security.didici.cc

ISC StormCast for Wednesday, June 29th, 2022

4 hours ago

Possible Scans for HiByMusic Devices https://isc.sans.edu/foru
ms/diary/Possible+Scans+f
or+HiByMusic+Devices/2879
6/ OpenSSL Heap Overflow https://guidovranken.com/
2022/06/27/notes-on-opens
sl-remote-memory-corrupti
on/ https://github.com/openss
l/openssl/i ...

Risky Business #669 -- Finally, an ICS attack that made stuff explode!

6 hours ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Atta ...

SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal

8 hours ago

Picture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well ...

ISC StormCast for Tuesday, June 28th, 2022

1 day ago

Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/foru
ms/diary/Encrypted+Client
+Hello+Anybody+Using+it+Y
et/28792/ Jenkins Advisory https://www.jenkins.io/se
curity/advisory/2022-06-2
2/ Instagram Age Verification https://about.fb.com/new ...

Harmony blockchain loses nearly $100M due to hacked private keys

1 day ago

The crooks needed at least two private keys, each stored in two parts... but they got them anyway.

FTC warns of LGBTQ+ extortion scams – be aware before you share!

1 day ago

It's a simple jingle and it's solid advice: "If in doubt, don't give it out!"

ISC StormCast for Monday, June 27th, 2022

2 days ago

Python Abusing the Windows GUI https://isc.sans.edu/foru
ms/diary/Python+abusing+T
he+Windows+GUI/28780/ Mal
icious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/foru
ms/diary/Malicious+Code+P
assed+to+PowerShell+via+t
he+Clipboard/28784/ A ...

Risky Biz Soap Box: HD Moore on taking Rumble to the cloud

3 days ago

Today’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a n ...

OpenSSL issues a bugfix for the previous bugfix

4 days ago

Fortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.

ISC StormCast for Thursday, June 23rd, 2022

6 days ago

Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/foru
ms/diary/Malicious+PowerS
hell+Targeting+Cryptocurr
ency+Browser+Extensions/2
8772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov ...

ISC StormCast for Wednesday, June 22nd, 2022

1 week ago

Experimental New Domain / Domain Age API https://isc.sans.edu/foru
ms/diary/Experimental+New
+Domain+Domain+Age+API/28
770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com
/resources/ot-icefall-rep
ort/ Cloudflare Outage http ...

SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies

1 week ago

Picture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-u ...

Risky Business #668 -- Microsoft is hiding its Azure security problems

1 week ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange ...

Capital One identity theft hacker finally gets convicted

1 week ago

It took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!

ISC StormCast for Tuesday, June 21st, 2022

1 week ago

Odd TCP Fast Open Packets https://isc.sans.edu/foru
ms/diary/Odd+TCP+Fast+Ope
n+Packets+Anybody+underst
ands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1
001/DFSCoerce https://support.microsoft
.com/en-us/topic/kb500541
3-mitigating-ntlm- ...

Interpol busts 2000 suspects in phone scamming takedown

1 week ago

Friends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...

Ep. 172 - Security Awareness Series - Creating Psychological Salt with Ted Harrington

1 week ago

This month, Chris Hadnagy and Ryan MacDougall are joined by Ted Harrington. Ted is the author of HACKABLE: How to Do Application Security Right and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for h ...

ISC StormCast for Monday, June 20th, 2022

1 week ago

Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/foru
ms/diary/Critical+vulnera
bility+in+Splunk+Enterpri
ses+deployment+server+fun
ctionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike h ...

ISC StormCast for Friday, June 17th, 2022

1 week ago

Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/foru
ms/diary/Houdini+is+Back+
Delivered+Through+a+JavaS
cript+Dropper/28746/ Drif
ting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/
blog/2022/06/15/driftin ...

ISC StormCast for Thursday, June 16th, 2022

1 week ago

Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/foru
ms/diary/Terraforming+Hon
eypots+Installing+DShield
+Sensors+in+the+Cloud/287
48/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sona ...

ISC StormCast for Wednesday, June 15th, 2022

2 weeks ago

Microsoft Patch Tuesday https://isc.sans.edu/foru
ms/diary/Microsoft+June+2
022+Patch+Tuesday/28742/
Adobe Patches https://helpx.adobe.com/s
ecurity/security-bulletin
.html SynLapse Vulnerability https://orca.security/res
ources/blog/synlapse-crit
ical-azure ...

SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation

2 weeks ago

Picture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invi ...

Follina gets fixed – but it’s not listed in the Patch Tuesday patches!

