INDUSTRY INSIGHTS YOUR PEERS ARE READING
file and when it is launched, starts the infection by downloading other components from the Internet. However, the real malicious action performed by the javascript is to create a batch file in the “ %APPDATA%Roaming325623802.bat ” path. MORE
A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code. MORE
Over the years, staff had tried to maintain order by naming folders by the record type listed on the retention schedule, using idiosyncratic naming conventions, and attempting to create high level folders for staff to save their files in. Creation of README Files (PDF). MORE
The downloaded file (wraeop.sct) represents a Javascript code reporting the Stage 2 of the infection process. The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it. MORE
The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”, MORE
The messages used employment-related subjects such as “About a role” and “Job Application,” while the malicious attached documents used file names in the format of “firstname.surname_resume.doc”. MORE
It then links directly through to 8.8GB worth of easily downloadable data breaches, all obtainable in a single ZIP file. In total, there were 2,889 text files in the archive but it's what's inside them which I found particularly interesting. Almost all the files are just email addresses and plain text passwords (the occasional file has a username that's not an email address and a password). MORE
The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll. MORE
This meant choosing a random file from amongst the 85k+ in the data, extracting all the email addresses then grabbing a random 100 sample and looking for uniqueness. That's fine, but it skewed the 61% number down as the file was counted as not being an exact match.) MORE
MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks MORE
“Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group. MORE
So the crux of the matter seems to be that the guy pulled down a bunch of files by enumerating through file names without realising that the publisher of said files had not intended for them to be public. MORE
In fact, while years ago the most used passwords were about names, dates or simple patters such as “qwerty”, today we observe a significative increase in pattern complexity, but still too easy to be brute-forced. What are the domain names of the most leaked emails ? MORE
Epson’s ScanSmart Software Accounting Edition 2 offers powerful productivity features such as automatic file naming, automatic receipt recognition with accurate OCR and easy integration with QuickBooks ® , TurboTax and Quicken. LONG BEACH, Calif. – 17, 2019 – Epson America, a leading provider of digital imaging solutions, today unveiled its updated ScanSmart Software 1 , now available with Epson’s ScanSmart Software Accounting Edition 2 upgrade for receipt scanning capabilities. MORE
I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives.) MORE
Target type enable additional capabilities that include rotating file, signing, encryption and sending files to remote servers. Enter name of the LogTarget. In type click File. File-Writes log to file on the appliance. Enter destination file name. MORE
A new malspam campaign hit Italy in this days, threat actors are spreading a new variant of a powerful downloader named sLoad. As usual, it comes as a zip file attached to an e-mail, this file contains two elements: A fake shortcut to directory (.lnk MORE
The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.” MORE
The operator of the service (Kayo) reached out to me earlier this week and advised they'd noticed a collection of files uploaded to the site which appeared to contain personal data from a breach. When I pulled the email addresses out of the file, I found almost 42M unique values. MORE
Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings). File listings included files names describing child abuse content. MORE
“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./) MORE
The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded. MORE
There are a few things that bug me and other standards advocates out there, chief of which (for me) are the title and file name problems. Problem #1: Spaces in File Names The page title is used to create the page's name (i.e., file name). MORE
MALVERN, PA, June 25, 2018 – Ricoh USA, Inc. today announced its RICOH Cloud Workflow Solutions portfolio, a collection of cloud-based technologies that bring streamlined simplicity to small and medium-sized businesses (SMBs) in affordable, scalable, subscription-based packages. MORE
“Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat.” “Log files can be uploaded to the FTP server and sent to the attacker’s email inbox. MORE
” The fake Adobe Flash updates use file names starting with AdobeFlashPlayer that are hosted on cloud-based web servers that don’t belong to Adobe. One such example from December 2017 named free-mod-menu-download-ps3.exe also shows osdsoft[.]com MORE
The malware continuously connects the command and control (C&C) server to fetch and execute an additional executable file. Once the Cellas Trade Pro app is installed on macOS, it launches the Updater application on the system load via a file named “.com.celastradepro.plist.”. MORE
