Feed aggregator

Microsoft Will Resume Email Security Notifications This Week

Threatpost for B2B - Mon, 06/30/2014 - 13:37
Microsoft announced this afternoon that it would resume sending security email notifications, reversing course on a decision it had made to suspend the practice.

ICS Malware Found on Vendors’ Update Installers

Threatpost for B2B - Mon, 06/30/2014 - 10:30
The Havex RAT has infected the software update installers of three known industrial control system vendors, according to an advisory for ICS-CERT.

PHP Fixes OpenSSL Flaws in New Releases

Threatpost for B2B - Mon, 06/30/2014 - 09:56
The PHP Group has released new versions of the popular scripting language that fix a number of bugs, including two in OpenSSL. The flaws fixed in OpenSSL don’t rise to the level of the major bugs such as Heartbleed that have popped up in the last few months. But PHP 5.5.14 and 5.4.30 both contain fixes […]

Analysis: Spam in May 2014

Secure List feed for B2B - Mon, 06/30/2014 - 07:00
In the run-up to the summer, spammers offered their potential customers seedlings and seeds for gardening. In addition, English-language festive spam in May was dedicated to Mother’s Day - the attackers sent out adverts offering flowers and candies.

Blog: RECON 2014

Secure List feed for B2B - Sun, 06/29/2014 - 19:07
Today was the last day of the REcon 2014 conference where reverse engineers from all over the world meet and share their research. The event started with trainings, where I (Nicolas) gave a 4 days training on malware reverse engineering. During those 4 days, we covered various kind of topics such as how to unpack/decrypt malware, identify cryptography algorithms, deal with obfuscated code, analyze shellcode etc.

RECON 2014

Secure List feed for B2B - Sun, 06/29/2014 - 13:23


Today was the last day of the REcon 2014 conference where reverse engineers from all over the world meet and share their research.

The event started with trainings, where I (Nicolas) gave a 4 days training on malware reverse engineering. During those 4 days, we covered various kind of topics such as how to unpack/decrypt malware, identify cryptography algorithms, deal with obfuscated code, analyze shellcode etc.

My colleague Marta Janus did a talk explaining the various techniques used by malwares to evade detection and sandboxing, and covered a lot of obfuscations tricks used in current malware.

The presentations this year were quite interesting and a few of them directly related to what we do in the labs, including graph representation of binaries , tools to help speed up analysis and handle code obfuscation.

You can find the full schedule of the conference here

The slides and the videos of every talks will be uploaded in the future on the REcon website.

Meanwhile, you can already download some of the research tools:

PANDA is the Platform for Architecture-Neutral Dynamic Analysis. It is a platform based on QEMU 1.0.1 and LLVM 3.3 for performing dynamic software analysis, abstracting architecture-level details away with a clean plugin interface. It is currently being developed in collaboration with MIT Lincoln Laboratory, Georgia Tech, and Northeastern University.

FUNCAP is a script to record function calls (and returns) across an executable using IDA debugger API, along with all the arguments passed. It dumps the info to a text file, and also inserts it into IDA's inline comments. This way, static analysis that usually follows the behavioral runtime analysis when analyzing malware, can be directly fed with runtime info such as decrypted strings returned in function's arguments

One presentation mentioned a framework for Reverse Engineering which i consider worthy to list here.

MIASM 2 is a a free and open source (GPLv2) reverse engineering framework. Miasm aims at analyzing/modifying/generating binary programs. Abilities to represent assembly semantic using intermediate language, emulating using jit (dynamic code analysis, unpacking) and expression simplification for automatic de-obfuscation.

See you next year at RECON 2015

Twitter: @nicolasbrulez

New Oil and Natural Gas ISAC Launches

Threatpost for B2B - Fri, 06/27/2014 - 14:54
A new information sharing group popped up this week in the oil and natural gas industries that hopes to formalize the trade of threat intelligence and indicators of compromise

FBI Issued More Than 19k National Security Letters in 2013

Threatpost for B2B - Fri, 06/27/2014 - 14:06
The United States federal government issued more than 19,000 National Security Letters--perhaps its most powerful tool for domestic intelligence collection--in 2013, and those NSLs contained more than 38,000 individual requests for information.

20-Year Old Vulnerability Patched in LZO Compression Algorithm

Threatpost for B2B - Fri, 06/27/2014 - 13:31
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer (LZO) compression algorithm was finally patched this week.

Zero-Day Patched in TimThumb WordPress Script

Threatpost for B2B - Fri, 06/27/2014 - 11:02
A zero-day vulnerability has been patched in the PHP-based image resizer TimThumb, popular in WordPress themes, after it was publicly disclosed this week.

PayPal 2FA Bypass Shows Difficulty of Getting Authentication Right

Threatpost for B2B - Fri, 06/27/2014 - 10:00
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is […]

Patched Code Execution Bug Affects Most Android Users

Threatpost for B2B - Thu, 06/26/2014 - 13:22
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.

Massachusetts Supreme Court Rules Defendant Must Decrypt Data

Threatpost for B2B - Thu, 06/26/2014 - 10:45
Encryption software has been enjoying a prolonged day in the sun for about the last year. Thanks to the revelations of Edward Snowden about the NSA’s seemingly limitless capabilities, security experts have been pounding the drum about the importance of encrypting not just data in transit, but information stored on laptops, phones and portable drives. […]

Cloned Android Banking App Hides Phishing Scheme

Threatpost for B2B - Wed, 06/25/2014 - 14:49
A cloned banking application targeting customers of a large bank in Israel has been removed from Google Play after it was discovered to be stealing users' log-in credentials.
Syndicate content