OpenSSL ‘heartbleed’ bug live blog

A bug has been identified in OpenSSL, all details can be found at heartbleed.com. The bug has been assigned CVE-2014-0160. OpenSSL versions 1.0.1 – 1.0.1f are vulnerable. We advise to upgrade OpenSSL to version 1.0.1g or higher Test if you are vulnerable You can test if you are vulnerable by requesting a heartbeat response with … Continue reading OpenSSL ‘heartbleed’ bug live blog →

Analysis of the KINS malware

The malware family KINS, thought to be new by researchers, has been used in private since at least December 2011 to attack financial institutions in Europe, specifically Germany and The Netherlands. It is fully based on the leaked ZeuS source code, with some minor additions. While the technical additions are interesting, they are far from … Continue reading Analysis of the KINS malware →

Seen in the wild: Updated Exploit Kits

In early March, after one of our network sensors flagged an incident at one of our customers, we noticed some traffic going to a rather suspicious .biz domain. When looking into the details of this domain, we found it to be registered to a guy named "Lukas Vask". When doing a reverse whois on just the … Continue reading Seen in the wild: Updated Exploit Kits →

Oracle getting serious about Java

Recently, Oracle released new a version of Java with a difference. Java/1.7.0_13 is the latest version. Its increased the default security from ‘Medium’ to ‘High’, which restricts execution of unsigned applets. It also introduced a new warning to people executing Java code which checks if Java is using the latest version. You might notice the … Continue reading Oracle getting serious about Java →

Demystifying Pobelka

A technical intelligence report on the Pobelka botnet operation. January 11, 2013 This technical report describes the Pobelka botnet and puts it in the context of global malware operations. Fox-IT’s InTELL unit provides reports like this on a continuous basis to customers in the financial sector so they know who’s targeting their online banking systems … Continue reading Demystifying Pobelka →