index.php?page=Thread&threadID=144875 |
| 2012-04-25/a> | Daniel Wesemann | Blacole's obfuscated JavaScript |
| 2012-04-12/a> | Guy Bruneau | Apple Java Updates for Mac OS X |
| 2012-04-06/a> | Johannes Ullrich | Another OS X Java Patch |
| 2012-03-25/a> | Daniel Wesemann | evilcode.class |
| 2012-02-16/a> | Tony Carothers | Java Update for February |
| 2012-02-14/a> | Johannes Ullrich | Adobe Shockwave Player and RoboHelp for Word Patches |
| 2012-01-22/a> | Johannes Ullrich | Javascript DDoS Tool Analysis |
| 2012-01-03/a> | Bojan Zdrnja | The tale of obfuscated JavaScript continues |
| 2011-12-12/a> | Daniel Wesemann | Java 6u30 released |
| 2011-12-10/a> | Daniel Wesemann | Unwanted Presents |
| 2011-12-07/a> | Lenny Zeltser | V8 as an Alternative to SpiderMonkey for JavaScript Deobfuscation |
| 2011-10-22/a> | Guy Bruneau | Oracle Java SE Critical Patch Update |
| 2011-09-05/a> | Raul Siles | Java 7 Officially Released |
| 2011-08-19/a> | Kevin Shortt | Java SE 6 Update 27 released. No security updates, many bug fixes ==> http://www.oracle.com/technetwork/java/javase/6u27-relnotes-444147.html |
| 2011-07-28/a> | Guy Bruneau | Java 7.0 released. Get it here - http://blogs.oracle.com/javase/entry/java_7_has_released |
| 2011-07-25/a> | Bojan Zdrnja | When the FakeAV coder(s) fail |
| 2011-07-21/a> | Daniel Wesemann | Down the FakeAV rabbit hole |
| 2011-06-28/a> | Johannes Ullrich | Update: Java update for OS X fixes security issues http://support.apple.com/kb/HT1222 |
| 2011-06-13/a> | Bojan Zdrnja | Harry Potter and the Rogue anti-virus: Part 1 |
| 2011-06-07/a> | Johannes Ullrich | Oracle Releases Java Version 1.6.0.26 http://java.com/en/download/manual.jsp |
| 2011-06-06/a> | Manuel Humberto Santander Pelaez | Phishing: Same goal, same techniques and people still falling for such scams |
| 2011-06-06/a> | Johannes Ullrich | The Havij SQL Injection Tool |
| 2011-06-03/a> | Guy Bruneau | Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2011 |
| 2011-05-19/a> | Daniel Wesemann | Fake AV Bingo |
| 2011-05-04/a> | Bojan Zdrnja | More on Google image poisoning |
| 2011-05-01/a> | Deborah Hale | Java 6.25 Is Now Available |
| 2011-04-23/a> | Manuel Humberto Santander Pelaez | Image search can lead to malware download |
| 2011-03-27/a> | Guy Bruneau | Strange Shockwave File with Surprising Attachments |
| 2011-03-14/a> | Bojan Zdrnja | Tsunami in Japan and self modifying RogueAV code |
| 2011-03-09/a> | Jim Clausing | Apple updates Java |
| 2011-03-09/a> | Kevin Shortt | AVG Anti-Virus 2011 False Positives - Luhe.Exploit.PDF.B |
| 2011-02-15/a> | Jason Lam | Oracle Java 6 Update 24 |
| 2011-02-09/a> | Mark Hofman | Adobe Patches (shockwave, Flash, Reader & Coldfusion) |
| 2011-02-09/a> | Mark Hofman | Java Floating point issue (CVE-2010-4476) |
| 2011-02-07/a> | Pedro Bueno | The Good , the Bad and the Unknown Online Scanners |
| 2011-02-04/a> | Daniel Wesemann | Oh, just click "yes" |
| 2011-01-18/a> | Daniel Wesemann | Yet another rogue anti-virus |
| 2010-12-29/a> | Daniel Wesemann | Beware of strange web sites bearing gifts ... |
| 2010-12-24/a> | Daniel Wesemann | A question of class |
| 2010-12-23/a> | Mark Hofman | Older AV Scam Active again. |
| 2010-12-08/a> | Rob VandenBrink | Java 6, Update 23 is out => http://java.sun.com/javase/6/webnotes/ReleaseNotes.html , http://www.oracle.com/technetwork/java/javase/6u23releasenotes-191058.html , http://www.oracle.com/technetwork/java/javase/2col/6u23bugfixes-191074.html |
| 2010-12-03/a> | Mark Hofman | AVG Update Bricking windows 7 64 bit |
| 2010-12-02/a> | Kevin Johnson | Robert Hansen and our happiness |
| 2010-11-11/a> | Daniel Wesemann | Java Exploits |
| 2010-10-30/a> | Guy Bruneau | Security Update for Shockwave Player |
| 2010-08-25/a> | Pedro Bueno | Adobe released security update for Shockwave player that fix several CVEs: APSB1020 |
| 2010-08-17/a> | Bojan Zdrnja | Do you like Bing? So do the RogueAV guys! |
| 2010-07-21/a> | Adrien de Beaupre | Update on .LNK vulnerability |
| 2010-07-20/a> | Manuel Humberto Santander Pelaez | LNK vulnerability now with Metasploit module implementing the WebDAV method |
| 2010-07-18/a> | Manuel Humberto Santander Pelaez | New metasploit GUI written in Java |
| 2010-07-04/a> | Manuel Humberto Santander Pelaez | Malware inside PDF Files |
