Logjam vulnerable websites in Belgium

Posted on in internet, open source, security
   1 Reply

Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.

The issue is located in the EXPORT cryptography, similar to the FREAK attack (althoughRead more.

Comparing Free Online Malware Analysis Sandboxes

Posted on in open source, security
   Leave a reply

I had a guest-posting published at IBM Security Intelligence : Comparing Free Online Malware Analysis Sandboxes.

Getting started with MISP, Malware Information Sharing Platform & Threat Sharing – part 3

Posted on in internet, open source, osint, php, security
   4 Replies

In the two previous posts on MISP

Getting started with MISP – part 1 – Configuration Getting started with MISP – part 2 – Usage

I covered the basic installation, configuration and usage of MISP, Malware Information Sharing Platform & Threat Sharing.

Visit the page from CIRCL.lu to get a good overview of the possibilities of MISP and a description of a practical use case.

If you need (commercial) support you should visit http://www.misp-project.org/.

Read more.

Check your site for Logjam

Posted on in internet, open source, security
   1 Reply

The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.

You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.

The output fromRead more.

Protect yourself against Dridex

Posted on in internet, security
   Leave a reply

The Dridex banking malware (and Bartalex) is one of the cyber security threats that organizations face today. The malware attempts to steal credentials for banking websites and acquire personal information entered into websites that are of interest to the attackers.

It uses HTML injections and changes often, making it harder for antivirus solutions to detect it.

Dridex is delivered in three stages.

A spam campaign delivering an e-mail with an attachment; A Word documentRead more.

Who accessed your personal data in Belgium?

Posted on in internet, security, society
   1 Reply

In May the Belgian media reported that civil servants were accused of violating people’s right to privacy. The civil servants stand accused of consulting the state register that contains personal data on all citizens, without a proper reason to do so.

Who accessed your personal data in Belgium? You can check for yourself with an e-id and a card reader.

First close all your browser windows; Insert your card reader; Insert your e-id; Open aRead more.

Analyzing spam e-mail headers

Posted on in internet, security
   2 Replies

I analysed a couple of malware samples in the past that arrived via e-mail. I always found the setting of the X-Mailer header of these e-mails something unusual.

The X-Mailer header is set by the sending program and describes the mail client (mail program) that was used to send the message. Note that spammers can insert whatever value they deem necessary. There’s nothing that prevents them to insert bogus data. Also note that someRead more.

The question of issuing an advisory : Magento CVSS

Posted on in internet, security
   2 Replies

Check Point recently released an analysis of a critical RCE (remote code execution) vulnerability in the Magento web e-commerce platform that can lead to the complete compromise of any Magento-based store, including credit card information as well as other financial and personal data, affecting nearly two hundred thousand online shops.

Magento already released a patch (SUPEE-5344) on February 9, 2015 (you have to get an account to download the patch, I added it to theRead more.

Defining IOCs with online malware analyser tools

Posted on in internet, security
   4 Replies

A couple of weeks back I wrote a post about how to use CryptoLocker to train your incident response team. I waited for another interesting mail and malware sample to arrive to combine the ideas of that post with my post on using different public online malware analyser tools for defining IOCs with online malware analyser tools.

On Wednesday 15-April I received what looked like an interesting mail and attachment to process and analyse.

Read more.

Using different public online malware analyser tools

Posted on in geek, internet, security
   5 Replies

Analyzing malware and extracting useful detection indicators (Indicators of Compromise, IOCs) for protecting your customers is a recurrent task if you do incident response. If you have your own malware analysis environment and you receive a suspected malicious file then uploading the file for processing and waiting for the analysis is one of the first steps in this process. However sometimes you have to rely on using different public online malware analyser tool for gettingRead more.