security.didici.cc

ISC StormCast for Friday, September 24th, 2021

9 hours ago

Excel Recipe: Some VBA Code with a Touch of Excel4 Macrohttps://isc.sans.edu
/forums/diary/Excel+Recip
e+Some+VBA+Code+with+a+To
uch+of+Excel4+Macro/27864
/ Windows Platform Binary Table Weaknesshttps://eclypsium
.com/2021/09/20/everyone-
gets-a-rootkit/ Apple ...

How Outlook “autodiscover” could leak your passwords – and how to stop it

19 hours ago

The Microsoft Autodiscover "Great Leak" explained - and how to prevent it

ISC StormCast for Thursday, September 23rd, 2021

1 day ago

An XML-Obfustcated Office Document (CVE-2021-40444)https://i
sc.sans.edu/forums/diary/
An+XMLObfuscated+Office+D
ocument+CVE202140444/2786
0/ Exchange Autodiscovering Leaks Credentialshttps://www.gu
ardicore.com/labs/autodis
covering-the-great-leak/
Nagios Vuln ...

VMware patch bulletin warns: “This needs your immediate attention.”

1 day ago

"It is a matter of time before working exploits are available," warns VMware.

ISC StormCast for Wednesday, September 22nd, 2021

2 days ago

A First Look at Apple's iOS 15 "Private Relay" featurehttps://isc.sans.e
du/forums/diary/A+First+L
ook+at+Apples+iOS+15+Priv
ate+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCEhttps://ssd-disclosure
.com/ssd-advisory-macos-f
ind ...

SN 837: Cobalt Strike - Android Auto-Revokes Permissions, DDoS on VoIP.ms, Patch Tuesday, Was GRC Pwned?

2 days ago

Picture of the week. The DDoS attack on VoIP.ms. Patch Tuesday's Mixed Blessing. Android to auto-reset app permissions on many more devices. BREAKING: FBI held back ransomware decryption key from businesses to run operation targeting hackers. Google patch ...

Risky Business #639 -- USA's ransomware non-policy fails to meet its unstated objective

2 days ago

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: BlackMatter is back in the USA’s critical supply chain The FBI and friends apparently got up in REvil’s business The Azure OMI thing is totally the ...

iOS 15 includes Face ID fix for security bypass using fake heads

2 days ago

Fake heads! (Cue dystopian scifi music.)

Supply Chain Woes – Attacks and Issues in IT Infrastructure: What Can We Do?

2 days ago

All businesses operate on the principle that a certain level of trust is necessary between the business itself and the IT components that comprise its supporting infrastructure. These components include hardware and software, as well as the vendors who pr ...

ISC StormCast for Tuesday, September 21st, 2021

3 days ago

OMIGOD Exploits Captured in the Wild.https://isc.sans.edu
/forums/diary/OMIGOD+Expl
oits+Captured+in+the+Wild
+Researchers+responsible+
for+half+of+scans+for+rel
ated+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)https://support.ap
p ...

“Back to basics” as courier scammers skip fake fees and missed deliveries

3 days ago

"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods!

Ep. 154 - Security Awareness Series - Whispering Sweet Security Nothings with Ed Skoudis

4 days ago

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis.  Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges.  He is the founder of Counter Hack, an innovative cyber security company that works as trusted inf ...

ISC StormCast for Monday, September 20th, 2021

4 days ago

Malicious Calendar Subscriptions Are Backhttps://isc.sans.edu/
forums/diary/Malicious+Ca
lendar+Subscriptions+Are+
Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Documenthttps://isc.sans.
edu/forums/diary/Simple+A
nalysis+Of+A+CVE202140444
+docx+Docum ...

ISC StormCast for Friday, September 17th, 2021

1 week ago

Phishing 101: why depend on one suspicious message subject when you can use manyhttps://isc.sans.edu/
forums/diary/Phishing+101
+why+depend+on+one+suspic
ious+message+subject+when
+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printinghttps://www. ...

