What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2020-03-12 21:57:40 | RISE-Colombia has been cancelled (lien direct) | We note that our friends at LACNIC have now cancelled their LACNIC-33 event in May in Colombia, and as such Team Cymru is also canceling our part of this event (RISE-COLOMBIA): In-Person LACNIC 33 Event Has Been Canceled We are sorry for any inconvenience this might cause you and we are working hard on possible... Continue Reading → | |||
|
2020-03-11 13:47:44 | Team Cymru Events Update (lien direct) | This message is to give you an update on our events for this year, as at March 11th, 2020. At this time, Team Cymru is moving forward and planning to be in Colombia for RISE in May and Strasbourg for UE in September, as well as Japan in November. LACNIC-33 are our co-hosts for May... Continue Reading → | |||
|
2020-03-03 14:43:01 | GAMAREDON: AN INSIGHT INTO VICTIMOLOGY USING AUGURY (lien direct) | Author: Josh Hopkins The Gamaredon Group is a threat actor group, believed to be aligned to Russia-state linked objectives. Community research into the group reveals a series of sophisticated attacks targeted predominantly against Ukrainian military interests, dating back to at least 2013. In this blog we will examine two recent periods of activity – August/September... Continue Reading → | Threat | ||
|
2020-02-24 18:48:04 | Detecting Cyber Recon Using Network Signals (lien direct) | Author: David Monnier What’s the value of a packet? How about three packets? In this post I’ll show how you can identify potential reconnaissance being conducted on a network, including identifying the potential target, by taking specific note of one type of ICMP packet being produced by your border device. ICMP, or Internet Control Message... Continue Reading → | |||
|
2020-02-19 13:40:01 | Azorult – what we see using our own tools (lien direct) | The Value of Being Able to Perform Threat Analysis outside the Boundaries of Your Enterprise… Looking at Dmitry Bestuzhev's piece about AZORult cryptominer spreading as a fake ProtonVPN installer[1], I took a glance in Augury at what we have for the malware hashes he provided and many are still very low in terms of their detection... Continue Reading → | Malware Threat | ||
|
2020-02-14 20:26:57 | Cheers to the Pioneers (lien direct) | Author: James Shank With NANOG78 just wrapping up in beautiful San Francisco, I am reflecting on my time here and the great conversations that I have had here at number 78 and past conferences. One particular aspect of my conversations stands out – the human narrative of the history of the Internet, often conveyed through... Continue Reading → | |||
|
2020-02-13 16:27:03 | Do you fly anon? (lien direct) | Author: Steve Santorelli Like many InfoSec professionals, I see the inside of a lot of airplanes. (However, I was not on that ship last month.) I recently flew back from our company HQ in Orlando to my home in California: Now, to set the scene, I'm on auto-pilot (no pun intended) as I travel. I... Continue Reading → | |||
|
2020-01-30 12:00:17 | No, I was not on this ship last week (lien direct) | Authors: Steve Santorelli, Director of Outreach and Chris Wheatley, Regional Sales Manager Last week the 666 foot long Silja Serenade sailed from Helsinki in Finland to Stockholm in Sweden. Then it turned back, lurched around a little, and 200 InfoSec folks disembarked — cold, slightly frayed around the edges, infinitely more connected… and in need... Continue Reading → | |||
|
2020-01-15 23:15:25 | Iran and Not Iran: What Our Threat Monitoring Indicates (lien direct) | Author: Rabbi Rob Thomas, CEO Greetings, network defenders!We now have a moment to assess the cyber actions in the wake of events in and around Iran. There was concern that the Iranian regime would respond with widespread cyber attacks. “Be vigilant,” some said. But vigilance is a state, not a plan. It is wise to... Continue Reading → | Threat | ||
|
2020-01-06 18:46:11 | Welcome to 2020, network defenders! (lien direct) | With the arrival of the new year comes the inevitable surfeit of predictions for 2020. As noted in many journals and articles, we humans are notoriously poor at making accurate predictions. The nature of complex systems coupled with our tendency to break problems into component parts makes it all but inevitable that most of our... Continue Reading → | |||
|
2019-09-13 00:55:05 | Underground Economy Recap (lien direct) | 452 delegates, 69 countries, 33 case studies, 17 workshops, 13 lightning talks, 2 evening receptions, 1 panel discussion, and countless memories and networking opportunities! Another successful Underground Economy conference! | |||
|
