Exploiting (pretty) blind SQL injections, (Mon, Feb 15th)
Although a lot has been written about SQL injection vulnerabilities, they can still be found relatively often. In most of the cases Ive seen in last couple of years, I had to deal with blind SQL...
View ArticleISC Stormcast For Tuesday, February 16th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCVE-2015-7547: Critical Vulnerability in glibc getaddrinfo, (Tue, Feb 16th)
Google researchers Fermin J. Serna and Kevin Stadmeyer today released a blog post stating that they found a stack-based buffer overflow vulnerability in the getaddrinfo function in glibc. This is...
View ArticleISC Stormcast For Wednesday, February 17th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAngler exploit kit generated by "admedia" gates, (Thu, Feb 18th)
Introduction On 2016-02-01, the Sucuri blog reported a spike in compromised WordPress sites generating hidden iframes with malicious URLs [1]. By 2016-02-02, I started seeing exploit kit (EK) traffic...
View ArticleISC Stormcast For Thursday, February 18th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Friday, February 19th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHunting for Executable Code in Windows Environments, (Thu, Feb 18th)
Executable code can take different forms in a Microsoft Windows operating system: it can be an executable (a PE - Portable Executable -file), a shared library (DLL) or a driver. The ability to execute...
View ArticleClik here to view.
Locky: JavaScript Deobfuscation, (Sat, Feb 20th)
Yesterday, Wayne Smith submitted a sample (MD5 F1F31B18259DC9768D8B6132E543E3EE) to the ISC. Xavier, handler on duty, analyzed the (malicious) JavaScript in his sandbox, but it failed with an error. As...
View ArticleClik here to view.
Tip: Quick Analysis of Office Maldoc, (Sun, Feb 21st)
Have you analyzed malicious Office documents with VBA macros? Did they contain a userform? Like this (MD5 4e0c55054c4f7c32aece5cfbbea02846): Then take a look at the content of the stream with a name...
View ArticleISC Stormcast For Monday, February 22nd 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleReducing False Positives with Open Data Sources, (Mon, Feb 22nd)
Today, the number of daily attacks is so important that we cant rely on a single solution to protect us. In a previous diary, I spoke about how Unity Makes Strength (link). The idea behind this...
View ArticleISC Stormcast For Tuesday, February 23rd 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleVMware VMSA-2016-0002, (Tue, Feb 23rd)
VMware issued yesterday the following security advisory:VMSA-2016-0002[1]. It addresses the CVE-2015-7547[2](getaddrinfo() in glibc)which affects the following products: VMware ESXi5.5without patch...
View ArticleISC Stormcast For Wednesday, February 24th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAnalyzis of a Malicious .lnk File with an Embedded Payload, (Wed, Feb 24th)
We received some feedback today from Nick, aSANS ISC reader who detected an interesting phishing campaign based on an ACE file. I also detected the same kind of fileearlier this morning. ACE is an old...
View ArticleISC Stormcast For Thursday, February 25th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleCritical Vulnerabilities in Palo Alto Networks PAN-OS , (Thu, Feb 25th)
Yesterday, Palo Alto Networks released an update to PAN-OS, which addresses five different vulnerabilities [1]. The security researcher who identified the vulnerabilities will publish details about...
View ArticleISC Stormcast For Friday, February 26th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleQuick Audit of *NIX Systems, (Fri, Feb 26th)
If you think that only computers running Microsoft Windows are targeted by attackers, youre wrong! UNIX (used here as a generic term, not focusing on a specific distribution or brand) is a key...
View Article