| 2010-07-01/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole (part 2) |
| 2010-06-29/a> | donald smith | Interesting idea to help prevent RogueAV from using SEO without being noticed:) |
| 2010-06-28/a> | Bojan Zdrnja | Down the RogueAV and Blackhat SEO rabbit hole |
| 2010-05-23/a> | Manuel Humberto Santander Pelaez | Oracle Java SE and Java for Business 'MixerSequencer' Remote Code Execution Vulnerability |
| 2010-05-12/a> | Rob VandenBrink | Adobe Shockwave Update |
| 2010-04-14/a> | Mark Hofman | ClamAV 0.94 EOL Reminder |
| 2010-04-10/a> | Andre Ludwig | New bug/exploit for javaws |
| 2010-04-02/a> | Guy Bruneau | Oracle Java SE and Java for Business Critical Patch Update Advisory |
| 2010-03-05/a> | Kyle Haugsness | Javascript obfuscators used in the wild |
| 2010-02-27/a> | Johannes Ullrich | Search Engine Poisoning: Chile Earthquake |
| 2010-01-14/a> | Bojan Zdrnja | Rogue AV exploiting Haiti earthquake |
| 2010-01-13/a> | Guy Bruneau | Sun Java JRE 6 Update 18 Released |
| 2010-01-08/a> | Rob VandenBrink | Microsoft OfficeOnline, Searching for Trust and Malware |
| 2009-12-05/a> | Guy Bruneau | Java JRE Buffer and Integer Overflow |
| 2009-12-03/a> | Mark Hofman | Avast false positives |
| 2009-11-13/a> | Adrien de Beaupre | Conficker patch via email? |
| 2009-11-03/a> | Bojan Zdrnja | Adobe released Shockwave Player 11.5.2.602 which fixes several critical security vulnerabilities |
| 2009-09-08/a> | Guy Bruneau | Bug Fixes in Sun SDK 5 and Java SE 6 |
| 2009-08-04/a> | donald smith | Java Security Update |
| 2009-07-15/a> | Bojan Zdrnja | Make sure you update that Java |
| 2009-07-01/a> | Bojan Zdrnja | Mobile phone trojans |
| 2009-06-10/a> | Swa Frantzen | Java 6 update 14 released |
| 2009-05-27/a> | donald smith | WebDAV write-up |
| 2009-05-24/a> | Raul Siles | IIS admins, help finding WebDAV remotely using nmap |
| 2009-05-22/a> | Mark Hofman | Patching and Apple - Java issue |
| 2009-05-21/a> | Adrien de Beaupre | IIS admins, help finding WebDAV |
| 2009-05-10/a> | Mari Nichols | Is your Symantec Antivirus Alerting working correctly? |
| 2009-05-04/a> | Tom Liston | Adobe Reader/Acrobat Critical Vulnerability |
| 2009-04-07/a> | Bojan Zdrnja | Advanced JavaScript obfuscation (or why signature scanning is a failure) |
| 2009-04-02/a> | Bojan Zdrnja | JavaScript insertion and log deletion attack tools |
| 2009-03-25/a> | David Goldsmith | Java Runtime Environment 6.0 Update 13 Released |
| 2009-02-25/a> | Andre Ludwig | Adobe Acrobat pdf 0-day exploit, No JavaScript needed! |
| 2009-02-10/a> | Swa Frantzen | Java up to date ? |
| 2008-11-02/a> | Adrien de Beaupre | Daylight saving time |
| 2008-09-15/a> | donald smith | Fake antivirus 2009 and search engine results |
| 2008-08-10/a> | Stephen Hall | From lolly pops to afterglow |
| 2008-07-14/a> | Daniel Wesemann | Obfuscated JavaScript Redux |
| 2008-07-09/a> | Johannes Ullrich | Java Update |
| 2008-06-30/a> | Marcus Sachs | More SQL Injection with Fast Flux hosting |
| 2008-05-20/a> | Raul Siles | List of malicious domains inserted through SQL injection |
| 2008-05-20/a> | Raul Siles | Java 6 Update 6 has been released |
| 2008-04-06/a> | Daniel Wesemann | Advanced obfuscated JavaScript analysis |
| 2008-04-03/a> | Bojan Zdrnja | Mixed (VBScript and JavaScript) obfuscation |
SCAMS |
| 2023-08-16/a> | Yee Ching Tok | A Gentle Reminder: The Evolving Nature of Digital Scams |
| 2021-02-26/a> | Guy Bruneau | Pretending to be an Outlook Version Update |
| 2015-09-08/a> | Lenny Zeltser | A Close Look at PayPal Overpayment Scams That Target Craigslist Sellers |
| 2015-04-28/a> | Daniel Wesemann | Scammy Nepal earthquake donation requests |
| 2013-10-02/a> | John Bambenek | Obamacare related domain registration spike, Government shutdown domain registration beginning |
| 2013-04-17/a> | John Bambenek | UPDATEDx1: Boston-Related Malware Campaigns Have Begun - Now with Waco Plant Explosion Fun |
| 2010-12-23/a> | Mark Hofman | Older AV Scam Active again. |
| 2010-12-01/a> | Deborah Hale | A Gentle Reminder - It is that time of year again |
| 2010-03-01/a> | Mark Hofman | AS/NZ "Online Offensive - Fight fraud online" week March 1-7 |
| 2008-11-29/a> | Pedro Bueno | Possible Mumbai Scams? |
| 2008-06-13/a> | Johannes Ullrich | Floods: More of the same (2) |
