Starting on Wed, 31 July 2013, 18:54:50 Fox-IT's monitoring system detected a redirect occurring on telegraaf.nl. It was another case of advertisement provider abuse. One of the advertisement providers loaded ads from an outside resource which returned an exploit kit named "FlimKit" exploit kit. After first being removed from telegraaf.nl a second exploit kit redirect … Continue reading Analysis of malicious advertisements on telegraaf.nl
Category: Blog
Geïnfecteerde advertenties op nu.nl
Fox-IT houdt voor haar klanten de netwerkbeveiliging in de gaten. Hierbij zijn op 5 juni tussen 10:42 en 15:34 besmettingen geconstateerd van klanten die nu.nl bezochten. Er zijn waarschijnlijk meer Nederlanders besmet na een bezoek aan nu.nl. De infectie werd verspreid via advertenties. De oorzaak is een advertentieserver die op nu.nl adverteerde. De software om … Continue reading Geïnfecteerde advertenties op nu.nl
Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS
Summary Paul Pols of Fox-IT's penetration testing team discovered a critical vulnerability in version 5.3 of the "Keeper® Password & Data Vault" app for iPhones, iPods touch and iPads. An update was released today that is said to resolve the issues that we identified. We urge all users of this application to install this update … Continue reading Security advisory: Unencrypted storage of confidential information in Keeper® Password & Data Vault v5.3 for iOS
Seen in the wild: Updated Exploit Kits
In early March, after one of our network sensors flagged an incident at one of our customers, we noticed some traffic going to a rather suspicious .biz domain. When looking into the details of this domain, we found it to be registered to a guy named "Lukas Vask". When doing a reverse whois on just the … Continue reading Seen in the wild: Updated Exploit Kits
Writeup on nbc.com distributing Citadel malware
Every now and then, an incident occurs in the SOC (Security Operation Center) that really captures everyone involved's imagination. NBC's websites getting hacked, is just one case, in point. At 16:43 CET, this afternoon we noticed that the NBC.com website links to the redkit exploit kit that is spreading Citadel malware, targeting US financials institutions. This version of … Continue reading Writeup on nbc.com distributing Citadel malware
Oracle getting serious about Java
Recently, Oracle released new a version of Java with a difference. Java/1.7.0_13 is the latest version. Its increased the default security from ‘Medium’ to ‘High’, which restricts execution of unsigned applets. It also introduced a new warning to people executing Java code which checks if Java is using the latest version. You might notice the … Continue reading Oracle getting serious about Java
Demystifying Pobelka
A technical intelligence report on the Pobelka botnet operation. January 11, 2013 This technical report describes the Pobelka botnet and puts it in the context of global malware operations. Fox-IT’s InTELL unit provides reports like this on a continuous basis to customers in the financial sector so they know who’s targeting their online banking systems … Continue reading Demystifying Pobelka
Cyber Security in Nederland op de agenda!
Volgende week, op 6 december, gaat de vaste Kamercommissie voor Veiligheid en Justitie weer vergaderen over de voortgang van onze nationale Cyber Security strategie. Op de agenda staan 8 onderwerpen die in 3 uur behandeld moeten worden. Dat is weinig tijd voor stuk voor stuk belangrijke onderwerpen. Om de discussies efficiënt te laten lopen, leek … Continue reading Cyber Security in Nederland op de agenda!
Fox-IT discovers security bugs in Oracle Software
In its latest quarterly Critical Patch Update, Oracle has acknowledged and repaired two security bugs identified by Sjoerd Resink, Senior IT Security Expert at Fox-IT. The bugs were discovered during one of Fox-IT's penetration testing assignments in version 10.1.4.3 of Oracle Application Server's Single Sign-On component. The first security issue, numbered CVE-2012-3175 by the Common … Continue reading Fox-IT discovers security bugs in Oracle Software
Mogen we terugslaan?
Nederlandse overheid komt met cyberwetgeving Terughacken als wapen tegen cybercrime kan niet zonder wettelijke basis. Het werkt wel, mits met de juiste voorwaarden omkleed en alleen als uiterst middel gebruikt, om burgers tegen cybercriminelen te beschermen. Nu is hét moment voor de politiek om problemen en oplossingen in cyberspace in kaart te brengen en zich … Continue reading Mogen we terugslaan?
Fox-IT International blog 