Go Back > News > RSS Newsfeeds > Categories

User login

Frontpage Sponsor


Google search

For ERP LN feature pack upgrade, what method of install are you using?
Installation Wizard into existing VRC
Installation Wizard into new VRC
Manual into existing VRC
Manual into new VRC
Total votes: 38

Baanboard at LinkedIn

Reference Content


Sometimes it's a dud, (Sat, Dec 9th)

SANS Internet Storm Center - December 9, 2017 - 11:11pm
A reader submitted a malicious RTF file, experiencing difficulty to find the malicious code.
Categories: Security

Using Our API To Adjust iptables Rules, (Fri, Dec 8th)

SANS Internet Storm Center - December 8, 2017 - 9:14pm
We are offering a simple (IMHO) API to allow you to script various queries against our databases. One dataset we offer is a list of IP addresses that are scanning the internet for exposed services. The most prominent of these services is likely Shodan. To avoid having any devices from your organization show up in Shodan, you may want to block all scans from known Shodan hosts. We do create a list of these IP addresses and update it daily. The respective API query to retrieve the list is:
Categories: Security

Apple Updates Everything. Again. , (Wed, Dec 6th)

SANS Internet Storm Center - December 7, 2017 - 12:06am
After a rushed release of iOS 11.2 over the weekend to fix a "December 2nd Crash" bug, and last weeks special update to fix the passwordless root authentication bypass in macOS, Apple today released its official set of security updates. With this, we also received details about the security issues patched in iOS this weekend. Apple's different operating systems share a lot of code with each other, and as a result, they also share some vulnerabilities. I am trying to organize the details in a table below (starting with macOS. Others will be added soon)
Categories: Security

PSA: Do not Trust Reverse DNS (and why does an address resolve to "localhost")., (Wed, Dec 6th)

SANS Internet Storm Center - December 6, 2017 - 5:41pm
Odd reverse DNS entries keep coming up from time to time. So I think we are due for a quick public service announcement about reverse DNS.
Categories: Security

IR using the Hive Project., (Tue, Dec 5th)

SANS Internet Storm Center - December 5, 2017 - 1:56am
Request Tracker Incident Response (RTIR) is one of the most popular IR ticketing systems. Its a open source project based on perl and MySQL. While it meets all your typical ticket tracking items, it needs lots of customization to meet your SOC needs. A few months ago I came across a project called TheHive ( that is a scalable open source platform.
Categories: Security

Phishing campaign uses old ".bat" script to spread banking malware - and it is flying under the radar, (Sat, Dec 2nd)

SANS Internet Storm Center - December 4, 2017 - 1:04am
While hunting this week, I came across a phishing campaign spreading a banking malware using an old DOS Batch script to drop it. Surprisingly enough, the “.bat” file has a VT 0/58 rating helping cybercriminals targeting 9 different Brazilian Banks. In today’s diary, I’ll give some details about this underway campaign and its indicators of compromise (IOCs).
Categories: Security

StartSSL: Termination of Services is Now Scheduled, (Sun, Dec 3rd)

SANS Internet Storm Center - December 3, 2017 - 11:04am
StartCom[1] has been a key player for years in the landscape of SSL certificate providers with its 'StartSSL' services. They provided free SSL certificates for everybody and permitted a lot of small organizations to increase the security of their web communications. The fact that StartCom is a China-based company was, for some organizations, a good reason to flag their activities as suspicious. They also suffered from security incidents[2]. In October 2016, Mozilla decided[3] to remove the StartCom certificates from Firefox. Google did the same with Chrome in March 2017[4].
Categories: Security

Using Bad Material for the Good, (Sat, Dec 2nd)

SANS Internet Storm Center - December 2, 2017 - 5:05pm
There is a huge amount of information shared online by attackers. Once again, is a nice place to start hunting. As this material is available for free, why not use it for the good? Attackers (with or without bots) are constantly looking for entry points on websites. Those entry points are a good place to search, for example, for SQL injections. Example:
Categories: Security

Phishing Kit (Ab)Using Cloud Services, (Fri, Dec 1st)

SANS Internet Storm Center - December 1, 2017 - 9:21am
When you build a phishing kit, they are several critical points to address. You must generate a nice-looking page which will match as close as possible to the original one and you must work stealthily to not be blocked or, at least, be blocked as late as possible.
Categories: Security

More Malspam pushing Emotet malware, (Thu, Nov 30th)

SANS Internet Storm Center - November 30, 2017 - 2:45am
Categories: Security

Apple High Sierra Uses a Passwordless Root Account, (Tue, Nov 28th)

SANS Internet Storm Center - November 29, 2017 - 12:10pm
Today, a security researcher twitted[1] about a dangerous behaviour he found in the Apple High Sierra operating system: It is possible to get administrator rights (the "root" account on UNIX) by connecting without a password. I was able to reproduce this behaviour on my MacBook running the latest OS X version. It appears that OS X is delivered with a passwordless root account.
Categories: Security

Fileless Malicious PowerShell Sample, (Wed, Nov 29th)

SANS Internet Storm Center - November 29, 2017 - 9:56am remains one of my favourite place for hunting. I’m searching for juicy content and report finding in a Splunk dashboard:
Categories: Security

All times are GMT +2. The time now is 06:48.

©2001-2017 - -