SPECIAL STATE PROTECTION SERVICE
SPECIAL COMMUNICATION AND INFORMATION
SECURITY STATE AGENCY

COMPUTER EMERGENCY
RESPONSE CENTER

AZ EN
Report Incident

NEWS

CyberSecurity Malaysia sounds 'trust and transparency' note at OIC-CERT AGM

CyberSecurity Malaysia sounds 'trust and transparency' note at OIC-CERT AGM
Hacker Mindset: SANS NetWars & Tools of the Trade

Hacker Mindset: SANS NetWars & Tools of the Trade
BSidesLV 2016: Mobile App Attack

BSidesLV 2016: Mobile App Attack
Social Media, Security and the Family

Social Media, Security and the Family
title Password Generator
title Secure password
title My IP address
title Infected IP
title Malware Lab
title CVSS

ARTICLES

D-Link Bug Could Affect Over 400,000 IoT Devices

D-Link Bug Could Affect Over 400,000 IoT Devices
Adwind RAT Resurfaces—with a Zero Detection Rate

Adwind RAT Resurfaces—with a Zero Detection Rate
CryptoDrop Tool Spots and Stops Ransomware in its Tracks

CryptoDrop Tool Spots and Stops Ransomware in its Tracks
Trojan Delilah Recruits Malicious Insiders Via Extortion

Trojan Delilah Recruits Malicious Insiders Via Extortion

  • Hacker Mindset: SANS NetWars & Tools of the Trade

    In my ongoing blog series “Hacker Mindset,” I’ll explore an attacker’s assumptions, methods and theory, including how information security professionals can apply this knowledge to increase cyber-vigilance on the systems and networks they steward.

    Hacker Mindset: SANS NetWars & Tools of the Trade

  • Social Media, Security and the Family

    Sometimes we get so focused on protecting our IT infrastructures, we forget that our families are just as susceptible.

    Social Media, Security and the Family

  • QUADROOTER: NEW ANDROID VULNERABILITIES IN OVER 900 MILLION DEVICES

    Check Point today disclosed details about a set of four vulnerabilities affecting 900 million Android smartphones and tablets that use Qualcomm® chipsets. The Check Point mobile threat research team, which calls the set of vulnerabilities QuadRooter, presented its findings in a session at DEF CON 24 in Las Vegas.

    QUADROOTER: NEW ANDROID VULNERABILITIES IN OVER 900 MILLION DEVICES

  • BACKDOOR.REMVIO: HIGHLY CUSTOMIZABLE REMOTE ACCESS TROJAN SOLD ONLINE

    The new Trojan can be used to steal information and passwords from compromised computers.

    BACKDOOR.REMVIO: HIGHLY CUSTOMIZABLE REMOTE ACCESS TROJAN SOLD ONLINE

BUGTRACK

BMW web portal vulns pose car hack risk – researchers

Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns.

Food chain Wendy's hit by massive hack

Popular US food chain Wendy's has been hit by a massive cyber attack, the company has confirmed.

Facebook Messenger is getting end-to-end encryption

SOCIAL NETWORK Facebook, a firm not usually commended for its privacy-aware efforts, has revealed that it's started to test end-to-end encryption on the Messenger service.

Malaysia-based credit card fraud ring broken, 105 arrested

A total of 105 credit card fraud suspects have been arrested in Asia and Europe following a complex months-long investigation across two continents.

Symantec admits it won't patch 'catastrophic' security flaws until mid-July

SECURITY OUTFIT Symantec has warned customers that security flaws in the firm's systems outed by Google's Project Zero last month won't be fixed until mid-July.

Palo Alto offers $16,000 in looming CTF hack off

In eight days, Palo Alto is launching a capture the flag competition offering a total of US$16000 (£12340, A$21,245) for the first to complete the six trials.

JS/TrojanDownloader.FakejQuery
----

JS/TrojanDownloader.FakejQuery.A is a trojan that redirects the browser to a specific URL location with malicious software.

Win32/Filecoder.CryptProjectXXX
----

Win32/Filecoder.CryptProjectXXX.E is a trojan that encrypts files on fixed, removable and network drives.

MSIL/Agent.OJF
----

MSIL/Agent.OJF is a trojan that redirects results of online search engines to specific web sites.

Win32/Spy.Banker
----

Win32/Spy.Banker.ACJB is a trojan that steals sensitive information.

CVE

CVE-2017-9303: Laravel 5.4.x before 5.4.22 does not properly constrain the host portion of a password-reset URL, which makes it easier for remote attackers to conduct phishing attacks by specifying an attacker-controlled host.

CVE-2017-9302: RealPlayer 16.0.2.32 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted mp4 file.

CVE-2017-9301: plugins\audio_filter\libmpgatofixed32_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (invalid read and application crash) or possibly have unspecified other impact via a crafted file.

CVE-2017-9300: plugins\codec\libflac_plugin.dll in VideoLAN VLC media player 2.2.4 allows remote attackers to cause a denial of service (heap corruption and application crash) or possibly have unspecified other impact via a crafted FLAC file.