OMIGOD, an exploitable hole in Microsoft open source code!

1 week ago

Got Linux? Here's a bug you weren't expecting, in software you might not know you have.

ISC StormCast for Thursday, September 16th, 2021

1 week ago

Hancitor Campaign Abusing Microsoft's OneDrivehttps://isc.sans.
edu/forums/diary/Hancitor
+campaign+abusing+Microso
fts+OneDrive/27838/ "
;Secret"Agent Exposes Azure Customers To Unauthorized Code Executionhttps://www.wiz.
io/blog/secret-agent-expo
ses-azure-cus ...

S3 Ep50: Two 0-days plus another 0-day plus a fast food bug [Podcast]

1 week ago

Bugs! So many bugs! Latest episode - listen now...

ISC StormCast for Wednesday, September 15th, 2021

1 week ago

Microsoft Patcheshttps://isc.sans.e
du/forums/diary/Microsoft
+September+2021+Patch+Tue
sday/27834/ Adobe Patcheshttps://helpx.adob
e.com/security/security-b
ulletin.html

SN 836: The Mēris Botnet - 0-Day Attack on Office Docs, WFH and Security, Return of REvil

1 week ago

Picture of the Week. A new worrisome 0-day attack against Office documents. Work From Home (WFH) — No problem? "Attacks only ever get better" The return of REvil — Apparently, vacation's over. Closing the Loop. I have this next piece under "Science Fi ...

Risky Business #638 -- Licensed to Pwn

1 week ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: Apple 0day has everyone freaking out So much more 0day in the wild American Project Raven staffers settle with DoJ Two absolutely bonkers Azure security pr ...

Why your threat hunting program building shouldn’t stop once the engagement is over

1 week ago

Let’s see, it looks like your organization just met an annual Threat Hunting assessment compliance requirement or achieved the introductory objective of experiencing a formal Threat Hunting assessment. Well done! Now, what should the organization take i ...

ISC StormCast for Tuesday, September 14th, 2021

1 week ago

Apple Updates Everythinghttps://support
.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Detailshttps://citizenlab
.ca/2021/09/forcedentry-n
so-group-imessage-zero-cl
ick-exploit-captured-in-t
he-wild/ Google Chrome Updatehttps://chromerelea
ses.googl ...

Apple products vulnerable to FORCEDENTRY zero-day attack – patch now!

1 week ago

Double trouble: two zero-days, patched in the same emergency update. So please don't delay - patch today!

Serious Security: How to make sure you don’t miss bug reports!

1 week ago

Hey, let's create a text file that lists our security contacts! We'll call it... security DOT txt.

Ep. 153 - Human Element Series - You Are Special And Other Lies With Cortney Warren

1 week ago

In this episode, Chris Hadnagy is joined by Dr. Cortney Warren. Dr. Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV).  She is an expert on ad ...

ISC StormCast for Monday, September 13th, 2021

1 week ago

Shipping Microsoft DNS Logs to Elasticsearchhttps://isc.
sans.edu/forums/diary/Shi
pping+to+Elasticsearch+Mi
crosoft+DNS+Logs/27828/ E
xploit Generator for CVE-2021-40444https://git
hub.com/lockedbyte/CVE-20
21-40444 Windows Lock Screen Bypasshttps://halove23.b ...

ISC StormCast for Friday, September 10th, 2021

2 weeks ago

ISC/DShield API Updateshttps://isc.sans.e
du/forums/diary/Updates+t
o+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerabilityhttps://www.
bleepingcomputer.com/news
/microsoft/windows-mshtml
-zero-day-defenses-bypass
ed-as-new-info-emerges/ G
itHub Actions ...

Snake Oilers: Get Signal Sciences in your CDN, automate canary generation and cloud your SIEM!

