Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


As a Customer What would do to keep your ERP Implementation intact
Proactively define Business Process-- Take the Project Ownership
Handover everything to System Integrator from drawing BP till implementation of ERP
Hire more inhouse skilled & capable IT Resource to work directly with SI
Rely on SI Architects/Consultants
Total votes: 4

Baanboard at LinkedIn

Reference Content


Malware Delivered via Windows Installer Files, (Sat, Feb 17th)

SANS Internet Storm Center - February 17, 2018 - 10:06am
For some days, I collected a few samples of malicious MSI files. MSI files are Windows installer files that users can execute to install software on a Microsoft Windows system. Of course, you can replace “software” with “malware”. MSI files look less suspicious and they could bypass simple filters based on file extensions like “(com|exe|dll|js|vbs|…)”. They also look less dangerous because they are Composite Document Files:
Categories: Security

February 2018 Microsoft (and Adobe) Patch Tuesday , (Tue, Feb 13th)

SANS Internet Storm Center - February 14, 2018 - 12:47am
I will update this diary as additional bulletins are released. Microsoft marked adobe's bulletin as "not yet exploited". However, according to Adobe and reports from the Korean Cert, one of the vulnerabilities has already been exploited, so I am marking it differently here, and assign it a "Patch Now" rating. Not much detail has been made public yet about this vulnerability, which is why I am leaving the "Disclosed" rating at "No".
Categories: Security

Analyzing compressed shellcode, (Mon, Feb 12th)

SANS Internet Storm Center - February 12, 2018 - 8:06am
I received a malicious RTF file with several stages (PowerShell commands), containing Gzip compressed shellcode.
Categories: Security

Finding VBA signatures in Word documents, (Sun, Feb 11th)

SANS Internet Storm Center - February 11, 2018 - 10:49pm
One of my former students contacted me after reading my last diary entry "An autograph from the Dridex gang" with a question: how to detect Word documents with signed VBA code?
Categories: Security

Increase in port 2580 probe sources, (Fri, Feb 9th)

SANS Internet Storm Center - February 10, 2018 - 2:56pm
Reviewing the dashboards at the ISC today revealed an anomaly on port 2580.  Over the last couple days the number of sources probing for port 2580 has increased by nearly 600x from near none historically. 
Categories: Security

An autograph from the Dridex gang, (Fri, Feb 9th)

SANS Internet Storm Center - February 9, 2018 - 7:26pm
Reader Wayne Smith submitted a PDF file attached to a malicious email.
Categories: Security

SQL injection and division by zero exceptions, (Thu, Feb 8th)

SANS Internet Storm Center - February 8, 2018 - 1:32pm
SQL injections are my favorite vulnerabilities. Of course, every penetration tester loves them since they are (in most cases) critical, however what I like with them is that there are so many ways to exploit even the apparently-looking remote or unexploitable cases.
Categories: Security

Analyzing an HTA file: Update, (Mon, Feb 5th)

SANS Internet Storm Center - February 6, 2018 - 12:10am
A reader asked what the &H?? strings were in the malware I analyzed in my last diary entry. These are numbers in VBA written in hexadecimal.
Categories: Security

All times are GMT +2. The time now is 21:22.

©2001-2018 - -