Excel Recipe: Some VBA Code with a Touch of Excel4 Macrohttps://isc.sans.edu
/ Windows Platform Binary Table Weaknesshttps://eclypsium
gets-a-rootkit/ Apple ...
It wasn't dead, just resting.
The Microsoft Autodiscover "Great Leak" explained - and how to prevent it
An XML-Obfustcated Office Document (CVE-2021-40444)https://i
0/ Exchange Autodiscovering Leaks Credentialshttps://www.gu
Nagios Vuln ...
"It is a matter of time before working exploits are available," warns VMware.
A First Look at Apple's iOS 15 "Private Relay" featurehttps://isc.sans.e
macOS Finder Security Feature Bypass Leads to Possible RCEhttps://ssd-disclosure
Picture of the week. The DDoS attack on VoIP.ms. Patch Tuesday's Mixed Blessing. Android to auto-reset app permissions on many more devices. BREAKING: FBI held back ransomware decryption key from businesses to run operation targeting hackers. Google patch ...
On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: BlackMatter is back in the USA’s critical supply chain The FBI and friends apparently got up in REvil’s business The Azure OMI thing is totally the ...
Fake heads! (Cue dystopian scifi music.)
All businesses operate on the principle that a certain level of trust is necessary between the business itself and the IT components that comprise its supporting infrastructure. These components include hardware and software, as well as the vendors who pr ...
OMIGOD Exploits Captured in the Wild.https://isc.sans.edu
ated+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)https://support.ap
"Stop. Think. Connect." Say those words aloud - and please pronounce the pauses prescribed by the periods!
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Ed Skoudis. Ed is a SANS Institute Fellow, Instructor, and Director of Cyber Ranges. He is the founder of Counter Hack, an innovative cyber security company that works as trusted inf ...
Malicious Calendar Subscriptions Are Backhttps://isc.sans.edu/
Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Documenthttps://isc.sans.
Phishing 101: why depend on one suspicious message subject when you can use manyhttps://isc.sans.edu/
PrintNightmare Fix Breaks Network Printinghttps://www. ...
Got Linux? Here's a bug you weren't expecting, in software you might not know you have.
Hancitor Campaign Abusing Microsoft's OneDrivehttps://isc.sans.
;Secret"Agent Exposes Azure Customers To Unauthorized Code Executionhttps://www.wiz.
Bugs! So many bugs! Latest episode - listen now...
sday/27834/ Adobe Patcheshttps://helpx.adob
Picture of the Week. A new worrisome 0-day attack against Office documents. Work From Home (WFH) — No problem? "Attacks only ever get better" The return of REvil — Apparently, vacation's over. Closing the Loop. I have this next piece under "Science Fi ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: Apple 0day has everyone freaking out So much more 0day in the wild American Project Raven staffers settle with DoJ Two absolutely bonkers Azure security pr ...
Let’s see, it looks like your organization just met an annual Threat Hunting assessment compliance requirement or achieved the introductory objective of experiencing a formal Threat Hunting assessment. Well done! Now, what should the organization take i ...
Apple Updates Everythinghttps://support
Citizenlab Discloses NSO Exploit Detailshttps://citizenlab
he-wild/ Google Chrome Updatehttps://chromerelea
Double trouble: two zero-days, patched in the same emergency update. So please don't delay - patch today!
Hey, let's create a text file that lists our security contacts! We'll call it... security DOT txt.
In this episode, Chris Hadnagy is joined by Dr. Cortney Warren. Dr. Warren is a Board-Certified Clinical Psychologist and former tenured Associate Professor of Psychology at the University of Nevada, Las Vegas (UNLV). She is an expert on ad ...
Shipping Microsoft DNS Logs to Elasticsearchhttps://isc.
xploit Generator for CVE-2021-40444https://git
21-40444 Windows Lock Screen Bypasshttps://halove23.b ...
ISC/DShield API Updateshttps://isc.sans.e
Update on Windows MSHTML Vulnerabilityhttps://www.
itHub Actions ...
Snake Oilers: Get Signal Sciences in your CDN, automate canary generation and cloud your SIEM! Three solid pitches in this edition… In this edition of the Snake Oilers we’ll hear pitches from three vendors: Brian Joe from Fastly talks about its inte ...
Latest episode - listen now!
Original post: https://www.trustedsec.
tegy/ Massive exposures and attacks, such as recent SolarWinds and Exchange exploit issues, have been common news lately. While the security landscape has advance ...
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malwarehttps://isc.sans.e
Zero-day bug in MSHTML, the "mini-Internet Explorer" component of Windows, triggered by booby trapped Office files.
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444https://msr
1-40444 ProntonMail/VPN Releasing User's IP Addresshttps://protonmail
t-arrest/ What's App End To End E ...