2 weeks ago

Snake Oilers: Get Signal Sciences in your CDN, automate canary generation and cloud your SIEM! Three solid pitches in this edition… In this edition of the Snake Oilers we’ll hear pitches from three vendors: Brian Joe from Fastly talks about its inte ...

Update: The Defensive Security Strategy

2 weeks ago

Original post:  https://www.trustedsec.
com/blog/the-defensive-se
curity-strategy-what-stra
tegy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advance ...

ISC StormCast for Thursday, September 9th, 2021

2 weeks ago

Protonmail Correctionhttps://protonm
ail.com/blog/climate-acti
vist-arrest/https://proto
nmail.com/privacy-policy
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malwarehttps://isc.sans.e
du/forums/diary/Stolen+Im
ages+Evidence+Campaign+Co
ntinu ...

Windows zero-day MSHTML attack – how not to get booby trapped!

2 weeks ago

Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.

ISC StormCast for Wednesday, September 8th, 2021

2 weeks ago

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444https://msr
c.microsoft.com/update-gu
ide/vulnerability/CVE-202
1-40444 ProntonMail/VPN Releasing User's IP Addresshttps://protonmail
.com/blog/climate-activis
t-arrest/ What's App End To End E ...

SN 835: TPM v1.2 vs 2.0 - BlueTooth Troubles, Internet Anonymity, Apple CSAM, Light Chaser

2 weeks ago

Picture of the Week. The Razor mouse & keyboard. The wishful phrase "Internet Anonymity" is an oxymoron. And speaking of Apple's client-side image matching... BlueTooth has new troubles. Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms. ...

Risky Business #637 -- Infosec's bigfoot

2 weeks ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: Apple backs down on CSAM measures FTC shuts down spouseware company REvil is back! Confluence boxes are getting owned a lot Trickbot crew member arrested ...

Obsidian, Taming a Collective Consciousness

2 weeks ago

The Problem On August 05, 2021, a member of the Conti ransomware group leaked some of the group’s internal playbooks and technical documentation. Irrespective of any details surrounding the leak or its contents, the event itself prompted a more wides ...

ISC StormCast for Tuesday, September 7th, 2021

2 weeks ago

Confluence Updatehttps://confluence.
atlassian.com/doc/conflue
nce-security-advisory-202
1-08-25-1077906215.htmlht
tps://www.jenkins.io/blog
/2021/09/04/wiki-attacked
/ ProxyShell Updatehttps://news.sophos
.com/en-us/2021/09/03/con
ti-affiliates-use-proxysh
ell-ex ...

Poisoned proxy PACs! The NPM package with a network-wide security hole…

2 weeks ago

3,000,000 downloads a week... if only they'd read the fastitidous manual!

ISC StormCast for Friday, September 3rd, 2021

3 weeks ago

Attackers Will Always Abuse Major Events in our Lifeshttps://isc.sans.edu
/forums/diary/Attackers+W
ill+Always+Abuse+Major+Ev
ents+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084https://www
.rapid7.com/blog/post/202
1/09/02/active-e ...

Pwned! The home security system that can be hacked with your email address

3 weeks ago

The alarm system that can be turned off with your email address.

Introducing iHide – A New Jailbreak Detection Bypass Tool

3 weeks ago

Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check ou ...

ISC StormCast for Thursday, September 2nd, 2021

3 weeks ago

STRRAT: A Java Based RAT That Doesn't Care if You Have Javahttps://isc.sans.edu/
forums/diary/STRRAT+a+Jav
abased+RAT+that+doesnt+ca
re+if+you+have+Java/27798
/ IPC360 Baby Monitor Vulnerabilityhttps://www.
bitdefender.com/files/New
s/CaseStudies/study/402/B
itd ...

ISC StormCast for Wednesday, September 1st, 2021

3 weeks ago

BrakTooth: Impacts, Implications and Next Stepshttps://isc.sans.edu
/forums/diary/BrakTooth+I
mpacts+Implications+and+N
ext+Steps/27802/ Fortress Home Security System Weaknesshttps://threatpos
t.com/fortress-home-secur
ity-remote-disarmament/16
9069/ PostgreSQL ...

