Welcome to my collection of interesting links for the week to the 2017-12-23. The links are in no particular order. Learning From Security Breaches in 2017 Preparing for the mandatory use of TLS 1.2 in Office 365 Russia’s Globex bank says hackers targeted its SWIFT computers North Korea Bitten by Bitcoin Bug: Financially motivated campaigns […]
Continue ReadingCompromised Arabic Domain Hosting Malicious Files
Today I came across a suspicious Word document when browsing Hybrid Analysis (which is always fun to see what is going on). The document caught my eye for the single reason that it was called “swift message 1.docx” (c07fb4ab07e439463117cd7d060109cb814d928304e8828c3884ac2b88fece78). Since I work for a bank, I always have an urge to checkout banking related stuff […]
Continue ReadingLinks of the Week 2017-07-16
Welcome to my collection of interesting links for the week to the 2017-07-16. The links are in no particular order. Detailed incident report Another day, another mass domain hijacking NemucodAES Decryptor Want to kill your IT security team? Put the top hacker in charge Cloud Leak: How A Verizon Partner Exposed Millions of Customer Accounts […]
Continue ReadingLinks of the Week 2017-07-09
Welcome to my collection of interesting links for the week to the 2017-07-09. The links are in no particular order. 94 .ch & .li domain names hijacked and used for drive-by Report on July 7, 2017 incident Schedule for BSidesLV 2017 Attack on Critical Infrastructure Leverages Template Injection Broadpwn Bug Affects Millions of Android and […]
Continue ReadingLeaking Your Customer Names and Tracking Numbers
Well, this seems like a big and “major f*ckup”! A recent Kickstarter campaign has leaked all the names of backer (users that have financially supported the campaign) and all the tracking numbers. The data resides in a public Excel file on MediaFire and has over 1404 entries. They tried to identify backers that have not yet send […]
Continue ReadingGoogle’s BeyondCorp and some Thoughts
One of the big news stories last week was the Wall Street Journal article, reporting that Google has “given up on their internal network” and are moving their business applications to the internet (called BeyondCorp). The reason behind is that they don’t see the internal network as private/protectable anymore. With todays adversaries, malware and general lack […]
Continue Reading“You order form:[RANDOM] from 06/05/15 recived;” Attachment Analysis
Today I came across a message, which was rather interesting. The mails were received with different subjects, random company names in them as well as random attachment names. The attachment is a Word document with the “*.doc” extension (never a good sign). Quickly analysing shows that the Word document contains a Marco script, which, when executed, […]
Continue ReadingPhishing Gang Forgets Source Code
I love to analyse and take apart phishing pages. Such phishing pages are nothing new, you can find them almost daily. I always enjoy poking around and investigating if I find something new, something of interest or just some sort of timestamp to be able to pinpoint the speed a gang has in setting up new phishing pages. […]
Continue ReadingCreative Commons: Donors Data Leak
A few days ago has the Creative Commons team sent out an email, informing me and some other donors about a data leak that happened on their GitHub repository: Creative Commons believes in open, frank, and prompt communication with our community, including our donors. We also take your privacy seriously. We are committed to responsibly guarding the personal information you […]
Continue ReadingZeitgeist Daemon on Xubuntu does not respect your privacy
I toyed around with my Xubuntu, and found the strange named process “Zeitgeist”. What’s this? “zeitgeist-daemon is a daemon which keeps track of activities on your system (file usage, browser history, calendar events, etc.) and logs them into a central database. It does not only create a chronologic register, but also supports tagging and can […]
Continue Reading