Actus Sécurité Confirmé 2011 S43

=> Elaborate Black Hole Infection. 23/10/2011. «I normally come across straight-forward drive-by downloads. Due to some website compromise, a web page is modified to include a link to a malicious website (e.g. iframe or external Javascript file) that infects unsuspecting visitors. In this case, the infection method was rather elaborate and lucky for me, I got the rare chance of seeing what goes on behind the scenes. (…).»
Source : www.kahusecurity.com/2011/elaborate-black-hole-infection/

=> Did Filiol break Tor ? (1/3). 24/10/2011. «Je vais donc prendre le temps de détailler le contexte de la nouvelle, puis de méthodiquement expliquer en quoi les attaques de Filliol consistent une par une en faisant le point sur leur réelles implications pour la sécurité du réseau Tor, puis enfin d’évaluer la crédibilité de Filiol et de ses propos (…).»
Source : koolfy.be/2011/10/24/did-filiol-break-tor-1/
Billets en relation :
24/10/2011. Rumors of Tor’s compromise are greatly exaggerated : blog.torproject.org/blog/rumors-tors-compromise-are-greatly-exaggerated
29/10/2011. Did filiol break tor ? (2/3) : koolfy.be/2011/10/29/did-filiol-break-tor-2/

=> A look inside the SpyEye Trojan admin console. 25/10/2011. «At Webroot we’ve been researching and chronicling developments with SpyEye since we first saw it in April 2010. This nasty Trojan is the successor to the Zeus Trojan, and it became essentially the main rootkit available for sale after the author of ZeuS left the underground market and sold ZeuS sources to the SpyEye team (…).»
Source : blog.webroot.com/2011/10/24/a-look-inside-the-spyeye-admin-console/

=> Amazon and Eucalyptus hacked. 25/10/2011. «Today I’d like to point out a paper entitled « All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces »by Juraj Somorovsky et Al (…).»
Source : marcoramilli.blogspot.com/2011/10/today-id-like-to-point-out-paper.html
Billets en relation :
24/10/2011. Cloud Computing: « Wolke » mit Lücken – RUB-Forscher entdecken Sicherheitsmängel bei Amazon : idw-online.de/pages/en/news447281
25/10/2011. Researchers find holes in the cloud : www.h-online.com/security/news/item/Researchers-find-holes-in-the-cloud-1366112.html
25/10/2011. Des chercheurs trouvent une faille sur le cloud : www.crazyws.fr/hacking/des-chercheurs-trouvent-une-faille-sur-le-cloud.html
25/10/2011. [pdf] All Your Clouds are Belong to us – Security Analysis of Cloud Management Interfaces »by Juraj Somorovsky et Al : www.nds.rub.de/media/nds/veroeffentlichungen/2011/10/22/AmazonSignatureWrapping.pdf
27/10/2011. Des failles de sécurité préoccupantes dans les clouds : www.lemondeinformatique.fr/actualites/lire-des-failles-de-securite-preoccupantes-dans-les-clouds-42413.html

=> The Mystery of Duqu: Part Two. 25/10/2011. «Our investigation and research of Duqu malware continues. In our previous report, we made two points: there are more drivers than it was previously thought; it is possible that there are additional modules (…).»
Source : www.securelist.com/en/blog/208193197/The_Mystery_of_Duqu_Part_Two
Billets en relation :
24/10/2011. Duqu: la piste hongroise? : exploitability.blogspot.com/2011/10/duqu-la-piste-hongroise.html
25/10/2011. Win32/Duqu: It’s A Date : blog.eset.com/2011/10/25/win32duqu-it’s-a-date
26/10/2011. Duqu Trojan Questions and Answers : www.secureworks.com/research/threats/duqu/
27/10/2011. Duqu Reference Material : www.scadahacker.com/resources/duqu.html
28/10/2011. India shuts server linked to Duqu computer virus : mobile.reuters.com/article/idUSN1E79R1G020111028?irpc=932
28/10/2011. Win32/Duqu analysis: the RPC edition : blog.eset.com/2011/10/28/win32duqu-analysis-the-rpc-edition

=> Clarifying Android DroidKungFu variants. 26/10/2011. «Much like Ninja Turtles, DroidKungFu now comes in different flavours (5 so far), discovered by Pr. Xuxian Jiang (and research team) and Lookout. If, like me, you are having difficulties keeping track of those variants, this post is for you :) (…).»
Source : blog.fortinet.com/clarifying-android-droidkungfu-variants/

=> Chaos Computer Club analysiert aktuelle Version des Staatstrojaners. 26/10/2011. «Dem Chaos Computer Club (CCC) wurde jüngst eine noch fast fabrikneue Version des Staatstrojaners zugetragen. Der Vergleich zur älteren, vom CCC bereits analysierten Version mit dem aktuellen Schnüffel-Code vom Dezember 2010 förderte neue Erkenntnisse zutage. (…).»
Source : www.ccc.de/en/updates/2011/analysiert-aktueller-staatstrojaner
Billets en relation :
26/10/2011. OZAPTFIS – Teil2 Analyse einer regierungs Malware – [pdf] Allm : www.ccc.de/system/uploads/83/original/staatstrojaner-report42.pdf

=> Reverse de malware Android. 26/10/2011. «Ayant analysé un malware Android (nommé operaandroidi14.apk) que j’ai téléchargé par hasard sur le Net, j’ai donc décidé d’expliquer comment reverser un malware android à partir d’un exemple concret (…).»
Source : blog.aassfxxx.tk/article13/reverse-de-malware-android
Billets en relation :
27/10/2011. Source : twitter.com/#!/WawaSeb/statuses/129523307228823552

=> TDL4 from scratch to …. 27/10/2011. «J’étais assez saouled de reverse des malwares appartenant aux familles des WinLocker, je voulais quelque chose de plus évolué, afin de découvrir / apprendre un maximum de choses, et pouvoir réellement m’amuser. J’ai donc décidé de m’attaquer à TDL4 (…).»
Source : blog.w4kfu.com/public/tdl4_article/draft_tdl4article.html
Billets en relation :
27/10/2011. Source : twitter.com/#!/t0ka7a/statuses/129641306581516288

=> Two Drive-Bys, One Site. 27/10/2011. «It’s bad enough to get hit with one drive-by download…but two on one page?! It’s probably separate compromises made by two different people. One thing is for sure though…what’s common to all these websites is WordPress. Let’s take a look at the first drive-by. Here are some of the affected websites: (…).»
Source : www.kahusecurity.com/2011/two-drive-bys-one-site/

=> Now “ce.ms” free domains are being used to host malicious code . 27/10/2011. «A few months back, I posted a blog on “co.tv” domains being used by attackers to host malicious code . We had identified number of different domains being used to carry out attacks using heavily obfuscated JavaScript. Now it appears that attackers are leveraging free “.ce.ms” domains (…).»
Source : research.zscaler.com/2011/10/now-cems-free-domains-are-being-used-to.html

=> Technical Analysis for Mozilla Firefox Array.reduceRight() Vulnerability. 28/10/2011. «The usage of exploits in current threats underlines the critical need for users to keep programs updated at all times. Considering the great amount of time people spend on their computers connected to the Internet, web browsers are prime targets for cybercriminals. This is a technical analysis of a recently discovered vulnerability in one of the most-used web browser: Mozilla Firefox (…).»
Source : blog.trendmicro.com/technical-analysis-for-mozilla-firefox-array-reduceright-vulnerability

Publié par

Gof

Canard boiteux numérique ; juste intéressé, juste passionné.