malware 썸네일형 리스트형 Working with base64 Last week I received another malicious document with embedded payload encoded with base64. A bit tired of repeating the same manual operations to extract and decode base64 content, I quickly wrote a small Python script to help me. base64dump.py searches through the given file for base64 strings (delimited by non-base64 characters), and produce a report like this one:Here is a video of the tool i.. 더보기 Analysis of CVE-2015-2360 – Duqu 2.0 Zero Day The recent Duqu 2.0 targeted attack used several zero-day vulnerabilities as part of its attack. One of the vulnerabilities used was CVE-2015-2360, which was fixed by MS15-061 as part of the June Patch Tuesday release. Like CVE-2015-1701, this is also in the Win32k.sys file, which is commonly targeted by attackers to bypass existing vulnerability mitigation techniques.The vulnerability lies in h.. 더보기 The Samsung SwiftKey Vulnerability – What You Need To Know, And How To Protect Yourself Recently, researchers announced that a vulnerability in Samsung Android devices had been found which allowed attackers to run malicious code on vulnerable devices if they became the targets of a man-in-the-middle attack.In this post we will explain how this vulnerability works, and what can users do to protect themselves.The VulnerabilityThe stock Android keyboard on these affected Samsung devic.. 더보기 Magnitude Exploit Kit"수정 된 막 Adobe Flash Player의 취약점을 이용. 가장 영향을받은 국가는 미국 Adobe는 2015 년 6 월 정례 보안 정보 에서 Flash Player에 존재하는 취약점 패치를 공개했지만 현재도 특히 미국, 캐나다, 영국 사용자는 "CryptoWall 3.0」에 감염 될 수 있습니다. 이 익스플로잇 코드는 트렌드 마이크로의 제품은 "SWF_EXPLOIT.MJTE"로 감지되고 "Magnitude Exploit Kit"에 이용됩니다. 이 취약점을 이용한 공격 공격자는 파일을 암호화하고 몸값을 요구하는 'Crypto 랜섬웨어'를 공격 대상으로하는 PC를 감염시킬 수 있습니다. 당사는 클라우드 형 보안 기초 " Trend Micro Smart Protection Network'를 통해 위협 상황을 감시하고 있던 때이 부정 활동의 흔적을 2015 년 6 월 15 일 (미국 시간) 처음으.. 더보기 Exploring Control Flow Guard in Windows 10 As operating system developers are always keen on improving exploit mitigation technology, Microsoft has enabled a new mechanism in Windows 10 and in Windows 8.1 Update 3 (released last November) by fault. This technology is called Control Flow Guard (CFG).Previous mitigation techniques like address space layout randomization (ASLR) and Data Execution Prevention (DEP) have been successful in mak.. 더보기 DNS Changer Malware Sets Sights on Home Routers Home routers can be used to steal user credentials, and most people just don’t know it yet. Bad guys have found ways to use Domain Name System (DNS) changer malware to turn the most inconspicuous network router into a vital tool for their schemes.We already know that routers sometimes ship with malicious DNS server settings. In this scenario, the malware is used to tamper with the router and its.. 더보기 Trend Micro Discovers Apache Vulnerability that Allows One-Click Modification of Android Apps We’ve discovered a vulnerability in the Apache Cordova app framework that allows attackers to modify the behavior of apps just by clicking a URL. The extent of the modifications can range from causing nuisance for app users to crashing the apps completely.Designated as CVE-2015-1835, this high-severity vulnerability affects all versions of Apache Cordova up to 4.0.1. Apache has released a securi.. 더보기 Exploit kits delivering Necurs In the past few days, we've seen Nuclear and Angler exploit kits (EKs) delivering malware identified as Necurs. It certainly isn't the only payload sent from Nuclear and other EKs, but I hadn't really looked into EK traffic sending Necurs lately.Documented as early as 2012, Necurs is a type of malware that opens a back door on the infected computer [1]. It may also disable antivirus products as .. 더보기 MS15-011 – Microsoft Windows Group Policy real exploitation Windows has been around a long time. After years of evolving from one version to another, it is rare to find vulnerabilities that allow remote code execution from Windows XP to Windows 8.1 (32 and 64-bit) without any user interaction.In this blog post, I’m going to explain what I had to do to exploit this bug fixed in MS15-011 by Microsoft, integrating and coordinating the attack in one module.I.. 더보기 Analyzing MS15-050 With Diaphora Analyzing MS15-050 With DiaphoraOne of the most common ways that I glean information on new and upcoming features on releases of Windows is obviously to use reverse engineering such as IDA Pro and look at changed functions and variables, which usually imply a change in functionality.Of course, such changes can also reveal security fixes, but those are a lot harder to notice at the granular level.. 더보기 이전 1 ··· 18 19 20 21 22 23 24 ··· 57 다음