Blog

The Blueliv blog is home to the latest threat intelligence analysis, content from investigations, corporate news, information about our modular cyberthreat intelligence solutions, and more. Take some time to explore the archives and perspectives from our intelligence analysts and management team.

industry-blog
Botconf 2014 – Day 3
This third and last day of this great experience started with an awesome speech from Hendrik Adrian and Dhia Mahjoub about Fast Flux Proxy Networks, which is a DNS technique used by botnets in which multiple ever-changing IPs are associated with a unique DNS name. These IPs are swapped...
industry-blog
Botconf 2014 – Day 2
Today it’s been a long day with many interesting speeches, starting with a technical workshop on how to debug rootkits with windbg, and ending with a great research work, done by Tom Ueltschi, on ponmocup malware and Zuponcic infection Kit. Meanwhile, during the day we’ve seen a variety of...
industry-blog
Botconf 2014 – Day 1
Lot of things to talk about in just one day at Botconf conference in Nancy, France. Great talks and amazing people, let’s do a short summary of some of them. The conference started with a very interesting presentation from National Crime Agency (NCA) about Botnet takedowns, in which the...
research-blog
Blueliv Cyber Threat Intelligence Report. Q3 2014
Here you are the main conclusions of the just analyzed cyber threats that have been apparent on a global level during the third quarter of 2014, comparing them with the second quarter of the year. Once again, the main point is that cyber threats continue to be increasingly more frequent...
corporate-blueliv
VirusTotal’s Alliance with Blueliv Helps the Community to Improve Cyber Threat Protection
VirusTotal has now entered into an alliance with Blueliv that will allow both companies share cyber intelligence knowledge to protect their users and clients against new cyber threats. VirusTotal is a free online service that analyzes files and URLs enabling the identification of viruses, worms, trojans and other kinds of malicious content detected...
corporate-blueliv
Interview: EU Cyber firm eyes UK, US, Latam Expansion
The online daily news and data service Global Security Finance, has recently published the following interview to Nahim Fazal, Head of Cyber Security Development at Blueliv. Blueliv is fuelling its international expansion using the financing it secured earlier this year from strategic investors including Kibo Ventures, through its Amerigo Investment fund...
research-blog
Measuring the impact of Shellshock in the threat intelligence landscape
Once high profile vulnerability is released to the public, there are a lot of people who will use the opportunity to take advantage on vulnerable machines, even if it is manually or widely exploited using pieces of malware. A clear example is the evolution of Mayhem to take advantage of...
corporate-blueliv
Blueliv participates in the everisDigital Pitch2Market
Blueliv has been selected by Everis (an NTT Data Company) as one of the 10 companies to pitch to a selected group of companies both in Barcelona and Madrid. The focus of the event is opening a dialogue where companies and organisations can develop projects with disrupting technologies. Today...
corporate-blueliv
Blueliv to attend SC Congress NY 2014
We are excited to share that Blueliv’s US Sales Manager, Dennis Lee will be attending SC Magazine’s Congress 2014 tomorrow in New York City. Aside from being our Sales manager, Dennis is also the co-founder (along with David Raviv) of the New York Information Security (NYIS) Meetup group. NYIS is...
industry-blog
People becoming unfazed to cyber attacks?
When Target was hacked last year the incident made headline news for months. Target reported that their Q4 sales dropped 46% and their stock took an 11% dip. Most recently Home Depot was hacked exposing over 65 Million Credit cards, including yours truly. However, Home Depot stock didn’t take...
industry-blog
Cyber-attack against JPMorgan Chase
A cyber-attack targeting JPMorgan Chase this summer compromised over 75 million household according to a statement recently released by Chase Bank. The data stolen included names, addresses and email addresses, but did not include any credentials or bank account numbers. This attack compromised resources such as Chase.com, JPMorganOnline and...
corporate-blueliv
Welcome to our new brand design
Today Blueliv launches a new corporate identity complemented by a new logo and graphical profile. By doing this we are aligning our business goals with our ambition to be a global market brand in the cyber security field. Our new logo is a bold step in this direction, and...
corporate-blueliv
Blueliv is attending the IT-SA Congress
These days part of Blueliv’s team will be attending the IT-SA security congress in Nuremberg. The congress lasts three days in which we expect to attend interesting keynotes and exchange knowledge with other security experts. The congress has three open forums and around 240 expert presentations. Moreover, there is a...
research-blog
Defining the key elements of a cybersecurity strategy
There is not a day that goes by without some startling revelation about a new threat from emerging from the world of Cyber-Crime. Over the last few months there has been a spate of attacks on online platforms, organisations and even point of sale devices. Attacks seem to be...
