Category: SANS Internet Storm Center, InfoCON: green

This article has been indexed from SANS Internet Storm Center, InfoCON: green Wireshark version 3.4.7 was released. Read the original article: Wireshark 3.4.7 Released, (Sun, Jul 25th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: “.daa” (Direct Access Archive). We…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Today’s diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 23rd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green As we already got a number of notes from readers: Currently, Akamai's DNS service appears to experience an outage that affects numerous other large websites. Read the…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 22nd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft released a knowledge base article regarding CVE-2021-36934 [1]. Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 21st, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green If you opened Twitter today you were probably flooded with news about the latest security issue with Windows. For those that have ISC as their home page (yay!)…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 20th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green A new, unpatched, vulnerability has been discovered in the Windows Print Spooler and is being tracked under CVE-2021-34481. Discovered by Jacob Baines at Dragos, this one requires local…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 19th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green In this video, I show how to decode the sample of Xavier's diary entry “Multiple BaseXX Obfuscations” with CyberChef. Read the original article: Video: CyberChef BASE85 Decoding, (Sun,…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Xavier's diary entry “Multiple BaseXX Obfuscations” covers a malicious script that is encoded with different “base” encodings. Xavier starts with my tool base64dump.py, but he can not do…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green I found an interesting malicious Python script during my daily hunting routine. The script has a VT score of 2/58[1] (SHA256: 6990298edd0d66850578bfd1e1b9d42abfe7a8d1deb828ef0c7017281ee7c5b7). Its purpose is to perform the…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 16th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 15th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Phishing… at least they don't understand security any better than most kids. The latest example is a simple USPS phish. The lure is an email claiming that a…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green It is not unusual for malspam authors to encrypt the malicious files that they attach to messages they send out. Whether they encrypt the malicious file itself (as…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 14th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This month we got patches for 117 vulnerabilities. Of these, 13 are critical, 6 were previously disclosed and 4 are being exploited according to Microsoft. Read the original…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 13th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 12th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green [This is a guest diary by Yee Ching Tok (personal website here (https://poppopretn.com)). Feedback welcome either via comments or our contact page (https://isc.sans.edu/contact.html)] Read the original article: Securing…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Over the past month I noticed a resurgence of probe by Digitalocean looking for the Microsoft (MS) Secure Socket Tunneling Protocol (SSTP). This MS proprietary VPN protocol is…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 9th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: Hancitor tries XLL as initial malware file, (Fri, Jul 9th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green I'm a big fan of the Sudo[1] command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 8th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, July 7th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Microsoft today released patches for CVE-2021-34527, the vulnerability also known as “printnightmare”. Patches are currently available for these versions of Windows: Read the original article: Microsoft Releases Patches…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, July 6th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, July 5th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Thanks a lot to all of you who posted a comment on my diary entry “DIY CD/DVD Destruction”. They inspired me to try out some other methods. Read…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green In diary entry “CFBF Files Strings Analysis” I show how to extract strings from CFBF/ole files with my tool oledump.py. Read the original article: Finding Strings With oledump.py,…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green We are aware that some MSSP's customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP's have been affected until now. The…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, July 2nd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green “Inception” is a very nice SF movie in which, if you did not watch it, dreams are implemented in people's minds to help to get access to sensitive information…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, July 1st, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green [preliminary. please let us know if we missed something or made any mistakes] Read the original article: CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit, (Wed, Jun 30th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Introduction Read the original article: June 2021 Forensic Contest: Answers and Analysis, (Wed, Jun 30th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 29th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green I was recently forwarded another phishing e-mail to examine. This time, it was an e-mail that claimed to be from Google. The e-mail included a pdf file, and…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green The Office file format that predates the OOXML format, is a binary format based on the CFBF format. I informally call this the ole file format. Read the…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 28th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green I have some personal CDs & DVDs to dispose of. And I don't want them to reamain (easily) readable. Read the original article: DIY CD/DVD Destruction, (Sun, Jun…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10.…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 25th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green It seems like every time I take a handler shift lately, I'm talking about an uptick of traffic on another port and I'm not breaking that trend today.…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Cookies… These small pieces of information are always with us. Since the GDPR was kicked off in Europe, we are flooded by pop-ups asking if we accept “cookies”.