サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
ノーベル賞
labs.alienvault.com
AlienVault R&D Labs Portal. Get the latest news from our research. Several domains including New York Times and Twitter attacked by Syrian Electronic Army During the last few hours several domains including the one from The New York Times have been redirected to a Syrian Electronic Army server. Here is the list of domains pointing to that server: Returned 39 RRs in 1.50 seconds. sokiland.fr.nf. A
AlienVault R&D Labs Portal. Get the latest news from our research. U.S. Department of Labor website hacked and redirecting to malicious code During the last few hours we have identified that the U.S. Department of Labor website has been hacked and it is serving malicious code. As you can see in the following UrlQuery report the website is including code from the malicious server dol[.]ns01[.]us: O
Several times the date of the exploit was a few days after the vulnerability had been disclosed and there wasn’t a patch released by the vendor. Campaigns In the past most of the campaigns which we found related to the Sykipot actors were based on SpearPhishing mails with attachments that exploited vulnerabilities in software like Microsoft Office, Adobe Flash, Adobe PDF and some times Internet Ex
AlienVault R&D Labs Portal. Get the latest news from our research. During the day I’ve been thinking about what have just happened in South Korea. We have published earlier today a quick blog post about how the wiper payload works. It is a very simple piece of code that overwrites the MBR (Master Boot Record) making the affected system unable to start after reboot. Other companies have published i
AlienVault R&D Labs Portal. Get the latest news from our research. As many of you would probably know several South Korean banks and media companies have been affected by an attack that has wiped several systems. It seems the South Korean security company Nshc has published more details on his Facebook Page Based on the samples we collected, the malware overwrites the MBR (Master Boot Record) of t
AlienVault R&D Labs Portal. Get the latest news from our research. I’m sure all of you have heard about Mandiant’s APT1 report published yesterday. As many of you probably know we have been tracking and exposing this group for a long time as well as other individuals and companies in the security industry. A couple of examples are: - Win32/Coswid - Unveiling a spearphishing campaign and possible r
AlienVault R&D Labs Portal. Get the latest news from our research. Yesterday, Adobe released a patch for Adobe Flash that fixed a zeroday vulnerability that was being exploited in the wild. According to Adobe, CVE-2013-0633 is being exploited using Microsoft Office files with embedded flash content delivered via email. They are also aware of CVE-2013-0634 being exploited trough web browsers such a
AlienVault R&D Labs Portal. Get the latest news from our research. Earlier this morning @Kafeine alerted us about a new Java zeroday being exploited in the wild. With the files we were able to obtain we reproduced the exploit in a fully patched new installation of Java. As you can see below we tricked the malicious Java applet to execute the calc.exe in our lab. The Java file is highly obfuscated
Alienvault R&D Labs Portal. Get the latest news from our research. A few days ago, CERT-Georgia published a great report describing a cyber spionage campaign. ESET wrote a great report a few months ago as well. The report said the malware was found in Georgian Governmental Agencies including ministries, parliament, banks, ngo’s. The report also says the purpose of the malware was “Collecting Sensi
Alienvault R&D Labs Portal. Get the latest news from our research. Yesterday Adobe issued a security update to address CVE-2012-1535 that was being exploited in the wild. The sample that we analyzed is a Microsoft Office Word document with an embedded malicious Flash file. The name of the malicious doc file is iPhone 5 Battery.doc, md5: 7e3770351aed43fd6c5cab8e06dc0300 The doc file contains an unc
This time it seems they are mainly using drive-by-download exploits like CVE-2011-0611 affecting Flash Player or the new Windows XML Core zero-day vulnerability. The CVE-2012-1889 vulnerability is related to Google’s warnings on state-sponsored attacks . Instead of attaching malicious files on e-mails, they send e-mails to the victims with a malicious link. Once the victim clicks on the link the m
Alienvault R&D Labs Portal. Get the latest news from our research. More attacks linked to CVE-2012-0158, the evolution of a threat step by step CVE-2012-0158 vulnerability has been one of the main players in the information security scene during the last weeks. Since it was seen in the wild for the first time, attackers have been using it to break the security of specific targets. We have been tra
Alienvault R&D Labs Portal. Get the latest news from our research. MS Office exploit that targets MacOS X seen in the wild – delivers “Mac Control” RAT Continuing our research on Tibet attacks, we have found more Mac trojans and some interesting MS Office files that deliver them. The group behind these attacks is the same we have been tracking for a while: - AlienVault Tibet related Research now
このページを最初にブックマークしてみませんか?
『labs.alienvault.com』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く