The Sample (SHA256: e5c67daef2226a9e042837f6fad5b338d730e7d241ae0786d091895b2a1b8681) presents itself as a JAR file. A Java Method that invokes (through evals ) an embedded “ Javascript ” file ! This.class is actually a JAR file carrying a whole function set. MORE
” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file. MORE
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The LOAD DATA statement can load a file located on the server, and if the LOCAL keyword is used in the request, on the client host. MORE
“Notably, the infected APK files do not pose any threat to Android devices, as these embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform.” 15 apps were found containing both PE files inside. MORE
The automatic file naming and receipt recognition tool, with machine-learning capabilities, identifies important data such as vendor names and logos, and streamlines the process of storing and finding critical data and documents 2. LONG BEACH, Calif. MORE
The last Windows zero-day flaw disclosed by SandboxEscaper is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system. MORE
My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” as an apparently normal attachment (sha256: 79005f3a6aeb96fec7f3f9e812e1f199202e813c82d254b8cc3f621ea1372041). MORE
Consistent document capture and file naming. Because automated scan workflows are predefined, capture parameters including output quality and output file formats can be consistent for a particular process, for example, scanned invoices may be in jpg whereas legal documents are PDFs. Another area that lends itself to mixed results is in file naming structure. Left to decide, users can create a variety of document naming formats that only make sense to them. MORE
Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. “These documents are named Raport.doc or Gizli Raport.doc (titles mean “Report” or “Secret Report” in Turkish) and maliyeraporti (Gizli Bilgisi).doc MORE
“This attack is carried out by embedding a video inside a Word document, editing the XML file named document.xml, replacing the video link with a crafted payload created by the attacker which opens Internet Explorer Download Manager with the embedded code execution file” The experts created a proof-of-concept attack using a YouTube video link embedded in weaponized Microsoft Office documents. MORE
To accomplish this, use your favorite text editor, such as Nano or Vim to edit the config.cfg file in the ~/algo directory: vim config.cfg. After saving the file and exiting the text editor, execute the following command in the ~/algo directory to install Algo software: /algo. MORE
Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon. MORE
“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages. MORE
File names Related Topics 
Information Management Resources
JUNE 7, 2018
MyHeritage received a message from a researcher who unearthed a file named 'myheritage' containing email addresses and encrypted passwords of nearly all of its users on a private server outside the company. Hacking Data security Cyber security Cyber attacks
Security Affairs
DECEMBER 27, 2018
” In the attempt to deceive the victims, attackers used the internal file name “Baidu PC Faster” and the “Baidu WiFi Hotspot Setup” in the description of the file.
Security Affairs
OCTOBER 6, 2018
“This application handles file names incorrectly when the user uploads a media file. ” The third flaw directory-traversal vulnerability tracked as CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names. The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: /./)
Security Affairs
FEBRUARY 19, 2019
The phishing email contains a.zip file named “slavneft.zakaz.zip”, which means something like “slavneft order” in English, showing a direct reference to “Slavneft”. It contains a russian speaking JavaScript file named “«??? «??? «?????????» ??????????? ??????”,
Security Affairs
DECEMBER 20, 2018
The last Windows zero-day flaw disclosed by SandboxEscaper is an arbitrary file read vulnerability that could be exploited by a low-privileged user or a malicious program to read the content of any file on a Windows system.
Security Affairs
FEBRUARY 5, 2019
The security researcher Alex Inführ discovered a severe remote code execution vulnerability in LibreOffice and Apache OpenOffice that could be exploited by tricking victims into opening an ODT (OpenDocument Text) file embedding an event embedded.
|
The Texas Record
JANUARY 25, 2019
Over the years, staff had tried to maintain order by naming folders by the record type listed on the retention schedule, using idiosyncratic naming conventions, and attempting to create high level folders for staff to save their files in. Creation of README Files (PDF).
Security Affairs
JANUARY 4, 2019
The new version of NRSMiner updates existing infections by downloading new modules and removing files and services installed by old previous versions. This malicious code first installs a service named snmpstorsrv , with snmpstorsrv.dll registered as servicedll.
Security Affairs
OCTOBER 28, 2018
“This attack is carried out by embedding a video inside a Word document, editing the XML file named document.xml, replacing the video link with a crafted payload created by the attacker which opens Internet Explorer Download Manager with the embedded code execution file” The experts created a proof-of-concept attack using a YouTube video link embedded in weaponized Microsoft Office documents.
