Microsoft Windows 10: Send file samples when further analysis is required

This policy setting configures behaviour of samples submission when opt-in for MAPS telemetry is set. Possible settings: - 0: Always prompt - 1: Send safe samples automatically - 2: Never send - 3: Send all samples automatically OpenVAS Vulnerability Test $Id:...

Distributed YARA Malware Scanning System: KLara project

Klara project is aimed at helping Threat Intelligence researchers hunt for new malware using Yara . In order to hunt efficiently for malware, one needs a large collection of samples to search over. Researchers usually need to fire a Yara rule over a collection / set of malicious files and then ge...

Meltdown/Specter-based Malware Coming Soon to Devices Near You, Are You Ready?

It has been few weeks since the details of the Spectre, and Meltdown processor vulnerabilities came out in public and researchers have discovered more than 130 malware samples trying to exploit these chip flaws. Spectre and Meltdown are security vulnerabilities disclosed by security researchers...

The Evolution of Ransomware

While many businesses and individual users understand that ransomware isn't a new threat, many don't actually know how long this particular infection style has been utilized by hackers. The first attacks took place more than a decade ago, and since then, ransomware authors have only become more...

Denis and Co.

In April 2017, we published a detailed review of a malicious program that used DNS tunneling to communicate to its C&C. That study prompted us to develop a technology to detect similar threats, which allowed us to collect a multitude of malware samples using DNS tunneling. In this article, we wil...

DEBIAN-CVE-2017-15046

LAME 3.99.5, 3.99.4, 3.98.4, 3.98.2, 3.98 and 3.97 have a stack-based buffer overflow in unpackreadsamples in frontend/getaudio.c, a different vulnerability than CVE-2017-9412...

CVE-2017-14795

The hevcwriteframe function in libbpg.c in libbpg 0.9.7 allows remote attackers to cause a denial of service out-of-bounds read and application crash or possibly have unspecified other impact via a crafted BPG file, related to improper interaction with hlspcmsample in hevc.c in libavcodec in FFmp...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Lab for Java Deserialization Vulnerabilities This content is...

libgig Denial of Service Vulnerability (CNVD-2017-27699)

libgig is a C++ library for loading, modifying existing and creating new Gigasampler .gig files and DLS downloadable sound Level 1/2 files, KORG sample instruments .KSF and .KMP files, SoundFont v2 .sf2 files and AKAI sampler data. A denial of service vulnerability exists in the function...

IT threat evolution Q2 2017

Targeted attacks and malware campaigns Back to the future: looking for a link between old and new APTs This year's Security Analyst Summit SAS included interesting research findings on several targeted attack campaigns. For example, researchers from Kaspersky Lab and King's College London present...

Oolong CVE-2017-8570 samples and behind the idea-vulnerability warning-the black bar safety net

The so-called CVE-2017-8570 sample Last week, 360 days eye lab found foreign hackers on Github released a CVE-2017-8570 exploits code, but then deleted, in order to find quite a few labeled as CVE-2017-8570 Office malware samples, such as the following VirusTotal is marked as CVE-2017-8570 sample...

Part 2: Reading SPAM For Research

A couple weeks ago, I posted a blog that is a follow up of an article I published in Information Security Magazine. In that post I wrote about collecting phishing samples and identifying domain squatters that might be looking to harvest information from their target. This is the final blog entry...

UBUNTU-CVE-2017-9412

The unpackreadsamples function in frontend/getaudio.c in LAME 3.99.5 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted wav file...

ALPINE-CVE-2017-9412

The unpackreadsamples function in frontend/getaudio.c in LAME 3.99.5 allows remote attackers to cause a denial of service invalid memory read and application crash via a crafted wav file...

maltran - Tool To Download Malware Exercises From MALware-TRaffic-ANalysis.net

This tool was developed with the purpose of furthering and organizing access to traffic analysis exercises and malware files captured and published almost daily. Maltran makes the views and downloads exercises and malspams easier in an extremely simple and organized way. Visit website...

GPS-SDR-SIM - Software-Defined GPS Signal Simulator

GPS-SDR-SIM generates GPS baseband signal data streams, which can be converted to RF using software-defined radio SDR platforms, such as bladeRF, HackRF, and USRP. Windows build instructions 1. Start Visual Studio. 2. Create an empty project for a console application. 3. On the Solution Explorer ...

Microsoft Says Fireball Malware Threat 'Overblown'

Check Point has ramped down its projections on the impact of the recently disclosed Fireball malware after Microsoft called its initial numbers into question. Details on Fireball were published June 1 by Check Point, which said the malware was the work of a Chinese digital marketing agency called...

Honeypots and the Internet of Things

There were a number of incidents in 2016 that triggered increased interest in the security of so-called IoT or 'smart' devices. They included, among others, the record-breaking DDoS attacks against the French hosting provider OVH and the US DNS provider Dyn. These attacks are known to have been...

[SECURITY] Fedora 26 Update: yara-3.6.0-1.fc26

YARA is a tool aimed at but not limited to helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families or whatever you want to describe based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strin...

Malware Network Communication Provides Better Early Warning Signal

Research is expected to be unveiled today that challenges the industry’s current reliance on dynamic malware analysis as the best means of early detection of infections. Instead, researchers from the Georgia Institute of Technology, the IMDEA Software Institute and EURECOM posit that a better...