Detecting Encrypted Malware Traffic (Without Decryption)
By Blake Anderson Introduction Over the past 2 years, we have been systematically collecting and analyzing malware-generated packet captures. During this time, we have observed a steady increase in the percentage of malware samples using TLS-based encryption to evade detection. In August 2015, 2.21% of the malware samples used TLS, increasing to 21.44% in May […]
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
By Talos Group These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Overview MatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit (SDK) that is geared towards application in Internet of Things (IOT) devices and other embedded systems. It features low resource overhead and supports many different embedded platforms. […]
Vulnerability Spotlight: Multiple Vulnerabilities in InsideSecure MatrixSSL
By Talos Group These vulnerabilities were discovered by Aleksandar Nikolic of Cisco Talos Overview MatrixSSL is a TLS/SSL stack offered in the form of a Software Development Kit (SDK) that is geared towards application in Internet of Things (IOT) devices and other embedded systems. It features low resource overhead and supports many different embedded platforms. […]
What is the Body Language of Your Encrypted Network Traffic Really Saying?
By TK Keanini Imagine this scenario – you walk into a meeting room with a colleague and they are sitting at the table with their arms crossed. You immediately think to yourself, this meeting is not going to go well, this person is already displeased with me and I have not said anything yet. However, […]
What is the Body Language of Your Encrypted Network Traffic Really Saying?
By TK Keanini Imagine this scenario – you walk into a meeting room with a colleague and they are sitting at the table with their arms crossed. You immediately think to yourself, this meeting is not going to go well, this person is already displeased with me and I have not said anything yet. However, […]
Cyber, APT und was Geheimdienste damit zu tun haben
Als Überraschungsredner der diesjährigen 10. Troopers Security Konferenz war der bekannte Hacker „The Grukq“ angereist. Er beleuchtet die Bedrohungen im Rahmen von Wirtschaftsspionage, die mit Hilfe internationaler Geheimdienste durchgeführt wird. Insbesondere vergleicht er das sehr unterschiedliche Vorgehen der Dienste in den USA, China und Russland. Was dabei herausgestellt werden kann ist, dass Unternehmen nicht aufgrund purer […]
Player 1 Limps Back Into the Ring – Hello again, Locky!
By Talos Group This post was authored by Alex Chiu, Warren Mercer, and Jaeson Schultz. Sean Baird and Matthew Molyett contributed to this post. Back in May, the Necurs spam botnet jettisoned Locky ransomware in favor of the new Jaff ransomware variant. However, earlier this month Kaspersky discovered a vulnerability within Jaff which allowed them […]