본문 바로가기

malware

Seizing Control of Yahoo! Mail Cross-Origin… Again This is a follow-up to another article about crossorigin mail theft on Yahoo! Mail using Flash. For a better understanding of the issue, you can read that here: http://blog.saynotolinux.com/blog/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/TL;DRA .swf on Yahoo’s CDN had a vulnerability that enabled near-complete control over Yahoo! Mail crossorigin. The.. 더보기
Reproducible Malware Analyses for All Summary: With help from GTISC, I have begun running 100 malware samples per day and posting the PANDA record & replay logs online at http://panda.gtisc.gatech.edu/malrec/. The goal is to lower the barriers to entry for doing dynamic malware research, and to make such research reproducible. Today, I spoke at the ACSAC Malware Memory Forensics workshop in New Orleans about a problem that I think h.. 더보기
Protocol handling issues in X Window System servers Protocol handling issues in X Window System serversDescriptionIlja van Sprundel, a security researcher with IOActive, has discovered a large number of issues in the way the X server code base handles requests from X clients, and has worked with X.Org's security team to analyze, confirm, and fix these issues.Ilja's talk at the 30th Chaos Communication Congress (30C3) in Hamburg last year (X Secur.. 더보기
The Regin Espionage Toolkit Regin is the latest in the line of sophisticated espionage toolkits used to target a range of organizations around the world. As already reported, it's one of the more complex pieces of malware around, and just like many of the other toolkits it also has a long history behind it. We first encountered Regin nearly six years ago in early 2009, when we found it hiding on a Windows server in a custo.. 더보기
Magnitude Exploit Kit Backend Infrastructure Insight This is the fourth post in a four-part series about Magnitude (if you like, read the first, second, and third parts too).This post will continue where the third post left off discussing the infection flow and cybercriminals redirecting victims to the gateway servers. Here's the next step in that flow:Figure 1. Exploitation flow second stageThe victim is redirected to the current Magnitude malwar.. 더보기
OnionDuke: APT Attacks Via the Tor Network Recently, research was published identifying a Tor exit node, located in Russia, that was consistently and maliciously modifying any uncompressed Windows executables downloaded through it. Naturally this piqued our interest, so we decided to peer down the rabbit hole. Suffice to say, the hole was a lot deeper than we expected! In fact, it went all the way back to the notorious Russian APT family.. 더보기
The Regin Espionage Toolkit Regin is the latest in the line of sophisticated espionage toolkits used to target a range of organizations around the world. As already reported, it's one of the more complex pieces of malware around, and just like many of the other toolkits it also has a long history behind it. We first encountered Regin nearly six years ago in early 2009, when we found it hiding on a Windows server in a custo.. 더보기
New PoS Malware Kicks off Holiday Shopping Weekend We are currently looking into a new point-of-sale (PoS) malware family detected as TSPY_POSLOGR.K, which is making the rounds just in time for this year’s holiday shopping weekend.Around this time last year, the U.S. retailer Target suffered one of the largest data breaches in history in a targeted attack that used the BlackPOS malware, a PoS RAM scraper malware family. Cybercriminals gathered r.. 더보기
CVE-2014-8439 Vulnerability: Trend Micro Solutions Ahead of the Game Last November 25, Adobe issued an out-of-band patch for the CVE-2014-8439 vulnerability, which impacts Adobe Flash Player versions on Windows, Mac OS, and Linux. Adobe’s advisory describes this vulnerability as a “de-referenced memory pointer that could lead to code execution.”Despite efforts by Adobe to quickly patch their software vulnerabilities, we noticed that exploit kit authors seem to be.. 더보기
When cookies lead to a DoS in phpMyAdmin CVE-2014-9218 "phpMyAdmin is a free software tool written in PHP, intended to handle the administration of MySQLover the Web. phpMyAdmin supports a wide range of operations on MySQL, MariaDB and Drizzle. Frequently used operations (managing databases, tables, columns, relations, indexes, users, permissions, etc) can be performed via the user interface, while you still have the ability to directly execute any .. 더보기

티스토리툴바