Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 31

Baanboard at LinkedIn

Reference Content


An Update On DVR Malware: A DVR Torture Chamber, (Mon, Aug 28th)

SANS Internet Storm Center - August 29, 2017 - 12:11pm
Last week, the fact that someone leaked 1700 or so IP addresses with default username/password caused some people to get excited about the issue of default telnet credentials again. Ever since the "Mirai" outbreak, we do see a pretty constant stream of requests for port 23 (and to some extent 2323 as well as 22) searching for systems with default credentials. When Mirai came out, I did a quick experiment testing how long it would take to have a security camera DVR with default credentials infected. So I decided to repeat this experiment, to see if anything changed. Using an actual vulnerable DVR vs. a honeypot will be more realistic and provide better results.
Categories: Security

Malware analysis: searching for dots, (Sat, Aug 26th)

SANS Internet Storm Center - August 26, 2017 - 10:00am
Reader Chris submitted a suspicious attachment. It is a 7-Zip file.
Categories: Security

Malicious AutoIT script delivered in a self-extracting RAR file, (Fri, Aug 25th)

SANS Internet Storm Center - August 25, 2017 - 7:02am
Here is another sample that hit my curiosity. As usual, the infection vector was an email which delivered some HTML code in an attached file called "PO_5634_780.docx.html” (SHA1:d2158494e1b9e0bd85e56e431cbbbba465064f5a). It has a very low VT score (3/56)[1] and contains a simple escaped Javascript code:
Categories: Security

Free Bitcoins? Why not?, (Thu, Aug 24th)

SANS Internet Storm Center - August 24, 2017 - 6:11pm
Since the invention of the Internet (or e-mail) we have been seeing various scams that try to entice the user to transfer his hard-earned money to a scammer’s account.
Categories: Security

Malicious script dropping an executable signed by Avast?, (Wed, Aug 23rd)

SANS Internet Storm Center - August 23, 2017 - 8:36am
Yesterday, I found an interesting sample that I started to analyze… It reached my spam trap attached to an email in Portuguese with the subject: "Venho por meio desta solicitar orçamento dos produtos” ("I hereby request the products budget”). There was one attached ZIP archive: (SHA1: 3c159f65ba88bb208df30822d2a88b6531e4d0a7) with a VT score of 0/58[1].
Categories: Security

Defang all the things!, (Tue, Aug 22nd)

SANS Internet Storm Center - August 22, 2017 - 7:29am
Today, I would like to promote a best practice via a small Python module that is very helpful when you’re dealing with suspicious or malicious URLs. Links in documents are potentially dangerous because users can always click by mistake on them. Many automated tools and scripts are processing documents to fetch links. Even if the original document does not provide dynamic links, many applications will detect them and change them to real links. Clicking on a link could not only affect the security of the user/computer but it could also leak data or pollute statistics. A good example is the kill switch domain of WannaCry that was linked in many articles by journalists a few weeks ago.
Categories: Security

It's Not An Invoice ..., (Sun, Aug 20th)

SANS Internet Storm Center - August 20, 2017 - 1:50pm
Jeff received an invoice via email, did not trust it and submitted it to us.
Categories: Security

tshark 2.4 New Feature - Command Line Export Objects, (Fri, Aug 18th)

SANS Internet Storm Center - August 19, 2017 - 8:20pm
There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be able to use for a while. In case you missed it, tshark now has the ability to Export Objects. I have tested the export using large pcap files with multiple objects and tshark does a good job "dumping" all the files in the specified directory (i.e. destdir).
Categories: Security

Maldoc with auto-updated link, (Thu, Aug 17th)

SANS Internet Storm Center - August 17, 2017 - 7:45am
Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was the case for my Word 2016 version). If you add links to external resources like URLs, Word will automatically update them without any warning or prompt.
Categories: Security

All times are GMT +2. The time now is 09:13.

©2001-2017 - -