With the huge surface attack provided by CMS like Drupal or WordPress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells[1]. A few days ago, a friend of mine asked me some help about an incident he was investigating. A website was compromised (no magic …
Read more “Analysis of a Simple PHP Backdoor, (Tue, Feb 28th)”
Last week I ran across a very successful phishing campaign, whats odd in most ways it was nothing special. The attacker was using this more like a worm, where stolen credentials would be used within the hour to start sending out a mass amount of more phishes. Ive decided to call this Dynamite Phishing because …
I took a look at Guy font-family:Helvetica Neue width:1267px” /> Didier Stevens Microsoft MVP Consumer Security blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This week I received an email looking very realistic with a Word document that made it through the AV gateway from the Canadian Revenue Agency, it is tax season after all and everyone must be extra vigilant. The Word document got me curious since it is from CRA and named SecureDoc.doc, after all, when you …
Read more “It is Tax Season – Watch out for Suspicious Attachment, (Sun, Feb 26th)”
Microsoft Edge and Internet Explorer can be exploited by a type confusion in HandleColumnBreakOnColumnSpanningElement. A POC was released here. [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 ———– Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The ISC has received several requests asking us to weigh in on the ramifications of the Cloudflare data leak, also being referred to by some as CloudBleed. The short version of the vulnerability is that in raresituations, a bug in Cloudflares edge servers could be triggered, which would cause a buffer overrun to occur. When …
Read more “Cloudflare data leak…what does it mean to me?, (Fri, Feb 24th)”
Google has announced that they have succeeded in developing a technique which makes it practical to crafttwo PDF files with the same SHA-1 digital signature. Of course like all new vulnerabilities/attacks in this decade it needs a web page and a cool logo. Not to disappoint they can be found here. What does this mean …
Read more “Practical collision attack against SHA-1 , (Thu, Feb 23rd)”
— Rick Wanner MSISE – rwanner at isc dot sans dot edu – http://namedeplume.blogspot.com/ – Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
From time to time, we see spikes on some odd port in our data and we want to figure out what the bad guys are trying to do. Even just capturing the first packet or two of data can help us figure out what they are looking for, even if we dont initially give the …
Read more “Quick and dirty generic listener, (Tue, Feb 21st)”
GarageBand 10.1.6 is released today, fixing an arbitrary code execution bug in Yosemite 10.10 and later (CVE-2017-2374) Theres also second patch for Logic Pro X 10.3.1. Unfortunately, its got the text for the Garageband patch in its notes, so its not clear what is fixed in this update. As always, all Apple security patches are …
Read more “2 Apple Updates Today as Well – GarageBand and Logic Pro X, (Tue, Feb 21st)”