CryptoLocker ransomware intelligence report

In the beginning of September 2013, the CryptoLocker malware variant appeared in the wild, spread exclusively by the infamous P2P ZeuS (aka Gameover ZeuS) malware. CryptoLocker had a simple purpose: to act as ransomware, encrypting important files such as images and documents, and then asking the victim for money to unlock the files. Image source: … Continue reading CryptoLocker ransomware intelligence report

OpenSSL ‘heartbleed’ bug live blog

A bug has been identified in OpenSSL, all details can be found at The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher Test if you are vulnerable You can test if you are vulnerable by requesting a heartbeat response with … Continue reading OpenSSL ‘heartbleed’ bug live blog

Building Bowser – A password cracking story

At Fox-IT we perform a lot of penetration tests. Invariably we encounter hashed versions of passwords that need to be tested for strength. We suspected that with a relatively small investment most passwords could be cracked, regardless of their complexity. It turns out this is true for any password of 8 characters or less.  This … Continue reading Building Bowser – A password cracking story

Malicious advertisements served via Yahoo

Detection of the infection Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited Infection Clients visiting received advertisements served by Some of the advertisements are malicious. Those … Continue reading Malicious advertisements served via Yahoo

Analysis of malicious advertisements on

Starting on Wed, 31 July 2013, 18:54:50 Fox-IT's monitoring system detected a redirect occurring on It was another case of advertisement provider abuse. One of the advertisement providers loaded ads from an outside resource which returned an exploit kit named "FlimKit" exploit kit. After first being removed from a second exploit kit redirect … Continue reading Analysis of malicious advertisements on

Geïnfecteerde advertenties op

Fox-IT houdt voor haar klanten de netwerkbeveiliging in de gaten. Hierbij zijn op 5 juni tussen 10:42 en 15:34 besmettingen geconstateerd van klanten die bezochten. Er zijn waarschijnlijk meer Nederlanders besmet na een bezoek aan De infectie werd verspreid via advertenties. De oorzaak is een advertentieserver die op adverteerde. De software om … Continue reading Geïnfecteerde advertenties op

Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS

Summary Paul Pols of Fox-IT's penetration testing team discovered a critical vulnerability in version 5.3 of the "Keeper® Password & Data Vault" app for iPhones, iPods touch and iPads. An update was released today that is said to resolve the issues that we identified. We urge all users of this application to install this update … Continue reading Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS