RSS

Selling cyberthreatintelligence.com

I am selling the domain cyberthreatintelligence in the .com, .net, .org, .info, .biz, .mobi, .us and .co top level domains. Send me a message if you are interested.

Continue reading...

BitDefender update coming to fix SSL certificate issue

BitDefender

 

 

Prepare to update your BitDefender installs based on a “bug”. Like many products BitDefender does HTTPS scanning (read: SSL MITM). It looks like they borked the logic and was using the built-in BitDefender SSL cert in situations that it should not. This is nowhere near as bad as the recent issues with Superfish but still worth discussion.

http://www.theregister.co.uk/2015/03/01/bitdefender_bit_trip_slaps_valid_on_revoked_certs/

 

 

 

Continue reading...

Uber suffers a data breach

This quote from the article sums it up nicely:

“The giant Uber announced a data breach that resulted in unauthorized access to the driver partner license numbers of roughly 50,000 of its drivers”

http://securityaffairs.co/wordpress/34251/cyber-crime/uber-data-breach.html

Continue reading...

Cisco on “Dynamic Detection of Malicious DDNS”

Blog post from Cisco on how Dynamic DNS services are abused by malware authors and a decent list of DDNS providers to block. ¬†Blocking DDNS sites based on a blocklist of known DDNS web sites is one thing. Blocking DDNS provider name servers (the better way to do it) is harder. Sure you could block the IP address of ns.afraid.org at your firewall. What happens when the IP of that name server changes? Rather than just blocking wouldn’t you like to know when a workstation is trying to resolve a DDNS domain? We use RPZ to rewrite DNS responses from DDNS name servers and send the traffic to a sinkhole for analysis. Lots of juicy C2 data there once you weed out the crimeware / annoyances…….

http://blogs.cisco.com/security/dynamic-detection-of-malicious-ddns

Continue reading...

Good analysis of PlugX “v2″ new features from Airbus

Below is a link to a good analysis of the PlugX RAT, specifically one of the later versions. New features include a re-written HTTP library (time for new network sigs), ability to use ICMP as a C2 channel (you block that from your network right :)) and further use of encryption to slow down the RE process.

http://blog.cassidiancybersecurity.com/post/2014/01/PlugX-v2%3A-meet-SController

Continue reading...
Older Entries

Bad Behavior has blocked 631 access attempts in the last 7 days.

Rodney's 404 Handler Plugin plugged in.