VENOM Vulnerability - Virtualized Environment Neglected Operations Manipulation

VENOM is short for Virtualized Environment Neglected Operations Manipulation and it is a vulnerability in the QEMU’s virtual Floppy Disk Controller (FDC). The vulnerable code is used in numerous virtualization platforms and appliances such as Xen, KVM, and the native QEMU client. 

The vulnerability has been assigned the following CVE (CVE-2015-3456). As far as we know, VMware, Microsoft Hyper-V, and the Bochs hypervisors are not impacted by this. 

The interesting fact about VENOM is that it applies to a wide range of virtualization platforms (using the default configurations) and it allows for arbitrary code execution. Due to the fact that the vulnerability exists in the hypervisor’s codebase, it affects all host and guest Operating Systems. 

However, the vulnerability can be exploited only with escalated privileges (root, administrator). 

{ } YARA - The pattern matching swiss knife for malware researchers

This is a blog post about YARA, the pattern matching tool which allows malware researchers to identify and classify malware samples. It is a very interesting tool and fairly easy to get the hand of it. In a few lines of code you can create descriptions of malware families (or anything else you would like to describe) based on textual or binary patters. 

You can create simple rules or more complex ones, depending on what you trying to do. It supports wild-cards, case-insensitive strings, regular expressions, special operators and has a number of additional features to play with. 

YARA is also multi-platform! It can be run on Windows, Linux and Mac OS X. It can be used through its command-line interface or from your own Python scripts with the yara-python extension.

Download recursively all files from a certain directory listing using wget

This is going to be a quick blog post about wget which I believe it is very interesting for you to know how to do this. From your Linux box you can use wget to recursively download all the files listed in a directory listing. 

If you have seen something similar to Figure 1, then this is what directory listing looks like. If someone wants you to have access to their files on the web server through HTTP then it is a quick and easy way of doing it, but most of the time is a misconfiguration allowing the hosted files to be publicly available to unauthorised users. 

Figure 1 - Directory Listing

Things you should know about the Opera browser (Presto) and its features

For me, the ultimate browser is the Opera Web Browser. I have been using Opera as my default browser under Windows since 2001 (Mozilla under Linux) where I had the luxury of having multiple tabs open while I was enjoying the amazing speed of the fastest browser at the time. Due to the fact most viruses were being written at the time to affect Internet Explorer, Opera was unaffected by malicious scripts and viruses hosted on web servers/portals. Also, one of the most life saving features of Opera was that whatever happened to the OS (the OS used to hang and crash a lot back then) you would never loose your work! All my tabs, with all the things I was reading/researching were kept as they were, no matter what e.g. power failure. 

Many "experts" at the time were claiming that a multi-tab browser is a pointless feature because you are always going to be using one tab in front of you at any time anyway. Today the answer to these people seems obvious, but back then it was a nightmare to convince these "opinionated experts"  that multi-tab browsing is the future. 

Cyber Essentials Scheme explained

Cyber Security is of increasing importance to private companies, SMEs and organisations. Becoming certified against a cyber security standard can be proven a trivial task. Getting familiar with the Cyber Essentials Scheme might proven invaluable when it comes to the cyber security of a business/organisation and to obtaining government contracts. Becoming certified to a cyber security standard significantly lowers the risk of becoming the victim of a data breach. 

According to the Verizon Data Breach Investigations Report (2013-2015) most of the attacks require very little skill or experience to be carried out. Consequently, the UK government in order to roll out a basic level of security for protecting businesses against these widely spread cyber attacks (usually low-tech attacks) introduced the Cyber Essentials Scheme on the 1st of October 2014.