Hackin9
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

ENTER.CO

Shellshock: su significado en el mundo de la infosec
ENTER.CO
El pasado miércoles se publicó el hallazgo de una vulnerabilidad en el componente de software Bash, herramienta histórica y propia de los sistemas operativos Unix, Linux y Mac OS X, que ya bautizaron Shellshock, Bashdoor o Bash bug. La vulnerabilidad ...

and more »
 

This past week Microsoft MSRT push contains detections/removals for several widely used APT tools. The coalition (led by Novetta) that brought about the inclusions of these tools in this month MSRT, are encouraging enterprises to push/execute this month MSRT update. Some of malware included in this month MSRT update have a preliminary report posted here.

If you are using either Snort or Sourcefire, the ruleIDs to detect some of the threat/family in this month MSRT release are listed below and can be downloaded from Snort or from Sourcefire VRT subscription.

Derusbi -- 20080
Fexel -- 29459
Hikit -- 30948
DeputyDog -- 28493
Hydraq -- 16368, 21304
DarkMoon -- 7816, 7815, 7814, 7813, 12715, 12724
Zxshell -- 32180, 32181

[1] http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
[2] http://www.microsoft.com/security/pc-security/malware-removal.aspx
[3] http://novetta.com/commercial/news/resources/
[4] https://www.snort.org/downloads/#rule-downloads

-----------

Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu

Teaching SEC 503 end of October in Ottawa

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

ASD staff move into Australia's new security hub
iT News
[See poll below: Would your infosec function share data with the Australian Government?] The Cyber Security Centre will want to learn from sectors that have strong infosec capabilities, such as banking and finance and telecommunications, to aid those ...

and more »
 
Internet Storm Center Infocon Status