Category: SANS Internet Storm Center, InfoCON: green

ISC Stormcast For Friday, March 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6898, (Fri, Mar 6th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, March 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6898, (Fri, Mar 6th)

Read more →

Thanks to one of our readers who submitted this interesting piece of phishing. Personally, I was not aware of this technique which is interesting to bypass common anti-spam filter and reputation systems. The idea is to create a fake survey…

Read more →

ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896, (Thu, Mar 5th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, March 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6896, (Thu, Mar 5th)

Read more →

Let's Encrypt announced that they will be revoking a large number of certificates today. The revocation is due to an error in how “CAA” records were validated for these certificates.   Advertise on IT Security News. Read the complete article:…

Read more →

ISC Stormcast For Wednesday, March 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6894, (Wed, Mar 4th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, March 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6894, (Wed, Mar 4th)

Read more →

This is a guest diary by Ahmed Elshaer.   Advertise on IT Security News. Read the complete article: Introduction to EvtxEcmd (Evtx Explorer), (Tue, Mar 3rd)

Read more →

ISC Stormcast For Tuesday, March 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6892, (Tue, Mar 3rd)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, March 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6892, (Tue, Mar 3rd)

Read more →

For a very long time, there has been a strong effort aimed toward moving all potentially sensitive network-based communications from unencrypted protocols to the secure and encrypted ones. And with the recently released APWG report noting that 74% of phishing…

Read more →

ISC Stormcast For Monday, March 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=6890, (Mon, Mar 2nd)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, March 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=6890, (Mon, Mar 2nd)

Read more →

Today my honeypot has been capturing scans for the Hazelcast REST API. I checked my logs for the past 2 years and these only started today. The last vulnerability published for Hazelcast was CVE-2018-10654 and related to “There is a…

Read more →

Yesterday I've read an article[1] about the clipboard on iPhones and how it can disclose sensitive information about the device owner. At the end of the article, the author gave a reference to an iPhone app[2] that discloses the metadata…

Read more →

ISC Stormcast For Friday, February 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6888, (Fri, Feb 28th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6888, (Fri, Feb 28th)

Read more →

Many offensive tools can be very useful for defenders too. Indeed, if they can help to gather more visibility about the environment that must be protected, why not use them? More information you get, more you can be proactive and visibility…

Read more →

ISC Stormcast For Thursday, February 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6886, (Thu, Feb 27th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6886, (Thu, Feb 27th)

Read more →

ISC Stormcast For Wednesday, February 26th 2020 https://isc.sans.edu/podcastdetail.html?id=6884, (Wed, Feb 26th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 26th 2020 https://isc.sans.edu/podcastdetail.html?id=6884, (Wed, Feb 26th)

Read more →

Since I was exposed to three different online scam campaigns in the last three weeks, without having to go out and search for them, I thought that today might be a good time to take a look at how some…

Read more →

ISC Stormcast For Tuesday, February 25th 2020 https://isc.sans.edu/podcastdetail.html?id=6882, (Tue, Feb 25th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 25th 2020 https://isc.sans.edu/podcastdetail.html?id=6882, (Tue, Feb 25th)

Read more →

Philippe Lagadec, the developer of ole-tools, pointed out something interesting about the following maldoc sample (MD5 a0457c2728923cb46e6d9797fe7d81dd): it contains both Excel 4 macros and VBA code.   Advertise on IT Security News. Read the complete article: Maldoc: Excel 4 Macros…

Read more →

ISC Stormcast For Monday, February 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6880, (Mon, Feb 24th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6880, (Mon, Feb 24th)

Read more →

I've mentioned Excel 4 macros before, a scripting technology that predates VBA.   Advertise on IT Security News. Read the complete article: Maldoc: Excel 4 Macros in OOXML Format, (Sun, Feb 23rd)

Read more →

Today, it&#x27s easy to guess if a piece of code is malicious or not. Many security solutions automatically detonates it into a sandbox by security solutions. This remains quick and (most of the time still) efficient to have a first…

Read more →

We like when our readers share interesting samples! Even if we have our own sources to hunt for malicious content, it&#x27s always interesting to get fresh meat from third parties. Robert shared an interesting Microsoft Word document that I quickly…

Read more →

ISC Stormcast For Friday, February 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6878, (Fri, Feb 21st)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6878, (Fri, Feb 21st)

Read more →

Eventually in almost every incident response situation, you have to start contacting the actual people who sit at the keyboard of affected stations.  Often you'll want them to step back from the keyboard or logout, for either remote forensics data…

Read more →

ISC Stormcast For Thursday, February 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6876, (Thu, Feb 20th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6876, (Thu, Feb 20th)

