Category: Incident Sharing

Brief OSINT review for CVE-2012-1535 Attacks

On August 15th, Jaime Blasco over at AlienVault Labs posted a description of a malicious word document with an embedded flash file that exploits CVE-2012-1535 (Original here). The document described within the specific attack was titled “iPhone 5 Battery.doc”, and the dummy document displayed after exploitation is a legitimate article that was posted on August […]

Read More →

Crowdsourcing for InfoSec

About a week ago, I saw a tweet by @c_APT_ure referencing a new category in the established domain-tagging system at OpenDNS. They (OpenDNS) recently added both a malware and botnet category that can be submitted for review (official announcement here). For those who don’t know how the domain tagging works, it basically goes like this: […]

Read More →

Thanks for Sharing – Indicators

Based on popular request, I’m listing the indicators that I gathered from the malware in the situation described in the previous post (Thanks for Sharing). Don Clifton (@Digitalsec4u) has also shared his (and will be updating more) over on his blog at digitalsecurity4u. The initial tip came from the following tweets by @c_APT_ure: #malware news […]

Read More →

Thanks for Sharing

Guess What? Sharing information about new threats and threat indicators really can make a difference! Most people reading this post are probably saying DUH!, but I thought I’d like to present a case study that occurred over the past two days. Before I start, thanks to everyone involved for giving me enough fuel to make […]

Read More →

A Survey of Computer Incident Information Sharing Frameworks

As with my last post, this was originally written for an intermediate assignment in my M.S. program. It has already been submitted for credit and slightly modified for the for the format. Comments or questions here or @digital4rensics are always welcome! Introduction, or Why These Frameworks? Computer security incident details are deeply technical, but it […]

Read More →