Category: Security Bulletins

Introduction Nothing really exciting this week, so lets review malicious spam (malspam) we received at our ISC handers email distro. The message is in Portuguese, and it claims to be from Detran. Detran is an abbreviation for Departamento Estadual de Trnsito, an institution responsible for supervision of ground vehicles in Brazil. border-width:2px” /> Shown above: …

Read more “Brazilian malspam sends Autoit-based malware, (Sat, Feb 18th)”

Have you ever been asked for the config of a router or switch you (or someone else) put in so long ago you didnt remember that device was there? So long ago that the layer of dust inside that switch is probably why the fan stopped spinning and melted it? Yup, me too. So when …

Read more “RTRBK – Router / Switch / Firewall Backups in PowerShell (tool drop), (Fri, Feb 17th)”

In November, Heise, a german technology news publisher, broke a story that AVM cable modems included not only the manufacturers certificate authority certificate as part of the firmwarebut also the corresponding private key [1]. The news didnt get a lot of attention back then. AVM is the maker of Fritz!Box routers and modems which are …

Read more “AVM Private Key Leak Puts Cable Modems Worldwide At Risk, (Thu, Feb 16th)”

OpenSSL released an update for OpenSSL 1.1.0. The latest version is now OpenSSL 1.1.0e. OpenSSL 1.0.2 is not affected. The vulnerability, %%cve:2017-3733%% can lead to a crash in either clients or servers. In order to trigger the vulnerability, an attacker would first negotiate an SSL connection without the Encrypt-Then-Mac extension. Later, the attacker would use …

Read more “OpenSSL 1.1.0e Update: No need to panic #openssl, (Thu, Feb 16th)”

Microsoft earlier today updated its blog post about the skipped February patch Tuesday with a note that We will deliver updates as part of the planned March Update Tuesday, March 14, 2017. March 14th is the March Patch Tuesday date, so Februarys updates will be combined with the March update. Probably overall the least disruptive …

Read more “Microsoft February Patch Tuesday Now Rolled into March Update, (Thu, Feb 16th)”

I made the following demo for a customer in the scope of a security awarenessevent. When speaking to non-technical people, its always difficult to demonstrate how easily attackers can abuse of their devices and data. If successfully popping up acalc.exe with an exploit makes a room full of security people crazy, its not the case …

Read more “How was your stay at the Hotel La Playa?, (Wed, Feb 15th)”

Microsoft delayed the release of all bulletins scheduled for today. Today was supposed to be the first month of Microsoft using its new update process, which meant that we would no longer see a bulletin summary, and patches would be released as monolithic updates vs. individually. It is possible that this change in process caused …

Read more “Microsoft Patch Tuesday Delayed, (Tue, Feb 14th)”

=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Packettotal ( http://www.packettotal.com ) is a new site that does some nifty analysis of Packet Captures for you if youre not so familiar with Wireshark or other analysis tools Out of the gate, this site maps out connections, certificates, encryption algorithms and gives up files that are transfered in the session. A great start (I …

Read more “Do You Use VirusTotal? Give PacketTotal a Spin!, (Mon, Feb 13th)”

With the prevalence of Next-Gen Firewalls, were seeing a new wave of organizations decrypting traffic at the network edge, between organizations and the public internet. This is a good thing. As we see more and more legit https traffic, were also seeing the attackers follow that trend, where malware and attacks are now often encrypted …

Read more “Stuff I Learned Decrypting, (Mon, Feb 13th)”