Read more →

ISC Stormcast For Wednesday, February 19th 2020 https://isc.sans.edu/podcastdetail.html?id=6874, (Wed, Feb 19th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 19th 2020 https://isc.sans.edu/podcastdetail.html?id=6874, (Wed, Feb 19th)

Read more →

I recently noticed an interesting side effect of the way in which Windows handles local file permissions, which makes it possible for a non-privileged user to brute-force contents of a folder for which they don&#x27t have read access (e.g. Read…

Read more →

ISC Stormcast For Tuesday, February 18th 2020 https://isc.sans.edu/podcastdetail.html?id=6872, (Tue, Feb 18th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 18th 2020 https://isc.sans.edu/podcastdetail.html?id=6872, (Tue, Feb 18th)

Read more →

There's an interesting comment on Xavier's diary entry “Keep an Eye on Command-Line Browsers” (paraphrasing): a proxy with authentication will prevent wget and curl to access the Internet because they don't do integrated authentication.   Advertise on IT Security News.…

Read more →

ISC Stormcast For Monday, February 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6870, (Mon, Feb 17th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6870, (Mon, Feb 17th)

Read more →

Security, Orchestration, Automation and Response (SOAR) allow organizations to collect data about security threats from multiple sources to automate an appropriate response on repetitive tasks. As an analyst you need to juggle and pivot several times a day between multiple…

Read more →

Reading Xavier's diary entry “Keep an Eye on Command-Line Browsers”, I wondered when exactly curl was introduced in Windows 10?   Advertise on IT Security News. Read the complete article: bsdtar on Windows 10, (Sat, Feb 15th)

Read more →

For a few weeks, I&#x27m searching for suspicious files that make use of a command line browser like curl.exe or wget.exe in Windows environment. Wait, you were not aware of this? Just open a cmd.exe and type ‘curl.exe&#x27 on your…

Read more →

ISC Stormcast For Friday, February 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6868, (Fri, Feb 14th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6868, (Fri, Feb 14th)

Read more →

Good news, sort-of – – Microsoft has deferred their March changes to LDAP, citing the Christmas change freeze that most sensible organizations implement as their reason:   Advertise on IT Security News. Read the complete article: Auth-mageddon deferred (but not…

Read more →

ISC Stormcast For Thursday, February 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6866, (Thu, Feb 13th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6866, (Thu, Feb 13th)

Read more →

Next month Microsoft will be changing the default behaviour for LDAP – Cleartext, unsigned LDAP queries against AD (over port 389) will be disabled by default - https://support.microsoft.com/en-gb/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows  .  You'll still be able to over-ride that using registry keys or group…

Read more →

ISC Stormcast For Wednesday, February 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6864, (Wed, Feb 12th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 12th 2020 https://isc.sans.edu/podcastdetail.html?id=6864, (Wed, Feb 12th)

Read more →

Introduction   Advertise on IT Security News. Read the complete article: Malpsam pushes Ursnif through Italian language Word docs, (Wed, Feb 12th)

Read more →

Microsoft Patch Tuesday for February 2020, (Tue, Feb 11th)   Advertise on IT Security News. Read the complete article: Microsoft Patch Tuesday for February 2020, (Tue, Feb 11th)

Read more →

ISC Stormcast For Tuesday, February 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6862, (Tue, Feb 11th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 11th 2020 https://isc.sans.edu/podcastdetail.html?id=6862, (Tue, Feb 11th)

Read more →

One of my colleagues sent me a new PayPal phishing e-mail today. Although it was fairly usual, as phishing e-mails go, since the campaign is still active and since it shows the current “let&#x27s take all that we can get”…

Read more →

ISC Stormcast For Monday, February 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6860, (Mon, Feb 10th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6860, (Mon, Feb 10th)

Read more →

After Action Review, (Sat, Feb 8th)   Advertise on IT Security News. Read the complete article: After Action Review, (Sat, Feb 8th)

Read more →

I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropper: it extracts from its…

Read more →

I found an interesting VBScript sample that is a perfect textbook case for training or learning purposes. It implements a nice obfuscation technique as well as many classic sandbox detection mechanisms. The script is a dropper: it extracts from its…

Read more →

ISC Stormcast For Friday, February 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6858, (Fri, Feb 7th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, February 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6858, (Fri, Feb 7th)

Read more →

ISC Stormcast For Thursday, February 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6856, (Thu, Feb 6th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, February 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6856, (Thu, Feb 6th)

Read more →

Introduction   Advertise on IT Security News. Read the complete article: Fake browser update pages are “still a thing”, (Wed, Feb 5th)