2019-09-10 17:27:02 | May 6 – 7: RISE Colombia (lien direct) | Team Cymru is pleased to announce RISE Colombia! Come see us there! We will be in Colombia from May 6 – 7. We are happy to be working with our partners from LACNIC to host this event alongside LACNIC33! For more information and to register for this event, please register here. Don’t know the password?... Continue Reading → | |||
|
2019-09-10 17:23:00 | January 13 – 15: RISE Finland (lien direct) | Team Cymru is pleased to announce RISE Finland! Come see us there! This event runs from January 13 – 15, 2019. We are happy to be coming back to the beauty of Finland and the Baltic Sea a second time! For more information and to register for this event, please register here. Don’t know the... Continue Reading → | |||
|
2019-09-10 17:00:01 | December 2 – 4: RISE USA (lien direct) | Team Cymru is pleased to announce RISE USA! Come see us there! This event is slated to take place December 2 – 4, 2019, in beautiful Lake Mary, Florida, where Team Cymru has our global Headquarters. We are happy to invite you to our backyard! For more information and to register for this event, please... Continue Reading → | |||
|
2019-09-10 07:15:00 | October 2 – 4, 2019: Virus Bulletin Conference (lien direct) | Team Cymru’s James Shank will be in London, UK, October 2 – 4, 2019 at the Virus Bulletin Conference! Please look for him there, he would be happy to meet you. If you would prefer to plan your time with him, please request a time to meet him. | |||
|
2019-09-05 21:20:08 | (Déjà vu) Hurricane Dorian, The Bahamas, and BGP (lien direct) | With Hurricane Dorian in the news and on our minds, we took a look at what BGP says about the impact to The Bahamas. | |||
|
2019-09-05 21:20:00 | Hurricane Dorian, the Bahamas, and BGP (lien direct) | With Hurricane Dorian in the news and on our minds, we took a look at what BGP says about the impact to The Bahamas. | |||
|
2019-09-03 13:24:01 | RISE Events Announcement (lien direct) | Team Cymru is pleased to announce three upcoming RISE Events for December and into 2020. Our Regional Internet Security Events are coming to a location near you! | |||
|
2019-08-22 22:21:01 | Webmin Vulnerability and Port Scanning Activity (lien direct) | The Webmin website states, “Webmin is a web-based interface for system administration for Unix.” Many Hosting providers offer Webmin administration with their Virtual Private Servers. Recently, a presentation revealed backdoor code injected into the source for Webmin. According to a Hacker News story published August 20: “The story started when Turkish researcher Özkan Mustafa Akkuş... Continue Reading → | Vulnerability | ||
|
2019-08-14 14:03:00 | Top 10 TCP Ports for Border Policy Review (lien direct) | Information Security guidance sometimes strikes practitioners as impractical. Many of us have more on our ‘to do’ list than we ever will complete. With that in mind, we put together our list of the Top 10 TCP Ports for Border Policy Review. Here, we use global counts of open ports and known security impacts to... Continue Reading → | |||
|
2019-07-31 17:20:03 | Coping with Scanners (lien direct) | It can be argued that there is no unwanted traffic on the Internet; even scans and DDoS are wanted, usually outbound, by the miscreants running them. However there is a lot of Internet traffic we good folks don’t want, either because it consumes our links, or it shows up in query results and clouds our... Continue Reading → | |||
|
2019-07-25 20:20:00 | We\'ve Moved to .com! (lien direct) | Our Blog decided to catch up with the rest of our naming standards, and move to .com. Please see us at https://blog.team-cymru.com! | |||
|
2019-07-25 13:48:01 | Unmasking AVE_MARIA (lien direct) | Key Findings AVE_MARIA is a Remote Administration Tool (RAT) offering marketed as WARZONE RAT on hacker forums and on the Web WARZONE RAT is only available as a one- or three-month subscription The same persona selling WARZONE RAT also promotes a free dynamic DNS service, warzonedns[.]com Introduction Several public reports[1][2] of a malware family often referred to as AVE_MARIA were made in January 2019. Yoroi, an Internet research company, says the malware sample analyzed for their report[2] contains “AVE_MARIA”, and uses that string as a “hello message” for the malware controller. Also, in a Twitter thread[3] about similar malware, a […] | Malware Tool | ||
|
2019-07-23 20:42:01 | (Déjà vu) August 5 – 8, 2019: BlackHat USA (lien direct) | Team Cymru is coming to BlackHat 2019! Come meet Jeff Vosburg, David Monnier, Steve Santorelli, Jim Skidmore, Courtney Auchter, Scott Fisher, and Tiffany Ostrowski. Stop by our hospitality suite at MGM to find out what we have been up to lately and see a demo of our flagship product offering: Augury. We’ll be happy to... Continue Reading → | |||
