New Malware Campaign – ‘Dyre’ Banking Trojan

In recent days OxCERT have witnessed a sharp rise in the incidence of emails associated with the ‘Dyre’ banking malware family. This strain of malware concerns itself with the theft of financial data including credit card details, logins to payment … Continue reading

Posted in Current Threats, Email | 1 Comment

How To Train Your POODLE part II – Servers and Infrastructure

In our previous blog post, we gave a quick overview of the ‘POODLE’ SSLv3.0 vulnerability, followed by tips for mitigating the risks on client applications. In this post, we will focus our attention on server side strategies. For servers using … Continue reading

Posted in Current Threats, General Security, Microsoft, Web Security | Comments Off on How To Train Your POODLE part II – Servers and Infrastructure

How To Train Your POODLE part I – Clients

As you may be aware, a serious vulnerability dubbed ‘POODLE’ has been discovered in SSL version 3.0. A successful POODLE attack could allow a malicious person (with network access) to decrypt an SSLv3.0 connection. What does that actually mean? Well, … Continue reading

Posted in Apple, Current Threats, Google, Microsoft | Comments Off on How To Train Your POODLE part I – Clients

Sandworm 0-Day Exploit

Information has been circulating online regarding Sandworm, a vulnerability affecting Microsoft Windows versions from Vista SP2 onward, and Windows Server 2008 onward. Despite the name, the Sandworm bug is not known to be exploited by self-propagating malware. Instead, attack code … Continue reading

Posted in Current Threats, Microsoft | Comments Off on Sandworm 0-Day Exploit

Fraudulent VC Emails Targeting Finance Departments

We’ve been made aware of a couple of University finance departments having received fraudulent email requests.   The requests advise that the vice-chancellor required assistance with a money transfer or purportedly from the vice-chancellor at their institution asking for assistance with … Continue reading

Posted in Current Threats, Information Security | Comments Off on Fraudulent VC Emails Targeting Finance Departments