Clik here to view.
SANS Internet Storm Center, InfoCON: green: Maldoc with auto-updated link,...
Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of links. This feature is enabled by default for any newly created document (that was...
View ArticleClik here to view.
Darknet - The Darkside: What You Need To Know About Server Side Request...
SSRF or Server Side Request Forgery is an attack vector that has been around for a long time, but do you actually know what it is? Server Side Request Forgery (SSRF) refers to an attack where in an...
View ArticleClik here to view.
/dev/random: [SANS ISC] Maldoc with auto-updated link
I published the following diary on isc.sans.org: “Maldoc with auto-updated link“.Yesterday, while hunting, I found another malicious document that (ab)used a Microsoft Word feature: auto-update of...
View ArticleClik here to view.
Zero in a bit: Don't Be AppSec 'Helicopter Parents'
Roles shifting can be disconcerting. Having a clear role and understanding your responsibilities and tasks is comforting. But getting too comfortable can be dangerous. Take parenting for example....
View ArticleClik here to view.
Un informático en el lado del mal: In-Directo: Canales de Youtubers emiten...
Ayer no me dio la vida para ver la vuelta de la SuperCopa de España. Vi unos minutos nada más y el trajín de vida que me tiene en París hizo que cayera rendido con el ordenador en el pecho. Sin...
View ArticleClik here to view.
Wired: Threat Level: Matthew Keys Sentenced to Two Years for Aiding Anonymous
The former Tribune Company employee was convicted of giving Anonymous information that helped hackers access an LA Times server and alter a headline. The post Matthew Keys Sentenced to Two Years for...
View ArticleClik here to view.
Wired: Threat Level: A Scheme to Encrypt the Entire Web Is Actually Working
The non-profit certificate authority Let's Encrypt is enabling a sea change toward HTTPS encryption online. The post A Scheme to Encrypt the Entire Web Is Actually Working appeared first on WIRED.
View ArticleClik here to view.
Niels Provos: Support my videos on Patreon!
Add your support on Patreon to help me create more videos. Your support will help with materials, rent as well as other equipment, e.g. cameras, lights, software, etc. It is not required but...
View ArticleFortinet FortiGuard Blog: An Inside Look at CVE-2017-0199 – HTA and Scriptlet...
FortiGuard Labs recently came across a new strain of samples exploiting the CVE-2017-0199 vulnerability. This vulnerability was fixed by Microsoft and the patch was released in April 2017. Due to its...
View ArticleFortinet FortiGuard Blog: Governmental Entities Bringing Financial...
By now, it’s no secret that cybercriminals have targeted, and continue to target, the financial services industry with advanced attacks that are designed to steal or otherwise jeopardize valuable data....
View ArticleSANS Internet Storm Center, InfoCON: green: ISC Stormcast For Friday, August...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
ArsTechnica: Security Content: Secret chips in replacement parts can...
Enlarge (credit: Omer Shwartz et al.)People with cracked touch screens or similar smartphone maladies have a new headache to consider: the possibility the replacement parts installed by repair shops...
View ArticleClik here to view.
SANS Internet Storm Center, InfoCON: green: EngineBox Malware Supports...
1. IntroductionAfter receiving quite a big amount of malspam with similar messages in my honeypots this week, I decided to dedicate some time to analyze what it was about. To my surprise, after peeling...
View ArticleClik here to view.
Darknet - The Darkside: UACMe – Defeat Windows User Account Control (UAC)
UACme is a compiled, C-based tool which contains a number of methods to defeat Windows User Account Control commonly known as UAC. It abuses the built-in Windows AutoElevate backdoor and contains 41...
View ArticleClik here to view.
Wired: Threat Level: Hacker Lexicon: What Are White Hat, Gray Hat, and Black...
Here's how to distinguish the colors of the hacker rainbow. The post Hacker Lexicon: What Are White Hat, Gray Hat, and Black Hat Hackers? appeared first on WIRED.
View ArticleClik here to view.
Un informático en el lado del mal: King of Code: ElevenPaths CODE Talks for Devs
Desde ayer mismo tienes ya publicada la nueva serie de charlas que vamos a hacer desde ElevenPaths, en este caso, dirigidas a desarrolladores que quieran aprender cómo sacar el máximo partido de...
View ArticleClik here to view.
SANS Internet Storm Center, InfoCON: green: tshark 2.4 New Feature - Command...
There is nothing new about Wireshark releasing an update; however, the new 2.4 branch has new feature that is quite useful that I have been waiting to be able to use for a while. In case you missed it,...
View ArticleClik here to view.
Un informático en el lado del mal: Chrome (de Google) marcará muchos blogs...
Son muchos los blogs que han recibido los correos electrónicos de Google indicando que su blog tiene páginas que van a ser marcadas como inseguras. Remarco esto de "páginas" y no el sitio completo,...
View ArticleClik here to view.
PandaLabs: PowerLocker
PowerLocker, also called PrisonLocker, is a new family of ransomware which in addition to encrypting files on the victim’s computer (as with other such malware) threatens to block users’ computers...
View ArticleClik here to view.
Un informático en el lado del mal: Una opción en Telegram que arregla el...
Durante el mes de Julio publiqué en un post el trabajo que hicimos con WhatsApp, explicando que era posible automatizar la creación de de grupos de WhatsApp por medio de una aplicación web que...
View Article