Article: Finding Strings With oledump.py, (Sat, Jul 3rd) - published over 3 years ago.
Content: In diary entry "CFBF Files Strings Analysis" I show how to extract strings from CFBF/ole files with my tool oledump.py.
Copy Link: https://isc.sans.edu/diary/rss/27600   
Published: 2021 07 03 19:33:06
Received: 2021 07 03 21:00:50
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Kaseya VSA Users Hit by Ransomware, (Fri, Jul 2nd) - published over 3 years ago.
Content: We are aware that some MSSP's customers (Managed Security Services Providers) have been hit by a ransomware. It seems that four(4) MSSP's have been affected until now. The ransomware was spread through the remote management solution "VSA"  provided by Kaseya[1]. This looks to be a brand new type of supply chain attack.
Copy Link: https://isc.sans.edu/diary/rss/27598   
Published: 2021 07 02 20:18:29
Received: 2021 07 02 21:00:49
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Friday, July 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7568, (Fri, Jul 2nd) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27596   
Published: 2021 07 02 14:10:56
Received: 2021 07 02 16:00:51
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: "inception.py"... Multiple Base64 Encodings, (Fri, Jul 2nd) - published over 3 years ago.
Content: "Inception" is a very nice SF movie in which, if you did not watch it, dreams are implemented in people's minds to help to get access to sensitive information from their memory. Then, a dream is implemented into another dream, etc... up to five levels[1]! If you are not paying attention to the movie, you can be quickly lost. ...
Copy Link: https://isc.sans.edu/diary/rss/27594   
Published: 2021 07 02 05:33:23
Received: 2021 07 02 07:00:37
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Thursday, July 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7566, (Thu, Jul 1st) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27590   
Published: 2021 07 01 02:00:03
Received: 2021 07 01 04:00:46
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: CVE-2021-1675: Incomplete Patch and Leaked RCE Exploit, (Wed, Jun 30th) - published over 3 years ago.
Content: [preliminary. please let us know if we missed something or made any mistakes]
Copy Link: https://isc.sans.edu/diary/rss/27588   
Published: 2021 07 01 12:57:40
Received: 2021 06 30 16:00:35
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Wednesday, June 30th, 2021 https://isc.sans.edu/podcastdetail.html?id=7564, (Wed, Jun 30th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27586   
Published: 2021 06 30 02:05:03
Received: 2021 06 30 03:00:45
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: June 2021 Forensic Contest: Answers and Analysis, (Wed, Jun 30th) - published over 3 years ago.
Content: Introduction
Copy Link: https://isc.sans.edu/diary/rss/27582   
Published: 2021 06 30 00:01:33
Received: 2021 06 30 01:00:46
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Tuesday, June 29th, 2021 https://isc.sans.edu/podcastdetail.html?id=7562, (Tue, Jun 29th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27580   
Published: 2021 06 29 02:05:04
Received: 2021 06 29 04:00:36
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Diving into a Google Sweepstakes Phishing E-mail, (Tue, Jun 29th) - published over 3 years ago.
Content: I was recently forwarded another phishing e-mail to examine. This time, it was an e-mail that claimed to be from Google. The e-mail included a pdf file, and instructed the recipient download the file for further information. Figure 1 below shows the headers, while Figure 2 shows the content of the e-mail message.
Copy Link: https://isc.sans.edu/diary/rss/27578   
Published: 2021 06 30 02:06:13
Received: 2021 06 29 01:00:38
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: CFBF Files Strings Analysis, (Mon, Jun 28th) - published over 3 years ago.
Content: The Office file format that predates the OOXML format, is a binary format based on the CFBF format. I informally call this the ole file format.
Copy Link: https://isc.sans.edu/diary/rss/27576   
Published: 2021 06 28 17:10:33
Received: 2021 06 28 19:00:51
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Monday, June 28th, 2021 https://isc.sans.edu/podcastdetail.html?id=7560, (Mon, Jun 28th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27574   
Published: 2021 06 28 02:05:02
Received: 2021 06 28 03:00:52
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: DIY CD/DVD Destruction, (Sun, Jun 27th) - published over 3 years ago.
Content: I have some personal CDs & DVDs to dispose of. And I don't want them to reamain (easily) readable.
Copy Link: https://isc.sans.edu/diary/rss/27572   
Published: 2021 06 27 19:14:18
Received: 2021 06 27 21:00:43
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: CVE-2019-9670: Zimbra Collaboration Suite XXE vulnerability, (Sat, Jun 26th) - published over 3 years ago.
Content: This XML External Entity injection (XXE) vulnerability disclosed in March 2019 is still actively scanned for a vulnerable mailboxd component in Synacor Zimbra Collaboration Suite 8.7.x before 8.7.11p10. This exploit attempts to read the Zimbra configuration file that contains an LDAP password for the zimbra account.
Copy Link: https://isc.sans.edu/diary/rss/27570   
Published: 2021 06 26 10:13:15
Received: 2021 06 26 12:00:47
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Friday, June 25th, 2021 https://isc.sans.edu/podcastdetail.html?id=7558, (Fri, Jun 25th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27568   
Published: 2021 06 25 02:05:03
Received: 2021 06 25 04:00:43
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Is this traffic bAD?, (Fri, Jun 25th) - published over 3 years ago.
Content: It seems like every time I take a handler shift lately, I'm talking about an uptick of traffic on another port and I'm not breaking that trend today. This really takes me back to the early days of the Internet Storm Center when that seemed to be the main thing we talked about. This time, the port that gotmy attention is UDP port 389. This is the normal port ...
Copy Link: https://isc.sans.edu/diary/rss/27566   
Published: 2021 06 25 00:45:40
Received: 2021 06 25 02:00:38
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Do you Like Cookies? Some are for sale!, (Thu, Jun 24th) - published over 3 years ago.
Content: Cookies… These small pieces of information are always with us. Since the GDPR was kicked off in Europe, we are flooded by pop-ups asking if we accept “cookies”. Honestly, most people don’t take time to read the warning and just accept the default settings.
Copy Link: https://isc.sans.edu/diary/rss/27558   
Published: 2021 06 24 05:33:16
Received: 2021 06 24 07:00:42
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Thursday, June 24th, 2021 https://isc.sans.edu/podcastdetail.html?id=7556, (Thu, Jun 24th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27564   
Published: 2021 06 24 02:00:03
Received: 2021 06 24 02:00:50
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Standing With Security Researchers Against Misuse of the DMCA, (Wed, Jun 23rd) - published over 3 years ago.
Content: As Dean of Research for our graduate school (sans.edu), I often assist students in developing their research ideas. The research conducted by our students is valuable and important to defend our networks against highly organized and well-funded threat actors. Any restriction on our student's ability to conduct their research, and sharing their results freely...
Copy Link: https://isc.sans.edu/diary/rss/27562   
Published: 2021 06 23 15:56:47
Received: 2021 06 23 17:00:53
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Wednesday, June 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7554, (Wed, Jun 23rd) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27560   
Published: 2021 06 23 02:10:03
Received: 2021 06 23 04:00:40
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Phishing asking recipients not to report abuse, (Tue, Jun 22nd) - published over 3 years ago.
Content: It can be a little disheartening to deal with well-prepared phishing attacks every day, since one can easily see how even users who are fully “security-aware” could fall for some them. The messages don’t even have to be too complex to be believable. For example, a message containing seemingly innocuous text and a link that points to legitimate, well-known do...
Copy Link: https://isc.sans.edu/diary/rss/27556   
Published: 2021 06 22 13:15:17
Received: 2021 06 22 16:00:38
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Tuesday, June 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7552, (Tue, Jun 22nd) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27554   
Published: 2021 06 22 02:00:03
Received: 2021 06 22 04:00:40
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Mitre CWE - Common Weakness Enumeration, (Mon, Jun 21st) - published over 3 years ago.
Content: If you are involved in the security industry  you are at least somewhat familiar with the Mitre ATT&CK framework, the very useful, community driven, knowledgebase of attack threat models and methodologies which can be used to emulate adversary behavior to test security controls. However fewer are aware of a lesser known Mitre project, Common Weakness Enu...
Copy Link: https://isc.sans.edu/diary/rss/27552   
Published: 2021 06 21 19:10:23
Received: 2021 06 21 21:00:39
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Executives and Ransomware Webcast: Stop, Collaborate, and Listen! - https://www.sans.org/webcasts/executives-ransomware-stop-collaborate-listen-120150, (Mon, Jun 21st) - published over 3 years ago.
Content: -- Rick Wanner MSISE - rwanner at isc dot sans dot edu - Twitter:namedeplume (Protected)
Copy Link: https://isc.sans.edu/diary/rss/27550   
Published: 2021 06 21 15:24:32
Received: 2021 06 21 17:00:44
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Monday, June 21st, 2021 https://isc.sans.edu/podcastdetail.html?id=7550, (Mon, Jun 21st) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27548   
Published: 2021 06 21 02:00:03
Received: 2021 06 21 03:00:38
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Video: oledump Cheat Sheet, (Sun, Jun 20th) - published over 3 years ago.
Content: I did create a SANS cheat sheet for oledump.py.
Copy Link: https://isc.sans.edu/diary/rss/27546   
Published: 2021 06 20 14:59:32
Received: 2021 06 20 16:00:38
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Easy Access to the NIST RDS Database, (Sat, Jun 19th) - published over 3 years ago.
Content: When you're facing some suspicious files while performing forensic investigations or analyzing malware components, it's always interesting to know these files are legit or malicious/modified. One of the key sources to verify hashes is provided by NIST and is called the NSLR project ("National Software Reference Library")[1]. They build "Reference Data Set" (...
Copy Link: https://isc.sans.edu/diary/rss/27544   
Published: 2021 06 19 10:27:32
Received: 2021 06 19 11:00:34
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Open redirects ... and why Phishers love them, (Fri, Jun 18th) - published over 3 years ago.
Content: Working from home, did you get a meeting invite recently that pointed to https://meet.google.com ?  Well, that's indeed where Google's online meeting tool is located. But potentially the URL you got is not "only" leading you there.
Copy Link: https://isc.sans.edu/diary/rss/27542   
Published: 2021 06 18 13:03:34
Received: 2021 06 18 15:01:07
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: 
Network Forensics on Azure VMs (Part #2), (Fri, Jun 18th) - published over 3 years ago.
Content: In yesterday's diary, we took a look at two methods that allow to capture network connection information off a potentially compromised virtual machine in Azure. Today, we'll investigate the most recent addition to the VM monitoring arsenal, namely "Azure Monitor Insights".
Copy Link: https://isc.sans.edu/diary/rss/27538   
Published: 2021 06 18 00:28:16
Received: 2021 06 18 03:00:47
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Friday, June 18th, 2021 https://isc.sans.edu/podcastdetail.html?id=7548, (Fri, Jun 18th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27540   
Published: 2021 06 18 02:00:04
Received: 2021 06 18 03:00:47
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: 
 Network Forensics on Azure VMs (Part #1), (Thu, Jun 17th) - published over 3 years ago.
Content: The tooling to investigate a potentially malicious event on an Azure Cloud VM is still in its infancy. We have covered before (Forensicating Azure VMs) how we can create a snapshot of the OS disk of a running VM. Snapshotting and then killing off the infected VM is very straight forward, but it also tips off an intruder that he has been found out. Sometimes,...
Copy Link: https://isc.sans.edu/diary/rss/27536   
Published: 2021 06 17 14:40:22
Received: 2021 06 18 02:00:45
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Network Forensics on Azure VMs (Part #2), (Fri, Jun 18th) - published over 3 years ago.
Content: In yesterday's diary, we took a look at two methods that allow to capture network connection information off a potentially compromised virtual machine in Azure. Today, we'll investigate the most recent addition to the VM monitoring arsenal, namely "Azure Monitor Insights".
Copy Link: https://isc.sans.edu/diary/rss/27538   
Published: 2021 06 18 00:28:16
Received: 2021 06 18 02:00:45
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Network Forensics on Azure VMs (Part #1), (Thu, Jun 17th) - published over 3 years ago.
Content: The tooling to investigate a potentially malicious event on an Azure Cloud VM is still in its infancy. We have covered before (Forensicating Azure VMs) how we can create a snapshot of the OS disk of a running VM. Snapshotting and then killing off the infected VM is very straight forward, but it also tips off an intruder that he has been found out. Sometimes,...
Copy Link: https://isc.sans.edu/diary/rss/27536   
Published: 2021 06 17 14:40:22
Received: 2021 06 17 16:00:52
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Thursday, June 17th, 2021 https://isc.sans.edu/podcastdetail.html?id=7546, (Thu, Jun 17th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27534   
Published: 2021 06 17 02:10:03
Received: 2021 06 17 04:00:50
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: June 2021 Forensic Contest, (Wed, Jun 16th) - published over 3 years ago.
Content: Introduction
Copy Link: https://isc.sans.edu/diary/rss/27532   
Published: 2021 06 16 20:09:59
Received: 2021 06 16 21:00:59
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Wednesday, June 16th, 2021 https://isc.sans.edu/podcastdetail.html?id=7544, (Wed, Jun 16th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27530   
Published: 2021 06 16 02:00:03
Received: 2021 06 16 05:01:28
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more, (Tue, Jun 15th) - published over 3 years ago.
Content: Vulnerable perimeter devices remain a popular target, and we do see consistent exploit attempts against them. This weekend, Guy wrote about some scans for Fortinet vulnerabilities [1], and Xavier notes that Crowdstrike observed attacks against EoL Sonicwalls [2]. Starting earlier this month, we did also observe a consistent trickle of requests looking for a ...
Copy Link: https://isc.sans.edu/diary/rss/27528   
Published: 2021 06 15 10:16:33
Received: 2021 06 15 12:01:14
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Tuesday, June 15th, 2021 https://isc.sans.edu/podcastdetail.html?id=7542, (Tue, Jun 15th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27526   
Published: 2021 06 15 02:00:03
Received: 2021 06 15 03:00:51
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Monday, June 14th, 2021 https://isc.sans.edu/podcastdetail.html?id=7540, (Mon, Jun 14th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27524   
Published: 2021 06 14 02:05:02
Received: 2021 06 14 04:00:53
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Update: mac-robber.py, (Sun, Jun 13th) - published over 3 years ago.
Content: Almost 4 years ago, I wrote a python version of mac-robber. I use it fairly regularly at $dayjob. This past week, one of my co-workers was using it, but realized that it hashes large files a little too slowly. He decided to use mac-robber.py to collect the MAC times and do the hashing separately so he could limit the hashes to to files under a certain size. ...
Copy Link: https://isc.sans.edu/diary/rss/27522   
Published: 2021 06 13 01:34:51
Received: 2021 06 13 03:00:48
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Fortinet Targeted for Unpatched SSL VPN Discovery Activity, (Sat, Jun 12th) - published over 3 years ago.
Content: Over the past 60 days, I have observed scanning activity to discover FortiGate SSL VPN unpatched services. Fortinet has fixed several critical vulnerabilities in SSL VPN and web firewall this year from Remote Code Execution (RCE) to SQL Injection, Denial of Service (DoS) which impact the FortiProxy SSL VPN and FortiWeb Web Application Firewall (WAF) products...
Copy Link: https://isc.sans.edu/diary/rss/27520   
Published: 2021 06 12 17:32:44
Received: 2021 06 12 19:00:44
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Sonicwall SRA 4600 Targeted By an Old Vulnerability, (Fri, Jun 11th) - published over 3 years ago.
Content: Devices and applications used to provide remote access are juicy targets. I've already been involved in many ransomware cases and most of the time, the open door was an unpatched VPN device/remote access solution or weak credentials. A good example, the recent attack against the Colonial Pipeline that started with a legacy VPN profile[1].
Copy Link: https://isc.sans.edu/diary/rss/27518   
Published: 2021 06 11 13:55:53
Received: 2021 06 11 16:00:44
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Keeping an Eye on Dangerous Python Modules, (Fri, Jun 11th) - published over 3 years ago.
Content: With Python getting more and more popular, especially on Microsoft Operating systems, it's common to find malicious Python scripts today. I already covered some of them in previous diaries[1][2]. I like this language because it is very powerful: You can automate boring tasks in a few lines. It can be used for offensive as well as defensive purposes, and... i...
Copy Link: https://isc.sans.edu/diary/rss/27514   
Published: 2021 06 11 05:31:23
Received: 2021 06 11 07:00:50
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Friday, June 11th, 2021 https://isc.sans.edu/podcastdetail.html?id=7538, (Fri, Jun 11th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27516   
Published: 2021 06 11 02:00:02
Received: 2021 06 11 04:00:43
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Are Cookie Banners a Waste of Time or a Complete Waste of Time?, (Thu, May 20th) - published over 3 years ago.
Content: Legislation, in particular in the European Union, has led to a proliferation of "Cookie Banners." Warning banners that either ask you for blanket permission to set cookies or, in some cases, provide you with some control as to what cookies you do allow. These regulations emerged after advertisers made excessive use of HTTP Cookies to track users across diffe...
Copy Link: https://isc.sans.edu/diary/rss/27436   
Published: 2021 06 10 12:08:59
Received: 2021 06 10 14:00:44
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Thursday, June 10th, 2021 https://isc.sans.edu/podcastdetail.html?id=7536, (Thu, Jun 10th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27512   
Published: 2021 06 10 02:00:03
Received: 2021 06 10 04:00:47
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Architecture, compilers and black magic, or "what else affects the ability of AVs to detect malicious files", (Wed, Jun 9th) - published over 3 years ago.
Content: In my last diary, we went over the impact of different Base encodings on the ability of anti-malware tools to detect malicious code[1]. Since results of our tests showed (among other things) that AV tools in general still struggle significantly more with detecting 64-bit malicious code then 32-bit malicious code, I thought it might be interesting to discuss ...
Copy Link: https://isc.sans.edu/diary/rss/27510   
Published: 2021 06 09 11:23:11
Received: 2021 06 09 13:00:40
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Wednesday, June 9th, 2021 https://isc.sans.edu/podcastdetail.html?id=7534, (Wed, Jun 9th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27508   
Published: 2021 06 09 02:10:03
Received: 2021 06 09 03:00:45
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Microsoft June 2021 Patch Tuesday, (Tue, Jun 8th) - published over 3 years ago.
Content: This month we got patches for 50 vulnerabilities. Of these, 5 are critical, 2 were previously disclosed and 6 is already being exploited according to Microsoft.
Copy Link: https://isc.sans.edu/diary/rss/27506   
Published: 2021 06 08 17:57:19
Received: 2021 06 08 20:00:42
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Tuesday, June 8th, 2021 https://isc.sans.edu/podcastdetail.html?id=7532, (Tue, Jun 8th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27504   
Published: 2021 06 08 02:00:03
Received: 2021 06 08 04:00:40
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Amazon Sidewalk: Cutting Through the Hype, (Mon, Jun 7th) - published over 3 years ago.
Content: Later this week (tomorrow?), Amazon will enable its new Sidewalk feature. The feature has already gotten a lot of bad press. Much of this comes from the fact that existing devices are automatically used as Sidewalk Gateways, and users will have to opt out. New devices may require a specific opt-in during setup.
