antivirus

WannaCry Ransomware – Executive summary

If you want news from the IT Security industry, please check IT Security News here: http://www.itsecuritynews.info/?s=WannaCry This is my summary, inspired from various sources on the web mentioned in the Sources (see at the end).   The ransomware Wannacry has infected systems across the globe and has been the topic of discussion among security professionals for quite some days now. The WannaCry ransomware attack – 5 things you need to know A ransomware attack of “unprecedented level” (Europol) started spreading WannaCry ransomware around the world on Friday, May 12, 2017, around 11 AM ET/3PM GMT. Until now, hundreds of thousands…

Read More

Awesome Malware Analysis – Resources

Source and credit: https://github.com/rshipp/awesome-malware-analysis   I save it here for easier reference. Do note that this list grows a lot !   A curated list of awesome malware analysis tools and resources. Inspired by awesome-python and awesome-php. Awesome Malware Analysis Malware Collection Anonymizers Honeypots Malware Corpora Open Source Threat Intelligence Tools Other Resources Detection and Classification Online Scanners and Sandboxes Domain Analysis Browser Malware Documents and Shellcode File Carving Deobfuscation Debugging and Reverse Engineering Network Memory Forensics Windows Artifacts Storage and Workflow Miscellaneous Resources Books Twitter Other Related Awesome Lists Contributing Thanks Malware Collection Anonymizers Web traffic anonymizers for analysts….


Do you actually need a security product in your car? Part 3 : Intrusion Prevention and Detection Systems

I ended part 2 with the promise that we will discuss about : 2) Intrusion detection and prevention systems (IDS/IPS or IDPS) From Wikipedia: Intrusion prevention systems (IPS), also known as intrusion detection and prevention systems (IDPS), are network security appliances that monitor network and/or system activities for malicious activity. The main functions of intrusion prevention systems are to identify malicious activity, log information about this activity, attempt to block/stop it, and report it. Intrusion prevention systems are considered extensions of intrusion detection systems because they both monitor network traffic and/or system activities for malicious activity. The main differences are,…


Let the competition for “securing the car” begin!

I didn’t actually want to write such a post, but several press releases drew my attention. So, the competition to protect the car has begun. Big players are now on the hunt for customers. But, when you talk to customers like Daimler, VW, BMW, Nissan and others, the discussions  will take a while. I will maintain the list below with technologies I see in categories. Please note that I write here only vendors that actually have a technology that mitigates threats in the cars and not just any vendor that talks generic about IoT or embedded solutions. I also exclude solutions which address…


Do you actually need a security product in your car? Part 1: Prevention, Detection, Remediation

Note: This is going to be a somehow longer article which I will finish in a couple of related posts.   A security product is a program that Prevents that malware enters the system Detects if previously unknown malware is running on the system Remediates the actions of detected malware on the system Note that it is not mentioned *how* PDR gets implemented in practice. There are many ways to implement them and it is out of the scope of this article how this gets realized.   Back to our question: Do you actually need a security product in your car?…


About VirusTotal’s change of heart or…

Virus Total is a multi-engine malware scanner, an aggregator of security solutions. You can upload a file or provider an URL and it will check it with all available engines.  Mostly command line scanner or plain SDKs to use the engine. The AV Industry wants to work with VT because if VT uses an engine, the company behind the engine will get all file and URL reports that they don’t detect but others do.   However, the AV Industry has a couple major issues with Virus Total, which can be summarized in one sentence: they lose business to VT.   There…


More insecure software around car (in)security

As I mentioned already, anything that runs software has to abide to secure coding principles. Cars run more software than many other devices around us. And they run special software… which needs to be taken care of by other special software. And when that software is vulnerable, then you’re in trouble! Now some researchers discovered that by exploiting a zero-day exploit found in car mechanics software used to debug and fix cars sold by the Volkswagen Group. This software is built and sold by third-parties, not Volkswagen. This is not new, I already wrote an article about this: As expected: the USB…


As expected: the USB Stick-like infection from PCs goes to automotive as well!

Just seen this article on Wired Magazine: Car Hack Technique Uses Dealerships to Spread Malware At the Derbycon hacker conference in Louisville, Kentucky last week, security consultant Craig Smith presented a tool designed to find security vulnerabilities in equipment that’s used by mechanics and dealerships to update car software and run vehicle diagnostics, and sold by companies like Snap-On and Bosch. Smith’s invention, built with around $20 of hardware and free software that he’s released on GitHub, is designed to seek out—and hopefully help fix—bugs in those dealership tools that could transform them into a devious method of hacking thousands of…


What is Strategic Product Management and why do we need it in the security industry

“Strategic Product Management” is, first of all, a buzz word. A hype, if you want. But that doesn’t mean that you don’t need it. Most technology companies have a product management department that should act as the “voice of the customer” on one side and translating their finding into requirements on the other side. I won’t go into the debate if this makes sense or not. Read here about Product Manager, Product Marketing Manager and Technical Product Manager. PMs typically generate an extensive roadmap of new products and enhancements which almost always never get implemented. But is product management really being used…


No Picture

How do you react if you receive an email with subject “Your file has been uploaded”?

A spam campaign sending emails from an “Auto ImageService” with the subject “Your file has been uploaded” is making its round on the Internet. The content of the email (see below) is very simple and advertises a link to a photo taken with a digital camera (DCIM stands for Digital Camera IMages) which was allegedly uploaded to some online image service. And now to my question: How do you react if you see such an email in your Inbox ?     I guess, most people would think: “What file? Oh, a photo? Hmm…” And here it goes: – You know…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close