Security Affairs
JANUARY 21, 2019
A rogue MySQL server could be used to steal files from clients due to a design flaw in the popular an open source relational database management system (RDBMS). The LOAD DATA statement can load a file located on the server, and if the LOCAL keyword is used in the request, on the client host.
Security Affairs
NOVEMBER 20, 2018
Hackers used weaponized files named ‘crash list (Lion Air Boeing 737).docx’ Sofacy APT group (aka APT28 , Pawn Storm , Fancy Bear , Sednit , Tsar Team, and Strontium ) has a new weapon in its arsenal dubbed Cannon.
|
|
Security Affairs
OCTOBER 10, 2018
“These lure documents use titles with government , military, and diplomatic themes, and the file names are written in English or Cyrillic languages.
Security Affairs
OCTOBER 13, 2018
” The fake Adobe Flash updates use file names starting with AdobeFlashPlayer that are hosted on cloud-based web servers that don’t belong to Adobe. One such example from December 2017 named free-mod-menu-download-ps3.exe also shows osdsoft[.]com
Security Affairs
JANUARY 19, 2019
In fact, while years ago the most used passwords were about names, dates or simple patters such as “qwerty”, today we observe a significative increase in pattern complexity, but still too easy to be brute-forced. What are the domain names of the most leaked emails ?
Security Affairs
JULY 19, 2018
Thousands of account credentials associated with the popular file storage service Mega have been published online, The former NSA hacker Patrick Wardle, co-founder at Digita Security , discovered in June a text file containing over 15,500 usernames, passwords, and files names. Found file on VirusTotal w/ 15K+ Mega accounts (user names/passwords & users' file listings). File listings included files names describing child abuse content.
AIIM
OCTOBER 30, 2017
Consistent document capture and file naming. Because automated scan workflows are predefined, capture parameters including output quality and output file formats can be consistent for a particular process, for example, scanned invoices may be in jpg whereas legal documents are PDFs. Another area that lends itself to mixed results is in file naming structure. Left to decide, users can create a variety of document naming formats that only make sense to them.
Security Affairs
OCTOBER 20, 2018
A security researcher discovered a zero-day vulnerability, tracked as CVE-2018-9206 , that affects older versions of the jQuery File Upload plugin since 2010. The jQuery File Upload is a jQuery widget “with multiple file selection, drag&drop support, progress bars, validation and preview images, audio and video.”. Cashdollar discovered two PHP files named upload.php and UploadHandler.php in the package’s source, which contained the file upload code.
Document Imaging Report
JANUARY 18, 2019
Epson’s ScanSmart Software Accounting Edition 2 offers powerful productivity features such as automatic file naming, automatic receipt recognition with accurate OCR and easy integration with QuickBooks ® , TurboTax and Quicken. LONG BEACH, Calif. – 17, 2019 – Epson America, a leading provider of digital imaging solutions, today unveiled its updated ScanSmart Software 1 , now available with Epson’s ScanSmart Software Accounting Edition 2 upgrade for receipt scanning capabilities.
Security Affairs
NOVEMBER 16, 2018
The downloaded file (wraeop.sct) represents a Javascript code reporting the Stage 2 of the infection process. The script downloads a file named: AZZI.exe and saves it by a new name: VRE1wEh9j0mvUATIN3AqW1HSNnyir8id.exe on a System temporary directory for running it.
Security Affairs
NOVEMBER 30, 2018
Threat actors used PowerShell-based first stage backdoor named POWERSTATS, across the time the hackers changed tools and techniques. “These documents are named Raport.doc or Gizli Raport.doc (titles mean “Report” or “Secret Report” in Turkish) and maliyeraporti (Gizli Bilgisi).doc
Security Affairs
AUGUST 1, 2018
“Notably, the infected APK files do not pose any threat to Android devices, as these embedded Windows executable binaries can only run on Windows systems: they are inert and ineffective on the Android platform.” 15 apps were found containing both PE files inside.
Security Affairs
DECEMBER 4, 2018
file and when it is launched, starts the infection by downloading other components from the Internet. However, the real malicious action performed by the javascript is to create a batch file in the “ %APPDATA%Roaming325623802.bat ” path.
Security Affairs
SEPTEMBER 8, 2018
The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.”
