Things I Hearted this Week, 25th May 2018

May 25, 2018 | Javvad Malik
August 15, 2012 | Jaime Blasco

CVE-2012-1535: Adobe Flash being exploited in the wild

Yesterday Adobe issued a security update to address CVE-2012-1535 that was being exploited in the wild.The sample that we analyzed is a Microsoft Office Word document with an embedded malicious Flash file.The name of the malicious doc file is iPhone 5 Battery.doc, md5: 7e3770351aed43fd6c5cab8e06dc0300The doc file contains…

August 6, 2012 | Jaime Blasco

Feeding Alienvault’s Open Threat Exchange (OTX) threat information to ArcSight

When we launched the Open Threat Exchange (OTX) project, one of our goals was creating an open and free threat database and exchange system. We want it to be used by as many users as possible using a wide range of technologies.That is why we are publishing some code to feed our Open Threat Exchange (OTX) data to an…

Get the latest security news in your inbox.

Subscribe via Email

August 6, 2012 | Russ Spitler

Poisoning the Well, or Securing the Future

Here we go again.You know the expression, “No good deed goes unpunished”?  Well that idea has surfaced with regard to our OTX, or Open Threat Exchange.  Let me explain what I mean.First, some background.   We launched OTX back in February with a passionate belief in the power of transparency and open source models.   But we’re also as…

August 2, 2012 | Dominique Karg

The 2nd United Nations: The World Comes Together to Open-Source Cyber Security

2300 contributions from 77 countries since February of this year generates some interesting and unique threat data. From the top malicious IPs by country, to information on the top malicious content by activity, type, on web sites and more, AlienVault’s collaborative shared-intelligence platform, the Open Threat Exchange (OTX), is providing compelling and actionable IP reputation information.Download OSSIM and check…

August 2, 2012 | Dominique Karg

The Power of All

A little bit over five months ago, AlienVault released the first public version of its Open Threat eXchange, OTX. We’ve just created an info graphic – titled “The 2nd United Nations: The World Comes Together to Open-Source Cyber Security” – in order to share some interesting findings from the first five months of use.The goal…

July 18, 2012 | Jaime Blasco

New AlienVault OSSIM v4.0 is out: New correlation capabilities

Today we are launching the new AlienVault OSSIM v4.0.You can download it from here.Apart from tons of new features, we have improved the correlation engine capabilities, two of the most impressive features are:- Taxonomy correlation based on the Category and Subcategory of the events.- Correlation using the Open Threat Exchange (OTX) data.The correlation directives editor…

July 6, 2012 | Jaime Blasco

Nmap Script to detect Poison Ivy Clients

I want to share with you a Nmap script that will help you detecting Poison Ivy clients (due to the Poison Ivy nomenclature, the term client refers to the malicious server where the victims connect in order to receive commands).The Poison Ivy’s protocol uses a challenge-response handshake in order to perform the authentication. The server (victim)…

July 2, 2012 | Jaime Blasco

Sykipot is back

It has been a while since we published information about Sykipot. The last time we blogged about it, we discovered a variant that was able to bypass two-factor authentication to access protected resources on the victim’s network.We have detected a new wave of Sykipot campaigns that has been running during the past weeks. There are several changes…

June 29, 2012 | Jaime Blasco

New MaControl variant targeting Uyghur users, the Windows version using Gh0st RAT

A couple of hours ago, Kaspersky reported a new variant of the MaControl backdoor targeting Uyghur users.It seems to be a newer version of the MacControl RAT we found some months ago being dropped using Java and Office for Mac exploits.The attackers send mails to the victims with a zip file that contains the backdoor…

June 28, 2012 | Jaime Blasco

Thailand NGO site hacked and serving malware

During the previous days, Sophos has reported several attacks related to the Windows XML Core zero-day vulnerability:- http://nakedsecurity.sophos.com/2012/06/26/hotel-jobs-malware/- http://nakedsecurity.sophos.com/2012/06/20/aeronautical-state-sponsored-exploit/- http://nakedsecurity.sophos.com/2012/06/19/unpatched-microsoft-security-vulnerability-exploited/The CVE-2012-1889 vulnerability is related to Google’s warnings on state-sponsored attacks .We have recently found another website exploiting this vulnerability that is related…

June 21, 2012 | Alberto Ortega

Capfire4 malware, RAT software and C&C service together

A big amount of the malware out there are RAT (Remote administration tool) samples. This is software created by people specialized on it, people that develop, improve and sell their tools. It  has capabilities that let the attacker spy on the victims with actions like screen capturing, keylogging, password stealing, command execution and remote access and controlling.Their clients…

June 14, 2012 | Jaime Blasco

Win32/Coswid

Continuing the research on the last spearphishing campaign we published yesterday,  we found that the same group is using another downloader named Win32/Coswid. The dropper is similar to the one we described in the previous report.The main difference is that instead of using an html file to hide the configuration, it gets the config values from…

Watch a Demo ›
GET PRICE FREE TRIAL