corporate-blueliv
Blueliv attended the Gartner Security and Risk Summit in London
The Gartner Security and Risk Summit was held over two days, with over 150 leading blue chip companies in attendance. The hot topics for the event was topped by Cyber Security with a large number of those attending speaking with Blueliv around how to best address this issue without...
research-blog
The week of Russian leaks
This week some important leaks have arisen in on the Internet, all of them related to Russian users: 1.000.000 Yandex addressess and passwords. 4.500.000 Mail.ru addressess and passwords. 5.000.000 GMail addressess, some of them with passwords. All this data was posted in a Russian Bitcoin Forum by a user...
corporate-blueliv
Gartner Security & Risk Management Summit London
Some weeks ago we attended the Gartner Security and Innovation Summit in Washington and now we are attending the event in London. This summit will last two days, two really complete days in which we are going to meet other security experts and share knowledge and impressions with them. The...
research-blog
Cyber Threats keep growing. Blueliv’s Cyber Threat Intelligence Report.
Here you are the main conclusions of the just analyzed Cyber Threats which have been apparent on a global level during the second quarter of 2014, comparing them with the first quarter of the year. The main point is that Cyber Threats continue to be increasingly more frequent and...
corporate-blueliv
Why SMBs should also care about Data breaches?
A written by Jen Miller of CIO magazine describes the importance for Cyber Security for small to midsize businesses. The article highlights how many smaller businesses can suffer from the same attacks that plague large enterprises to even attacks which specifically target them. These organizations could be using the...
corporate-blueliv
Blueliv at the Innovation Summit 2014
Tomorrow Blueliv will attend the Innovation Summit 2014, in New York City. The event is organized by SINET and connects America’s three most powerful epicenters and evangelizes the importance of industry, government and academic collaboration on joint  research initiatives regarding Cybersecurity. If you are also planning to attend and are interested in...
corporate-blueliv
Affected by P.F. Chang’s Credit Card Data Breach?
Learn how Blueliv minimizes the consequences of Credit Card thefts. PF Chang’s is a very popular restaurant option for professionals looking to impress their customers with enjoyable Chinese food. Therefore, John at XYZ corporate takes his client there to discuss renewing a services contract that’s about to expire.John uses...
corporate-blueliv
El mundo ya no se controla con armas, sino con ordenadores
En Publico.es han entrevistado a Daniel Solís, CEO de Blueliv. Aquí tenéis un extracto y os invitamos a leer la entrevista completa en el medio.   Cada día, cada hora, cada minuto que pasa se inventan en cualquier parte del mundo nuevas amenazas en Internet dirigidas a particulares o...
corporate-blueliv
Blueliv at the Gartner Security & Risk Management Summit
In two weeks from now, some of us will be attending the Gartner Security & Risk Management Summit in National Harbor, MD (Washington, D. C. Area).   This summit will be a really interesting event, as you can see in the agenda, which is full of useful and valuable...
research-blog
My Little Pony
One year ago our colleague Xylit0l wrote about the Pony stealer malware. It’s been a year and the Pony family has grown! Two malwares, at least, have been found in the wild with some parts of Pony included in them. This is the case of Jolly Roger which is...
corporate-blueliv
The exponential cyber threat to mobile commerce
As m-commerce grows, recent research reveals that security is a major concern for consumers making payments by smartphone. The security threats against the mobile channel are growing; using the example of a recent malware attack on the mobile services of a bank in the Middle East, we analyze the...
corporate-blueliv
How does Blueliv work?
Do you want to find out how our technology Blueliv works?   We’re going to explain you, step by step, how we hunt the Cyber Crime with Blueliv Cyber Threat Intelligence. The process starts with the analysis of different malware samples gathered from the Internet so, what happens then?...
research-blog
Origin of the infections and attacks during the first quarter of 2014
Blueliv has analyzed the main Cyber Threats which have been apparent on a global level during the first quarter of 2014, and in this post we are going to show their origin. MALICIOUS URL GEOLOCALIZATION Some 46% of the malicious URLs analyzed were geolocalized in the United States, while...
research-blog
Behind Point of Sale (PoS) attacks
In this previous article we showed how cybercriminals were trying to infect PoS devices with Dexter malware through pcAnywhere service, port 5631. Now, what we want is to analyze the geolocation of more than a million IPs affected by this attack that appear in the following picture. If we...
corporate-blueliv
Mundo Hacker, now face to face
Mundo Hacker, the successful TV show of Discovery Max, Spain, is organizing the Mundo Hacker Day Congress, addressed to Cyber Security professionals.     The congress, which aims to gather 750 attendees, counts on the support of major Spanish companies in the sector among its sponsors and speakers.  ...
corporate-blueliv
Blueliv will celebrate with Securmatica its 25th anniversary
Once again, Blueliv will be at Securmática, the Spanish Congress of Information Security organized by SIC magazine.     This year is especially important, as Securmática will turn 25. SIC magazine betted on Information Security when this was an almost unknown world and has had a big influence in...
