|
|
|
|||||||
|
It's Not An Invoice ..., (Sun, Aug 20th)Jeff received an invoice via email, did not trust it and submitted it to us.
Categories: Security
tshark 2.4 New Feature - Command Line Export Objects, (Fri, Aug 18th)There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be able to use for a while. In case you missed it, tshark now has the ability to Export Objects. I have tested the export using large pcap files with multiple objects and tshark does a good job "dumping" all the files in the specified directory (i.e. destdir).
Categories: Security
EngineBox Malware Supports 10+ Brazilian Banks, (Fri, Aug 18th)1. Introduction
Categories: Security
ISC Stormcast For Friday, August 18th 2017 https://isc.sans.edu/podcastdetail.html?id=5632, (Fri, Aug 18th)Categories: Security
Maldoc with auto-updated link, (Thu, Aug 17th)Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was the case for my Word 2016 version). If you add links to external resources like URLs, Word will automatically update them without any warning or prompt.
Categories: Security
ISC Stormcast For Thursday, August 17th 2017 https://isc.sans.edu/podcastdetail.html?id=5630, (Thu, Aug 17th)Categories: Security
Analysis of a Paypal phishing kit, (Wed, Aug 16th)They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal are nice targets and we can find new fake pages almost daily. Sometimes, the web server isn’t properly configured and the source code is publicly available. A few days ago, I was lucky to find a ZIP archive containing a very nice phishing kit targeting Paypal. I took some time to have a look at it.
Categories: Security
ISC Stormcast For Wednesday, August 16th 2017 https://isc.sans.edu/podcastdetail.html?id=5628, (Wed, Aug 16th)Categories: Security
(Banker(GoogleChromeExtension)).targeting("Brazil"), (Tue, Aug 15th)Introduction
Categories: Security
ISC Stormcast For Tuesday, August 15th 2017 https://isc.sans.edu/podcastdetail.html?id=5626, (Tue, Aug 15th)Categories: Security
Sometimes it's just SPAM, (Mon, Aug 14th)A reader forwarded us a suspicious email. It contained a URL, and I downloaded the content with a method similar to what Lenny explained in this diary entry.
Categories: Security
ISC Stormcast For Monday, August 14th 2017 https://isc.sans.edu/podcastdetail.html?id=5624, (Mon, Aug 14th)Categories: Security
The Good Phishing Email, (Sun, Aug 13th)Readers submit all kinds of malware to the Internet Storm Center: executables, documents, emails, ...
Categories: Security

Outlook Web Access based attacks, (Sat, Aug 12th)Recently we've started seeing some attacks that utlise OWA. A person in the victim organisation sends an email to one or more of their customers informing them of change in account details. The attacker provides instructions to customers on paying their account utilising the new account details. The email is cc'ed to other internal staff adding a level of legitimacy (also compromised accounts).
Categories: Security

VMware Security Advisories -VMSA-2017-0014, (Fri, Aug 11th)VMware has released the following new security advisory:
Categories: Security
Triaging suspicious files with pestudio, (Fri, Aug 11th)Triaging suspicious files with pestudio
Categories: Security
ISC Stormcast For Friday, August 11th 2017 https://isc.sans.edu/podcastdetail.html?id=5622, (Fri, Aug 11th)Categories: Security
Maldoc Analysis with ViperMonkey, (Thu, Aug 10th)We received another Emotet maldoc , but this time the analysis with VBA emulator ViperMonkey will have to be done differently.
Categories: Security
|
