OpenSSL ‘heartbleed’ bug live blog

A bug has been identified in OpenSSL, all details can be found at heartbleed.com. The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher Test if you are vulnerable You can test if you are vulnerable by requesting a heartbeat response with … Continue reading OpenSSL ‘heartbleed’ bug live blog →

Building Bowser – A password cracking story

At Fox-IT we perform a lot of penetration tests. Invariably we encounter hashed versions of passwords that need to be tested for strength. We suspected that with a relatively small investment most passwords could be cracked, regardless of their complexity. It turns out this is true for any password of 8 characters or less. This … Continue reading Building Bowser – A password cracking story →

Tilon/SpyEye2 intelligence report

Tilon, son of Silon, or… SpyEye2 evolution of SpyEye? The malware family commonly known as Tilon has been around for several years now. While several public analysis reports have described the malware; no one has thus far linked it with the well-known SpyEye malware family. In light of the recent news of the guilty plea … Continue reading Tilon/SpyEye2 intelligence report →

Malicious advertisements served via Yahoo

Detection of the infection Fox-IT operates the shared Security Operations Center service ProtACT. This service monitors the networks of our clients for malicious activity. On January 3 we detected and investigated the infection of clients after they visited yahoo.com. Infection Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious. Those … Continue reading Malicious advertisements served via Yahoo →

Analysis of malicious advertisements on telegraaf.nl

Starting on Wed, 31 July 2013, 18:54:50 Fox-IT's monitoring system detected a redirect occurring on telegraaf.nl. It was another case of advertisement provider abuse. One of the advertisement providers loaded ads from an outside resource which returned an exploit kit named "FlimKit" exploit kit. After first being removed from telegraaf.nl a second exploit kit redirect … Continue reading Analysis of malicious advertisements on telegraaf.nl →

Analysis of the KINS malware

The malware family KINS, thought to be new by researchers, has been used in private since at least December 2011 to attack financial institutions in Europe, specifically Germany and The Netherlands. It is fully based on the leaked ZeuS source code, with some minor additions. While the technical additions are interesting, they are far from … Continue reading Analysis of the KINS malware →

Geïnfecteerde advertenties op nu.nl

Fox-IT houdt voor haar klanten de netwerkbeveiliging in de gaten. Hierbij zijn op 5 juni tussen 10:42 en 15:34 besmettingen geconstateerd van klanten die nu.nl bezochten. Er zijn waarschijnlijk meer Nederlanders besmet na een bezoek aan nu.nl. De infectie werd verspreid via advertenties. De oorzaak is een advertentieserver die op nu.nl adverteerde. De software om … Continue reading Geïnfecteerde advertenties op nu.nl →

Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS

Summary Paul Pols of Fox-IT's penetration testing team discovered a critical vulnerability in version 5.3 of the "Keeper® Password & Data Vault" app for iPhones, iPods touch and iPads. An update was released today that is said to resolve the issues that we identified. We urge all users of this application to install this update … Continue reading Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS →

Demystifying Pobelka

A technical intelligence report on the Pobelka botnet operation. January 11, 2013 This technical report describes the Pobelka botnet and puts it in the context of global malware operations. Fox-IT’s InTELL unit provides reports like this on a continuous basis to customers in the financial sector so they know who’s targeting their online banking systems … Continue reading Demystifying Pobelka →

Fox-IT discovers security bugs in Oracle Software

In its latest quarterly Critical Patch Update, Oracle has acknowledged and repaired two security bugs identified by Sjoerd Resink, Senior IT Security Expert at Fox-IT. The bugs were discovered during one of Fox-IT's penetration testing assignments in version 10.1.4.3 of Oracle Application Server's Single Sign-On component. The first security issue, numbered CVE-2012-3175 by the Common … Continue reading Fox-IT discovers security bugs in Oracle Software →