Irongate ICS Malware: Nothing To See Here...Masking Malicious Activity On Scada Systems

  • Selasa, 07 Jun 2016
  • Penulis: Josh Homan, Sean McBride, Rob Caldwell, Threat Research Blog (FireEye)

In the latter half of 2015, the FireEye Labs Advanced Reverse Engineering (FLARE) team identified several versions of an ICS-focused malware crafted to manipulate a specific industrial process running within a simulated Siemens control system environment. We named this family of malware IRONGATE. ....

Selengkapnya

FastPOS: Quick and Easy Credit Card Theft

  • Selasa, 07 Jun 2016
  • Penulis: TrendLabs Security Intelligence Blog (Trend Micro)

FastPOS is designed to immediately exfiltrate any stolen card data, instead of storing it locally in a file and periodically sending it to the attackers. This suggests that it may have been designed to target situations with a much smaller network environment. .....

Selengkapnya

DRIDEX Poses as Fake Certificate in Latest Spam Run

  • Selasa, 07 Jun 2016
  • Penulis: Michael Casayuran, Rhena Inocencio and Jay Yaneza, TrendLabs Security Intelligence Blog (Trend Micro

At a glance, it seems that DRIDEX has dwindled its activities or operation, appearing only for a few days this May. This is quite unusual given that in the past five months or so, this prevalent online banking threat has always been active in the computing landscape. .....

Selengkapnya

CryptXXX updated to version 3.0, Decryptors no longer Work

  • Selasa, 07 Jun 2016
  • Penulis: Lawrence Abrams, Bleeping Computer

On May 21st, the developers behind the CryptXXX ransomware updated their code to version 3.0 in order to stop Kaspersky's RannohDecryptor from decrypting files for free. Unfortunately, it appears that this update has also had the unintended consequence of breaking the malware developers decryptor. ....

Selengkapnya

Crouching Tiger, Hidden DNS

  • Selasa, 07 Jun 2016
  • Penulis: WeLiveSecurity (ESET Blog)

One particularly noteworthy issue we are seeing is an interesting DNS hijack that sets the victim’s computer to use specific DNS servers. ....

Selengkapnya

Cybercriminals add DDoS component to ransomware payloads

  • Selasa, 07 Jun 2016
  • Penulis: Help Net Security

Instead of just encrypting data files on a workstation (plus any network drive it can find) and locking the machine, a new variant of the Cerber ransomware is now adding a DDoS bot that can quietly blast spoofed network traffic at various IPs, according to KnowBe4. ....

Selengkapnya

New Wekby Attacks Use DNS Requests As Command and Control Mechanism

  • Selasa, 07 Jun 2016
  • Penulis: Josh Grunzweig, Mike Scott and Bryan Lee, Unit42 (Paloalto Networks Blog)

We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. ....

Selengkapnya

Operation Ke3chang Resurfaces With New TidePool Malware

  • Selasa, 07 Jun 2016
  • Penulis: Micah Yates, Mike Scott, Brandon Levene, Jen Miller-Osborn and Tom Keigher, Unit42 (Paloalto Network

Little has been published on the threat actors responsible for Operation Ke3chang since the report was released more than two years ago. However, Unit 42 has recently discovered the actors have continued to evolve their custom malware arsenal. We’ve discovered a new malware family we’ve named TidePool. ....

Selengkapnya

IXESHE Derivative IHEATE Targets Users in America

  • Selasa, 07 Jun 2016
  • Penulis: Razor Huang and CH Lei, TrendLabs Security Intelligence Blog (Trend Micro)

Since 2012, we’ve been keeping an eye on the IXESHE targeted attack campaign. Since its inception in 2009, the campaign has primarily targeted governments and companies in East Asia and Germany. However, the campaign appears to have shifted tactics and is once again targeting users in the United States. ....

Selengkapnya

CVE-2015-2545: overview of current threats

  • Selasa, 07 Jun 2016
  • Penulis: GReAT, SecureList (Kaspersky Lab Blog)

CVE-2015-2545 is a vulnerability discovered in 2015 and corrected with Microsoft’s update MS15-099. The vulnerability affects Microsoft Office versions 2007 SP3, 2010 SP2, 2013 SP1 and 2013 RT SP1. ....

Selengkapnya

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Security News

Kumpulan berita tentang keamanan siber atau IT.

Laporan Insiden

Id-SIRTII/CC menerima pelaporan insiden dari publik untuk kemudian dilakukan koordinasi kepada pihak-pihak yang berkepentingan.