Read more →

ISC Stormcast For Wednesday, February 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6854, (Wed, Feb 5th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, February 5th 2020 https://isc.sans.edu/podcastdetail.html?id=6854, (Wed, Feb 5th)

Read more →

ISC Stormcast For Tuesday, February 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6852, (Tue, Feb 4th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, February 4th 2020 https://isc.sans.edu/podcastdetail.html?id=6852, (Tue, Feb 4th)

Read more →

I recently came across an interesting malicious document. Distributed as an attachment of a run-of-the-mill malspam message, the file with a DOC extension didn&#x27t look like anything special at first glance. However, although it does use macros as one might…

Read more →

A couple of months ago, I read a blog post about malware, cryptominers and WAV file steganography: malware authors are concealing cryptominers in sound files (WAV) using steganography. Each bit of the cryptominer executable is stored as the least-significant bit…

Read more →

ISC Stormcast For Monday, February 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6850, (Mon, Feb 3rd)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, February 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6850, (Mon, Feb 3rd)

Read more →

A couple of months ago, I read a blog post about malware, cryptominers and WAV file steganography: malware authors are concealing cryptominers in sound files (WAV) using steganography. Each bit of the cryptominer executable is stored as the least-significant bit…

Read more →

Wireshark version 3.2.1 was released.   Advertise on IT Security News. Read the complete article: Wireshark 3.2.1 Released, (Sat, Feb 1st)

Read more →

ISC Stormcast For Friday, January 31st 2020 https://isc.sans.edu/podcastdetail.html?id=6848, (Fri, Jan 31st)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 31st 2020 https://isc.sans.edu/podcastdetail.html?id=6848, (Fri, Jan 31st)

Read more →

ISC Stormcast For Thursday, January 30th 2020 https://isc.sans.edu/podcastdetail.html?id=6846, (Thu, Jan 30th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 30th 2020 https://isc.sans.edu/podcastdetail.html?id=6846, (Thu, Jan 30th)

Read more →

ISC Stormcast For Wednesday, January 29th 2020 https://isc.sans.edu/podcastdetail.html?id=6844, (Wed, Jan 29th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 29th 2020 https://isc.sans.edu/podcastdetail.html?id=6844, (Wed, Jan 29th)

Read more →

Introduction   Advertise on IT Security News. Read the complete article: Emotet epoch 1 infection with Trickbot gtag mor84, (Tue, Jan 28th)

Read more →

ISC Stormcast For Tuesday, January 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6842, (Tue, Jan 28th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 28th 2020 https://isc.sans.edu/podcastdetail.html?id=6842, (Tue, Jan 28th)

Read more →

With the new Coronavirus outbreak starting to dominate the news, I want to go over some cybersecurity effects of a disease like this that you should prepare for.   Advertise on IT Security News. Read the complete article: Network Security…

Read more →

ISC Stormcast For Monday, January 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6840, (Mon, Jan 27th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 27th 2020 https://isc.sans.edu/podcastdetail.html?id=6840, (Mon, Jan 27th)

Read more →

Over the past two years a lot of articles, processes, techniques and tools have been published on how to do Threat Hunting. I have been following the trend with great interest whether it be which process works best, methods and…

Read more →

Visibility Gap of Your Security Tools, (Sat, Jan 25th)   Advertise on IT Security News. Read the complete article: Visibility Gap of Your Security Tools, (Sat, Jan 25th)

Read more →

… because it works!   Advertise on IT Security News. Read the complete article: Why Phishing Remains So Popular?, (Fri, Jan 24th)

Read more →

ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 24th 2020 https://isc.sans.edu/podcastdetail.html?id=6838, (Fri, Jan 24th)

Read more →

Today, I would like to make a comparison between two techniques applied to malicious code to try to bypass AV detection.   Advertise on IT Security News. Read the complete article: Complex Obfuscation VS Simple Trick, (Thu, Jan 23rd)

Read more →

ISC Stormcast For Thursday, January 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=6836, (Thu, Jan 23rd)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 23rd 2020 https://isc.sans.edu/podcastdetail.html?id=6836, (Thu, Jan 23rd)

Read more →

ISC Stormcast For Wednesday, January 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=6834, (Wed, Jan 22nd)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 22nd 2020 https://isc.sans.edu/podcastdetail.html?id=6834, (Wed, Jan 22nd)

Read more →

Introduction   Advertise on IT Security News. Read the complete article: German language malspam pushes Ursnif, (Wed, Jan 22nd)

Read more →

Happy New Year! Those among you who participated in the SANS Holiday Hack Challenge, also known as Kringlecon 2, this holiday season may have found themselves exposed to new tools or the opportunity to utilize one or two that had…

