malware 썸네일형 리스트형 Cryptowall ,again! A new variant Cryptowall (An advanced version of cryptolocker) is now using a malicious .chm file attachment to infect systems.According to net-security.org, Bitdefender labs has found a spam wave that spread a malicious .chm attachments.CHM is the compiled version of html that support technologies such as JavaScript which can redirect a user to an external link.“Once the content of the .chm arc.. 더보기 How Malware Generates Mutex Names to Evade Detection Malicious software sometimes uses mutex objects to avoid infecting the system more than once, as well as to coordinate communications among its multiple components on the host. Incident responders can look for known mutex names to spot the presence of malware on the system. To evade detection, some malware avoids using a hardcoded name for its mutex, as is the case with the specimen discussed in.. 더보기 ElasticSearch Groovy脚本远程代码执行漏洞分析(CVE-2015-1427) ElasticSearch是一个JAVA开发的搜索分析引擎。2014年,曾经被曝出过一个远程代码执行漏洞(CVE-2014-3120),漏洞出现在脚本查询模块,由于搜索引擎支持使用脚本代码(MVEL),作为表达式进行数据操作,攻击者可以通过MVEL构造执行任意java代码,后来脚本语言引擎换成了Groovy,并且加入了沙盒进行控制,危险的代码会被拦截,结果这次由于沙盒限制的不严格,导致远程代码执行,目前网上还没看到公开的poc,经过一番研究,发现了利用方式,下面来看看漏洞是如何产生的。Groovy是一种运行在JVM上的脚本语言,语法和java很像,同样可以调用java中的各种对象和方法,但是Groovy的语法更简单。0x01 细节首先,我们执行一段带脚本的查询代码:POST http://127.0.0.1:9200/_search?pretty HTTP/1.1 User-Agent.. 더보기 SMACK: State Machine AttaCKs SMACK: State Machine AttaCKsImplementations of the Transport Layer Security (TLS) protocol must handle a variety of protocol versions and extensions, authentication modes and key exchange methods, where each combination may prescribe a different message sequence between the client and the server. We address the problem of designing a robust composite state machine that can correctly multiplex be.. 더보기 Threat Spotlight: Angler Lurking in the Domain Shadows OverviewOver the last several months Talos researchers have been monitoring a massive exploit kit campaign that is utilizing hijacked registrant accounts to create large amounts of subdomains for both initial redirection and exploitation. This campaign has been largely attributed to Angler Exploit Kit with fileless exploits serving various malicious payloads.The use of hijacked accounts lead to .. 더보기 LogPOS - New Point of Sale Malware Using Mailslots IntroductionThere has been an explosion in POS malware in the last year. At Morphick, Jeremy Humble and I found 2 undiscovered families in 2014 and we just found our first new family of 2015. This new malware which we're calling LogPOS has several notable differences from recent POS malware. The hash that we'll be pulling apart in this post is af13e7583ed1b27c4ae219e344a37e2b.Diving InAlmost imm.. 더보기 Freak Attack - Surprised? No. Worried? A little. There has been some press surrounding the SSL issue published recently dubbed Freak. It was reported in the Washington post1 and other sites, but what does it really mean?The issue relates to the use of Export Ciphers (the crypto equivalent of keeping the good biscuit yourself and giving the smaller broken one to your little brother or sister). The Export Ciphers were used as the "allowed" ciphe.. 더보기 Extended Validation Certificates: Warning Against MITM Attacks The recent Superfish incident has raised more concerns that SSL/TLS connections of users can be intercepted, inspected, and re-encrypted using a private root certificate installed on the user system. In effect, this is a man-in-the-middle (MITM) attack carried out within the user’s own system. We believe that site owners adopting extended validation (EV) certificates would help warn users about .. 더보기 TorrentLocker Ransomware Uses Email Authentication to Refine Spam Runs In monitoring the ransomware TorrentLocker, we noticed a new development in its arrival vector. In previous entries, we noted that a particular wave of the crypto-ransomware was using spammed messages that were designed to evade spam filters. Our research now shows that TorrentLocker malware are using emails that are designed to pass spam filters and also collect information.Using SPF to DMARCPr.. 더보기 PwnPOS: Old Undetected PoS Malware Still Causing Havoc We have been observing a new malware that infects point-of-sale (POS) systems. This malware may have been active since 2013, possibly earlier. Trend Micro will be naming this new malware family as PwnPOS to differentiate it from other known PoS malware families.In this blog post, we will discuss the technical details of this PoS malware. Researchers and incident response teams can add our findin.. 더보기 이전 1 ··· 27 28 29 30 31 32 33 ··· 57 다음