Microsoft Update Tuesday August 2014: Media Center and Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’re getting a total of six bulletins this month, two marked critical, three as important and finally one moderate. These six bulletins cover a total of 29 CVEs, most of which a
Apple ID Harvesting, now this is a good phish.
Phishing isn't new. "So, why are you writing about it?", you ask. I received this one today and it was very well done, so I thought I'd write it up. Chances are, you've seen these before: If you are familiar with Apple Verification emails, you'll not
Microsoft Update Tuesday July 2014: light month, mostly Internet Explorer
This month’s Microsoft Update Tuesday is relatively light compared to the major update of last month. We’re getting a total of six bulletins this month, two marked critical, three as important and finally one moderate. These six bulletins cover a total of 29 CVEs, most of which a
Threat Spotlight: "A String of Paerls", Part 2, Deep Dive
This post has been coauthored by Joel Esler, Craig Williams, Richard Harman, Jaeson Schultz, and Douglas Goddard In part one of our two part blog series on the “String of Paerls” threat, we showed an attack involving a spearphish message containing an attached malicious Word doc
Exceptional behavior: the Windows 8.1 X64 SEH Implementation
In my last post, you may remember how the latest Uroburos rootkit was able to disarm Patchguard on Windows 7 . I was recently looking into how Patchguard is implemented in Windows 8.1 and decided to dig into Exception Handling on x64. As a matter of fact, all the new 64-bit Windo
Detection for PutterPanda, we got this.
Recently a post by Crowdstrike was released detailing an attack being used, allegedly, by the Chinese Military "PLA Unit 61486". The post is a great demonstration of the use of OSINT (Open Source Intelligence) to track an adversary in this increasingly digital world.
Etumbot Detection, more prior coverage
Arbor Networks recently posted details about a backdoor they named Etumbot. It provides technical detail about the functionality of the malware and it includes hashes of known samples. The Arbor write up is available here: http://www.arbornetworks.com/asert/2014/06/illuminating-
The never ending Exploit Kit shift - Bleeding Life
Recently we've been able to observe several shifts in exploit kit techniques, so I thought it would be good to share the IOC information for the exploit kits so that administrators and network defenders can take a look at their devices and logs to remediate on their networks.
Microsoft Update Tuesday June 2014: Internet Explorer, Internet Explorer, Internet Explorer
Once again it’s time for Microsoft’s Update Tuesday and this time it’s almost all about Internet Explorer. We had a bit of a lull in the past months with respect to IE vulnerabilities, especially due to the out-of-band patch that Microsoft released last month, which delayed some