Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


As a Customer What would do to keep your ERP Implementation intact
Proactively define Business Process-- Take the Project Ownership
Handover everything to System Integrator from drawing BP till implementation of ERP
Hire more inhouse skilled & capable IT Resource to work directly with SI
Rely on SI Architects/Consultants
Total votes: 2

Baanboard at LinkedIn

Reference Content


Apache SOLR: the new target for cryptominers, (Thu, Mar 8th)

SANS Internet Storm Center - March 9, 2018 - 1:13am
Earlier this year, I wrote about a campaign targeting vulnerable Oracle WebLogic installations to deploy cryptocurrency miners [1] . Based on some of the mining pool statistics associated with these installs, criminals were quite successful. Now that most Oracle WebLogic servers are fixed, miscreants had to move to another target. Based on an incident I responded to on Thursday, vulnerable Apache SOLR servers may now be “it”.
Categories: Security

CRIMEB4NK IRC Bot, (Thu, Mar 8th)

SANS Internet Storm Center - March 8, 2018 - 8:34am
Yesterday, I got my hands on the source code of an IRC bot written in Perl. Yes, IRC ("Internet Relay Chat") is still alive! If the chat protocol is less used today to handle communications between malware and their C2 servers, it remains an easy way to interact with malicious bots that provide interesting services to attackers. I had a quick look at the source code (poorly written) and found some interesting information:
Categories: Security

The joys of changing Privacy Laws, (Tue, Mar 6th)

SANS Internet Storm Center - March 6, 2018 - 7:12am
There are a few privacy changes that have occured and will occur. You may be affected, so I've summarised it here. Please keep in mind I'm not your legal counsil so as always, check yours. 
Categories: Security

Malicious Bash Script with Multiple Features, (Mon, Mar 5th)

SANS Internet Storm Center - March 5, 2018 - 11:22am
It’s not common to find a complex malicious bash script. Usually, bash scripts are used to download a malicious executable and start it. This one has been spotted by @michalmalik[1] who twitted about it. I had a quick look at it. The script has currently a score of 13/50 on VT[2]. First of all, the script installs some tools and dependencies. 'apt-get' and 'yum'  are used, this means that multiple Linux distributions are targeted. The following packages are installed: wget, git, make, python, redis-tools, gcc, build-essentials. Some Python packages are installed via PIP.
Categories: Security

The Crypto Miners Fight For CPU Cycles, (Sun, Mar 4th)

SANS Internet Storm Center - March 4, 2018 - 11:07am
I found an interesting piece of Powershell code yesterday. The purpose is to download and execute a crypto miner but the code also implements a detection mechanism to find other miners, security tools or greedy processes (in terms of CPU cycles). Indeed, crypto miners make intensive use of your CPUs and more CPU resources they can (ab)use, more money will be generated. When a computer is infected, it looks legit to search for already running miners and simply kill them: The fight for CPU cycles started!
Categories: Security

Reminder: Beware of the "Cloud", (Sat, Mar 3rd)

SANS Internet Storm Center - March 3, 2018 - 11:57am
Today, when you buy a product, there are chances that it will be “connected” and use cloud services for, at least, one of its features. I’d like to tell you a bad story that I had this week. Just to raise your awareness... I won’t mention any product or service because the same story could append with many alternative solutions and my goal is not to blame them.
Categories: Security

Common Patterns Used in Phishing Campaigns Files, (Fri, Mar 2nd)

SANS Internet Storm Center - March 2, 2018 - 10:31am
Phishing campaigns remain a common way to infect computers. Every day, I'm receiving plenty of malicious documents pretending to be sent from banks, suppliers, major Internet actors, etc. All those emails and their payloads are indexed and this morning I decided to have a quick look at them just by the name of the malicious files. Basically, there are two approaches used by attackers:
Categories: Security

Why Does Emperor Xi Dislike Winnie the Pooh and Scrambled Eggs?, (Thu, Mar 1st)

SANS Internet Storm Center - March 1, 2018 - 3:20pm
   China made big news last week by amending its constitution to allow President Xi to stay in power beyond the normal 10 years. While the move found great support from the Chinese party elite appointed by Xi, others in China are not all that happy about Xi being given powers not attained by anybody in China since Mao. The Chinese censors have long had a pretty tight grasp on social media in the country in order to curb any dissent.  For example, Chinese censors in cooperation with service providers in China have used automated tools that eliminate certain key terms from social media discussions. But we all know that signature-based filtering of “known bad words” is tricky.  
Categories: Security

How did this Memcache thing happen?, (Wed, Feb 28th)

SANS Internet Storm Center - February 28, 2018 - 4:18am
As pointed out earlier ( this memcached reflected DDoS thing is pretty bad.  How bad?  Well, US-CERT updated its UDP-Based Amplification Attacks advistory ( to add Memcache to the list of potential attack vectors.  The really telling bit is the chart that shows the Bandwidth Amplification Factor.  Before memcache was added the largest factor was 556.9 from NTP where each byte sent in to a vulnerable server would return about 557 bytes in attack traffic.  Memecache is listed as 10,000 to 51,000.  That's remarkably large.
Categories: Security

All times are GMT +2. The time now is 07:31.

©2001-2018 - -