Krebs on Security: A Month Without Adobe Flash Player
I've spent the better part of the last month running a little experiment to see how much I would miss Adobe's buggy and insecure Flash Player software if I removed it from my systems altogether. Turns...
View ArticleSANS Internet Storm Center, InfoCON: green: Another example of Angler exploit...
Introduction Angler exploit kit (EK) has been evolving quite a bit lately. Recently, this EK hasbeen altering its URL patterns on a near-daily basis. Thechanges accumulate, and you might not recognize...
View ArticleSANS Internet Storm Center, InfoCON: green: BizCN gate actor changes from...
Introduction An actor using gates registered through BizCN recently switched from Fiesta to Nuclear exploit kit (EK). This happened around last month, and we first noticed the change on 2015-06-15. I...
View ArticleSANS Internet Storm Center, InfoCON: green: Detecting Random – Finding...
Most normal user traffic communicates via a hostname and not an IP address. Solooking at traffic communicating directly by IP with no associated DNS request is a good thing do to. Some attackers use...
View ArticleKrebs on Security: Adobe To Fix Another Hacking Team Zero-Day
For the second time in a week, Adobe Systems Inc. says it plans fix a zero-day vulnerability in its Flash Player software that came to light after hackers broke into and posted online hundreds of...
View ArticleKrebs on Security: The Darkode Cybercrime Forum, Up Close
By now, many of you loyal KrebsOnSecurity readers have seen stories in the mainstream press about the coordinated global law enforcement takedown of Darkode[dot]me, an English-language cybercrime forum...
View ArticleSANS Internet Storm Center, InfoCON: green: After Flash, what will exploit...
Introduction Adobe has received some bad publicity regarding zero-day Flash player exploits due to the recent Hacking Team compromise [1,2]. This certainly isnt the first time Adobe hashadsuch...
View ArticleSANS Internet Storm Center, InfoCON: green: Angler’s best friends, (Mon, Jul...
Nope, not the kind of angler whose best friends are rubber boots, strings tied into flies, or a tape measure that starts with 5inches where others have a zero. This is about the Angler Exploit Kit,...
View ArticleSANS Internet Storm Center, InfoCON: green: Nuclear EK traffic patterns in...
Introduction About two weeks ago, Nuclear exploit kit (EK)changed its URL patterns. Now it looks a bit likeAngler EK. Kafeine originally announced the change on 2015-07-21 [1], and we collected...
View ArticleSANS Internet Storm Center, InfoCON: green: Actor using Angler exploit kit...
Introduction Ive often had a hard time finding compromised websites to kick off an infection chain for the Neutrino exploit kit (EK). During the past few months,weve usuallyseen Angler EK, Nuclear EK,...
View ArticleSANS Internet Storm Center, InfoCON: green: A recent decline in traffic...
Introduction According to a 2014 report by ESET, Windigo is the code name for an ongoing operation that started as early as 2011 [1]. As noted in the report, legitimate traffic to servers compromised...
View ArticleSANS Internet Storm Center, InfoCON: green: Actor that tried Neutrino exploit...
Introduction Last week, we saw the group behind a significant amount of Angler exploit kit (EK) switch to Neutrino EK [1]. We didnt know if the change was permanent, and I also noted that criminal...
View ArticleSANS Internet Storm Center, InfoCON: green: What’s the situation this week...
Introduction Last month in mid-August 2015, an actor using Angler exploit kit (EK) switched to Neutrino EK [1]. A few days later, we found that actor using Angler again [2]. This week, were back to...
View ArticleSANS Internet Storm Center, InfoCON: green: Recent trends in Nuclear Exploit...
Introduction Since mid-September 2015, Ive generated a great deal of Nuclear exploit kit (EK) traffic after checking compromised websites. This summer, I usually foundAngler EK. Now Im seeing more...
View ArticleSANS Internet Storm Center, InfoCON: green: BizCN gate actor update, (Fri,...
Introduction The actor using gates registered through BizCN(alwayswith privacy protection) continues using the Nuclear exploit kit (EK) to deliver malware. My previous diary on this actor documented...
View ArticleSANS Internet Storm Center, InfoCON: green: Cyber Security Awareness Month:...
Thiscartoon by JohnKlossnerreally hit a nerve with many security professionals. Itnicely illustrates how many of us see the futility of our jobs: We can buy all the greatest and latest equipment, but...
View ArticleSANS Internet Storm Center, InfoCON: green: Exploit kit roundup: Less Angler,...
Introduction Earlier this month, Ciscos Talos team published an in-depth report on the Angler exploit kit (EK) [1]. The report also documentedCiscos coordination with hosting providers to shut down...
View ArticleSANS Internet Storm Center, InfoCON: green: Compromised Magento sites led to...
Introduction Earlier this week, various blogs began reporting about compromisedMagento-based e-commerce websites. These compromised sites kicked off infection chains for Neutrino exploit kit (EK). Ive...
View Article
More Pages to Explore .....