2 weeks ago

We tried it out to make sure, so you don't have to.

Murder suspect admits she tracked cheating partner with hidden AirTag

2 weeks ago

O! What a tangled web we weave, when first we practise to deceive.

ISC StormCast for Tuesday, June 14th, 2022

2 weeks ago

Translating Saitama's DNS Tunneling https://isc.sans.edu/foru
ms/diary/Translating+Sait
amas+DNS+tunneling+messag
es/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/
travis-ci-security Linux Threat Hunting: "Syslogk" a kernel ro ...

You’re invited! Join us for a live walkthrough of the “Follina” story…

2 weeks ago

Live demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!

Ep. 171 - Human Element Series - Yes and... with Clay Drinko

2 weeks ago

Today Chris is talking with Clay Drinko, Ph.D. Clay is an author and educator. He writes for Psychology Today about the intersection between improv comedy, science, and everyday life. He's also the author of the first academic book connecting improv and c ...

ISC StormCast for Monday, June 13th, 2022

2 weeks ago

EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/foru
ms/diary/EPSScall+An+Expl
oit+Prediction+Scoring+Sy
stem+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdorm
ann/status/15352459138573
51680 Carrier LenelS2 ...

Risky Business #667 -- "Shields Up" for cyber's forever war

2 weeks ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attemp ...

ISC StormCast for Friday, June 10th, 2022

2 weeks ago

TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/foru
ms/diary/TA570+Qakbot+Qbo
t+tries+CVE202230190+Foll
ina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/
blog/blog/phishing-tactic
s-how ...

WMI Providers for Script Kiddies

2 weeks ago

Introduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Scrip ...

ISC StormCast for Thursday, June 9th, 2022

2 weeks ago

SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/foru
ms/diary/Atlassian+Conflu
ence+Exploits+Seen+By+Our
+Honeypots+CVE202226134/2
8722/ Fake CClenaer Malvertisements https://blog.avast.com/fa
kecrack-camp ...

SSNDOB Market servers seized, identity theft “brokerage”” shut down

2 weeks ago

The online identity "brokerage" SSNDOB Market didn't want pople to be in any doubt what it was selling.

ISC StormCast for Wednesday, June 8th, 2022

2 weeks ago

The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/t
he-trouble-with-microsoft
s-troubleshooters-6e32fc8
0b8bd QBot Uses Follina https://twitter.com/threa
tinsight/status/153422744
4915482625 Deadbolt Ransomware https://www.trendmicro.co
m/ ...

SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability

3 weeks ago

Picture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Mi ...

Know your enemy! Learn how cybercrime adversaries get in…

3 weeks ago

Here's how 144 recent attacks actually went down in real life. Don't let this happen to you!

ISC StormCast for Tuesday, June 7th, 2022

3 weeks ago

MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/foru
ms/diary/msmsdt+RTF+Maldo
c+Analysis+oledump+Plugin
s/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://clouds
ek.com/whitepapers_report
s/cybercriminals-exp ...

ISC StormCast for Monday, June 6th, 2022

3 weeks ago

Sandbox Evasion... With Just a Filename! https://isc.sans.edu/foru
ms/diary/Sandbox+Evasion+
With+Just+a+Filename/2870
8/ Atlassian Exploit Released https://www.rapid7.com/bl
og/post/2022/06/02/active
-exploitation-of-confluen
ce-cve-2022-26134/ GitLab Critic ...

Atlassian announces 0-day hole in Confluence Server – update soon!

3 weeks ago

Zero-day announced - here's what you need to know

ISC StormCast for Friday, June 3rd, 2022

3 weeks ago

Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/foru
ms/diary/Quick+Answers+in
+Incident+Response+RECmde
xe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/
blog/2022/06/02/zero-day-
exploitation-of-atlassian
-c ...

Yet another zero-day (sort of) in Windows “search URL” handling

3 weeks ago

More trouble with special-purpose URLs on Windows.

ISC StormCast for Thursday, June 2nd, 2022

3 weeks ago

HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/foru
ms/diary/HTML+phishing+at
tachments+now+with+antian
alysis+features/28702/ Un
official Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2
022/06/free-micropatches ...

Firefox 101 is out, this time with no 0-day scares (but update anyway!)

3 weeks ago

After an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.

ISC StormCast for Wednesday, June 1st, 2022

4 weeks ago

Follina Update https://isc.sans.edu/foru
ms/diary/First+Exploitati
on+of+Follina+Seen+in+the
+Wild/28698/ https://isc.sans.edu/foru
ms/diary/New+Microsoft+Of
fice+Attack+Vector+via+ms
msdt+Protocol+Scheme+CVE2
02230190/28694/ Open Automation Software Platform ...

SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD

4 weeks ago

Picture of the Week. New South Wales DDL — Digital Driver's License. The latest Microsoft Office 0-day remote code execution vulnerability. GhostTouch. Vodafone's new TrustPiD. Closing the Loop. DuckDuckGone? We invite you to read our show note ...

Risky Business #666 -- The msdt RTF of DOOM

4 weeks ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned i ...

Mysterious “Follina” zero-day hole in Office – what to do?

4 weeks ago

News has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!

ISC StormCast for Tuesday, May 31st, 2022

4 weeks ago

New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/foru
ms/diary/New+Microsoft+Of
fice+Attack+Vector+via+ms
msdt+Protocol+Scheme/2869
4/

Beware the Smish! Home delivery scams with a professional feel…

4 weeks ago

Home delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...

ISC StormCast for Friday, May 27th, 2022

1 month ago

Huge Signed PE Files https://isc.sans.edu/foru
ms/diary/Huge+Signed+PE+F
ile/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/v
mware-authentication-bypa
ss-vulnerability-cve-2022
-22972-technical-deep-div
e/ Quanta Server BMC Vulnerability ht ...

Intro to Web App Security Testing: Burp Suite Tips & Tricks

1 month ago

A brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many ...

Who’s watching your webcam? The Screencastify Chrome extension story…

1 month ago

When you really need to make exceptions in cybersecurity, specify them as explicitly as you can.

ISC StormCast for Thursday, May 26th, 2022

1 month ago

Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/foru
ms/diary/Using+NMAP+to+As
sess+Hosts+in+Load+Balanc
ed+Clusters/28682/ Attack
er Modifying Libraries Claims "Research" https://www.bleepingcompu
ter.com/news/security/hac
ker-says- ...

ISC StormCast for Wednesday, May 25th, 2022

1 month ago

ctx Python Library Updated with "Extra" Features https://isc.sans.edu/foru
ms/diary/ctx+Python+Libra
ry+Updated+with+Extra+Fea
tures/28678/ Zoom Updates https://explore.zoom.us/e
n/trust/security/security
-bulletin/ VMWare Exploit About to Be Released https ...

SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1

1 month ago

Picture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking ...

Risky Business -- #665 You can ransomware whole countries now

1 month ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP s ...

Poisoned Python and PHP packages purloin passwords for AWS access

1 month ago

More supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.

Pwnton Pack: An Unlicensed 802.11 Particle Accelerator

1 month ago

This past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film releas ...

ISC StormCast for Tuesday, May 24th, 2022

1 month ago

Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/foru
ms/diary/Attacker+Scannin
g+for+jQueryFileUpload/28
674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/se
curity-alerts/alert-cve-2
022-21500.html How to find NPM dep ...

Clearview AI face-matching service fined a lot less than expected

1 month ago

The fine has finally gone through... but it's less than 45% of what was originally proposed.

ISC StormCast for Monday, May 23rd, 2022

1 month ago

A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/foru
ms/diary/A+Zip+Bomb+to+By
pass+Security+Controls+Sa
ndboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/s
ecurity/center/content/Ci
s ...

Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!

1 month ago

That was quick! 48 hours from exploit report to published patch.

Microsoft patches the Patch Tuesday patch that broke authentication

1 month ago

Remember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?

Splunk SPL Queries for Detecting gMSA Attacks

1 month ago

1    Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘g ...

US Government says: Patch VMware right now, or get off our network

1 month ago

Find and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.

ISC StormCast for Friday, May 20th, 2022

1 month ago

Bumblebee Malware from TransferXL URLs https://isc.sans.edu/foru
ms/diary/Bumblebee+Malwar
e+from+TransferXL+URLs/28
664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.co
m/en-us/windows/release-h
ealth/status-windows-11-2
1h ...

SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns

1 month ago

The following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented b ...

ISC StormCast for Thursday, May 19th, 2022

1 month ago

VMWare Flaws https://core.vmware.com/v
msa-2022-0014-questions-a
nswers-faq https://blog.barracuda.co
m/2022/05/17/threat-spotl
ight-attempts-to-exploit-
new-vmware-vulnerabilitie
s/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://rese ...

Pwn2Own hacking schedule released – Windows and Linux are top targets

1 month ago

What's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?

ISC StormCast for Wednesday, May 18th, 2022

1 month ago

Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/foru
ms/diary/Use+Your+Browser
+Internal+Password+Vault+
or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftS
ecIntel/status/1526680337
216114693 UpdateAgent Adapts Again h ...

Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you

1 month ago

In this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations ...

SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes

1 month ago

Picture of the Week. An "eventful" Patch Tuesday. Patch Tuesday. Apple patched a 0-day. Google's "Open Source Maintenance Crew". Conti suggests overthrowing the new Costa Rican government. Policing the Google Play Store. The situation has grown m ...

Apple patches zero-day kernel hole and much more – update now!

1 month ago

You'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.

ISC StormCast for Tuesday, May 17th, 2022

1 month ago

Apple Patches Everything https://isc.sans.edu/foru
ms/diary/Apple+Patches+Ev
erything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/220
5.06114.pdf Third-Party Web Trackers Log What You Type Before ...

Putting the team in red team

1 month ago

One of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red t ...

Ep. 170 - Security Awareness Series - Rapport is the key to security with Adam Glick

1 month ago

This month, Chris Hadnagy and Ryan MacDougall are joined by Adam Glick. Adam is currently the Chief Information Security Officer for SimpliSafe in Boston, MA. In this position and his previous jobs, Adam has had the responsibility of managing all matters ...

ISC StormCast for Monday, May 16th, 2022

1 month ago

From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/foru
ms/diary/From+0Day+to+Mir
ai+7+days+of+BIGIP+Exploi
ts/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.soni
cwall.com/vuln-detail/SNW
LID-2022-0009 Zonealarm Patch https: ...

Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?

1 month ago

A new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.

He cracked passwords for a living – now he’s serving 4 years in prison

1 month ago

Crooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...

ISC StormCast for Friday, May 13th, 2022

1 month ago

When Get-WebRequest Fails You https://isc.sans.edu/foru
ms/diary/When+GetWebReque
st+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us
-en/document/ish_6184733-
6184761-16/hpsbhf03788 IN
TEL BIOS Advisory https://www.intel.com/con
tent/w ...

S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]

1 month ago

Latest episode - lots to learn - plain English - fun with a serious side - listen now!

Serious Security: Learning from curl’s latest bug update

1 month ago

Learn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.

ISC StormCast for Thursday, May 12th, 2022

1 month ago

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/foru
ms/diary/TA578+using+thre
adhijacked+emails+to+push
+ISO+files+for+Bumblebee+
malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://w ...

SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot

1 month ago

Picture of the Week.  Google updates Android to patch an actively exploited vulnerability.  Connecticut's recently passed data privacy bill became law last Wednesday.  Ransomware victim snapshot.  US State Department offering $10 million reward ...

ISC StormCast for Wednesday, May 11th, 2022

1 month ago

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/foru
ms/diary/Microsoft+May+20
22+Patch+Tuesday/28632/ A
dobe Updates https://helpx.adobe.com/s
ecurity/security-bulletin
.html npm "foreach" package domain takeover https://www.theregister.c
om/2022/05/1 ...

Colonial Pipeline facing $1,000,000 fine for poor recovery plans

1 month ago

How good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...

Diving into pre-created computer accounts

1 month ago

I was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certifi ...

ISC StormCast for Tuesday, May 10th, 2022

1 month ago

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/foru
ms/diary/Octopus+Backdoor
+is+Back+with+a+New+Embed
ded+Obfuscated+Bat+File/2
8628/#comments CVE-2022-1
388 (BIG-IP) Exploits https://twitter.com/sans_
isc/status/15237 ...

RubyGems supply chain rip-and-replace bug fixed – check your logs!

1 month ago

Imagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".

Ep. 169 - Human Element Series - A Real Life Doogie Howser with Dr. Abbie Maroño

1 month ago

Today we will be talking with Abbie Maroño, a nonverbal communications and social influence coach. Abbie published her first paper in nonverbal communication at 19 years old, going on to do her PhD in behavior analysis and become a university lecturer at ...

ISC StormCast for Monday, May 9th, 2022

1 month ago

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/foru
ms/diary/F5+BIGIP+Unauthe
nticated+RCE+Vulnerabilit
y+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-d
e/security-advisory/qsa-2
2-07 Raspberry Robin Worm http ...

You didn’t leave enough space between ROSE and AND, and AND and CROWN

1 month ago

What weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?

ISC StormCast for Friday, May 6th, 2022

1 month ago

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/foru
ms/diary/Passwordprotecte
d+Excel+spreadsheet+pushe
s+Remcos+RAT/28616/ Micro
soft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.c
om/2022/05/05/ ...