Read more →

ISC Stormcast For Tuesday, January 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6832, (Tue, Jan 21st)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 21st 2020 https://isc.sans.edu/podcastdetail.html?id=6832, (Tue, Jan 21st)

Read more →

ISC Stormcast For Monday, January 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6830, (Mon, Jan 20th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 20th 2020 https://isc.sans.edu/podcastdetail.html?id=6830, (Mon, Jan 20th)

Read more →

In today's diary, I am summarizing the current state of attacks exploiting the Citrix ADC vulnerability (CVE-2019-19781), using data from our SANS ISC honeypots. Our first two posts about this topic are here: [1] [2].   Advertise on IT Security…

Read more →

ISC Stormcast For Friday, January 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6828, (Fri, Jan 17th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 17th 2020 https://isc.sans.edu/podcastdetail.html?id=6828, (Fri, Jan 17th)

Read more →

Last 24 hours have been extremely interesting – this month&#x27s patch Tuesday by Microsoft brought to us 2 very interesting (and critical) vulnerabilities. The first one, the “BlueKeep” like remote code execution vulnerability in Remote Desktop Gateway (CVE-2020-0609, CVE-2020-0610) has…

Read more →

Although less than two days have gone by since the latest release of MSFT patches, I find that it would actually be hard to add anything interesting to them that hasn&#x27t been discussed before, as the most important vulnerabilities (couple…

Read more →

ISC Stormcast For Thursday, January 16th 2020 https://isc.sans.edu/podcastdetail.html?id=6826, (Thu, Jan 16th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 16th 2020 https://isc.sans.edu/podcastdetail.html?id=6826, (Thu, Jan 16th)

Read more →

Among the patches Microsoft released yesterday, the vulnerability in the CryptoAPI got by far the most attention. Here are some answers to questions we have received about this vulnerability. Many of these questions also came from our webcast audience (for…

Read more →

ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th)

Read more →

[Special Note: we will have a special webcast on this topic at noon ET tomorrow (Wednesday, January 15th. See https://sans.org/cryptoapi-isc )   Advertise on IT Security News. Read the complete article: Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)

Read more →

ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)

Read more →

If you missed Johannes' diary entry “Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor” this Saturday, make sure to read it first.   Advertise on IT Security News. Read the complete article: Citrix ADC Exploits: Overview…

Read more →

ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)

Read more →

In my last two diaries, I shared a Pihole parser and dashboard to collect and view its logs in Elastic. In this diary, I'm sharing another parser and dashboard to visualize the data collected by Didier's tcp-honeypot. This is a…

Read more →

Late last night, multiple groups released working exploits for the Citrix ADC path traversal flaw. First, “Project Zero India” released a simple exploit essentially consisting of two curl commands [1]. The first one will write a template file that includes…

Read more →

Yesterday, I posted a quick analysis of a malicious document that exfiltrates data from the compromised computer[1]. Here is another found that also exfiltrate data. The malware is delivered in an ACE archive. This file format remains common in phishing…

Read more →

ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)

Read more →

Yesterday, one of our readers (thank David!) submitted to us a malicious document disguised as a UPS invoice. Like David, do not hesitate to share samples with us, we like malware samples! I briefly checked the document. Nothing new, based…

Read more →

A quick reminder note today for everyone. Microsoft Windows 7 operating system is at End of Life on January 14, 2020. [1]   Advertise on IT Security News. Read the complete article: Windows 7 – End of Life, (Thu,…

Read more →

ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)

Read more →

ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)

Read more →

For the last week, I have been monitoring our honeypot logs for evidence of exploits taking advantage of CVE-2019-19781. Currently, I have not seen an actual “exploit” being used. But there is some evidence that people are scanning for vulnerable…

Read more →

ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)

Read more →

Simple Network Management Protocol (SNMP) is a UDP service that runs on port 161/UDP. It is used for network management purposes and should be reachable only from known locations using secure channels.   Advertise on IT Security News. Read the…

Read more →

Justin C alerted me in our Slack channel that GreyNoise, a commercial system similar to DShield, noted a large increase in the number of sources scanning. We do have these “Spikes” from time to time and had one for the…

Read more →

ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)   Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)

Read more →

Over the holidays, I wanted to look into a packet capture file I created on Windows with a “netsh trace” command. Such an .etl file created with a “netsh trace” command can not be opened with Wireshark, you have to…

Read more →

The SANS Holiday Hack Challenge is an annual, free CTF.   Advertise on IT Security News. Read the complete article: KringleCon 2019, (Sat, Jan 4th)

Read more →