Go Back > News > RSS Newsfeeds > Sources

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 37

Baanboard at LinkedIn

Reference Content

SANS Internet Storm Center
Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 30 min 31 sec ago

BTC Pickpockets, (Sat, Nov 18th)

4 hours 31 min ago
I observed requests to my webserver to retrieve Bitcoin wallet files:
Categories: Security

Top-100 Malicious IP STIX Feed, (Fri, Nov 17th)

November 17, 2017 - 8:56am
Yesterday, we were contacted by one of our readers who asked if we provide a STIX feed of our blocked list or top-100 suspicious IP addresses. STIX[1] means “Structured Threat Information eXpression” and enables organizations to share indicator of compromise (IOC) with peers in a consistent and machine readable manner.
Categories: Security

Suspicious Domains Tracking Dashboard, (Thu, Nov 16th)

November 16, 2017 - 9:27am
Domain names remain a gold mine to investigate security incidents or to prevent some malicious activity to occur on your network (example by using a DNS firewall). The ISC has also a page[1] dedicated to domain names. But how can we detect potentially malicious DNS activity if domains are not (yet) present in a blacklist? The typical case is DGA’s of Domain Generation Algorithm[2] used by some malware families.
Categories: Security

If you want something done right, do it yourself!, (Wed, Nov 15th)

November 15, 2017 - 8:16am
Another day, another malicious document! I like to discover how the bad guys are creative to write new pieces of malicious code. Yesterday, I found another interesting sample. It’s always the same story, a malicious document is delivered by email. The document was called 'Saudi Declare war Labenon.doc’ (interesting name by the way!). According to VT, it is already flagged as malicious by many antivirus[1] (SHA267: 7f39affc9649606f57058b971c0c5a7612f7d85ef7ed54c95034cd2b9ae34602/detection). The document is a classic RTF file that triggers the well-known %%cve:2017-0199%%. When started, it downloads the first file from:
Categories: Security

VBE Embeded Script (, (Mon, Nov 13th)

November 13, 2017 - 9:25pm
My honeypot captured several copies of this file (info.vbe). I used Didier's Python script to examine the file and obtained following output:
Categories: Security

jsonrpc Scanning for root account, (Mon, Nov 13th)

November 13, 2017 - 8:34pm
In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.
Categories: Security

Keep An Eye on your Root Certificates, (Sat, Nov 11th)

November 11, 2017 - 8:48am
A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. Indeed, more and more companies are deploying SSL inspections tools. It could be interesting to keep an eye on what’s happening in your certificate store. On Windows systems, there is a GUI tool for this purpose, that you can call from the command line:
Categories: Security

Battling e-mail phishing, (Fri, Nov 10th)

November 10, 2017 - 11:56am
Lately I’ve been doing a lot of phishing exercises – by looking at last couple of years I would say that we can finally see some increased awareness. Unfortunately, this increased awareness is mainly between the IT security folks: the phishing (or social engineering) campaigns usually have very devastating results.
Categories: Security

What is My IP Again?, (Thu, Nov 9th)

November 9, 2017 - 3:44pm
Until we all fully embrace IPv6, we're living in a NAT world.  And the folks who build security for that world often need to work around NAT that they didn't build.
Categories: Security

SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th)

November 8, 2017 - 3:32pm
After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do.
Categories: Security

Interesting VBA Dropper, (Tue, Nov 7th)

November 7, 2017 - 8:36am
Here is another sample that I found in my spam trap. The technique to infect the victim's computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd)[1] that exploits the OLE2Link vulnerability (CVE-2017-0199[2]). Once opened, the document fetches the following URL:
Categories: Security

All times are GMT +2. The time now is 17:46.

©2001-2017 - -