I recently had a client get an interesting phishing message. They had received a fake message from their CEO to their Controller – a start the conversation email to end up with a wire transfer. width:1001px” /> Some technical warning signs in that note were: While the From field in Outlook showed the CEOs email, …
Xavier pointed me towards a new issue posted on Palo Altos Unit 42 blog – the folks at PA found apps in the Google Play store infected with hidden-iframe type malware. 132 apps (so far) are affected, with the most popular one seeing roughly 10,000 downloads. But were not at the end of the trail …
Read more “Infected Apps in Google Play Store (it's not what you think), (Thu, Mar 2nd)”
At a recent penetration test, one of typical tests that everyone runs these days are available TLS/SSL ciphers. There are many tools that can be used for this I personally prefer nmaps ssl-enum-ciphers script, which does a great job on ranking ciphers similarly to what SSL Labs do (but you can run it on any …
Amazon is experiencing an outage of its S3 service (Simple Storage Service) for a few hours. According to the Amazon status dashboard[1], only theUS-EAST-1 area is affected. Many other Amazon services relying on S3,this outage could have impacts on many websites and web services. [1]https://status.aws.amazon.com/ Xavier Mertens (@xme) ISC Handler – Freelance Security Consultant PGP …
This is a guest diary submitted by Remco Verhoef. The cloud is bringing a lot of interesting opportunities, enabling you to scale your server farm up and down depending on the load. Everything is being taken care of automatically by auto scale groups.There is nothing to worry about anymore. But this brings me to the …
Read more “My Catch Of 4 Months In The Amazon IP Address Space, (Tue, Feb 28th)”
With the huge surface attack provided by CMS like Drupal or WordPress, webshells remain a classic attack scenario. A few months ago, I wrote a diary about the power of webshells[1]. A few days ago, a friend of mine asked me some help about an incident he was investigating. A website was compromised (no magic …
Read more “Analysis of a Simple PHP Backdoor, (Tue, Feb 28th)”
Last week I ran across a very successful phishing campaign, whats odd in most ways it was nothing special. The attacker was using this more like a worm, where stolen credentials would be used within the hour to start sending out a mass amount of more phishes. Ive decided to call this Dynamite Phishing because …
I took a look at Guy font-family:Helvetica Neue width:1267px” /> Didier Stevens Microsoft MVP Consumer Security blog.DidierStevens.com DidierStevensLabs.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This week I received an email looking very realistic with a Word document that made it through the AV gateway from the Canadian Revenue Agency, it is tax season after all and everyone must be extra vigilant. The Word document got me curious since it is from CRA and named SecureDoc.doc, after all, when you …
Read more “It is Tax Season – Watch out for Suspicious Attachment, (Sun, Feb 26th)”
Microsoft Edge and Internet Explorer can be exploited by a type confusion in HandleColumnBreakOnColumnSpanningElement. A POC was released here. [1] https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2 ———– Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.