research-blog
AppCloud and the uprising SaaS Android trojan malware
Some weeks ago Intelcrawler informed of a large fraud campaign against major Islamic banking institutions and one from Spain.   The malicious code infected the mobile devices of banking customers, intercepted the OTP («One-Time-Password») token code and immediately sent it to the bad actors. The unique side of the...
research-blog
First million credit cards details released
1 million credit cards details over a set of 800 million was released on Pastebin early this week. Almost 1 million cards were allegedly leaked by Anonymous Ukraine on Pastebin early this week from a set of more than 800 million credit cards that has not been released yet....
research-blog
Uncovering the new modus operandi behind POS infections
In the Cyber Fraud world there are numerous ways of doing business. One of the most well-known fraud activities that has been alive for years is the credit card theft. Like any other business it has evolved and improved its different techniques in order to survive and to maximize...
corporate-blueliv
Telefónica and Kibo Ventures invest in Blueliv
Kibo Ventures, through the Amerigo Investment fund, Telefónica Ventures, the venture capital arm of Telefónica, and the entrepreneur Roger Casals, have invested 2.5 million euros in the cyber security company Blueliv, to develop new products and fund the firm’s international expansion. This makes Blueliv the first example of joint...
research-blog
mount.cifs arbitary file identification 0day
Durante el wargame de la rootedcon 2012, además de participar, me dediqué a revisar un poco los sistemas. Puesto que no tenía disponible el /proc/kallsyms, hacer ataques al kernel, supondría ir a ciegas, bruteforcear símbolos … , incluso posiblemente crashear el kernel. De manera que me enfoqué sobretodo a...
research-blog
Proxy multi-protocolo sha0proxy v2
Normalmente el desarollo de exploits requiere más tiempo del que uno tiene, de manera que hay que ingeniarse técnicas y herramientas que faciliten el trabajo. Personalmente, antes que parchear una aplicación cliente, o utilizar las apis de ciertos protocolos, prefiero capturar el tráfico y enviar las cabeceras a bajo...
research-blog
Respuesta a Incidentes: Analizando un mailer desde la memoria
Es especialmente crítico que al detectar un incidente, como puede ser la infección por malware de cualquier equipo de una red interna, inmortalizar la “escena del crimen” con la máxima información posible acerca del estado de los equipos infectados. En este caso, particularizaremos sobre lo importante que puede ser...
research-blog
Resconstruyendo datos mediante el ingenio – Análisis forense en dispositivos móviles (II)
Existen situaciones en las que un investigador forense necesita sobrepasar las limitaciones técnicas intrínsecas a las herramientas existentes en la actualidad. Un claro ejemplo de esto sucede cuando el investigador necesita interpretar datos que contiene un teléfono móvil, los cuales pueden sufrir una fuerte fragmentación y, además, las entradas...
research-blog
Análisis Forense de una Infección – PARTE III
Tal y como comentamos en el post anterior, en el escrito de hoy vamos a realizar un análisis dinámico del malware. Concretamente, hemos tomado el ejecutable A0029519.exe situado en: System Volume Information_restore{2D9E3322-AD12-427C-8050-DC9B1714968D}RP126 con tamaño 42579 bytes y  hash sha1 2566f4de9d1f789314c0e67fcdc4f2d4778308d. Una vez ya tenemos el especimen a analizar, hemos...
research-blog
Detección de vulnerabilidades en servicios de red mediante fuzzing – Parte I
Una de las técnicas más utilizadas para la búsqueda de vulnerabilidades es el fuzzing. Consiste en probar, de forma más o menos inteligente, el comportamiento de una aplicación frente a unos datos generados específicamente para hacer que un programa falle, ya sea generando datos en una codificación diferente, enviando...
research-blog
Análisis Forense de una Infección por Malware – PARTE II
Retomando el tema de análisis de malware que introducimos en el post anterior “Análisis Forense de una Infección por Malware – PARTE I“, ahora nos centraremos más en analizar los artefactos de Windows para así obtener más información de las modificaciones efectuadas por especimen en la infección del equipo...
research-blog
Adquisición remota con Ad|Quiere
Con la salida de la nueva versión de Ad|Quiere,  se  ha incluido una aplicación que facilita la adquisición remota de la evidencia. Esta aplicación, “Reversessh”, establece un túnel inverso usando ssh contra una máquina remota. Así, el investigador forense podrá tener acceso a la máquina incluso estando detrás de...
research-blog
Análisis Forense de una Infección por Malware – PARTE I
Incluso en el periodo estival cuando las personas normales tienen vacaciones, surgen incidentes de seguridad. Este es el caso de un conocido, quien muy amablemente ha prestado su ordenador para someterlo a una adquisición y posterior análisis, para investigar un posible comportamiento algo extraño por el cual se manifestaban...
