Clik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge: Book...
Dear, blog, readers, as, I'm, currently, busy, writing, a, book, I'm looking for, a publisher, who's, interested, in, publishing, it, with, the, book, proposal, available, on, request. Send your...
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Looking for a full time threat intelligence analyst, cybercrime researcher, or a security blogger? Send your proposition to: ddanchev@protonmail.ch
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear, blog, readers, as, of, today, I'm, making, publicly, available, my, portfolio, of, services, including, active, threat, intelligence, gathering, and, processing, cybercriminals, and, network,...
View ArticleFortinet FortiGuard Blog: A Closer Look at the Rapid Evolution of EHR Security
More than any other database containing sensitive information for a large quantity of people, electronic health records (EHRs) are an especially attractive target for hackers. The patient data they...
View ArticleClik here to view.
/dev/random: TROOPERS 2017 Day #2 Wrap-Up
This is my wrap-up for the 2nd day of “NGI” at TROOPERS. My first choice for today was “Authenticate like a boss” by Pete Herzog. This talk was less technical than expected but interesting. It focussed...
View ArticleClik here to view.
Un informático en el lado del mal: Windows 10: (Otro) Bypass (más) de UAC...
Muchas eran las quejas de los usuarios sobre UAC (User Account Control) cuando fue introducido por Microsoft en Windows Vista, pero lo cierto es que desde que se rebajó el nivel de seguridad en Windows...
View ArticleFortinet FortiGuard Blog: FortiGuard Labs Discovers Multiple Vulnerabilities...
Over the last few months we discovered and reported multiple vulnerabilities found in different versions of Microsoft Word. These vulnerabilities were patched in the January (MS17-002) and March...
View ArticleSANS Internet Storm Center, InfoCON: green: Blank Slate campaign still...
IntroductionCerber ransomware has been a constant presence since it was first discovered in February 2016. Since then, Ive seen it consistently pushed by exploit kits (like Rig and Magnitude) from the...
View ArticleFortinet FortiGuard Blog: Fortinet Fabric-Ready Partner Spotlight: Versa...
Fortinet spoke with Fabric-Ready Partner, Versa Networks to learn what’s top of mind for its customers, the key IT challenges they are facing and how Versa Networks’ approach to integrated security is...
View ArticleSANS Internet Storm Center, InfoCON: green: "Blank Slate" malspam...
2017-03-22 Update: This diary was posted earlier, but we had some technical issues, and the previous diary disappeared. I had to re-post this as a new diary with a new story ID and...
View ArticleFortinet FortiGuard Blog: Microsoft Word File Spreads Malware Targeting Both...
On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows...
View ArticleClik here to view.
Darknet - The Darkside: LastPass Leaking Passwords Via Chrome Extension
LastPass Leaking Passwords is not new, last week its Firefox extension was picked apart – now this week it’s Chrome extension is giving up its goodies. I’ve always found LastPass a bit suspect, even...
View ArticleClik here to view.
Un informático en el lado del mal: DirtyTooth Hack: Cómo reemplazar el módulo...
Como ya se explicó en el ataque DirtyTooth Hack, si se quiere meter un módulo malicioso que cambie el comportamiento del BlueTooth Speaker para convertirlo en un Rogue DirtyTooth Speaker, como primer...
View ArticleClik here to view.
/dev/random: TROOPERS 2017 Day #3 Wrap-Up
The third day is already over! Today the regular talks were scheduled split in three tracks: offensive, defensive and a specific one dedicated to SAP. The first slot at 09:00 was, as usual, a keynote....
View ArticleClik here to view.
Dancho Danchev's Blog - Mind Streams of Information Security Knowledge:...
Dear, blog, readers, I, feel, it's, about, time, I, post, an, honest, response, regarding, my, disappearance, in, 2010, with, the, purpose, of, information, my, readers, on, my, current, situation,...
View ArticleSANS Internet Storm Center, InfoCON: green: SSMA Usage, (Thu, Mar 23rd)
SSMA is handy tool for quickly getting an idea if a file is malicious. Installsudo apt-get install python3-pipgit clone https://github.com/secrary/SSMA cd SSMA sudo pip3 install -r...
View ArticleLost In Security: Españoles por la BlackHat
Siguiendo con la estela del artículo publicado 'Españoles por la Phrack', vuelvo a la carga con un artículo parecido, pero en este caso sobre una de las conferencias de seguridad que más conoce la...
View ArticleLost In Security: El último superviviente (II) - iOS
En el pasado artículo estuvimos revisando los puntos débiles que tiene un malware a la hora de sobrevivir un reinicio del sistema, y nos centramos en OSX. Ahora toca el turno a iOS, que al ser una...
View ArticleClik here to view.
KPNC: vulnerability in… WinCalc (Win7, x64)
I will never go out of business in this country. thanks to Microsoft. who would have thought that wincalcis vulnerable? I have not checked all systems yet, so this is my configuration: Windows 7...
View ArticleClik here to view.
PandaLabs: PowerLocker
PowerLocker, also called PrisonLocker, is a new family of ransomware which in addition to encrypting files on the victim’s computer (as with other such malware) threatens to block users’ computers...
View Article