Monday, June 29, 2015

Botnet Russia (From Russia With Love) -

Very interesting port activity on this host as well. May want to look for traffic going to this one... While there appears to be a router on the remote end of this connection what is being allowed through on ports 14400-14499 should be of concern for sure...

Have a look for yourselves...

PHISHING: Healthcare Related -

Looking through recent traffic we noted some very interesting packet data going to We have noted a large amount of healthcare related sites but more importantly packet data shows PII being transferred to the IP in question.

Whois shows that the IP is in Romania. Just something to keep your eyes on.

Wednesday, June 24, 2015

Hey Harvard do you realize...

Hey Harvard to you realize your sending out millions of infected email messages. Dyre to be exact.

Source Host:

Tuesday, June 23, 2015

Adobe Zero Day Exploit - One Issue After Another

Adobe Systems Inc. today released an emergency update to fix a dangerous security hole in its widely-installed Flash Player browser plugin. The company warned that the vulnerability is already being exploited in targeted attacks, and urged users to update the program as quickly as possible.
In an advisory issued Tuesday morning, Adobe said the latest version of Flash — v. Windows and Mac OS X — fixes a critical flaw (CVE-2015-3113) that is being actively exploited in “limited, targeted attacks.” The company said systems running Internet Explorer for Windows 7 and below, as well asFirefox on Windows XP, are known targets of these exploits.

Reported by Adobe and Krebs on Security

IMPORTANT NOTICE: If your a normal blog subscriber please read

If you would like to continue receiving information on this blog you will need to subscribe to the mailing list (it's free and to your right). We told you that we would be making changes last month and it's time to implement these changes. Below we are outlining exactly what will be changing.

What will be posted to the blog:
1. Breaches (publicly disclosed and available via OSINT)
2. Security Articles of Interest (Things we want to share)

What we will NOT be posting to the blog:
1. Indicators
2. Breaches that have not been acknowledged
3. Special Intelligence Information - Detailed Analysis

What we will post to the Mailing List:
1. Specific Intelligence to include indicators, TIPS, bulletins and similar security products.
2. Users can contribute to the list after approval and we highly encourage the sharing of intelligence information.

Members of the mailing list can import our PGP key and can receive intelligence directly via email (once you have been verified). Verification may take up to 24 hours. 

So basically any meaty items are being moved to the mailing list. Thank you for your support of our efforts to bring awareness and have a great weekend. 

Threat Intelligence Platform is Live

For those of you that have shown an interest you will be receiving a trial of our threat intelligence search platform within the next few weeks. The system is being rolled out in Beta. All that we ask is that you provide any feedback you may have if you find any bugs or issues. In addition we will be rolling out new features and visual tools over the next few weeks as well.

To obtain a trial account email your name, organization and email address to soc(a-t) and we will create your trial account.

Tuesday, June 9, 2015

BREACH: Element Vehicle Management Services

Seeing indications that this entity is breached. Information has been posted to the Internet and is already hitting some underground chat services.

Monday, June 8, 2015

BREACH: breached by Syrian Electronic Army

Reports have been coming in that the Syrian Electronic Army has breached ( and DOD has put out noticed to staff to not access the site. That doesn't matter though because the site has been taken offline by DOD at this hour.


Thursday, June 4, 2015

BREACH: Shop T Wine

We noted usernames and passwords that could be confirmed being leaked today for the Shop T Wine website. The information first appeared in a hacking forum and then appears to have been posted to pastebin. As of the post time the information remains available on pastebin.