Actus Sécurité Confirmé 2011 S46


=> Analysis of a malicious PDF from a SEO Sploit Pack . 14/11/2011. «According to a Kaspersky Lab article, SEO Sploit Pack is one of the Exploit Kits which appeared in the first months of the year, being PDF and Java vulnerabilities the most used in these type of kits. That’s the reason why I’ve chosen to analyse a malicious PDF file downloaded from a SEO Sploit Pack (…).»
Source : eternal-todo.com/blog/seo-sploit-pack-pdf-analysis

=> (Updated) WordPress Timthumb Attacks Rising. 15/11/2011. «SpiderLabs Research Team has been tracking an increase in WordPress Timthumb plug-in scanning. How wide spread are the attacks? We just added the following entry to the Web Hacking Incident Database (WHID) – (…).»
Source : blog.spiderlabs.com/2011/11/wordpress-timthumb-attacks-rising.html

=> The Mystery of Duqu: Part Five. 15/11/2011. «The driver is the first component of Duqu to be loaded in the system. As we discovered, the driver and other components of malware are installed with a dropper exploiting a 0-day vulnerability (CVE-2011-3402). The driver is registered in the HKLM\System\CurrentControlSet\Services\ registry path. The exact name of the registry key varies in different versions of Duqu drivers (…).»
Source : www.securelist.com/en/blog/606/The_Mystery_of_Duqu_Part_Five
Billets en relation :
16/11/2011. Duqu– Threat Research and Analysis by Szor – McAfee Labs [pdf] : blogs.mcafee.com/wp-content/uploads/2011/10/Duqu1.pdf

=> TDSS Bootkit Spawns Clones. 15/11/2011. «TDL 4 variants have surfaced recently, making security researchers suspect that the code may have been sold on the black market (…).»
Source : labs.bitdefender.com/?p=830

=> Goodbye DIACAP, Hello DIARMF. 17/11/2011. «Every few months, an elite group of DoD security experts, IT managers, and senior leadership gather to chart the future course for how Information Assurance will be conducted within the Defense Department. Very soon, this group will introduce sweeping changes to the Certification and Accreditation process, to the extent that personnel roles, job titles, and even the moniker C&A itself will change, evolving into new nomenclature and a new era for the Information Assurance community of practice within the DoD. After implementation, the use of DIACAP Certification and Accreditation processes will cease and DIARMF Assessment and Authorization will become the ‘new normal’ for information technology professionals and risk managers throughout the Defense Department (…).»
Source : resources.infosecinstitute.com/goodbye-diacap-hello-diarmf/

=> Another Cousin of Spitmo: SymbOS/ConBot. 18/11/2011. «Analysts on our Threat Research team recently discovered OpFake, a premium rate SMS trojan that shares code with Spitmo. And this week, our automation flagged a new sample. The guys have completed their analysis and it appears that we’ve discovered yet another « cousin » of Spitmo. Only, this trojan doesn’t pretend to be an Opera update (…).»
Source : www.f-secure.com/weblog/archives/00002271.html

Billet précédent : «
Billet suivant : »