Category: Threat Intel

Automatically Extracting Obfuscated Strings from Malware using the FireEye Labs Obfuscated String Solver (FLOSS) http://ift.tt/28YIbLH Introduction and Motivation Have you ever run strings.exe on a malware executable and its output provided you with IP addresses, file names, registry keys, and other indicators of compromise (IOCs)? Great! No need to run further analysis or hire expensive…

Libarchive Needs Patching Again http://ift.tt/28O56Ke Users, developers, sysadmins – World+Dog, really – need to get busy patching libarchive, after Cisco Talos researchers turned up three new vulnerabilities. Described here, the bugs all relate to input validation. CVE-2016-4300 is a heap overflow in its handling of 7zip files: a malicious file can cause an integer overflow,…

Tor Onion Hardening Will Be Tear Inducing For eds http://ift.tt/28O57h8 The University of California wants to defeat deanonymisation with a hardened version of the Tor browser. The uni boffins are with the Tor Project testing an address space layout randomisation (ASLR) -esque technique dubbed Selfrando. It is hoped the technique described in the paper Selfrando:…

Commercial drone industry gets new relaxed rules http://ift.tt/28S3yTg Soon, Americans are likely to be seeing a lot more drones. And vice versa. The US Federal Aviation Administration (FAA) has just released its long-awaited rules for the commercial use of lightweight drones. And those rules are extremely drone friendly. One thing’s missing, though: any privacy safeguards.…

Carbonite online backup service bombarded with reused passwords http://ift.tt/28XABB1 Online backup service Carbonite is forcing users to pick new passwords in the wake of discovering that it was under a large-scale account takeover attack. On Tuesday, the company said in a post that as far as it can tell, its own systems haven’t been breached.…

Google makes two-step verification easy-peasy http://ift.tt/28Na8a6 Ever fumble when you’re typing in a verification code sent to your phone or burbled up from Google Authenticator? Here’s some relief for the fat-fingered: Google’s just made two-step verification (2SV) a lot less aggravating. As the company announced on Monday, you can now get prompts pushed to your…

Mark Zuckerberg is paranoid about webcam spies – for good reason http://ift.tt/28NwaJP Here’s a riddle: what do Mark Zuckerberg and FBI Director James Comey have in common? I mean, besides the fact that they both run organizations that know waaaaaaaay too much about us? Answer: they both put tape over their webcams. You might have…

After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity http://ift.tt/28Nxuil   After Angler: Shift in Exploit Kit Landscape and New Crytpo-Ransomware Activity       Early this year, we reported that in 2015, Angler came out as the top exploit kit, having contributed 59.5% in the total exploit kit activity for the year. Now, there’s barely…

5 ways to keep your Instagram profile safe http://ift.tt/28PLk4K Although I’m generally an early adopter of most new social media networks when they come out (go figure, I’m a shameless #Millennial), I was an Instagram curmudgeon for a while. But after giving it a go, its ease of use and brilliantly minimal interface completely won…

Apple “opens up” the iOS 10 kernel – accident or design? http://ift.tt/28NJHlI Apple, it seems, just can’t win when it comes to openness. Or lack of it. You’ll find many articles right now that suggest that Apple somehow “forgot” to apply its usual obfuscations to the iOS kernel when it released its recent iOS 10…