|
2019-07-23 20:42:01 | Heading to BlackHat USA? Let\'s talk! (lien direct) | Team Cymru is coming to BlackHat 2019! Come meet Jeff Vosburg, David Monnier, Jim Skidmore, Steve Santorelli, Courtney Auchter, Scott Fisher, and Tiffany Ostrowski. Stop by our hospitality suite at MGM to find out what we have been up to lately and see a demo of our flagship product offering: Augury. We’ll be happy to discuss any of our commercial or community services with you. Team Cymru offers commercial services that help YOU combat modern day threats. We take the mystery, the luck, out of Information Security. SOCs, NOCs, and MSSPs worldwide streamline their operations by using our tools. Forensic […] | |||
|
2019-07-11 13:49:01 | Coming Soon! (lien direct) | We are working on starting a blog. We will have more to say here soon, stay tuned! | |||
|
2017-09-15 00:59:31 | Team Cymru Hackbook (lien direct) | Team Cymru is proud to announce our latest community service tool, Team Cymru Hackbook, https://hackbook.team-cymru.org. This service allows users to gain insight on malicious activity statistics per country and compare individual ranking with neighboring countries. The malicious activity ranking is based on IP addresses that have been part of a botnet, detected as trying to bruteforce a site, seen as an abused proxy or might even have popped up as probing one of our darknet experiments. The numbers are based on what we see, other folks see a slightly different perspective of malicious activity on the Internet. However, the general […] | |||
|
2016-05-02 16:14:36 | GOZNYM MALWARE (lien direct) | ARTICLE OVERVIEW Antivirus software detects GozNym hybrid as Nymaim variant GozNym samples resolve domains, do not connect to IPs returned. Separate IP used for HTTP comms. C2 channel for GozNym appears to be HTTP POST requests, in line with Nymaim-based origins Recent active related C2s at 194.149.138.49, 54.186.122.88, 82.13.46.90, 168.235.72.204 and domain ytugctbfm[.]com used IP85.171.195.89 likely C2 for late March/early April 2016 campaign Late March/early April 2016 campaign appears to primarily target US, AT, DE Campaigns are time-limited and samples will not run if system clock is outside a pre-set date range Recent reports have indicated the emergence of a […] | |||
|
2016-04-26 19:21:06 | A Look Inside Cerber Ransomware (lien direct) | The “Cerber” family of ransomware first appeared in open source reporting in March 2016, with victims readily identified by the “.cerber” extension left on encrypted files. Unlike many other ransomware variants, Cerber is designed to encrypt a victim's file system immediately, without receiving “confirmation” or instructions from a command and control (C2) node. After this malicious encryption is complete, HTML and text files are opened on the infected machine, reporting that files have been encrypted and directing the victim to install Tor and to visit the payment page. Currently, the payment site is hosted on a Tor hidden service and […] | |||
|
2016-04-14 13:20:54 | East European Criminal Fastflux Infrastructure (lien direct) | Fast flux networks allow miscreants to make their network more resistant against takedowns. By updating and changing the A records of a domain rapidly, there is a constant changing list of IPs hosting the domain involved, making it harder to shutdown. The carding site at csh0p[.]cc is hosted on a fast flux network. The servers are largely located in the Ukraine and Russia. Analysis of IPs used by this fastflux networks showed that they were also used by a Teslacrypt ransomware payment site and a TreasureHunter POS controller (friltopyes[.]com) in March 2016. Figure 1 – Main location of fastflux IPs In late February this […] | Tesla | ||
|
2016-04-06 14:46:15 | What’s on your mind? Take our Dragon News survey (lien direct) | Let’s face it, there are a lot of security blogs out there. We know you’re interested in current malware families like Poseidon, Incident Response and our malware analysis database TotalHash, (not to mention the latest cyber security threats) but we’d like to know more about you so that we can make Dragon News better. Our survey has six questions and takes most people three minutes to complete. So no big deal. Of course, if you want to chat one-on-one with us, our Outreach or Sales teams are always here to lend a hand. Thank you for your ongoing support! | |||
|
2016-04-06 13:52:36 | Former Scotland Yard detective discusses cybercrime and threat intelligence (CSO Online) (lien direct) | Our very own, Steve Santorelli was interviewed on the CSO Online blog. In the quote below he discusses how Team Cymru came to be. We were founded over a decade ago by four geeks who became obsessed with understanding the motivations behind the early denial of service and malware attacks. What makes us unique is that, from the very early days, we have been entirely mission focused as opposed to profit centered. Our motive has always been to ‘save and improve human lives’ and we really cleave to that in everything we do. We have the support we need to […] | |||