Picture of the Week. The Razor mouse & keyboard. The wishful phrase "Internet Anonymity" is an oxymoron. And speaking of Apple's client-side image matching... BlueTooth has new troubles. Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms. ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: Apple backs down on CSAM measures FTC shuts down spouseware company REvil is back! Confluence boxes are getting owned a lot Trickbot crew member arrested ...
The Problem On August 05, 2021, a member of the Conti ransomware group leaked some of the group’s internal playbooks and technical documentation. Irrespective of any details surrounding the leak or its contents, the event itself prompted a more wides ...
/ ProxyShell Updatehttps://news.sophos
3,000,000 downloads a week... if only they'd read the fastitidous manual!
Latest episode - listen now!
Attackers Will Always Abuse Major Events in our Lifeshttps://isc.sans.edu
Active Exploitation of Confluence Server CVE-2021-26084https://www
The alarm system that can be turned off with your email address.
Today, we are releasing iHide, a new tool for bypassing jailbreak detection in iOS applications. You can install iHide by adding the repo https://repo.kc57.com in Cydia or clicking here on an iOS device with Cydia installed. Additionally, you can check ou ...
STRRAT: A Java Based RAT That Doesn't Care if You Have Javahttps://isc.sans.edu/
/ IPC360 Baby Monitor Vulnerabilityhttps://www.
BrakTooth: Impacts, Implications and Next Stepshttps://isc.sans.edu
ext+Steps/27802/ Fortress Home Security System Weaknesshttps://threatpos
9069/ PostgreSQL ...
Picture of the Week.
Credit Freeze vs Credit Lock.
T-Mobile hacker speaks!
Where will Windows 11 run?
e Open Source? SSD Bait & Switch. SpinRite. Life: Hanging by a PIN. We invite you to read our show notes at https://www.grc.com/sn/SN ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: More info on the Belarusian Cyber Patriots How infosec overhyped election security risks Is data ransoming dying? All about the Azure Cosmos DB drama Muc ...
Recursion [noun]: see recursion.
Cryptocurrency Clipboard Swapper Delivered With Lovehttps://isc.sans.edu/
oxyToken Vulnerability in Exchangehttps://www.zerod
ChaosDB: Azure Cosmos Database Vulnerabilityhttps://chao
sdb.wiz.io Phishing via Open Redirectshttps://www.micr
nks/ Parallels Vulnerabilityhttps://exch
publicationListing.x GETH DoS Vulnerabilityhttps://gith
onfluence Security Advisoryhttps://confluenc
The buggy code's in there, alright. Fortunately, it's hard to get OpenSSL to use it even if you want to, which mitigates the risk.
In this edition of the Soap Box podcast we’ll be hearing from Ryan Kalember, the EVP of cybersecurity strategy at Proofpoint, a company best known for being an email filtering giant. Proofpoint’s biggest challenger in that space is Microsoft, and if ...
Latest episode - listen now!
There May Be Many More SPF Records Than We Might Expecthttps://isc.sans.ed
6/ OpenSSL Updatehttps://www.openssl
.html F5 Updatehttps://support.f5.
Attackers Hunting for Twilio Credentialshttps://isc.sa
d WhatsApp Spreading Malwarehttps://securelist
ge Escalation without Pluggin ...
Picture of the week. Firefox soon to be blocking mixed-content downloads by default. The news from T-Mobile is all bad. Introducing ProxyLogon's kissing cousin, ProxyShell. The Razer mouse hack. A critical ThroughTek SDK flaw enables IoT spying. Overlay N ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: T-Mobile owned hard USA no fly list winds up on unsecured ElasticSearch in Bahrain… because reasons Facebook scrambles to secure Afghani accounts Hacker ...
When a helpful feature (that you probably didn't need) turns into an exploitable vulnerability...
Out of Band Phishing Using SMS Messages to Evade Network Detectionhttps://isc.sans
Detection/27768/ Elevate Priviledges with Razer Mousehttps://twitter.com/
That's funny. I could have sworn I didn't run a print job yesterday... but will you look at that?
Waiting for the C2 to Show Uphttps://isc.sans.edu/fo
CX with Embdedded EXEhttps://isc.sans.edu/f
edded+EXE/27776/ Securing Your Windows 365 Cloud PCshttps://techcommunity.
Another week, another cryptocurrency catastrophe. This time, it's "only" $100 million's worth...
When Lightning Strikes: What works and doesn't workhttps://isc.sans.edu/
+doesnt+work/27766/ Cisco Small Business Router Vulnerabilitieshttps://to
One topic that has always been of interest to me is how users actually use their computers. While TrustedSec does have the ability to understand a system when we encounter it, there are still mysteries around normal user behavior. Understanding user behav ...
Lastest episode - listen, laugh and learn! This week, Chester Wisniewski joins us on the show.
5 Things to Consider Before Moving Back to the Officehttps://isc.sans.ed
al Web Sites Infected with Chinese Spywarehttps://i ...
Laravel Exploit Attempts Tageting Vulnerability in "Ignition"https
ecution/27758/ ThroughTek "Kaley" Protocol Vulnerabilityhttps://www.
Picture of the week.
Facebook finally adds end-to-end encryption to Messenger.
Exploitation of PrintNightmare has begun.
And "Magniber" Ransomware Uses PrintNightmare.
ning botnet modifies CPU configurations to increase its mining ...
Home automation. Internet of Things. Cloud management. And a security bug that could let other people watch you online...
New challenges have emerged that make it difficult to transfer risk. Ransomware has changed the game An overlooked yet the increasingly important challenge in information risk management is finding the right balance between cybersecurity and cyber i ...
Triage of Malware Bazaar's Daily Malware Batcheshttps://isc.sans.e
es/27754/ Realtek SDK Vulnerabilityhttps://www.
I am to be publishing this interview. This Soap Box is brought to you by Rumble, the asset discovery company founded by HD Moore. For those of you who don’t know, HD is a security legend, having done all sorts of amazing research over the years and crea ...
Forewarned is forearmed. Here's our advice on dealing with "copyright infringement" scammers.
In this episode, Chris Hadnagy and Ryan MacDougall are joined by Bernie Acre. Bernie is the Chief Information Officer for the City of Bryan, TX where he’s responsible for all technology and communications systems, including the Fire, Police, P ...
Exchange E-Discovery Scanshttps://isc.sans.edu
covery/27748/ Danabot Distributed Through Malspamhttps://isc.sans.e
nizing Middleboxe ...
Print Nightmare Continues: CVE-2021-36958https://msr
1-36958 Print Nightmare Abused by Ransomware Gangshttps://www.crowdstr
Latest episode - listen now! (And learn about the Navajo Nation's selfless cryptographic contribution to America.)
TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strikehttps://isc.sans.ed
ew AdLoad Campaign Goes Undetected by XProtecthttps://labs.sent
Where have all the cryptocoins gone? Will we ever get them back?
y/27736/ Adobe Patcheshttps://helpx.adob
es-in-cpanel-whm/ Firefo ...
Picture of the week. "You're Doing IoT RNG" The Pulse Secure VPN remains in trouble. And Cisco, too... Flaws found in another popular embedded TCP/IP library. Microsoft Edge gets "Super Duper Secure Mode" Closing the Loop. Apple's CSAM Mistake. We invite ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: The United States backing away from “releasing the hounds” Apple has dropped its lawsuit against Corellium “Activists” dox Belarusian security appara ...
Practical advice for homes and small businesses, following news that a recently disclosed router bug is actively being exploited by crooks.
Microsoft Exchange ProxyShellhttps://isc.san
ogy Warns of Brute Force Attackshttps://www.synolo
ynology %20 ...
In this episode, we are joined by Michael Roderick. Michael is the CEO of Small Pond Enterprises which helps thoughtful givers become thought leaders by making their brands referable, their messaging memorable, and their ideas unforgettable. He is als ...
Malicious Microsoft Word Remains A Key Infection Vectorhttps://isc.sans.ed
6/ Malware Bazaar Daily Downloadhttps://isc.sans.
Latest episode - listen now!
Once more unto the breach, dear friends, once more...
Cisco Patches Unauthencticated RCE in RV340/345 deviceshttps://tools.cisc
cedos-pY8J3qfy Telegram Flawed Self Destruct in MacOShttps://www.trustwav
Ahhhh, the irony! Red-team network attack tool has its very own bug for Blue Teams to counterexploit.
Pivoting and Hunting for Shenanigans from a Reported Phishing Domainhttps://isc.sans.ed
g+Domain/27710/ NichStack TCP/IP Vulnerabilitieshttps://jf
Picture of the Week.
Mozilla's Firefox Monthly Active Users (MAU) slowly but steadily drops.
Google to finally assume HTTPS.
The evolution of "Initial Access Brokers".
"A Microsoft July 2021 Recap"
osing the Loop. SpinRite. ...
On this week’s show Patrick Gray and Adam Boileau discuss recent security news, including: US President Joe Biden says next shooting war will result from cyber incident The Sun tabloid reports UK government weighing “cyber strike” against Iran ...
entication/27704/ Crazy Smishinghttps://isc.sans.
Google Chrome Updatehttps://chromerelea
Calling someone back feels safer than clicking an unknown link... but it isn't! Remind your friends and family.
Unsolicited DNS Querieshttps://isc.sans.e
nging BAT Files on the Flyhttps://isc.sans.edu/f
mpty NPM Package has Over 700,000 Downloadshttps://www.blee
In this sponsored edition of the Risky Biz Soap Box podcast VMRay’s VP of Products Uriel Cohen joins me to talk about its Email Threat Defender product. They’ve glued some automated sandbox analysis to their fancy phishing/link analysis/detection tec ...
Infected With a .reg Filehttps://isc.sans.edu/
sive Exchange Permissions (Patched)https://bugs.chr
e.JS July 2021 Security Releaseshttps://nodejs.or
Latest episode - listen now!