Campaign Leverages RFI Attacks to Deploy Phishing Kits

silversurfer

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,154
Content source
https://www.securityweek.com/campaign-leverages-rfi-attacks-deploy-phishing-kits
A recently detected series of targeted attacks is attempting to exploit Remote File Inclusion (RFI) vulnerabilities to deploy phishing kits, Akamai has discovered.

RFI attacks attempt to exploit unchecked or improperly validated inclusion functions within vulnerable applications or websites. Most of these attacks target PHP, but these vulnerabilities can also be found in Java, ASP, and elsewhere.

Once an RFI attack is successful, the server would deliver the content of the attacker-controlled externally-called file, and this is what was happening as part of the recently discovered attacks as well, Akamai’s Larry Cashdollar reveals.

RFI attacks, the security researcher explains, could also lead to code execution, Cross Site Scripting (XSS), Denial of Service (DoS), or sensitive information disclosure.
Click to expand...
Read more below:
www.securityweek.com

Campaign Leverages RFI Attacks to Deploy Phishing Kits

A series of targeted attacks is attempting to exploit Remote File Inclusion (RFI) vulnerabilities to deploy phishing kits, Akamai warns.
www.securityweek.com www.securityweek.com
 
  • Like
  • +Reputation
Reactions: upnorth and harlan4096
You must log in or register to reply here.

Similar threads

MuzzMelbourne
    • Like
    • +Reputation
New ‘HinataBot’ botnet could launch massive 3.3 Tbps DDoS attacks
Replies
0
Views
828
News Archive
MuzzMelbourne
MuzzMelbourne
silversurfer
    • Like
    • +Reputation
New malware variant has “radio silence” mode to evade detection
Replies
0
Views
494
News Archive
silversurfer
silversurfer
Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News 22 Energy Firms Hacked in Largest Coordinated Attack on Denmark’s Critical Infrastructure
Replies
6
Views
1,833
Security News
oldschool
oldschool

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top