Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode

We discovered a high-risk Internet Explorer (IE) vulnerability in the wild on July 11, just a day after Microsoft’s July Patch Tuesday. We immediately sent Microsoft the details to help fix this flaw. While this vulnerability, now designated as CVE-2018-8373, affects the VBScript engine in the latest versions of Windows, Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default.

The post Use-after-free (UAF) Vulnerability CVE-2018-8373 in VBScript Engine Affects Internet Explorer to Run Shellcode appeared first on .


August Patch Tuesday: A Tale of Two Zero-Days

This month’s Microsoft Patch Tuesday includes important updates that patch two zero-day vulnerabilities that are already being actively exploited.

The post August Patch Tuesday: A Tale of Two Zero-Days appeared first on .


Ransomware as a Service Princess Evolution Looking for Affiliates

We have been observing a malvertising campaign via Rig exploit kit delivering a cryptocurrency-mining malware and the GandCrab ransomware since July 25. On August 1, we found Rig's traffic stream dropping a then-unknown ransomware. Delving into this seemingly new ransomware, we checked its ransom payment page in the Tor network and saw it was called Princess Evolution (detected by Trend Micro as RANSOM_PRINCESSLOCKER.B), and was actually a new version of the Princess Locker ransomware that emerged in 2016. Based on its recent advertisement in underground forums, it appears that its operators are peddling Princess Evolution as a ransomware as a service (RaaS) and are looking for affiliates.

The post Ransomware as a Service Princess Evolution Looking for Affiliates appeared first on .


How Machine Learning Can Help Identify Web Defacement Campaigns

Website defacement — the act of visibly altering the pages of a website, notably in the aftermath of a political event to advance the political agenda of a threat actor— has been explored in our various research works. We broke down top defacement campaigns in a previous paper and, in another post, emphasized how machine learning in our security research tool can help Computer Emergency Readiness Teams (CERTs)/Computer Security Incident Response Teams (CSIRTs) and web administrators prepare for such attacks. The latter took off from the analysis done in our most recent paper, Web Defacement Campaigns Uncovered: Gaining Insights From Deface Pages Using DefPloreX-NG. Here we expound on why machine learning (ML) was an ideal method for our analysis to better understand how web defacers operate and organize themselves.

The post How Machine Learning Can Help Identify Web Defacement Campaigns appeared first on .


Malware Targeting Bitcoin ATMs Pops Up in the Underground

With the increasing popularity and real-world use of cryptocurrencies and the fact that cybercriminals will always try to exploit something that can make money for them, it shouldn’t come as a surprise that malware targeting Bitcoin ATMs have started appearing in underground markets.

The post Malware Targeting Bitcoin ATMs Pops Up in the Underground appeared first on .