Go Back > News > RSS Newsfeeds > Sources

User login

Frontpage Sponsor


As a Customer What would do to keep your ERP Implementation intact
Proactively define Business Process-- Take the Project Ownership
Handover everything to System Integrator from drawing BP till implementation of ERP
Hire more inhouse skilled & capable IT Resource to work directly with SI
Rely on SI Architects/Consultants
Total votes: 4

Baanboard at LinkedIn

Reference Content

SANS Internet Storm Center
Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 2 years 13 weeks ago

Should We Call it Quits for Passwords? Or, "Password Spraying for the Win!", (Wed, Feb 21st)

February 21, 2018 - 4:01pm
Ok, maybe that's a bit dramatic.  But for most companies with web services, the answer is a serious "yes" for ditching passwords for those services.  Why is that?  Let's talk about how the typical external pentest might go.
Categories: Security

Statically Unpacking a Brazilian Banker Malware, (Tue, Feb 20th)

February 20, 2018 - 6:30pm
After going through an almost endless amount of encoded droppers and loader scripts while analyzing a Brazilian banker, I finally managed to reach the actual payload, an interestingly packed/encrypted banking malware. How I statically unpacked this payload is the subject of today’s diary and I hope it will help you in your future analysis.
Categories: Security

Analyzing MSI files, (Mon, Feb 19th)

February 19, 2018 - 10:58pm
Xavier wrote a diary entry about an interesting malware sample: MSI files.
Categories: Security

Finding VBA signatures in .docm files, (Sun, Feb 18th)

February 18, 2018 - 10:58pm
Last week I researched how to detect signed VBA code in Word .doc files.
Categories: Security

Malware Delivered via Windows Installer Files, (Sat, Feb 17th)

February 17, 2018 - 10:06am
For some days, I collected a few samples of malicious MSI files. MSI files are Windows installer files that users can execute to install software on a Microsoft Windows system. Of course, you can replace “software” with “malware”. MSI files look less suspicious and they could bypass simple filters based on file extensions like “(com|exe|dll|js|vbs|…)”. They also look less dangerous because they are Composite Document Files:
Categories: Security

February 2018 Microsoft (and Adobe) Patch Tuesday , (Tue, Feb 13th)

February 14, 2018 - 12:47am
I will update this diary as additional bulletins are released. Microsoft marked adobe's bulletin as "not yet exploited". However, according to Adobe and reports from the Korean Cert, one of the vulnerabilities has already been exploited, so I am marking it differently here, and assign it a "Patch Now" rating. Not much detail has been made public yet about this vulnerability, which is why I am leaving the "Disclosed" rating at "No".
Categories: Security

Analyzing compressed shellcode, (Mon, Feb 12th)

February 12, 2018 - 8:06am
I received a malicious RTF file with several stages (PowerShell commands), containing Gzip compressed shellcode.
Categories: Security

Finding VBA signatures in Word documents, (Sun, Feb 11th)

February 11, 2018 - 10:49pm
One of my former students contacted me after reading my last diary entry "An autograph from the Dridex gang" with a question: how to detect Word documents with signed VBA code?
Categories: Security

Increase in port 2580 probe sources, (Fri, Feb 9th)

February 10, 2018 - 2:56pm
Reviewing the dashboards at the ISC today revealed an anomaly on port 2580.  Over the last couple days the number of sources probing for port 2580 has increased by nearly 600x from near none historically. 
Categories: Security

An autograph from the Dridex gang, (Fri, Feb 9th)

February 9, 2018 - 7:26pm
Reader Wayne Smith submitted a PDF file attached to a malicious email.
Categories: Security

SQL injection and division by zero exceptions, (Thu, Feb 8th)

February 8, 2018 - 1:32pm
SQL injections are my favorite vulnerabilities. Of course, every penetration tester loves them since they are (in most cases) critical, however what I like with them is that there are so many ways to exploit even the apparently-looking remote or unexploitable cases.
Categories: Security

All times are GMT +2. The time now is 02:21.

©2001-2018 - -