MalwareJake

Ramblings about security, rants about insecurity, occasional notes about reverse engineering, and of course, musings about malware. What more could you ask for?

Latest articles

It's 10pm, do you know where your API keys are?

Yesterday, the social media archival service Timehop announced that they had suffered a breach. The service allows users to look back through their social media feeds to see what was happening last year for instance. In order to facilitate this, Timehop stores API keys for users' social media accounts. Timehop did a great job disabling any API keys...

DrupalGeddon 2.1 and the state of vulnerability management

If you’re running Drupal 7.x, 8.4.x, or 8.5.x, a new patch was released Wednesday. The patch was rated Critical with a score of 20/25. The Drupal team notified users two days before the patch was released so they could be ready to patch. The patch went live in the middle of the US workday, meaning that organizations wishing to patch had to take an outage...

New Windows 7 and Server 2008R2 out of band patch

Microsoft usually only issues patches on the second Tuesday of every month (so-called “Patch Tuesday”). However, when there is a vulnerability that is being exploited in the wild (or is likely to be) Microsoft may issue an out of band patch. That’s exactly what happened yesterday. The vulnerability being patched was introduced when Microsoft patched...

Atlanta government was compromised in April 2017 - well before last week's ransomware attack

Last Thursday, the City Of Atlanta suffered outages from a ransomware attack. During the press conference (recorded here), city officials indicated that they were invested in cyber security. They noted that they were working with state and federal law enforcement to resolve the incident and had even been in contact with the Secret Service. Officials...

Countering Russian cyber influence operations

Last Friday in SANS NewsBites, I saw an article talking about how NSA has not taken any action against the reported Russian cyber influence operations in US elections. Many laypeople have commented to me that the US can’t continue to operate in an environment other countries can try to influence our elections. But my follow up question to them is always...

Vulnerability disclosure – did we get it right with Meltdown and Spectre?

Today Rendition Infosec is releasing a blog post that we started writing more than a month ago. Why now? The dust has settled, that’s why. Prior to the dust settling on Meltdown and Spectre, we think this very important conversation would have been lost in the noise. In light of these vulnerabilities, we think it is important to talk about how their...

Top three considerations when limiting local administrator rights

Ideally we would always remove administrator rights from all users. But in the real world, we unfortunately must deal with years of technical debt and poor architecture decisions that make the complete elimination of administrator rights difficult (or financially non-viable) for many organizations. So when faced with the task of prioritizing the removal...

Infosec Advent Challenge #14 - syslog intrusion analysis

We've posted the 14th challenge in the "Infosec Advent" series. This one is a Linux server intrusion case. You get syslog and auth.log. Unfortunately that's all that was being forwarded.We have some Linux syslog and authentication logs download here. Download and analyze the logs for signs of intrusion. Based on the log data, let us know what you think...

Infosec Advent Challenge #13 - web server intrusion analysis

We've posted the 13th challenge in the "Infosec Advent" series. This one is a web server intrusion case where we will ask you to analyze the logs and let us know what you find.We have a set of web server logs that you can download here. Download and analyze the logs for signs of intrusion. Based on only the web log data (yes, we know that makes it harder)...

Introducing Infosec Advent

Rendition Infosec is sponsoring a new contest this holiday season to up your infosec skills and make you think (at least a little) about infosec each day. We're calling the challenge "Infosec Advent" and have set aside $1,000 in prizes to sweeten the pot for those who wish to participate.In all honesty, it would have been way cooler if we could have...

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!