SN 834: Life: Hanging by a PIN - Credit Freeze vs. Credit Lock, SSD Bait & Switch, ProxyToken, Windows 11

3 weeks ago

Picture of the Week. Credit Freeze vs Credit Lock. T-Mobile hacker speaks! Where will Windows 11 run? ProxyToken. Tailscal
e Open Source? SSD Bait & Switch. SpinRite. Life: Hanging by a PIN. We invite you to read our show notes at https://www.grc.com/sn/SN ...

Risky Business #636 -- Victims are shunning data extortion payments

3 weeks ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: More info on the Belarusian Cyber Patriots How infosec overhyped election security risks Is data ransoming dying? All about the Azure Cosmos DB drama Muc ...

ISC StormCast for Tuesday, August 31st, 2021

3 weeks ago

Cryptocurrency Clipboard Swapper Delivered With Lovehttps://isc.sans.edu/
forums/diary/Cryptocurren
cy+Clipboard+Swapper+Deli
vered+With+Love/27794/ Pr
oxyToken Vulnerability in Exchangehttps://www.zerod
ayinitiative.com/blog/202
1/8/30/proxytoken-an-auth
entica ...

ISC StormCast for Monday, August 30th, 2021

3 weeks ago

ChaosDB: Azure Cosmos Database Vulnerabilityhttps://chao
sdb.wiz.io Phishing via Open Redirectshttps://www.micr
osoft.com/security/blog/2
021/08/26/widespread-cred
ential-phishing-campaign-
abuses-open-redirector-li
nks/ Parallels Vulnerabilityhttps://exch
ange. ...

ISC StormCast for Friday, August 27th, 2021

4 weeks ago

Cisco Advisorieshttps://tools.c
isco.com/security/center/
publicationListing.x GETH DoS Vulnerabilityhttps://gith
ub.com/ethereum/go-ethere
um/releases/tag/v1.10.8 C
onfluence Security Advisoryhttps://confluenc
e.atlassian.com/doc/confl
uence-security-advisory-2 ...

Big bad decryption bug in OpenSSL – but no cause for alarm

4 weeks ago

The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.

Risky Biz Soap Box: Bad incentives make Microsoft a villain again

4 weeks ago

In this edition of the Soap Box podcast we’ll be hearing from Ryan Kalember, the EVP of cybersecurity strategy at Proofpoint, a company best known for being an email filtering giant. Proofpoint’s biggest challenger in that space is Microsoft, and if ...

ISC StormCast for Thursday, August 26th, 2021

4 weeks ago

There May Be Many More SPF Records Than We Might Expecthttps://isc.sans.ed
u/forums/diary/There+may+
be+many+more+SPF+records+
than+we+might+expect/2778
6/ OpenSSL Updatehttps://www.openssl
.org/news/vulnerabilities
.html F5 Updatehttps://support.f5.
com/csp/art ...

ISC StormCast for Wednesday, August 25th, 2021

1 month ago

Attackers Hunting for Twilio Credentialshttps://isc.sa
ns.edu/forums/diary/Attac
kers+Hunting+For+Twilio+C
redentials/27782/ Modifie
d WhatsApp Spreading Malwarehttps://securelist
.com/triada-trojan-in-wha
tsapp-mod/103679/ Privile
ge Escalation without Pluggin ...

SN 833: Microsoft's Reasoned Neglect - T-Mobile's Major Data Leak, Razer Mouse Hack, Overlay Networks

1 month ago

Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay N ...

Risky Business #635 -- Owned via telnet? Must be "highly sophisticated attackers"!

1 month ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: T-Mobile owned hard USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons Facebook scrambles to secure Afghani accounts Hacker ...

How a gaming mouse can get you Windows superpowers!

