Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


Google search

What version of Baan have you installed
Baan IV
10.2 (incl. 10.2.1)
Total votes: 99

Baanboard at LinkedIn

Reference Content


VBE Embeded Script (, (Mon, Nov 13th)

SANS Internet Storm Center - November 13, 2017 - 9:25pm
My honeypot captured several copies of this file (info.vbe). I used Didier's Python script to examine the file and obtained following output:
Categories: Security

jsonrpc Scanning for root account, (Mon, Nov 13th)

SANS Internet Storm Center - November 13, 2017 - 8:34pm
In the past few weeks I have noticed this type of POST activity showing in my honeypot {"id":0,"jsonrpc":"2.0","method":"eth_accounts"} looking for ID 0 (root). Activity has a static source port of 65535 and destination port 8080.
Categories: Security

Keep An Eye on your Root Certificates, (Sat, Nov 11th)

SANS Internet Storm Center - November 11, 2017 - 8:48am
A few times a year, we can read in the news that a rogue root certificate was installed without the user consent. The latest story that pops up in my mind is the Savitech audio drivers which silently installs a root certificate[1]. The risks associated with this kind of behaviour are multiple, the most important remains performing MitM attacks. New root certificates are not always the result of an attack or infection by a malware. Corporate end-points might also get new root certificates. Indeed, more and more companies are deploying SSL inspections tools. It could be interesting to keep an eye on what’s happening in your certificate store. On Windows systems, there is a GUI tool for this purpose, that you can call from the command line:
Categories: Security

Battling e-mail phishing, (Fri, Nov 10th)

SANS Internet Storm Center - November 10, 2017 - 11:56am
Lately I’ve been doing a lot of phishing exercises – by looking at last couple of years I would say that we can finally see some increased awareness. Unfortunately, this increased awareness is mainly between the IT security folks: the phishing (or social engineering) campaigns usually have very devastating results.
Categories: Security

What is My IP Again?, (Thu, Nov 9th)

SANS Internet Storm Center - November 9, 2017 - 3:44pm
Until we all fully embrace IPv6, we're living in a NAT world.  And the folks who build security for that world often need to work around NAT that they didn't build.
Categories: Security

SSH Server "Time to Live"? Less than a cup of coffee!, (Wed, Nov 8th)

SANS Internet Storm Center - November 8, 2017 - 3:32pm
After the stories I posted last week on SSH, I had some folks ask me about putting an SSH server on the public internet - apparently lots of lots of folks still think that's a safe thing to do.
Categories: Security

Interesting VBA Dropper, (Tue, Nov 7th)

SANS Internet Storm Center - November 7, 2017 - 8:36am
Here is another sample that I found in my spam trap. The technique to infect the victim's computer is interesting. I captured a mail with a malicious RTF document (SHA256: c247929d3f5c82247db9102d2dec28c27f73dc0824f8b386f92aad1a22fd8edd)[1] that exploits the OLE2Link vulnerability (CVE-2017-0199[2]). Once opened, the document fetches the following URL:
Categories: Security

Metasploit's Maldoc, (Mon, Nov 6th)

SANS Internet Storm Center - November 6, 2017 - 11:42pm
I often write posts and make videos on malicious document analysis, that I post here and on my blog.
Categories: Security

Extracting the text from PDF documents, (Sun, Nov 5th)

SANS Internet Storm Center - November 5, 2017 - 6:20pm
In my previous diary entry, we looked at a phishing PDF and extracted the URLs.
Categories: Security

All times are GMT +2. The time now is 09:46.

©2001-2017 - -