Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 38

Baanboard at LinkedIn

Reference Content


Malware analysis output sanitization, (Sat, Sep 9th)

SANS Internet Storm Center - September 9, 2017 - 8:50pm
An interesting conversation unfolded on my diary entry '"Malware analysis: searching for dots".
Categories: Security

YASRV (Yet Another Struts RCE Vulnerability) yes a different one from yesterday, (Fri, Sep 8th)

SANS Internet Storm Center - September 8, 2017 - 5:50pm
Yesterday saw CVE-2017-9805, today we have a new remote code execution vulnerability in Apache Struts 2 which is CVE-2017-12611. Yesterdays was in the REST API and related to Java XML unsafe deserializarion. Todays relates to using Freemarker in your application. Both should encourage you to patch.
Categories: Security

Equifax breach, (Fri, Sep 8th)

SANS Internet Storm Center - September 8, 2017 - 5:13pm
Equifax, one of the major credit bureaus in the USA has announced a breach that occurred in July. At 143 Million persons affected and considering the type of data this is significant. Canadians may have been affected as well. 
Categories: Security

Modern Web Application Penetration Testing , Hash Length Extension Attacks, (Wed, Sep 6th)

SANS Internet Storm Center - September 7, 2017 - 1:49am
I had the opportunity to sit with my friend Ron Bowes (@iagox86) awhile back to talk about SEC642 content and the state of web application penetration testing in general. He mentioned hash length extension attacks, and that he had coincidentally written the absolute best tool to exploit them! That's definitely something that we would consider adding. Ron has also done write-ups for capture the flag (CTF) challenges that can be solved using his tool hash_extender. 
Categories: Security

Struts vulnerability patch released by apache, patch now, (Tue, Sep 5th)

SANS Internet Storm Center - September 6, 2017 - 5:09pm
UPDATE2: a Metasploit module has been released. Some limited workarounds may be available. Otherwise patch now!
Categories: Security

The Mirai Botnet: A Look Back and Ahead At What's Next, (Tue, Sep 5th)

SANS Internet Storm Center - September 5, 2017 - 3:30pm
It is a bit hard to nail down when the Mirai botnet really started. I usually use scans for %%port:2323%% and the use of the password "xc3511" as an indicator. But of course, that isn't perfect. The very first scan using the password "xc3511" was detected by our sensor on February 26th, 2016, well ahead of Mirai. This scan hit a number of our sensors via ssh. At the time we did not collect telnet brute force attempts. Oddly enough, it was a singular scan from one IP address (%%ip: . Starting August 9th, 2016, we do see daily scans for the password xc3511 at a low level until they increase significantly around September 21st, which is probably the best date to identify as the outbreak of what we now call Mirai. I will use "Mirai" to identify the family of aggressive telnet scanning bots. It includes a wide range of varieties that all pretty much do the same thing: Scan for systems with telnet exposed (not just on port 23) and then trying to log in using a default password.
Categories: Security

It is a resume - Part 2, (Mon, Sep 4th)

SANS Internet Storm Center - September 4, 2017 - 11:26pm
In part 2, we are going to take a closed look at the image in object 3.
Categories: Security

It is a resume - Part 1, (Sun, Sep 3rd)

SANS Internet Storm Center - September 3, 2017 - 7:13pm
I received a resume (a PDF) via email. It was not malicious, it was a real resume, and it's a good opportunity to show how to determine if a PDF contains nothing malicious.
Categories: Security

AutoIT based malware back in the wild, (Sat, Sep 2nd)

SANS Internet Storm Center - September 2, 2017 - 7:22am
One week ago I wrote a diary[1] with an analysis of a malicious RAR archive that contained an AutoIT script[2]. The technique was not new but I was curious to see if this was a one-shot or not. To search for juicy samples, VirusTotal Intelligence or “VTI” is a nice source. Thanks to the “Retro Hunt” feature, it is possible to search for specific samples that were submitted. The search conditions are based on YARA rules.
Categories: Security

Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox, (Fri, Sep 1st)

SANS Internet Storm Center - September 2, 2017 - 12:09am
2017-09-01 update:  A different campaign using HoeflerText popups has been active during the same timeframe.  I wrote about it here, but the only thing these two campaigns have in common is that they both used HoeflerText popups.
Categories: Security

Remote SOC Workers Concerns, (Thu, Aug 31st)

SANS Internet Storm Center - August 31, 2017 - 3:24am
As a SOC manager, you may need to start thinking about remote works for several reasons: Office move, larger talent pool, disaster recovery plan. Some scenarios may be short term to midterm solutions, here are some initial concerns I came up with when thinking about the problem.
Categories: Security

All times are GMT +2. The time now is 17:10.

©2001-2017 - -