Too many Websites hacked, ransom demanded

Today is a very sunny day, but cloudy online. After the hack of the webpage of the  Ukranian ministry of Energy as shown in figure 1 below. http://www.mev.gov.ua was displaying this ransomware message before, but later the site was taken down now displaying that it is running an Apache HTTP server on a CentOS serverContinue reading “Too many Websites hacked, ransom demanded”

Searching inside a PDF document

I have received a PDF document from a fake Paypal address. The PDF name is Paypal_EmailID_JK… To be sure whether  the document is malicious or not I used the pdfid.py tool as in the screenshot below . It is clear that there are 25 objects and 4 URLs in the document, /JS pointing to 0Continue reading “Searching inside a PDF document”

Cryptominer RubyMiner Targets web servers

According to a Check Point Research finding, a new malware package designed to mine cryptocurrency is attacking web servers in an effort to infect them. The malware uses a variation of an open-source Monero miner (XMRig), possibly because the software required does not require an extremely powerful server to operate. According to the article, theContinue reading “Cryptominer RubyMiner Targets web servers”

A look at Redline from Mandiant

Redline is a nice tool to investigate a particular host for signs of compromises. It works on Windows and is freely available on the FireEye site . At a glance, we have options to collect data from the host or Analyse an existing data collected file. In our case , I am going to create Continue reading “A look at Redline from Mandiant”

WannaCry Malware Take Away

The world has experienced a Cyber Attack according to numerous open-source, classified as a ransomware campaign.It created ten of thousands of infections in Over 150 countries including the United States, United Kingdom,Spain, Russia, Taiwan,France and Japan. The software can run in as many as 27 different languages.The piece of code is affecting only Microsoft WindowsContinue reading “WannaCry Malware Take Away”

Public key infrastructure (PKI)

A Public key infrastructure is a system that incorporates asymmetric encryption and certificate to provide security. There are two principals actors: The client and the certificate authority(CA). The Cryptographic Service Provider (CSP) on the client side generates the key pair. Once the key pair has been generated, the client will keep the private key andContinue reading “Public key infrastructure (PKI)”

Malware Information Sharing Platform-MISP

The Malware Information Sharing Platform is used to store ,share and collaborate on malware across organizations. The Indicators of Compromise (IoC) are used to detect and prevent Cyber attack. The MISP integrates many features :-Efficient Built-in database to store malwares, information on attackers and intelligence -Data are stored and shared in a structured format. -DataContinue reading “Malware Information Sharing Platform-MISP”

A look at Verizon Data breach digest report

Verizon released  its data breach digest report. It is a resume of 500 Cybersecurity investigations  occurring in over 40 countries. All scenarios were drawn from real-world cyberinvestigation.It is a 84 pages document with 18 scenarios divided in 4 groups:  The human element—five scenarios highlighting human threats or targets. Conduit devices—five scenarios covering device misuse or tampering.Continue reading “A look at Verizon Data breach digest report”