1 month ago

When a helpful feature (that you probably didn't need) turns into an exploitable vulnerability...

ISC StormCast for Tuesday, August 24th, 2021

1 month ago

Out of Band Phishing Using SMS Messages to Evade Network Detectionhttps://isc.sans
.edu/forums/diary/Out+of+
Band+Phishing+Using+SMS+m
essages+to+Evade+Network+
Detection/27768/ Elevate Priviledges with Razer Mousehttps://twitter.com/
j0nh4t/status/14290495060 ...

What’s *THAT* on my 3D printer? Cloud bug lets anyone print to everyone

1 month ago

That's funny. I could have sworn I didn't run a print job yesterday... but will you look at that?

ISC StormCast for Monday, August 23rd, 2021

1 month ago

Waiting for the C2 to Show Uphttps://isc.sans.edu/fo
rums/diary/Waiting+for+th
e+C2+to+Show+Up/27772/ DO
CX with Embdedded EXEhttps://isc.sans.edu/f
orums/diary/docx+With+Emb
edded+EXE/27776/ Securing Your Windows 365 Cloud PCshttps://techcommunity.
microsoft.c ...

Japanese cryptocoin exchange robbed of $100,000,000

1 month ago

Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth...

ISC StormCast for Friday, August 20th, 2021

1 month ago

When Lightning Strikes: What works and doesn't workhttps://isc.sans.edu/
forums/diary/When+Lightni
ng+Strikes+What+works+and
+doesnt+work/27766/ Cisco Small Business Router Vulnerabilitieshttps://to
ols.cisco.com/security/ce
nter/content/CiscoSecurit
yAdvisory/ ...

Oh, Behave! Figuring Out User Behavior

1 month ago

One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behav ...

S3 Ep46: Copyright scams, video snooping and Grand Theft Crypto [Podcast]

1 month ago

Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.

ISC StormCast for Thursday, August 19th, 2021

1 month ago

5 Things to Consider Before Moving Back to the Officehttps://isc.sans.ed
u/forums/diary/5+Things+t
o+Consider+Before+Moving+
Back+to+the+Office/27762/
Adobe Patcheshttps://helpx.adob
e.com/security.html Sever
al Web Sites Infected with Chinese Spywarehttps://i ...

ISC StormCast for Wednesday, August 18th, 2021

1 month ago

Laravel Exploit Attempts Tageting Vulnerability in "Ignition"https
://isc.sans.edu/forums/di
ary/Laravel+v842+exploit+
attempts+for+CVE20213129+
debug+mode+Remote+code+ex
ecution/27758/ ThroughTek "Kaley" Protocol Vulnerabilityhttps://www.
fireeye.com/blog/thre ...

SN 832: Microsoft's Culpable Negligence - Firefox Update, Magniber, Merger of Avast and NortonLifeLock

1 month ago

Picture of the week. Firefox Update. Facebook finally adds end-to-end encryption to Messenger. Exploitation of PrintNightmare has begun. And "Magniber" Ransomware Uses PrintNightmare. Crypto-mi
ning botnet modifies CPU configurations to increase its mining ...

Video surveillance network hacked by researchers to hijack footage

1 month ago

Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...

Is Cyber Insurance Becoming Worthless?

1 month ago

New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber i ...

ISC StormCast for Tuesday, August 17th, 2021

1 month ago

Triage of Malware Bazaar's Daily Malware Batcheshttps://isc.sans.e
du/forums/diary/Extra+Tip
+For+Triage+Of+MALWARE+Ba
zaars+Daily+Malware+Batch
es/27754/ Realtek SDK Vulnerabilityhttps://www.
iot-inspector.com/blog/ad
visory-multiple-issues-re
altek-sdk-iot-sup ...

Risky Biz Soap Box: HD Moore talks Rumble and DCE/RPC party tricks

1 month ago

I am to be publishing this interview. This Soap Box is brought to you by Rumble, the asset discovery company founded by HD Moore. For those of you who don’t know, HD is a security legend, having done all sorts of amazing research over the years and crea ...