…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 24th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green As Dean of Research for our graduate school (sans.edu), I often assist students in developing their research ideas. The research conducted by our students is valuable and important…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 23rd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 21st, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green — Rick Wanner MSISE – rwanner at isc dot sans dot edu – Twitter:namedeplume (Protected) Read the original article: Executives and Ransomware Webcast: Stop, Collaborate, and Listen! –…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green If you are involved in the security industry  you are at least somewhat familiar with the Mitre ATT&CK framework, the very useful, community driven, knowledgebase of attack threat…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 22nd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green It can be a little disheartening to deal with well-prepared phishing attacks every day, since one can easily see how even users who are fully “security-aware” could fall…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 16th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them. This weekend, Guy wrote about some scans for Fortinet vulnerabilities [1], and…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 15th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 14th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Almost 4 years ago, I wrote a python version of mac-robber. I use it fairly regularly at $dayjob. This past week, one of my co-workers was using it,…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Over the past 60 days, I have observed scanning activity to discover FortiGate SSL VPN unpatched services. Fortinet has fixed several critical vulnerabilities in SSL VPN and web…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Devices and applications used to provide remote access are juicy targets. I've already been involved in many ransomware cases and most of the time, the open door was…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green With Python getting more and more popular, especially on Microsoft Operating systems, it's common to find malicious Python scripts today. I already covered some of them in previous…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 11th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Legislation, in particular in the European Union, has led to a proliferation of “Cookie Banners.” Warning banners that either ask you for blanket permission to set cookies or,…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 10th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green In my last diary, we went over the impact of different Base encodings on the ability of anti-malware tools to detect malicious code[1]. Since results of our tests…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 9th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft. Read the…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 8th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Later this week (tomorrow?), Amazon will enable its new Sidewalk feature. The feature has already gotten a lot of bad press. Much of this comes from the fact…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Monday, June 7th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Similar to Yee Ching's diary on Thursday, I noticed an oddity in the Dshield data last weekend (which I had hoped to discuss in a diary on Wednesday,…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat!…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, June 4th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green At the SANS Internet Storm Center (ISC), handlers frequently analyze data submitted from DShield participants to determine activity trends and potential attacks. A few days ago on May…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, June 3rd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green A new version of wireshark is out, a couple of bugfixes including a QUIC TLK decryption issue. Also, the Windows version now comes with npcap 1.31 (updated from…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, June 2nd, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses, (Mon, May 31st)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Tuesday, June 1st, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green One of the Cobalt Strike servers reported by Brad Duncan also communicates over DNS. Read the original article: 
Video: Cobalt Strike & DNS – Part 1, (Sun, May…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Continuing on from the “Quick and dirty Python: masscan” diary, which implemented a simple port scanner in Python using masscan to detect web instances on TCP ports 80…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green One of the Cobalt Strike servers reported by Brad Duncan also communicates over DNS. Read the original article: Video: Cobalt Strike & DNS – Part 1, (Sun, May…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green YARA version 4.1.1 was released. Read the original article: YARA Release v4.1.1, (Sun, May 30th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green New versions of Sysinternals' tools Procmon, Sysmon, TcpView and Process Explorer were released. Read the original article: Sysinternals: Procmon, Sysmon, TcpView and Process Explorer update, (Sun, May 30th)

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green In February I posted about spam pretending to be an Outlook Version update [1] and now for the past several weeks I have been receiving spear-phishing emails that…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Friday, May 28th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Malware authors like to use a variety of techniques to avoid detection of their creations by anti-malware tools. As the old saying goes, necessity is the mother of…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Thursday, May 27th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green This post doesn’t have text content, please click on the link below to view the original article. Read the original article: ISC Stormcast For Wednesday, May 26th, 2021…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green As usage of fitness trackers, wireless headsets and smart home devices become increasingly popular in our daily lives, a growing reliance on the Bluetooth protocol is expected as…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green VMware has issued a critical security advisory VMSA-2021-0010 (CVSSv3 score ranging from 6.5-9.8). The products affected are VMware vCenter Server and VMware Cloud Foundation, and addresses CVE-2021-21985 and…

Read more →

This article has been indexed from SANS Internet Storm Center, InfoCON: green Today&#x27s diary features a tip-off by one of our ISC diary readers Earl. Earl discovered some dodgy domains within the IP address block of 95.181.152.0/24 via the Hurricane…

Read more →