Troy Hunt
SEPTEMBER 13, 2018
The operator of the service (Kayo) reached out to me earlier this week and advised they'd noticed a collection of files uploaded to the site which appeared to contain personal data from a breach. When I pulled the email addresses out of the file, I found almost 42M unique values.
Security Affairs
AUGUST 30, 2018
“Further investigation showed that the malware, which we named BusyGasper, is not all that sophisticated, but demonstrates some unusual features for this type of threat.” “Log files can be uploaded to the FTP server and sent to the attacker’s email inbox.
JKevinParker
MARCH 2, 2014
There are a few things that bug me and other standards advocates out there, chief of which (for me) are the title and file name problems. Problem #1: Spaces in File Names The page title is used to create the page's name (i.e., file name).
Security Affairs
SEPTEMBER 5, 2018
“Two exploit documents with Vietnamese-language file names were observed with file metadata unique to the GOBLIN PANDA adversary.” Researchers from security firm CrowdStrike have observed a new campaign associated with the GOBLIN PANDA APT group.
Troy Hunt
FEBRUARY 11, 2019
This meant choosing a random file from amongst the 85k+ in the data, extracting all the email addresses then grabbing a random 100 sample and looking for uniqueness. That's fine, but it skewed the 61% number down as the file was counted as not being an exact match.)
Lenny Zeltser
JULY 6, 2017
To accomplish this, use your favorite text editor, such as Nano or Vim to edit the config.cfg file in the ~/algo directory: vim config.cfg. After saving the file and exiting the text editor, execute the following command in the ~/algo directory to install Algo software: /algo.
Troy Hunt
APRIL 19, 2018
So the crux of the matter seems to be that the guy pulled down a bunch of files by enumerating through file names without realising that the publisher of said files had not intended for them to be public.
Troy Hunt
JANUARY 16, 2019
I found a combination of different delimiter types including colons, semicolons, spaces and indeed a combination of different file types such as delimited text files, files containing SQL statements and other compressed archives.)
Perficient Data & Analytics
OCTOBER 31, 2018
Target type enable additional capabilities that include rotating file, signing, encryption and sending files to remote servers. Enter name of the LogTarget. In type click File. File-Writes log to file on the appliance. Enter destination file name.
Security Affairs
JULY 30, 2018
The messages used employment-related subjects such as “About a role” and “Job Application,” while the malicious attached documents used file names in the format of “firstname.surname_resume.doc”.
Security Affairs
AUGUST 31, 2018
My entire “Cyber adventure” began with a simple email within a.ZIP file named “Nuovo Documento1.zip” as an apparently normal attachment (sha256: 79005f3a6aeb96fec7f3f9e812e1f199202e813c82d254b8cc3f621ea1372041).
Security Affairs
AUGUST 24, 2018
The malware continuously connects the command and control (C&C) server to fetch and execute an additional executable file. Once the Cellas Trade Pro app is installed on macOS, it launches the Updater application on the system load via a file named “.com.celastradepro.plist.”.
Document Imaging Report
AUGUST 2, 2018
The automatic file naming and receipt recognition tool, with machine-learning capabilities, identifies important data such as vendor names and logos, and streamlines the process of storing and finding critical data and documents 2. LONG BEACH, Calif.
Document Imaging Report
JUNE 25, 2018
MALVERN, PA, June 25, 2018 – Ricoh USA, Inc. today announced its RICOH Cloud Workflow Solutions portfolio, a collection of cloud-based technologies that bring streamlined simplicity to small and medium-sized businesses (SMBs) in affordable, scalable, subscription-based packages.
Security Affairs
AUGUST 20, 2018
The Sample (SHA256: e5c67daef2226a9e042837f6fad5b338d730e7d241ae0786d091895b2a1b8681) presents itself as a JAR file. A Java Method that invokes (through evals ) an embedded “ Javascript ” file ! This.class is actually a JAR file carrying a whole function set.
Troy Hunt
FEBRUARY 26, 2018
It then links directly through to 8.8GB worth of easily downloadable data breaches, all obtainable in a single ZIP file. In total, there were 2,889 text files in the archive but it's what's inside them which I found particularly interesting. Almost all the files are just email addresses and plain text passwords (the occasional file has a username that's not an email address and a password).
89 
Let's personalize your content