Category: SANS Internet Storm Center, InfoCON: green

The SANS DShield project receives a wide variety of logs submitted by participants of the DShield project. Looking at the “First Seen” URLs page, I observed an interesting URL and dived deeper to investigate. The URL recorded is as follows: …

Read more →

Routers play an essential role in networking and are one of the key components that allow users to have internet connectivity. Vulnerabilities in routers could result in reduced speeds or the possibility of vulnerable equipment being compromised and turned into…

Read more →

This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, January 14th, 2025…

Read more →

One common pattern in password resets is sending a one-time password to the user to enable them to reset their password. The flow usually looks like: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, January 13th, 2025…

Read more →

VBA macros and embedded files/objects are stored as OLE files inside OOXML files. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Multi-OLE, (Sun, Jan 12th)

Read more →

Wireshark release 4.4.3 fixes 0 vulnerabilities and 8 bugs. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Wireshark 4.4.3 Released, (Sat, Jan 11th)

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, January 10th, 2025…

Read more →

With the recent Cyberhaven Extension(2) attack, looking for specific Chrome extensions installed can be very helpful. If you are running Defender with enhanced vulnerability management, Defender automatically catalogs installed extensions by going to Vulnerability Management -> Inventories and selecting Browser…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, January 9th, 2025…

Read more →

[This is a Guest Diary by Cody Hales, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Examining Redtail Analyzing a Sophisticated Cryptomining…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, January 8th, 2025…

Read more →

The SANS DShield project receives a wide variety of logs submitted by participants of the DShield project. Looking at the “” URLs page, I observed an interesting URL and dived deeper to investigate. The URL recorded is as follows: This…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, January 7th, 2025…

Read more →

When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!” What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To help the malware work…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, January 6th, 2025…

Read more →

We entered a new year, but attack scenarios have not changed (yet). I found a Python script with an interesting behavior[1] and a low Virustotal score (7/61). It targets Microsoft Windows hosts because it starts by loading all libraries required…

Read more →

In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special mathematical function (a “hash function”) that transforms an input (such as a file or a piece of text) into a fixed-size string or…

Read more →

While most of us are preparing the switch to a new year (If it&#x27s already the case for you: Happy New Year!), Attackers never stop and implement always new tricks to defeat our security controls. For a long time now,…

Read more →