OS & Software
September 24, 2012 Added by:Michael Ligh
This post discusses the undocumented windows kernel data structures for desktop objects and desktop heaps. You'll see how to use memory forensics to detect recent malware including the ACCDFISA ransomware and Tigger variants...
September 23, 2012 Added by:Pierluigi Paganini
I just returned from the Cyber Threat Summit in Dublin, The event revealed an alarming scenario on cyber threats, no matter if it is cybercrime, hacktivism, cyber terrorism or cyber warfare, all those share a worrying growth of attacks that are influencing our digital lives...
September 21, 2012 Added by:Damion Waltermeyer
Starting September 19, Sophos successfully became the lamest virus ever. An update put out by their auto-update service has rendered many machines across the world useless. This update detected false positives and deleted or quarantined them...
September 20, 2012 Added by:Jeff McCutchan
All users have read access to the SYSVOL share of the domain controller. Forget about password cracking or passing the hash, you just get the cleartext password. A simple search for “*.xml” in the SYSVOL share on the domain controller will show if your organization is vulnerable...
September 19, 2012 Added by:Michael Ligh
Explore undocumented windows kernel data structures related to window station objects and the clipboard. Detect clipboard-snooping malware using Volatility - an advanced memory forensics framework...
September 18, 2012 Added by:Pierluigi Paganini
Despite the use of cyber weapons and the damage caused by offensive operations being major concerns for intelligence agencies, clues are frequently discovered about attacks designed to steal sensitive information and intellectual property. Who is behind these cyber attacks?
September 18, 2012 Added by:Michael Ligh
Learn about the undocumented windows kernel data structures related to RDP logon sessions, alternate process listings, and loaded drivers. See how Volatility can help you forensically reconstruct attacker command histories and full input/output console buffers...
September 16, 2012 Added by:Pierluigi Paganini
Cybercriminals are exploiting a new way to spread malware by preloading malicious code inside counterfeit software deployed in computers that are offered for sale. To give you an idea of the phenomenon, 20% of the PCs researchers bought from an unsecure supply chain were infected with malware...
September 10, 2012 Added by:Pierluigi Paganini
The attacks appeared to be originated in China and aimed at dozens of other organizations who were hit, of which Adobe Systems and Juniper Networks confirmed the incident. The press is also convinced that other companies were targeted such as Morgan Stanley, Northrop Grumman and Yahoo...
September 07, 2012 Added by:Infosec Island Admin
Pandora’s box has been opened. All the players are taking the field, and many of them may not be ready to play a proper game… Shamoon did it’s thing, but it seems to be more a brute force tool than an elegant piece of code and a slick plan. The blowback though is yet to be determined...
September 06, 2012 Added by:Bill Gerneglia
The report found that the majority of employee’s devices did not have any form of security software loaded nor were company materials protected. The new report provides detailed assessments of the mobile security threat and the growing market for security solutions...
September 06, 2012 Added by:Pierluigi Paganini
With 556 million of victims per year, 2 of 3 adults have been victims of online crime in their lifetime, with a total economic loss of 110 Billion and an average cost per victim of $197. The trend demonstrates the need to put in place a massive awareness campaign...
August 27, 2012 Added by:Don Eijndhoven
XDocCrypt/Dorifel is a new trojan that encrypts executables, Excel- and Word files that it finds on USB drives and network disks, causing companies to come to a grinding halt after infection. What worries me most is it’s being delivered by systems previously infected with the Citadel/Zeus trojan...
August 24, 2012 Added by:Pierluigi Paganini
Crisis Malware is an agent used to spy on victims by intercepting communications, and it is able to open a backdoor on the infected host once the user executes a JAR file made to look like an Adobe Flash Installer. The malware has been developed for several OSs, and a Mac version has been isolated...
August 20, 2012 Added by:Pierluigi Paganini
Many hypotheses have been proposed, and some experts are convinced that Shamoon is a new state sponsored malware designed for cyber espionage that is also able to destroy the victims' device, perhaps to hide its operations by deleting evidence that can link the agents to the Command & Control servers...
August 16, 2012 Added by:f8lerror
There have been all kinds of document attacks, but what about PowerPoint? It turns out that PowerPoint makes it easy for an attacker to turn innocent slideshows into a nasty little attack. The attack involves four simple steps: Make a slideshow, make an action, rename the file and distribute it. Here's how...
Update 3: Hackers May Leak Norton Antivirus ... john flynn on 04-23-2014
Good Security Starts at Home... jlukeadan jlukeadan on 04-23-2014
Join Trend Micro & SecurityWeek in Belle... Barbara Daft on 04-23-2014