ForAllSecure

DECEMBER 15, 2020

This is a blog post for advanced users with binary analysis experience. Non-glibc C standard library. Lack of available source code or documentation. For this blog post we will be looking at the Netgear N300 (henceforth referred to as DGN2200v4) router firmware image. Uses uClibc instead of glibc C standard library.

Libraries 52

Libraries IT Authentication Access 52

Security Affairs

DECEMBER 20, 2018

N051118 ), where the malicious payload was dropped abusing a macro-enabled word document able to download the malicious DLL paylaod. The malware tries to connect to the remote host 149.154.157.104 (EDIS-IT IT) through an encrypted SSL channel, then it downloads other components and deletes itself from the filesystem.

Libraries 73

Libraries Phishing Encryption Authentication 73

Security Affairs

JUNE 11, 2019

Hash c86d3ab048976eb70d64409f3e7277ec40d6baf9ba97bcf4882e504fb26b5164 Threat Microsoft Excel malicious document Brief Description Malicious macro Ssdeep 1536:9n1DN3aMePUKccCEW8yjJTdrBZq8/Ok3hOdsylKlgryzc4 bNhZFGzE+cL2knA5xG:9n1DN3aM+UKccCEW8yjJTdrBZq8/Ok3B. This means, the content of the variable “$y” actually is a.NET Dynamic Linked Library.

e-Delivery 71

e-Delivery Encryption Libraries IT 71

Security Affairs

FEBRUARY 16, 2021

dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. dll: Windows legitimate DLL for runtime dependencies – MICROSOFT® C RUNTIME LIBRARY. If a path is passed, then the library is only loaded from the specific path. com/document/d/1wG-npl-Rx1WT00cYpjvrE_V_PzzxuavKLkpvYReLjvw/edit.

Libraries 117

Libraries Communications Phishing Encryption 117

Krebs on Security

JUNE 7, 2021

In the process of doing so, I encountered a small snag: The FSB’s website said in order to communicate with them securely, I needed to download and install an encryption and virtual private networking (VPN) appliance that is flagged by at least 20 antivirus products as malware. Federal Bureau of Investigation (FBI). Image: Wikipedia.

Encryption 293

Encryption Ransomware Government Communications 293

IT Governance

DECEMBER 13, 2018

As is now traditional, I’ve installed myself in the porter’s chair next to the fire in the library, ready to recap some of the year’s more newsworthy information security events. For more information on each story, simply follow the links in the transcript on our blog. And Google announced another bug in a Google+ API , affecting 52.5

Data breaches 71

Data breaches Personal data Access GDPR 71

Security Affairs

MAY 6, 2021

The malicious Office document, when opened, it poses as a DocuSign file – a popular software for signing digital documents. The malicious documents take advantage of Excel 4.0 Figure 3: Excel document used to lure victims and download and execute the QakBot 2nd stage. Dribbling AVs with XLM macros. Suspicious 738 0.5%

Encryption 100

Encryption Libraries Ransomware IT 100

Security Affairs

APRIL 10, 2019

EMOTET has evolved in its delivery, however, this wave was conducted with the most prominent form: inserting malicious documents or URL links inside the body of an email sometimes disguised as an invoice or PDF attachment. We could not retrieve any more information about this library in malware.

Security 59

Security IT Access Cybersecurity 59

Security Affairs

JULY 7, 2020

Lampion was first documented in December 2019 , and it was distributed in Portugal via phishing emails using templates based on the Portuguese Government Finance & Tax. The text is written in Portuguese, and just the logo at the end of the document was changed between May and July malware versions. exe TargetFileDOSName: rundll32.exe

Communications 94

Communications Cloud Phishing Encryption 94

IT Governance

JULY 31, 2019

Libraries in Onondaga Co., Federated Library System working on its online system following a ransomware attack (unknown). Federated Library System working on its online system following a ransomware attack (unknown). Maitland, FL, dentist says five months of patient records encrypted by ransomware (unknown).

Data breaches 111

Data breaches Ransomware Personal data Government 111

Security Affairs

MARCH 19, 2020

Today I want to contribute to such a blog-roll analyzing a new spreading variant that hit my observatory. XSL StyleSheet Document MiZl5xsDRylf0W.tmp. The following VBScript is run through cscript.exe, It’s an obfuscated and xor-encrypted payload. The original PDF from WHO explaining the COVID-19 status and how to fight it.

Computer and Electronics 96

Computer and Electronics IT Encryption Security 96

Security Affairs

JULY 2, 2019

Unlike most ransomware, LooCipher uses a macro-weaponized document as dropper of the real threat. We identified two different document files involved to deploy the ransomware, they are called: “Info_BSV_2019.docm” Document content. Actions during encryption phase. docm” and “Info_Project_BSV_2019.docm”. Macro code.

Ransomware 92

Ransomware Encryption Blockchain Libraries 92

ForAllSecure

FEBRUARY 10, 2021

Every three years the US Library of Congress is tasked with reviewing section 1201 of the DMCA. In 2018, the last review year, breaking encryption in a product in order to repair it was deemed to be legal as well, however, this activity is restricted to restoring the device in question to its original specifications.

Manufacturing 52

Manufacturing Agriculture IT Access 52

ForAllSecure

FEBRUARY 10, 2021

Every three years the US Library of Congress is tasked with reviewing section 1201 of the DMCA. In 2018, the last review year, breaking encryption in a product in order to repair it was deemed to be legal as well, however, this activity is restricted to restoring the device in question to its original specifications.

Manufacturing 52

Manufacturing Agriculture IT Access 52