Microsoft announced limited exploitation of a zeroday remote code execution vulnerability in the type 1 font parser. There are two RCE vulnerabilities in Windows Adobe Type Manager Library on Windows system, when parsing Adobe Type 1 PostScript format. There are multiple attack vectors, like documents. Microsoft is working on a patch. Following mitigation actions can …
I have other samples like the malware I covered in yesterday’s diary entry. All with the same body and attachment, it’s just the sender that varies. The PowerShell scripts are the same and download from show1[.]website. Like I wrote yesterday, three files are downloaded: A legitimate, signed AutoIt interpreter (this is not malware) A heavily …
Read more “KPOT Deployed via AutoIt Script, (Mon, Mar 23rd)”
I have other samples like the malware I covered in yesterday’s diary entry. All with the same body and attachment, it’s just the sender that varies. The PowerShell scripts are the same and download from show1[.]website. Like I wrote yesterday, three files are downloaded: A legitimate, signed AutoIt interpreter (this is not malware) A heavily …
Read more “KPOT Deployed via AutoIt Script, (Mon, Mar 23rd)”
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …
Reader Andrew received a COVID-19 themed email with malicious attachment, and submitted the complete email. My tool emldump.py reports the different parts: The email body is a fake message from criminals cautioning their victims that documents are required to leave their house during a “National State of Emergency”, which are conveniently attached to the email: …