The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.
You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.
The output from … Read more.
The Dridex banking malware (and Bartalex) is one of the cyber security threats that organizations face today. The malware attempts to steal credentials for banking websites and acquire personal information entered into websites that are of interest to the attackers.
It uses HTML injections and changes often, making it harder for antivirus solutions to detect it.
Dridex is delivered in three stages.
A spam campaign delivering an e-mail with an attachment; A Word document … Read more.
In May the Belgian media reported that civil servants were accused of violating people’s right to privacy. The civil servants stand accused of consulting the state register that contains personal data on all citizens, without a proper reason to do so.
Who accessed your personal data in Belgium? You can check for yourself with an e-id and a card reader.
First close all your browser windows; Insert your card reader; Insert your e-id; Open a … Read more.
I analysed a couple of malware samples in the past that arrived via e-mail. I always found the setting of the X-Mailer header of these e-mails something unusual.
The X-Mailer header is set by the sending program and describes the mail client (mail program) that was used to send the message. Note that spammers can insert whatever value they deem necessary. There’s nothing that prevents them to insert bogus data. Also note that some … Read more.
Check Point recently released an analysis of a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data, affecting nearly two hundred thousand online shops.
Magento already released a patch (SUPEE-5344) on February 9, 2015 (you have to get an account to download the patch, I added it to the … Read more.
A couple of weeks back I wrote a post about how to use CryptoLocker to train your incident response team. I waited for another interesting mail and malware sample to arrive to combine the ideas of that post with my post on using different public online malware analyser tools for defining IOCs with online malware analyser tools.
On Wednesday 15-April I received what looked like an interesting mail and attachment to process and analyse.
… Read more.
Analyzing malware and extracting useful detection indicators (Indicators of Compromise, IOCs) for protecting your customers is a recurrent task if you do incident response. If you have your own malware analysis environment and you receive a suspected malicious file then uploading the file for processing and waiting for the analysis is one of the first steps in this process. However sometimes you have to rely on using different public online malware analyser tool for getting … Read more.
Yahoo released its Transparency report covering the number of government requests for user data.
In 2014 the Belgian government requested 5 times user data from Yahoo for 17 accounts. All these requests were rejected by Yahoo.
5 “Government Data Request”, meaning a government agency seeking information about Yahoo accounts. These are generally made in connection with criminal investigations. 17 “Government Specified Accounts”, meaning the number of Yahoo accounts, users, or other unique identifiers. Yahoo “Rejected” … Read more.
I had a post published on IBM Security Intelligence : How STIX, TAXII and CybOX Can Help With Standardizing Threat Information.
With the recent increase of notifications of cryptolocker malware I was wondering if this dropped malware was always the same version or if the attackers used different versions. I was also curious if the delivery path (e-mail route or otherwise) was different. This raised the question : “How to share malware with a security team?”.
Some teams have a service where you can upload samples. If they do not have an upload service then you … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.