GoSecure Blog
New Malware “Gameloader” in Discord Malspam Campaign Identified by GoSecure Titan Labs
The expert investigators at GoSecure Titan Labs have found, analyzed and created signatures to detect a new malware that they call Gameloader – since it and its variants contain numerous strings that attempt to disguise themselves as video games. The file Titan Labs used for their research was a Rich Text Format (RTF) file entitled New Purchase Order from Alibaba.doc provided by the GoSecure Titan Inbox Detection and Response (IDR) team. The RTF file downloads a 32-bit .NET loader, which loads FormBook Stealer. The following is an in-depth analysis of the Gameloader.
A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection
GoSecure ethical hackers found a bug in MySQL that has security consequences. As a result, AWS Web Application Firewall (WAF) customers were left unprotected to SQL injection. Our research team further confirmed modsecurity to be affected, but protection is within reach as described in this blog.
Join GoSecure at Hacktoberfest 2021
For the fifth year, GoSecure is encouraging everyone to join Hacktoberfest – a month-long celebration of open-source software. GoSecure has multiple projects open to external contributions. For this event, we have tagged issues that are accessible to newcomers with the official tag [hacktoberfest].
GoSecure Titan Labs Technical Report: BluStealer Malware Threat
GoSecure Titan Labs obtained a sample of the high-profile malware identified as BluStealer – that can steal credentials, passwords, credit card data, and more. The expert investigators at Titan Labs developed this detailed analysis that examines the infection vector, components, methods of exfiltration and capabilities.
This sample of an optical disc image (ISO) file (01d4b90cc7c6281941483e1cccd438b2) from GoSecure’s Inbox Detection and Response (IDR) team embedded within the ISO file is a 32-bit executable (6f7302e24899d1c05dcabbc8ec3e84d4) compiled in Visual Basic 6. The following is an in-depth analysis of the portable executable (PE).
Microsoft MSHTML Remote Code Execution (CVE-2021-40444)
The experts at GoSecure Titan Labs are aware of a new 0-day Remote Code Execution (RCE) vulnerability in Microsoft Windows. Our team of investigators has identified a mitigation and remediation strategy that technology professionals can use to address this emerging challenge swiftly.
This vulnerability has been given the CVE identifier of CVE-2021-40444. This vulnerability uses specially crafted Microsoft Word documents to create an ActiveX control that will execute malicious code upon opening the document. ActiveX is a Microsoft Framework designed to allow applications to share data through web browsers. Released in 1996, it has been criticized for almost a decade. However, ActiveX remains a part of Internet Explorer for backwards compatibility.
