Research Spotlight: Ropmemu - A Framework For The Analysis Of Complex Code-Reuse AttacksMariano Graziano, Talos (Cisco Blog)Code-reuse attacks, such as return-oriented programming (ROP), are part of this evolution and currently present a challenge to defenders as it is an area of research that has not been studied in depth. Today, Talos releases ROPMEMU, a framework to analyze complex code-reuse attacks. In this blog post, we will identify and discuss the challenges and importance of reverse engineering these code-reuse instances. ....Rabu, 08 Jun 2016
Did the Clinton Email Server Have an Internet-Based Printer?Brian Krebs, KrebsOnSecurityThe Associated Press today points to a remarkable footnote in a recent State Department inspector general report on the Hillary Clinton email scandal: The mail was managed from the vanity domain “clintonemail.com.” But here’s a potentially more explosive finding: A review of the historic domain registration records for that domain indicates that whoever built the private email server for the Clintons also had the not-so-bright idea of connecting it to an Internet-based printer ....Rabu, 08 Jun 2016
Bug Poaching: A New Extortion Tactic Targeting EnterprisesJohn Kuhn, Security Intelligence (IBM Blog)Imagine a scenario in which burglars break into your home but steal nothing and don’t harm anything inside. Instead, these burglars take pictures of all your precious belongings and personal assets. Later that day, you receive a letter with copies of all these pictures and an alarming message: “If you’d like to know how we broke into your house, please pay us large sums of money.” ....Rabu, 08 Jun 2016
Got $90,000? A Windows 0-Day Could Be Yours Brian Krebs, KrebsOnSecurityHow much would a cybercriminal, nation state or organized crime group pay for blueprints on how to exploit a serious, currently undocumented, unpatched vulnerability in all versions of Microsoft Windows? That price probably depends on the power of the exploit and what the market will bear at the time, but here’s a look at one convincing recent exploit sales thread from the cybercrime underworld where the current asking price for a Windows-wide bug that allegedly defeats all of Microsoft’s current security defenses is USD $90,000. ...Rabu, 08 Jun 2016
SandJacking Attack Puts iOS Devices At Risk to Rogue AppsMichael Mimoso, Threat Post (Kaspersky Lab Blog)Apple has yet to patch a vulnerability disclosed during last week’s Hack in the Box hacker conference in Amsterdam that allows an attacker with physical access—even on the latest versions of iOS—to swap out legitimate apps with malicious versions undetected on the device. ....Rabu, 08 Jun 2016
Fake Bank App Ramps Up Defensive MeasuresJordan Pan, TrendLabs Security Intelligence Blog (Trend Micro)It’s not uncommon for malware to have capabilities that protects itself. This usually consists of routines that help keep it hidden. One particular mobile malware caught our attention with its unique combination that makes its attack stealthy, and it has the capability to locks a user’s device. A similar routine was reported previously in our entry on Operation Emmental in terms of locking the victim’s phone. However, this new malware does so as a failsafe and without the use of external commands.....Rabu, 08 Jun 2016
Android Spyware Targets Security Job Seekers in Saudi ArabiaYukihiro Okutomi, McAfee Labs BlogDuring the past few years, Intel Security Mobile Research has monitored and reported on several countries in the region and has found an alarming increase in campaigns using mobile malware for not only disruption and hacktivism but also for intelligence gathering. Today we shed light on a new campaign targeting Saudi Arabia. ...Rabu, 08 Jun 2016
Android Banker malware goes social Shivang Desai, ZScalerDuring a regular hunt for malware, our researchers came across an interesting malicious Android app that portrayed itself as an online app for the reputable Russian bank Sberbank, which is the largest bank in Russia and Eastern Europe. ....Rabu, 08 Jun 2016
The OilRig Campaign: Attacks on Saudi Arabian Organizations Deliver Helminth Backdoor Robert Falcone and Bryan Lee, Unit 42 (Paloalto Networks Blog)In May 2016, Unit 42 observed targeted attacks primarily focused on financial institutions and technology organizations within Saudi Arabia ....Rabu, 08 Jun 2016
Link (.lnk) to Ransommsft-mmpc, TechNet (Microsoft Blog)We are alerting Windows users of a new type of ransomware that exhibits worm-like behavior. This ransom leverages removable and network drives to propagate itself and affect more users. We detect this ransomware as Ransom:Win32/ZCryptor.A. ...Rabu, 08 Jun 2016
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: