Tag: SANS Internet Storm Center, InfoCON: green

When you&#x27re debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting” actions. Usually, we set breakpoints on memory management API…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 17th, 2025…

Read more →

The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even technically sophisticated and aware users are falling for phishing lures. Anybody will fall for phishing if a well-targeted e-mail is used. This article has been…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 16th, 2025…

Read more →

Today, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not updated. This article has been indexed from…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 15th, 2025…

Read more →

Johannes wrote a diary entry “Increasing Searches for ZIP Files” where he analyzed the increase of requests for ZIP files (like backup.zip, web.zip, …) for our web honeypots. This article has been indexed from SANS Internet Storm Center, InfoCON: green…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 12th, 2025…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 11th, 2025…

Read more →

Since the last update [5], over the past few months I added several enhancements to DShield SIEM and webhoneypot sensor collection that included an update to the interface to help with DShield sensor analysis. I updated the main dashboard to…

Read more →

On the Stormcast, Johannes talked about BASE64 and DNS used by a backdoor. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: BASE64 Over DNS, (Wed, Sep 10th)

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, September 10th, 2025…

Read more →

As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were already made public. Microsoft rates 13 of the…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, September 9th, 2025…

Read more →

This weekend, I noticed three related headers being used in requests to some of our honeypots for the first time [1]: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: HTTP Request Signatures,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, September 8th, 2025…

Read more →

YARA is an excellent tool that most of you probably already know and use daily. If you don't, search on isc.sans.edu, we have a bunch of diaries about it[1]. YARA is very powerful because you can search for arrays of…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, September 5th, 2025…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, September 4th, 2025…

Read more →

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other hand, there is also…

Read more →