ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 15th 2020 https://isc.sans.edu/podcastdetail.html?id=6824, (Wed, Jan 15th)
Category: SANS Internet Storm Center, InfoCON: green
Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)
[Special Note: we will have a special webcast on this topic at noon ET tomorrow (Wednesday, January 15th. See https://sans.org/cryptoapi-isc ) Advertise on IT Security News. Read the complete article: Microsoft Patch Tuesday for January 2020, (Tue, Jan 14th)
ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)
ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 14th 2020 https://isc.sans.edu/podcastdetail.html?id=6822, (Tue, Jan 14th)
Citrix ADC Exploits: Overview of Observed Payloads, (Mon, Jan 13th)
If you missed Johannes' diary entry “Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor” this Saturday, make sure to read it first. Advertise on IT Security News. Read the complete article: Citrix ADC Exploits: Overview…
ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)
ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 13th 2020 https://isc.sans.edu/podcastdetail.html?id=6820, (Mon, Jan 13th)
ELK Dashboard and Logstash parser for tcp-honeypot Logs, (Sun, Jan 12th)
In my last two diaries, I shared a Pihole parser and dashboard to collect and view its logs in Elastic. In this diary, I'm sharing another parser and dashboard to visualize the data collected by Didier's tcp-honeypot. This is a…
Citrix ADC Exploits are Public and Heavily Used. Attempts to Install Backdoor, (Sat, Jan 11th)
Late last night, multiple groups released working exploits for the Citrix ADC path traversal flaw. First, “Project Zero India” released a simple exploit essentially consisting of two curl commands [1]. The first one will write a template file that includes…
More Data Exfiltration, (Fri, Jan 10th)
Yesterday, I posted a quick analysis of a malicious document that exfiltrates data from the compromised computer[1]. Here is another found that also exfiltrate data. The malware is delivered in an ACE archive. This file format remains common in phishing…
ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)
ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 10th 2020 https://isc.sans.edu/podcastdetail.html?id=6818, (Fri, Jan 10th)
Quick Analyzis of a(nother) Maldoc, (Thu, Jan 9th)
Yesterday, one of our readers (thank David!) submitted to us a malicious document disguised as a UPS invoice. Like David, do not hesitate to share samples with us, we like malware samples! I briefly checked the document. Nothing new, based…
Windows 7 – End of Life, (Thu, Jan 9th)
A quick reminder note today for everyone. Microsoft Windows 7 operating system is at End of Life on January 14, 2020. [1] Advertise on IT Security News. Read the complete article: Windows 7 – End of Life, (Thu,…
ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)
ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Thursday, January 9th 2020 https://isc.sans.edu/podcastdetail.html?id=6816, (Thu, Jan 9th)
ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)
ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Wednesday, January 8th 2020 https://isc.sans.edu/podcastdetail.html?id=6814, (Wed, Jan 8th)
A Quick Update on Scanning for CVE-2019-19781 (Citrix ADC / Gateway Vulnerability), (Tue, Jan 7th)
For the last week, I have been monitoring our honeypot logs for evidence of exploits taking advantage of CVE-2019-19781. Currently, I have not seen an actual “exploit” being used. But there is some evidence that people are scanning for vulnerable…
ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)
ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Tuesday, January 7th 2020 https://isc.sans.edu/podcastdetail.html?id=6812, (Tue, Jan 7th)
SNMP service: still opened to the public and still queried by attackers, (Mon, Jan 6th)
Simple Network Management Protocol (SNMP) is a UDP service that runs on port 161/UDP. It is used for network management purposes and should be reachable only from known locations using secure channels. Advertise on IT Security News. Read the…
Increase in Number of Sources January 3rd and 4th: spoofed, (Mon, Jan 6th)
Justin C alerted me in our Slack channel that GreyNoise, a commercial system similar to DShield, noted a large increase in the number of sources scanning. We do have these “Spikes” from time to time and had one for the…
ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)
ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th) Advertise on IT Security News. Read the complete article: ISC Stormcast For Monday, January 6th 2020 https://isc.sans.edu/podcastdetail.html?id=6810, (Mon, Jan 6th)
etl2pcapng: Convert .etl Capture Files To .pcapng Format, (Sun, Jan 5th)
Over the holidays, I wanted to look into a packet capture file I created on Windows with a “netsh trace” command. Such an .etl file created with a “netsh trace” command can not be opened with Wireshark, you have to…
KringleCon 2019, (Sat, Jan 4th)
The SANS Holiday Hack Challenge is an annual, free CTF. Advertise on IT Security News. Read the complete article: KringleCon 2019, (Sat, Jan 4th)
CCPA – Quick Overview, (Fri, Jan 3rd)
It's been quiet lately. Hopefully, it is not a calm before a storm if you will. I crawled out from under my rock and found that the State of California law that offers new consumer protection went into effect Jan…
ISC Stormcast For Friday, January 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6808, (Fri, Jan 3rd)
ISC Stormcast For Friday, January 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6808, (Fri, Jan 3rd) Advertise on IT Security News. Read the complete article: ISC Stormcast For Friday, January 3rd 2020 https://isc.sans.edu/podcastdetail.html?id=6808, (Fri, Jan 3rd)
Ransomware in Node.js, (Thu, Jan 2nd)
Happy new year to all! I hope that you enjoyed the switch to 2020! From a security point of view, nothing changed and malicious code never stops trying to abuse our resources even during the holiday season. Here is a…
“Nim httpclient/1.0.4”, (Wed, Jan 1st)
“Nim httpclient/1.0.4” is the default User Agent string of the httpClient module of the Nim programming language (stable release). Advertise on IT Security News. Read the complete article: “Nim httpclient/1.0.4”, (Wed, Jan 1st)