Copyright scammers turn to phone numbers instead of web links

1 month ago

Forewarned is forearmed. Here's our advice on dealing with "copyright infringement" scammers.

Ep. 152 - Security Awareness Series - Sharing With Your Frenemies with Bernie Acre

1 month ago

In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre.  Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, P ...

ISC StormCast for Monday, August 16th, 2021

1 month ago

Exchange E-Discovery Scanshttps://isc.sans.edu
/forums/diary/Scanning+fo
r+Microsoft+Exchange+eDis
covery/27748/ Danabot Distributed Through Malspamhttps://isc.sans.e
du/forums/diary/Example+o
f+Danabot+distributed+thr
ough+malspam/27744/ Weapo
nizing Middleboxe ...

ISC StormCast for Friday, August 13th, 2021

1 month ago

Print Nightmare Continues: CVE-2021-36958https://msr
c.microsoft.com/update-gu
ide/vulnerability/CVE-202
1-36958 Print Nightmare Abused by Ransomware Gangshttps://www.crowdstr
ike.com/blog/magniber-ran
somware-caught-using-prin
tnightmare-vulnerability/
PolyNet ...

S3 Ep45: Routers attacked, hacking tool hacked, and betrayers betrayed [Podcast]

1 month ago

Latest episode - listen now! (And learn about the Navajo Nation's selfless cryptographic contribution to America.)

ISC StormCast for Thursday, August 12th, 2021

1 month ago

TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strikehttps://isc.sans.ed
u/forums/diary/TA551+Shat
hak+continues+pushing+Baz
arLoader+infections+lead+
to+Cobalt+Strike/27738/ N
ew AdLoad Campaign Goes Undetected by XProtecthttps://labs.sent
inelo ...

Hacker grabs $600m in cryptocash from blockchain company Poly Networks

1 month ago

Where have all the cryptocoins gone? Will we ever get them back?

ISC StormCast for Wednesday, August 11th, 2021

1 month ago

Microsoft Patcheshttps://isc.sans.e
du/forums/diary/Microsoft
+August+2021+Patch+Tuesda
y/27736/ Adobe Patcheshttps://helpx.adob
e.com/security.html cPane
l/WHM Vulnerabilitieshttps://ww
w.fortbridge.co.uk/resear
ch/multiple-vulnerabiliti
es-in-cpanel-whm/ Firefo ...

SN 831: Apple's CSAM Mistake - Flawed Random Number Generator, Super Duper Secure Mode, TCP Stack Error

1 month ago

Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite ...

Risky Business #634 -- Major hacks to shake up Belarusian KGB

1 month ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: The United States backing away from “releasing the hounds” Apple has dropped its lawsuit against Corellium “Activists” dox Belarusian security appara ...

Home and small business routers under attack – how to see if you are at risk

1 month ago

Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.

ISC StormCast for Tuesday, August 10th, 2021

1 month ago

Microsoft Exchange ProxyShellhttps://isc.san
s.edu/forums/diary/ProxyS
hell+how+many+Exchange+se
rvers+are+affected+and+wh
ere+are+they/27732/ Synol
ogy Warns of Brute Force Attackshttps://www.synolo
gy.com/en-global/company/
news/article/BruteForce/S
ynology %20 ...

Ep. 151 - Human Element Series - Dropping a Dime with Michael Roderick

1 month ago

In this episode, we are joined by Michael Roderick. Michael is the CEO of Small Pond Enterprises which helps thoughtful givers become thought leaders by making their brands referable, their messaging memorable, and their ideas unforgettable. He is als ...

