Exploiting a Kernel Paged Pool Buffer Overflow in Avast Virtualization Driver

CVE-2015-8620 We discovered this vulnerability in the Avast Virtualization driver (aswSnx.sys) that handles some of the ‘Sandbox’ and ‘DeepScreen’ functionality of all the Avast Windows products. We initially found this issue in versions 10.x (10.4.2233.1305) of those products and later confirmed that the latest 11.x versions were still affected by this issue up to, and […]

HMRC Phishing Scam

In the last few days, Nettitude’s threat intelligence platform has picked up a mass phishing campaign – involving the distribution over nearly two million individual emails – targeting HMRC customers. The attackers attempt to obtain personal details by directing the user to click a link in the e-mail, which then redirects them to a compromised […]

McAfee File Lock Driver – Kernel Memory Leak

CVE: CVE-2015-8772  Vendor: McAfee – Intel Security  Reported by: Kyriakos Economou  Date of Release: 26/01/2016  Date of Fix: N/A  Affected Products: Multiple  Affected Version: McPvDrv.sys v4.6.111.0  Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly IOCTL_DISK_VERIFY IOCTL requests, which leads to kernel memory leak through specifically crafted IOCTLs. Normally the IOCTL_DISK_VERIFY IOCTL […]

McAfee File Lock Driver – Kernel Stack Based BOF

CVE: CVE-2015-8773  Vendor: McAfee – Intel Security  Reported by: Kyriakos Economou  Date of Release: 26/01/2016  Date of Fix: N/A  Affected Products: Multiple  Affected Version: McPvDrv.sys v4.6.111.0  Fixed Version: N/A Description: McAfee File Lock Driver does not handle correctly GUIDs of the encrypted vaults, which allows to crash the host by crafting a specific IOCTL with […]

New Threat Advisory Report: Nettitude finds malicious content embedded in image files

Nettitude’s security researchers are always on the lookout for attack trends and changes in the cyber threat landscape. Our team has recently found malicious content embedded in Graphics Interchange Format (GIF) image files, which when uploaded to a vulnerable server, can result in the complete or partial compromise of the host. The vulnerabilities targeted by […]

Nettitude’s new Cyber Threat Intelligence report reveals increase in targeted phishing emails

With the recent TalkTalk hack just the latest in a long line of high-profile data breaches that have taken place in recent years, our security researchers monitor changes in the global cyber threat landscape on an ongoing basis. Today, we have released a report into the activity that our research team has observed from our […]