Month: August 2023

Microsoft’s fall “special event” date has been announced. Here’s what we expect to see, including new Surface products. Continue reading Mark your calendar: Microsoft’s fall event date is here→

Improper Restriction of XML External Entity Reference, XML Injection (aka Blind XPath Injection) vulnerability in Apache Software Foundation Apache Ivy.This issue affects any version of Apache Ivy prior to 2.5.2.

When Apache Ivy prior to 2.5.2 parses … Continue reading CVE-2022-46751 (ivy)→

Visibility is just the first step to secure your operational technology environment against today’s threats. You need a proactive, defense-in-depth approach. Continue reading Visibility Is Just Not Enough to Secure Operational Technology Systems→

When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It&#;x26;#;39;s impossible to investigate all files and a key point is to find interesting files that deserve more attention. In my malware analysis lab, I use a repository called my “Malware Zoo” where I put all the files. This repository is shared across different hosts (my computer, REMnux and Windows virtual machines). This helps me to keep all the “dangerous files” in a central location and avoid spreading dangerous stuff everywhere. When you analyze a malware, you&#;x26;#;39;ll quickly generate more files: You extract shellcodes, configurations, DLLs, more executables and those files should also be analyzed. To perform a quick triage with basic operations, I rely on the Inotify[1] suite.

Continue reading Quick Malware Triage With Inotify Tools, (Mon, Aug 21st)→

The threat actors behind the HiatusRAT malware have returned from their hiatus with a new wave of reconnaissance and targeting activity aimed at Taiwan-based organizations and a U.S. military procurement system.
Besides recompiling malware samples for … Continue reading HiatusRAT Malware Resurfaces: Taiwan Firms and U.S. Military Under Attack→