|
2016-03-31 17:17:04 | Defying the Madness: DDoS Bot Evaluation (Recorded Future Blog) (lien direct) | Interested in our Threat Intelligence malware data feed? Levi Gundert at Recorded Future gives a great mention: Team Cymru's malware intelligence platform identified two additional samples from 2016 with two of the same AV verdicts respectively — wi32.hllw.autoruner2.22958 and deepscan:generic.malware.fp!dldpk!.68e4aeff. The associated metadata from Team Cymru's runtime analysis is included below in the IOC section. Read full article here Photo Credit, “Operator?” by Melanie Tata, used under Creative Commons license 2.0 | |||
|
2016-03-08 15:01:05 | DiamondFox, Nivdort, ProxyBack malware families added to Botnet Analysis and Reporting Service (BARS) (lien direct) | Two weeks ago, the DiamondFox, Nivdort, ProxyBack malware families were added into Team Cymru's Botnet Analysis & Reporting Service (BARS). What is ProxyBack? ProxyBack is malware that turns infected computers into a network of proxy computers, which are then leased out to other people. Once infected, the computer establishes an outbound connection to a controller, which registers it as part of the proxy network. The infected computer maintains an open connection to the proxy controller, which provides it with the connections in which it is to proxy. This allows the proxy to function even when behind a NAT. What is […] | |||
|
2016-02-18 15:52:38 | A Letter to the Insiders – Think Twice (lien direct) | Insider threats come in many forms, from the unwitting to the negligent, and even the downright malicious. For those who may be unwillingly co-opted into cybercrime, either by subterfuge or coercion, we can provide education, technical measures, policies and processes that limit the risk. But what can be done about the second group? Guardians of data who willfully steal or damage the information with which they have been entrusted. Appropriate screening procedures and interviews can help an organization weed out applicants at risk of becoming an insider threat (appropriate is the key word here; if in doubt, seek specific Human […] | |||
|
2016-02-05 20:01:35 | “The Dark Net\'s Fraud as a Service (FaaS)” (lien direct) | Steve Santorelli, former Scotland Yard cybercrime detective, now director of analysis and outreach at Team Cymru, sums it up nicely in csoonline.com: Couple our industries traditional propensity to hide incidents wherever possible, for fear of bad publicity, with the relatively recent trend towards mandatory breach reporting in several of these key areas, and you have a group of victims that are reeling from the impact. The offenders here are really thriving and we're helping them with our antiquated systems that will take aeons to evolve. Read the full article here. Photo Credit, 'cybercrime' by Richard Patterson www.comparitech.com, used under Creative […] | |||
|
2016-02-03 14:11:20 | Keybase malware family added to Team Cymru Botnet Analysis and Reporting Service (BARS) (lien direct) | Last Friday, the Keybase malware family went into Team Cymru's Botnet Analysis & Reporting Service (BARS). KeyBase is a multipurpose bot that is used to load additional malware, log keystrokes, steal saved passwords, steal clipboard contents, and take screen captures of the infected computer and upload them to the controller. We have observed Keybase being promoted in hacker forums, and reportedly is available for purchase for as little as $50.00USD. It does not contain any method of spreading itself; it has often been seen sent as .zip attachments in email phishing campaigns. The image above provided by our Threat Intelligence […] | |||
|
2016-01-26 18:23:03 | BGP Route Hijacking – An Overview (lien direct) | BGP is the mechanism by which autonomous networks exchange “reachability” information between each other. A network with an assigned or allocated prefix of addresses “advertises” the block of addresses to a neighboring BGP speaking router, this is known as BGP peering. There is little hiding what BGP peering networks announce between each other. When two networks are reasonably small, and their assigned prefixes are limited and well known, enforcement of announcements (or at least observation of changes) can be managed by a capable peer. A BGP route hijack typically occurs when one network falsely advertises reachability for a set of […] |
To see everything:
Our RSS (filtrered)