corporate-blueliv
Nueva versión de ad-Quiere (v0.9)
Desde hoy mismo, es posible descargarse la distribución forense que, junto con Aedel, venimos desarrollando desde https://www.blueliv.com/ad-Quiere/ad-Quiere_i386_v0.9.iso y su correspondiente checksum en https://www.blueliv.com/ad-Quiere/checksum_v0.9.txt La lista de cambios introducidos son: Se ha añadido Volatility, pasa a formar parte de la colección de herramientas. Se ha añadido el menú “Forensics” para...
research-blog
Cómo evadir las restricciones de seguridad establecidas en un kiosko
Se define como kiosco aquella máquina, puesta a disposición pública, para que usuarios utilicen los servicios ofrecidos por la empresa que facilita su acceso.   Seguro que muchos habéis visto algún kiosko similar, ofreciendo diversos servicios a través de Internet, ya sea en aeropuertos, estaciones de tren o incluso...
research-blog
Análisis forense en dispositivos móviles (I)
De todos es sabido que los teléfonos móviles cada vez son más parecidos a un ordenador común. La punta de lanza de esta tendencia está encabezada por las dos plataformas más evolucionadas en el marco de la telefonía móvil. Hablamos de Android e Iphone. La plataforma Android tiene un...
corporate-blueliv
¡Nos hemos mudado!. We’ve moved!.
Antes de iniciar el descanso estival hemos decidido cambiar el sitio y el diseño de nuestro web, dándole un toque más marino y fresco. A partir de ahora encontraréis nuestro blog en: bluelog.blueliv.com, por lo que por favor actualizar vuestros lectores de feeds.  Esperemos que este sea de vuestro agrado...
research-blog
Nmap Querier (NQu)
Durante la ejecución de un pentest, recurrimos a muchas herramientas para obtener información que nos llevará a conducir el test de intrusión por un camino u otro. Entre esas herramientas se encuentra la vetusta nmap que ya ha alcanzado su versión 5 y que hemos podido ver en un...
research-blog
Meterpreter Cheat Sheet
Con el objetivo de contribuir en la divulgación de conocimiento en materia de seguridad informática y comunicaciones, desde blueliv, hemos desarrollado un “chuletario” de los comandos más relevantes de Meterpreter. Muchos de vosotros, os preguntareis ¿qué es Meterpreter? y ¿para qué sirve?. La respuesta es muy simple, Meterpreter es...
research-blog
Seguridad en entornos Lotus Domino
En un contexto globalizado, como el actual, es frecuente encontrarse con servidores Lotus Domino accesibles desde Internet, a través de su acceso Web. La mayoría de estos disponen de mecanismos control de acceso mediante usuario y contraseña, no obstante, no es extraño encontrar accesos anónimos a recursos de dichas...
research-blog
Recuperando correos electrónicos de archivos PST
En las investigaciones forense en las que se investiga las posibles acciones fraudulentas efectuadas por un empleado de una Organización, es muy común, entre otros análisis, realizar un recuperación de ficheros en base a un búsqueda de strings y un posterior filtrado de los mismos aplicando un listado de...
research-blog
Solución al reto forense #5 de Sans
El día 1 de Abril, Sans organizó un nuevo concurso forense desde la página http://forensicscontest.com/2010/04/01/ms-moneymanys-mysterious-malware. El concurso consiste en responder una serie de cuestiones que se nos plantean desde la organización, ofreciendo una captura de red como evidencia. Al final, después del plazo estipulado, el ganador se lleva un...
research-blog
Reconstrucción de sucesos mediante múltiples fuentes de evidencias digitales
Como en cualquier investigación, las digitales también requieren de en una reconstrucción de los hechos, donde un investigador dispone de una piezas de puzzle que deberá encajar para poder determinar qué ha pasado. Es por ello que, en numerosos casos, nos podemos encontrar investigaciones digitales en las que tan...
research-blog
La Clasificación de Vulnerabilidades bien entendida
La clasificación de las debilidades de seguridad en TI es realmente antigua. Ya en 1976, el proyecto RISOS, en su informe “Security Analysis and Enhancements of Computer Operating Systems”, reflejaba este interés por catalogar la naturaleza de vulnerabilidades própias de Sistemas Operativos.
research-blog
Sobre adquisiciones forenses y copia de discos duros
Como publicamos a principios de semana, con la colaboración de AEDEL (Asociación Española de Evidencias Electrónicas) hemos lanzado un proyecto que tiene por objetivo construir una distribución LiveCD específica para realizar adquisiciones forenses. En el LiveCD podemos encontrar herramientas de adquisición de evidencias, pero sin duda alguna, estas herramientas...
Demo Free Trial Community Newsletter