ISC StormCast for Monday, August 9th, 2021

1 month ago

Malicious Microsoft Word Remains A Key Infection Vectorhttps://isc.sans.ed
u/forums/diary/Malicious+
Microsoft+Word+Remains+A+
Key+Infection+Vector/2771
6/ Malware Bazaar Daily Downloadhttps://isc.sans.
edu/forums/diary/MALWARE+
Bazaar+Download+daily+mal
ware+ba ...

Conti ransomware affiliate goes rogue, leaks “gang data”

1 month ago

Once more unto the breach, dear friends, once more...

ISC StormCast for Friday, August 6th, 2021

1 month ago

Cisco Patches Unauthencticated RCE in RV340/345 deviceshttps://tools.cisc
o.com/security/center/con
tent/CiscoSecurityAdvisor
y/cisco-sa-rv340-cmdinj-r
cedos-pY8J3qfy Telegram Flawed Self Destruct in MacOShttps://www.trustwav
e.com/en-us/resources/blo
gs/spider ...

“Cobalt Strike” network attack tool patches crashtastic server bug

1 month ago

Ahhhh, the irony! Red-team network attack tool has its very own bug for Blue Teams to counterexploit.

ISC StormCast for Thursday, August 5th, 2021

1 month ago

Pivoting and Hunting for Shenanigans from a Reported Phishing Domainhttps://isc.sans.ed
u/forums/diary/Pivoting+a
nd+Hunting+for+Shenanigan
s+from+a+Reported+Phishin
g+Domain/27710/ NichStack TCP/IP Vulnerabilitieshttps://jf
rog.com/blog/infrahalt-14
-new-secur ...

SN 830: The BlackMatter Interview - Bad News for Firefox, DarkSide Returns, Tailscale, Google to Assume HTTPS

1 month ago

Picture of the Week. Mozilla's Firefox Monthly Active Users (MAU) slowly but steadily drops. Google to finally assume HTTPS. The evolution of "Initial Access Brokers". DarkSide Returns. "A Microsoft July 2021 Recap" Tailscale. Cl
osing the Loop. SpinRite. ...

Risky Business #633 -- President grandpa rattles sabre at cloud

1 month ago

On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: US President Joe Biden says next shooting war will result from cyber incident The Sun tabloid reports UK government weighing “cyber strike” against Iran ...

ISC StormCast for Wednesday, August 4th, 2021

1 month ago

2FA Issueshttps://isc.sans.ed
u/forums/diary/Three+Prob
lems+with+Two+Factor+Auth
entication/27704/ Crazy Smishinghttps://isc.sans.
edu/forums/diary/Is+this+
the+Weirdest+Phishing+SMi
shing+Attempt+Ever/27706/
Google Chrome Updatehttps://chromerelea
ses.googlebl ...

BazarCaller – the malware gang that talks you into infecting yourself

1 month ago

Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.

ISC StormCast for Tuesday, August 3rd, 2021

1 month ago

Unsolicited DNS Querieshttps://isc.sans.e
du/forums/diary/Unsolicit
ed+DNS+Queries/27694/ Cha
nging BAT Files on the Flyhttps://isc.sans.edu/f
orums/diary/Changing+BAT+
Files+On+The+Fly/27700/ E
mpty NPM Package has Over 700,000 Downloadshttps://www.blee
pingcom ...

Risky Biz Soap Box: VMRay talks about its second line of defence for email security

1 month ago

In this sponsored edition of the Risky Biz Soap Box podcast VMRay’s VP of Products Uriel Cohen joins me to talk about its Email Threat Defender product. They’ve glued some automated sandbox analysis to their fancy phishing/link analysis/detection tec ...

ISC StormCast for Sunday, August 1st, 2021

1 month ago

Infected With a .reg Filehttps://isc.sans.edu/
forums/diary/Infected+Wit
h+a+reg+File/27692/ Exces
sive Exchange Permissions (Patched)https://bugs.chr
omium.org/p/project-zero/
issues/detail?id=2186 Nod
e.JS July 2021 Security Releaseshttps://nodejs.or
g/en/blog ...