Welcome to Delicate template
Header
Just another WordPress site
Header

Why Everyone Should Be Using a Web Proxy

August 30th, 2012 | Posted by Brett Edgar in Malware | privacy | Security - (0 Comments)

If you haven’t heard about it by now, let me clue you in: Java is a security nightmare. A few days ago, a zero-day exploit for Java 7 became widely-known. The exploit bypasses Java 7′s security sandbox and permits attackers to download and execute code without user interaction. The attack is already available in Metasploit and in the Blackhole Exploit Kit (BEK). Since it’s in BEK, users are now susceptible to this attack via so-called “drive-by” web hacks. All a user has to do is get unlucky and visit a compromised site (and there are a TON of compromised WordPress sites out there) and their machine is compromised.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

, ,

On Stuxnet Adaptation

March 21st, 2012 | Posted by Andrew Ridings in Malware | Terrorism - (0 Comments)

With the recent focus on Stuxnet due to the CBS 60 Minutes Special: Stuxnet: Computer worm opens new era of warfare and the 60 Minutes Overtime special Stuxnet copycats: Let the hacking begin, aired earlier this month, I was reminded of the extent our nation’s critical infrastructure is at risk from cyber attack.Read more

Andrew Ridings

Andrew Ridings

Andrew Ridings is a Security Analyst at True Digital Security with a passion for penetration testing and social engineering. Andrew received his Bachelors of Science in Information Assurance and Forensics at Oklahoma State University and holds CNSS 4011 certification.

More Posts

,

MS12-020 Proof-of-Concept in the Wild

March 18th, 2012 | Posted by Brett Edgar in Advisories | Malware | Microsoft - (0 Comments)

Well, that didn’t take long. As of Thursday, an MS12-020 PoC (the Remote Desktop Protocol vulnerability) is in the wild. Looks like one of Microsoft’s MAPP partners leaked some test code. This PoC code only causes a Blue-Screen-of-Death, so the damage is limited to a denial-of-service. It won’t be long until the bad guys figure out which values they need to modify to achieve remote code execution. When that happens and you still have RDP open to the Internet and unpatched, you lose. I suspect we’ll see a worm exploiting this within a week. This could end up being a SQL Slammer-type event…

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

Don’t Let Your Users Get Sucked into the Blackhole!

November 7th, 2011 | Posted by Brett Edgar in Malware | Security - (0 Comments)

Over the past month, TRUE NSM analysts have observed a significant increase in the number of corporate web users being attacked by the Blackhole Exploit Kit.  The rate of incidents reported involving this malware is now close to two per day.  The Blackhole exploit kit targets vulnerabilities in out-of-date Java and Adobe Reader software.  A cursory examination of a few of the deobfuscated Javascript files delivered to users by Blackhole also shows evidence that Adobe Flash is being targeted and perhaps even a few Microsoft vulnerabilities by way of the Windows Media Player ActiveX control.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

,

Anti-Malware Vendor Fight: Duqu vs. Stuxnet

November 2nd, 2011 | Posted by Brett Edgar in Malware | Security - (0 Comments)

It looks like the main anti-malware vendors are choosing sides and going head-to-head on the relationship between Duqu and Stuxnet.  So far, the fight is Symantec and Kaspersky, who say Duqu is related to Stuxnet, vs. SecureWorks and Bitdefender, who say they are not related at all.Read more

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

,