(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

A writer wrote in to send us an interesting phishing attempt they had received at their organization. An email from a school domain that purported to be VetMeds send an encrypted PDF that required a user-name and password to log in to. The subject of the email was Assessment document. The PDF itself was created with Microsoft Word and included a link that suggested it was a locked document and you needed to click a link to unlock it which pointed to chai[.]myjino[.]ru and gave a screen with a purported PDF behind it and a login box that it happily accepts. Below are some screenshots, but some notes. Updated versions of Acrobat should ask before going off to bad websites. What I found interesting was the lure was a VetMeds assessment but the underlying document at the Russian website is for a SWIFT transaction, so some mixes messages there.

Some advice, be wary of emails from domains that don" />

--
John Bambenek
bambenek \at\ gmail /dot/ com
Fidelis Cybersecurity

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
PCSC-Lite CVE-2016-10109 Use After Free Local Denial of Service Vulnerability
 
Multiple Unify Products Information Disclosure Vulnerability
 
Multiple NETGEAR Products CVE-2016-10115 Default Credentials Security Bypass Vulnerability
 
NETGEAR Arlo Multiple Products CVE-2016-10116 Insecure Default Password Vulnerability
 
Google Android Qualcomm Fuse File System CVE-2016-8463 Denial of Service Vulnerability
 
Google Android NVIDIA Video Driver CVE-2016-8460 Information Disclosure Vulnerability
 
Google Android Framesequence Library CVE-2017-0382 Remote Code Execution Vulnerability
 
Google Android CVE-2016-8469 Information Disclosure Vulnerability
 
Google Android CVE-2016-8475 Information Disclosure Vulnerability
 
Google Android Framework APIs CVE-2017-0383 Remote Privilege Escalation Vulnerability
 
Google Android Audioserver Multiple Privilege Escalation Vulnerabilities
 
Google Nexus Broadcom Wi-Fi Driver Multiple Privilege Escalation Vulnerabilities
 
Google Android Products Qualcomm Bootloader Multiple Integer Overflow Vulnerabilities
 
Google Nexus Broadcom Wi-Fi Driver Multiple Privilege Escalation Vulnerabilities
 
Google Android Audioserver Multiple Information Disclosure Vulnerabilities
 
HP Operations Orchestration CVE-2016-8519 Remote Code Execution Vulnerability
 
Shoretel Mobility Client CVE-2016-6562 SSL Certificate Validation Security Bypass Vulnerability
 
QEMU Infinite Loop CVE-2016-7909 Denial of Service Vulnerability
 
QEMU 'hw/usb/hcd-xhci.c' Infinite Loop Denial of Service Vulnerability
 
[security bulletin] HPSBGN03688 rev.1 - HPE Operations Orchestration, Remote Code Execution
 
Internet Storm Center Infocon Status