Tags: Threat Intelligence

Brief OSINT review for CVE-2012-1535 Attacks

On August 15th, Jaime Blasco over at AlienVault Labs posted a description of a malicious word document with an embedded flash file that exploits CVE-2012-1535 (Original here). The document described within the specific attack was titled “iPhone 5 Battery.doc”, and the dummy document displayed after exploitation is a legitimate article that was posted on August […]

Read More →

Crowdsourcing for InfoSec

About a week ago, I saw a tweet by @c_APT_ure referencing a new category in the established domain-tagging system at OpenDNS. They (OpenDNS) recently added both a malware and botnet category that can be submitted for review (official announcement here). For those who don’t know how the domain tagging works, it basically goes like this: […]

Read More →

AICPA.org Phishing: Round 2

This morning I received another, slightly different, AICPA.org phishing email. This time, the spoofed sender was “Aaron Peters – security@intuit.com” (Header available at the bottom of the post). This email contained two hotlinks, both of which pointed to hxxp://foraver.de/wp-includes/aic.html. This post has a slightly more convincing version of the standard wait screen, which consists of […]

Read More →

Thanks for Sharing – Indicators

Based on popular request, I’m listing the indicators that I gathered from the malware in the situation described in the previous post (Thanks for Sharing). Don Clifton (@Digitalsec4u) has also shared his (and will be updating more) over on his blog at digitalsecurity4u. The initial tip came from the following tweets by @c_APT_ure: #malware news […]

Read More →

Thanks for Sharing

Guess What? Sharing information about new threats and threat indicators really can make a difference! Most people reading this post are probably saying DUH!, but I thought I’d like to present a case study that occurred over the past two days. Before I start, thanks to everyone involved for giving me enough fuel to make […]

Read More →