Go Back > News > RSS Newsfeeds > Sources

User login

Frontpage Sponsor


How big is your Baan-DB (just Data AND Indexes)
0 - 200 GB
200 - 500 GB
500 - 800 GB
800 - 1200 GB
1200 - 1500 GB
1500 - 2000 GB
> 2000 GB
Total votes: 65

Baanboard at LinkedIn

Reference Content

SANS Internet Storm Center
Syndicate content SANS Internet Storm Center, InfoCON: green
SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 1 year 6 weeks ago

Side-channel information leakage in mobile applications, (Tue, Mar 27th)

March 27, 2018 - 8:42am
Smartphones today carry an unbelievable amount of sensitive information. As absolutely everything is going mobile these days, we have to pay special attention on security of mobile applications, specifically data at rest (data stored on a mobile device) and data in transit (data transferred to the target server).
Categories: Security

Windows IRC Bot in the Wild, (Mon, Mar 26th)

March 26, 2018 - 7:25am
Last weekend, I caught on VirusTotal a trojan disguised as Windows IRC bot. It was detected thanks to my ‘psexec’ hunting rule which looks definitively an interesting keyword (see my previous diary[1]). I detected the first occurrence on 2018-03-24 15:48:00 UTC. The file was submitted for the first time from the US. The strange fact is that the initial file has already a goods code on VT (55/67) and is detected by most of the classic antivirus tools. 
Categories: Security

Scanning for Apache Struts Vulnerability CVE-2017-5638, (Sun, Mar 25th)

March 25, 2018 - 9:12pm
Over the past two weeks, I have noticed several attempts against my honeypot looking to exploit CVE-2017-5638 Apache Struts2 vulnerability that look very similar to this python script[2]. Today alone I recorded 57 attempts against port 80, 8080 and 443. T format of the queries I have observed over the past two weeks contain one of these two requests:
Categories: Security

"Error 19874: You must have Office Professional Edition to read this content, please upgrade your licence.", (Sat, Mar 24th)

March 24, 2018 - 10:07am
I was sent a document that could (supposedly) only be read with Office Professional. Of course, this was a malicious document (MD5 151a561d41eb3e960676b293e726d8f3) with macros.
Categories: Security

Extending Hunting Capabilities in Your Network, (Fri, Mar 23rd)

March 23, 2018 - 8:30am
Today's diary is an extension to the one I posted yesterday about hunting for malicious files crossing your network[1]. Searching for new IOCs is nice but there are risks of missing important pieces of information! Indeed, the first recipe could miss some malicious files in the following scenarios:
Categories: Security

Automatic Hunting for Malicious Files Crossing your Network, (Thu, Mar 22nd)

March 22, 2018 - 8:21am
If classic security controls remain mandatory (antivirus, IDS, etc), it is always useful to increase your capacity to detect suspicious activities occurring in your networks.
Categories: Security

Surge in blackmailing?, (Wed, Mar 21st)

March 21, 2018 - 7:53am
What’s happening with blackmails? For those who don't know the word, it is a piece of mail sent to a victim to ask money in return for not revealing compromising information about him/her. For a few days, we noticed a peak of such malicious emails. One of our readers reported one during the weekend, Johannes Ullrich received also one. A campaign targeted people in The Netherlands. 
Categories: Security

Administrator's Password Bad Practice, (Tue, Mar 20th)

March 20, 2018 - 5:59pm
Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1]. For system administrators, this a great tool to execute programs on remote systems but it is also used by attackers to pivot internally. This morning, my filter returned an interesting file with a VT score of 11/66. The file is a compiled AutoIT script. This kind of malicious files is coming back via regular waves[2]. AutoIT executable can be easily decompiled. To achieve this, I'm using Exe2Aut.exe[3]. This tool has not been updated for a while but is still doing a good job.
Categories: Security

Wireshark and USB, (Sat, Mar 17th)

March 17, 2018 - 11:23pm
Wireshark can capture USB traffic, provided you fulfil the necessary requirements.
Categories: Security

[Wireshark-announce] Wireshark 2.5.1 is now available, (Fri, Mar 16th)

March 16, 2018 - 8:29am
Wireshark-announce: [Wireshark-announce] Wireshark 2.5.1 is now available
Categories: Security

VMWARE Security Advisory: VMSA-2018-0008, (Fri, Mar 16th)

March 16, 2018 - 8:29am
VMware has released the following new security advisory:
Categories: Security

SPECTRE and Meltdown To patch or not to patch?..and HOW (Guest Diary), (Thu, Mar 15th)

March 15, 2018 - 4:58am
This is a guest diary by Joshua Barton
Categories: Security

All times are GMT +2. The time now is 12:24.

©2001-2018 - -