Dridex, the multifunctional malware package that leverages macros in Microsoft Office to infect system has seen an increase in the number of campaigns.
Dridex will first arrive on a user’s computer as an e-mail with an attached Microsoft Word document. If the users opens the attachment (with macros enabled) then a macro embedded in the document triggers a download of the Dridex banking malware, enabling it to get installed.
See for example in an article … Read more.
I had a guest-posting published at IBM Security Intelligence : Comparing Different Tools for Threat Sharing.
The Domain Name System Security Extensions (DNSSEC) is a suite of specifications for securing certain kinds of information provided by the Domain Name System (DNS) used in IP networks.
It does not solve every security problem related to DNS but it will protect users from cache poisoning and other malicious DNS attacks. See DNSSEC FAQs for more info. And implementing DNSSEC is also a great excuse to finally clean up your DNS zones …
As … Read more.
I have a couple of forked git repositories. When I want to add custom code it’s useful to get the latest available code from the “original” repository. Before I can do that I have to sync my fork with the latest available code.
The steps to do this are explained extensively in the Github help, this is merely a placeholder for my own documentation.
Some online resources
https://help.github.com/articles/syncing-a-fork/ https://help.github.com/articles/configuring-a-remote-for-a-fork/
The first step that you will … Read more.
TLS (Transport Layer Security) and its predecessor SSL provide secure communication over a computer network. The most common use for TLS/SSL is for establishing an encrypted link between a web server and a browser. This allows you to guarantee that all data passed between the browser and the web server is private and not tampered with.
You can use certificates on both sides, the server side and the client side.
Web site certificates, or server … Read more.
Recently a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published an analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. They reported on a downgrade attack against the TLS protocol which would allow attackers to read and possibly alter your supposedly secure communication with a website or VPN connection.
The issue is located in the EXPORT cryptography, similar to the FREAK attack (although … Read more.
In the two previous posts on MISP
Getting started with MISP – part 1 – Configuration Getting started with MISP – part 2 – Usage
I covered the basic installation, configuration and usage of MISP, Malware Information Sharing Platform & Threat Sharing.
Visit the page from CIRCL.lu to get a good overview of the possibilities of MISP and a description of a practical use case.
If you need (commercial) support you should visit http://www.misp-project.org/.
… Read more.
The Logjam Attack basically allows an attacker to downgrade a secure connection to a VPN or secure website so that the attacker is able to read or modify your communication. The issue was found in the way how Diffie-Hellman key exchange has been deployed. It has been extensively described at https://weakdh.org/.
You can test if your server is vulnerable via the Qualys SSLServer test or via a form on the weakdh.org website.
The output from … Read more.
The Dridex banking malware (and Bartalex) is one of the cyber security threats that organizations face today. The malware attempts to steal credentials for banking websites and acquire personal information entered into websites that are of interest to the attackers.
It uses HTML injections and changes often, making it harder for antivirus solutions to detect it.
Dridex is delivered in three stages.
A spam campaign delivering an e-mail with an attachment; A Word document … Read more.
In May the Belgian media reported that civil servants were accused of violating people’s right to privacy. The civil servants stand accused of consulting the state register that contains personal data on all citizens, without a proper reason to do so.
Who accessed your personal data in Belgium? You can check for yourself with an e-id and a card reader.
First close all your browser windows; Insert your card reader; Insert your e-id; Open a … Read more.
Graphs made with cudeso posts stats
By continuing to use the site, you agree to the use of cookies. more information
An HTTP cookie, is a small piece of text sent from a website and stored in your web browser. Cookies are a reliable mechanism for websites to remember your preferences and improve your browsing experience.
If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.