Increase of phpMyAdmin scans, (Mon, Aug 7th)
PMA (or phpMyAdmin) is a well-known MySQL front-end written in PHP that brings MySQL to the web as stated on the web site[1]. The tool is very popularamongst web developers because it helps to maintain...
View ArticleISC Stormcast For Tuesday, August 8th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMicrosoft Patch Tuesday August 2017, (Tue, Aug 8th)
When Microsoft changed its update process a few months ago, we were initially no longer able to quickly produce our usual assessment of Microsofts patches. Finally, I think we have a way to get at...
View ArticleHow are people fooled by this? Email to sign a contract provides malware...
Introduction Many security professionals often review malicious spam (malspam) as part of their daily work. If you fall in this category, every once in a while you run across an email so obviously...
View ArticleISC Stormcast For Wednesday, August 9th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Thursday, August 10th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMaldoc Analysis with ViperMonkey, (Thu, Aug 10th)
We received another Emotet maldoc, but this time the analysis with VBA emulator ViperMonkey will have to be done differently. ViperMonkey is still under development, and for this maldoc, it does not...
View ArticleISC Stormcast For Friday, August 11th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleTriaging suspicious files with pestudio, (Fri, Aug 11th)
Triaging suspicious files with pestudio Pestudio[1] by is a utility can be used to Triage malware analysis . all you need is to drop the suspicious file to Pestudio and it will show you the imports,...
View ArticleVMware Security Advisories -VMSA-2017-0014, (Fri, Aug 11th)
1. Summary VMware NSX-V Edge updates address OSPF Protocol LSA DoS. 2. Relevant Products VMware NSX-V Edge 3. Problem Description a. VMware NSX-V Edge OSPF Protocol LSA Denial of Service VMware NSX-V...
View ArticleOutlook Web Access based attacks, (Sat, Aug 12th)
Recently weve started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker...
View ArticleThe Good Phishing Email, (Sun, Aug 13th)
Readers submit all kinds of malware to the Internet Storm Center: executables, documents, emails, ... This week I took a look at a phishing email submitted by a reader. Going through the headers, I...
View ArticleISC Stormcast For Monday, August 14th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Sometimes it's just SPAM, (Mon, Aug 14th)
A reader forwarded us a suspicious email. It contained a URL, and I downloaded the content with a method similar to what Lenny explained in this diary entry. Here is the content of the html page: There...
View ArticleISC Stormcast For Tuesday, August 15th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMalspam pushing Trickbot banking Trojan, (Tue, Aug 15th)
Introduction Ive been corresponding with @dvk01uk about malicious spam (malspam) pushing the Trickbot banking Trojan. Trickbot was first reported in the fall of 2016, and its been described as a...
View ArticleClik here to view.
(Banker(GoogleChromeExtension)).targeting("Brazil"), (Tue, Aug 15th)
Introduction A new day, a new way to steal bank data in Brazil. Scammers are calling and urging victims to install a supposed update of the banks security module. In fact, it is a malicious extension...
View ArticleISC Stormcast For Wednesday, August 16th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Analysis of a Paypal phishing kit, (Wed, Aug 16th)
They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal are nice targets and we can find new fake pages almost daily. Sometimes, the web...
View ArticleISC Stormcast For Thursday, August 17th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article