Information Security News

Introduction Since Monday 2016-10-03, the pseudoDarkleech campaign has been using Rig exploit kit (EK) to distribute Cerber ransomware." /> Shown above: An infection chain of events. Let" />...

View Article

Vuln: Microsoft Internet Explorer CVE-2016-3384 Remote Memory Corruption...

October 14, 2016, 1:00 pm

Microsoft Internet Explorer CVE-2016-3384 Remote Memory Corruption Vulnerability

View Article

Vuln: Microsoft Internet Explorer CVE-2016-3383 Remote Memory Corruption...

October 14, 2016, 1:00 pm

Microsoft Internet Explorer CVE-2016-3383 Remote Memory Corruption Vulnerability

View Article

Vuln: Microsoft Internet Explorer and Edge CVE-2016-3382 Remote Memory...

October 14, 2016, 1:00 pm

Microsoft Internet Explorer and Edge CVE-2016-3382 Remote Memory Corruption Vulnerability

View Article

Image may be NSFW.
Clik here to view.

Beware of all-powerful DDoS malware infecting cellular gateways, feds warn

October 14, 2016, 1:00 pm

Enlarge / One of the Sierra Wireless devices that can be infected by Mirai. (credit: Sierra Wireless) This week, the US government-backed ICS-CERT warned that the troubling new generation of computer...

View Article

Vuln: PHP 'password_verify()' Function Out-of-Bounds Read Denial of Service...

October 14, 2016, 2:00 pm

PHP 'password_verify()' Function Out-of-Bounds Read Denial of Service Vulnerability

View Article

Vuln: Magento CMS Flash File Uploader Cross Site Scripting Vulnerability

October 14, 2016, 2:00 pm

Magento CMS Flash File Uploader Cross Site Scripting Vulnerability

View Article

Vuln: Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities

October 14, 2016, 3:00 pm

Magento CMS Multiple Cross-Site Request Forgery Vulnerabilities

View Article

Image may be NSFW.
Clik here to view.

Maldoc VBA Anti-Analysis, (Sat, Oct 15th)

October 15, 2016, 12:00 pm

I was asked for help with the analysis of sample 7c9505f2c041ba588bed854258344c43. Turns out this malicious Word document has some anti-analysis tricks ( older diary entry with other anti-analysis...

View Article

Vuln: Snoopy CVE-2008-7313 Arbitrary Command Execution Vulnerability

October 16, 2016, 11:00 am

Snoopy CVE-2008-7313 Arbitrary Command Execution Vulnerability

View Article

Analyzing Office Maldocs With Decoder.xls, (Sun, Oct 16th)

October 16, 2016, 1:00 pm

In my last diary entry, I show how to decode VBA maldoc strings with Excel. A similar technique can be used to decode a payload (like shellcode). I explain this method in this video. Didier Stevens...

View Article

ISC Stormcast For Monday, October 17th 2016...

October 16, 2016, 5:00 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article