I read an interesting blogpost: Domain Whitelist Benchmark: Alexa vs Umbrella

The author reported that around 1400 domains on Malwarebytes hpHosts EMD blacklist were in the top 1,000,000 domains Alexa and Umbrella lists. I was interested to know how high these domains ranked, and fortunately they had shared the results. But I was not able to download the list (406 error).

Thanks to the detailed explanations, I was able to reproduce the results. I have 1413 domains on the Umbrella list and 1361 domains on the Alexa list.

Here are high ranking domains on the Alexa list:

Here are high ranking domains on the Umbrella list:

It is interesting to see that domains on a blacklist score really high on lists that happen to be used as whitelists too.

Didier Stevens
Microsoft MVP Consumer Security
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

(credit: Rob Enslin)

There's a new zeroday attack in the wild that's surreptitiously installing malware on fully-patched computers. It does so by exploiting a vulnerability in most or all versions of Microsoft Word.

The attack starts with an e-mail that attaches a malicious Word document, according to a blog post published Saturday by researchers from security firm FireEye. Once opened, exploit code concealed inside the document connects to an attacker-controlled server. It downloads a malicious HTML application file that's disguised to look like a document created in Microsoft's Rich Text Format. Behind the scenes, the .hta file downloads additional payloads from "different well-known malware families."

The attack is notable for several reasons. First, it bypasses most exploit mitigations: This capability allows it to work even against Windows 10, which security experts widely agree is Microsoft's most secure operating system to date. Second, unlike the vast majority of the Word exploits seen in the wild over the past few years, this new attack doesn't require targets to enable macros. Last, before terminating, the exploit opens a decoy Word document in an attempt to hide any sign of the attack that just happened.

Read 4 remaining paragraphs | Comments

Firejail CVE-2017-5207 Local Privilege Escalation Vulnerability
Internet Storm Center Infocon Status