Posts Tagged: vulnerabilities


Spamvertised American Airlines themed emails lead to Black Hole exploit kit

by

American Airlines customers, watch where you click! Cybercriminals are currently spamvertising millions of emails impersonating the company in an attempt to trick end and corporate users into clicking on the malicious links found in the spamvertised email. Upon execution, the campaign redirects users to a Black Hole exploit kit landing URL, where client-side exploits are served against outdated third-party software and browser plugins. More details:

Continue Reading »

Spamvertised ‘Your UPS delivery tracking’ emails serving client-side exploits and malware

by

Cybercriminals are currently spamvertising millions of emails impersonating United Parcel Service (UPS) in an attempt to trick end and corporate users into clicking on exploits and malware serving links found in the malicious emails. What exploits are they using? How widespread is the campaign? Is it an isolated incident, or is the campaign linked to more malicious activity? More details:

Continue Reading »

Spamvertised ‘Your Paypal Ebay.com payment’ emails serving client-side exploits and malware

by

Remember the ‘Your Amazon.com order confirmation’ client-side exploits and malware serving campaign which I profiled earlier this week? It appears that the gang behind it is back with another campaign, this time impersonating PayPal. For the time being, another round consisting of millions of malicious emails is circulating in the wild, enticing end and corporate users into clicking on malicious links found in the emails. More details:

Continue Reading »

Oracle and Apple patch critical Java security vulnerabilities

by

In a coordinated effort Oracle and Apple recently issued a critical security update for Java. Next to Adobe Flash, and Acrobat Reader, client-side vulnerabilities found in insecure versions of Java are among the most popular entry points for malicious attackers on the hosts of users with outdated third-party software and browser plugins. More details:

Continue Reading »

Spamvertised ‘Your Amazon.com order confirmation’ emails serving client-side exploits and malware

by

Everyone uses Amazon! At least that’s what the cybercriminals are hoping.  Cybercriminals are currently spamvertising millions of emails impersonating Amazon.com Inc. in an attempt to trick end and corporate users into clicking on the malicious links found in the emails. More details:

Continue Reading »

Mozilla patches critical security vulnerabilities in Firefox and Thunderbird

by

In yesterday’s Firefox 13 release, Mozilla has fixed seven critical security vulnerabilities, four of which are critical. The majority of these vulnerabilities are also fixed in the latest Thunderbird 13 release. More details on the vulnerabilities:

Continue Reading »

‘Windstream bill’ themed emails serving client-side exploits and malware

by

Cybercriminals are currently spamvertising millions of emails impersonating the Windstream Corporation, in an attempt to trick end and corporate users into clicking on links found in the malicious email. Upon clicking on the links hosted on compromised web sites, users are exposed to client-side exploits served by the BlackHole web malware exploitation kit. More details:

Continue Reading »

Ongoing ‘LinkedIn Invitation’ themed campaign serving client-side exploits and malware

by

Remember the ‘LinkedIn Invitations’ themed malware campaign which I profiled in March, 2012? A few hours, ago, the cybercriminals behind it launched another round of malicious emails to millions of end and corporate users. More details:

Continue Reading »

Spamvertised ‘Pizzeria Order Details’ themed campaign serving client-side exploits and malware

by

End and corporate users (and especially Pizza eaters), beware! Cybercriminals are currently spamvertising hundreds of thousands of emails, impersonating FLORENTINO`s Pizzeria, and enticing  users into clicking on a client-side exploits and malware serving link in order to cancel a $169.90 order that they never really made. More details:

Continue Reading »