DocuSign hacked: E-mail addresses leaked

Tuesday, May 16. 2017

In my previous post, I was (not so) politely asking DocuSign to admit e-mail addresses leaking.

Finally, they did! They posted Update 5/16/2017 - Update on Malicious Campaign.

Q: What information was impacted?
A: It was a list of email addresses stored in a separate, non-core system used for service-related announcements.

That is something they should have done a week ago, but I guess we have to settle with that.

Btw. I got my hands on the payload VB:Trojan.VBS.Downloader.ACR as named by F-Secure. As many have reported before, it's a MS Word document with a macro in it. The VBA-thingie de-obfuscates a "picture" embedded into the .doc and injects that directly to memory to be executed. I really didn't want to waste the ton of time investigating the actual malware, its bad, I know that without looking. Its just another reminder of how dangerous the VBA-macros are, they can call any system call from Windows kernel and do really complex hacks, like any real executeable would do.

by Jari Turkia in Security at 23:31 | Comments (0) | Google | Share in LinkedIn

Comments
Display comments as (Linear | Threaded)

No comments

Add Comment

E-Mail addresses will not be displayed and will only be used for E-Mail notifications.
Enclosing asterisks marks text as bold (*word*), underscore are made via _word_.
Standard emoticons like :-) and ;-) are converted to images.
 
Submitted comments will be subject to moderation before being displayed.
 

Calendar

Back March '19 Forward
Mon Tue Wed Thu Fri Sat Sun
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Quicksearch

Archives

Categories

RSS feeds of this Blog

Blog Administration

Open login screen

Powered by

Parts of this serendipity template are by Abdussamad Abdurrazzaq and Jari Turkia.