Copy Link: https://isc.sans.edu/diary/rss/27502   
Published: 2021 06 07 19:22:50
Received: 2021 06 07 17:00:42
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Monday, June 7th, 2021 https://isc.sans.edu/podcastdetail.html?id=7530, (Mon, Jun 7th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27500   
Published: 2021 06 07 02:05:03
Received: 2021 06 07 03:00:35
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Quick and dirty Python: nmap, (Mon, May 31st) - published over 3 years ago.
Content: Continuing on from the "Quick and dirty Python: masscan" diary, which implemented a simple port scanner in Python using masscan to detect web instances on TCP ports 80 or 443.  Masscan is perfectly good as a blunt instrument to quickly find open TCP ports across large address spaces, but for fine details it is better to use a scanner like nmap that, while mu...
Copy Link: https://isc.sans.edu/diary/rss/27480   
Published: 2021 05 31 19:20:50
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Tuesday, June 1st, 2021 https://isc.sans.edu/podcastdetail.html?id=7522, (Tue, Jun 1st) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27484   
Published: 2021 06 01 02:00:02
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses, (Mon, May 31st) - published over 3 years ago.
Content:  
Copy Link: https://isc.sans.edu/diary/rss/27482   
Published: 2021 06 01 11:00:57
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Wednesday, June 2nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7524, (Wed, Jun 2nd) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27486   
Published: 2021 06 02 02:10:02
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Wireshark 3.4.6 (and 3.2.14) released, (Wed, Jun 2nd) - published over 3 years ago.
Content: A new version of wireshark is out, a couple of bugfixes including a QUIC TLK decryption issue. Also, the Windows version now comes with npcap 1.31 (updated from 1.10).
Copy Link: https://isc.sans.edu/diary/rss/27488   
Published: 2021 06 02 20:15:53
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Thursday, June 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7526, (Thu, Jun 3rd) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27490   
Published: 2021 06 03 02:10:02
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: DShield Data Analysis: Taking a Look at Port 45740 Activity, (Thu, Jun 3rd) - published over 3 years ago.
Content: At the SANS Internet Storm Center (ISC), handlers frequently analyze data submitted from DShield participants to determine activity trends and potential attacks. A few days ago on May 31st, I observed a small anomaly for %%port:45740%% and decided to monitor it for the next 3 days or so. There was a huge spike in number of sources/day and reports/day recorde...
Copy Link: https://isc.sans.edu/diary/rss/27492   
Published: 2021 06 03 07:00:02
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: ISC Stormcast For Friday, June 4th, 2021 https://isc.sans.edu/podcastdetail.html?id=7528, (Fri, Jun 4th) - published over 3 years ago.
Content:
Copy Link: https://isc.sans.edu/diary/rss/27498   
Published: 2021 06 04 02:00:03
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Russian Dolls VBS Obfuscation, (Fri, Jun 4th) - published over 3 years ago.
Content: We received an interesting sample from one of our readers (thanks Henry!) and we like this. If you find something interesting, we are always looking for fresh meat! Henry's sample was delivered in a password-protected ZIP archive and the file was a VBS script called "presentation_37142.vbs" (SHA256:2def8f350b1e7fc9a45669bc5f2c6e0679e901aac233eac6355026803494...
Copy Link: https://isc.sans.edu/diary/rss/27494   
Published: 2021 06 04 05:01:36
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities

Article: Strange goings on with port 37, (Thu, Jun 3rd) - published over 3 years ago.
Content: Similar to Yee Ching's diary on Thursday, I noticed an oddity in the Dshield data last weekend (which I had hoped to discuss in a diary on Wednesday, but life got in the way) and thought it was worth asking around to see if anyone knows what is going on. As soon as I saw it, I reconfigured my honeypots to try to capture the traffic, but wasn't able to. I'm a...
Copy Link: https://isc.sans.edu/diary/rss/27496   
Published: 2021 06 05 02:45:21
Received: 2021 06 06 09:01:05
Feed: SANS Internet Storm Center, InfoCON: green
Source: SANS Internet Storm Center, InfoCON: green
Category: Alerts
Topic: Vulnerabilities