In this blog CERT.at's employees can post research and thoughts. This is done with least possible oversight, so opinions in blogposts are not necessary opinions of CERT.at
Alternatively you can receive CERT.at's blog as a feed.
tag2domain - a system for labeling DNS domains
tag2domain is a sub-project within the CEF-TC-2018-3 project of nic.at GmbH / CERT.at. It lays down the fundamental groundwork for doing proper statistics on IT security incidents for domain names (i.e. "how to label and count correctly in a future-proof way").
Tools for processing Certificate Transparency Log data of "certspotter" published
The Austrian Energy CERT and GovCERT Austria monitor the Certificate Transparency Logs ("CTL") for their constituents' domains to quickly detect and respond to any problems.
IntelMQ Releases 2.1.3 and 2.2.0
On 26th of May we released the IntelMQ Maintenance Version 2.1.3 and on 18th June the Feature Release 2.2.0. Both versions include various changes, both error corrections and new functionality. We thank all contributors and members of the IntelMQ community for their participation in this community project.
IntelMQ Manager release 2.1.1 fixes critical security issue
The IntelMQ Manager version 2.1.1 released yesterday fixes a Remote Code Execution flaw (CWE-78: 'OS Command Injection'). The documentation for version 2.1.1 and installation instructions can be found on our GitHub repository.
IntelMQ Version 2.1.2 released
On 28th January, we released the IntelMQ maintenance version 2.1.2 containing only bugfixes for the 2.1.x release series. The documentation for version 2.1.2 and installation instructions can be found on our github repository.
The upcoming version 2.2.0 - and current development version - will have several new features to offer.
TRANSITS II in Utrecht
Dimitri Robl from CERT.at attended the TRANSITS II Training in Utrecht from 21. - 23. of January 2020. It was a lot of fun :)
Sextortion Spam Scientifically Scrutinized
Sextortion scams are one of the big newcomers in Internet fraud of the last year. In these campaigns spammers send e-mails which claim that they have hacked into the victim's computer and used its webcam to film the victim masturbating while surfing adult websites.
Topinambour & Windows event logs
* Block outgoing SMB traffic if you can.
* Hunt or Monitor for event ID 106 in "Microsoft-Windows-TaskScheduler%4Operational.evtx". ...