security.didici.cc
ISC StormCast for Wednesday, June 29th, 2022
4 hours agoPossible Scans for HiByMusic Devices
https://isc.sans.edu/foru
ms/diary/Possible+Scans+f
or+HiByMusic+Devices/2879
6/
OpenSSL Heap Overflow
https://guidovranken.com/
2022/06/27/notes-on-opens
sl-remote-memory-corrupti
on/
https://github.com/openss
l/openssl/i ...
Risky Business #669 -- Finally, an ICS attack that made stuff explode!
6 hours agoOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Activists who are totally not Israeli military hackers make Iranian steel mills firebally Chinese APT crews use ransomware to muddy attribution Atta ...
SN 877: The "Hertzbleed" Attack - 3rd Party FIDO2, Log4Shell, '311" Proposal
8 hours agoPicture of the Week. Errata: Firefox's "Total Cookie Protection" 3rd Party FIDO2 Authenticators Germany's not buying the EU's proposal which subverts encryption The Conti Gang have finally pulled the last plug Log4J and Log4Shell is alive and well ...
ISC StormCast for Tuesday, June 28th, 2022
1 day agoEncrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/foru
ms/diary/Encrypted+Client
+Hello+Anybody+Using+it+Y
et/28792/
Jenkins Advisory
https://www.jenkins.io/se
curity/advisory/2022-06-2
2/
Instagram Age Verification
https://about.fb.com/new ...
Harmony blockchain loses nearly $100M due to hacked private keys
1 day agoThe crooks needed at least two private keys, each stored in two parts... but they got them anyway.
FTC warns of LGBTQ+ extortion scams – be aware before you share!
1 day agoIt's a simple jingle and it's solid advice: "If in doubt, don't give it out!"
ISC StormCast for Monday, June 27th, 2022
2 days agoPython Abusing the Windows GUI
https://isc.sans.edu/foru
ms/diary/Python+abusing+T
he+Windows+GUI/28780/
Mal
icious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/foru
ms/diary/Malicious+Code+P
assed+to+PowerShell+via+t
he+Clipboard/28784/
A ...
Risky Biz Soap Box: HD Moore on taking Rumble to the cloud
3 days agoToday’s Soap Box guest is an industry legend – Metasploit creator HD Moore. He’s here to tell us more about what’s happening with his latest creation, Rumble Network Discovery. If you’re not familiar with Rumble, well, you should be. It’s a n ...
OpenSSL issues a bugfix for the previous bugfix
4 days agoFortunately, it's not a major bugfix, which means it's easy to patch and can teach us all some useful lessons.
S3 Ep88: Phone scammers, hacking bust, and data breach fines [Podcast]
5 days agoLatest epsiode - listen now!
ISC StormCast for Thursday, June 23rd, 2022
6 days agoMalicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/foru
ms/diary/Malicious+PowerS
hell+Targeting+Cryptocurr
ency+Browser+Extensions/2
8772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov ...
ISC StormCast for Wednesday, June 22nd, 2022
1 week agoExperimental New Domain / Domain Age API
https://isc.sans.edu/foru
ms/diary/Experimental+New
+Domain+Domain+Age+API/28
770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com
/resources/ot-icefall-rep
ort/
Cloudflare Outage
http ...
SN 876: Microsoft's Patchy Patches - 3rd Party Authenticators, MS-DFSNM, Safari Regression, Firefox Cookies
1 week agoPicture of the Week. Double Decryption (Last week's key-strength puzzler). 3rd Party Authenticators. Firefox: Total Cookie Protection. We keep breaking DDoS attack records. MS-DFSNM. An Apple Safari regression. One Million WordPress sites force-u ...
Risky Business #668 -- Microsoft is hiding its Azure security problems
1 week agoOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Paige Thompson guilty of Capital One hack Microsoft is hiding serious Azure security issues New Australian government lobbying for Julian Assange ...
Capital One identity theft hacker finally gets convicted
1 week agoIt took three years, but the Capital One cracker was convicted in the end. Don't get caught out in a data breach of your own!
ISC StormCast for Tuesday, June 21st, 2022
1 week agoOdd TCP Fast Open Packets
https://isc.sans.edu/foru
ms/diary/Odd+TCP+Fast+Ope
n+Packets+Anybody+underst
ands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1
001/DFSCoerce
https://support.microsoft
.com/en-us/topic/kb500541
3-mitigating-ntlm- ...
Interpol busts 2000 suspects in phone scamming takedown
1 week agoFriends don't let friends get scammed. Not everyone knows how typical scams unfold, so here are some real-world examples...
Ep. 172 - Security Awareness Series - Creating Psychological Salt with Ted Harrington
1 week agoThis month, Chris Hadnagy and Ryan MacDougall are joined by Ted Harrington. Ted is the author of HACKABLE: How to Do Application Security Right and the Executive Partner at Independent Security Evaluators (ISE), the company of ethical hackers famous for h ...
ISC StormCast for Monday, June 20th, 2022
1 week agoCritical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/foru
ms/diary/Critical+vulnera
bility+in+Splunk+Enterpri
ses+deployment+server+fun
ctionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
h ...
ISC StormCast for Friday, June 17th, 2022
1 week agoHoudini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/foru
ms/diary/Houdini+is+Back+
Delivered+Through+a+JavaS
cript+Dropper/28746/
Drif
ting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/
blog/2022/06/15/driftin ...
S3 Ep87: Follina, AirTags, ID theft and the Law of Big Numbers [Podcast]
1 week agoLastest epsiode - listen now!
ISC StormCast for Thursday, June 16th, 2022
1 week agoTerraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/foru
ms/diary/Terraforming+Hon
eypots+Installing+DShield
+Sensors+in+the+Cloud/287
48/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sona ...
ISC StormCast for Wednesday, June 15th, 2022
2 weeks agoMicrosoft Patch Tuesday
https://isc.sans.edu/foru
ms/diary/Microsoft+June+2
022+Patch+Tuesday/28742/
Adobe Patches
https://helpx.adobe.com/s
ecurity/security-bulletin
.html
SynLapse Vulnerability
https://orca.security/res
ources/blog/synlapse-crit
ical-azure ...
SN 875: The PACMAN Attack - WebAuthn, Passkeys at WWDC, Free Kali Linux Pen Test Course, Proof of Simulation
2 weeks agoPicture of the Week. Apple's Passkeys presentation at WWDC 2022. WebAuthn. FREE Penetration Testing course with Kali Linux. Proof of Simulation. A valid use for facial recognition: The Smart Pet Door! Closing The Loop. The PACMAN Attack. We invi ...
Follina gets fixed – but it’s not listed in the Patch Tuesday patches!
2 weeks agoWe tried it out to make sure, so you don't have to.
Murder suspect admits she tracked cheating partner with hidden AirTag
2 weeks agoO! What a tangled web we weave, when first we practise to deceive.
ISC StormCast for Tuesday, June 14th, 2022
2 weeks agoTranslating Saitama's DNS Tunneling
https://isc.sans.edu/foru
ms/diary/Translating+Sait
amas+DNS+tunneling+messag
es/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/
travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel ro ...
You’re invited! Join us for a live walkthrough of the “Follina” story…
2 weeks agoLive demo, plain English, no sales pitch, just a chance to watch an attack dissected in safety. Join us if you can!
Ep. 171 - Human Element Series - Yes and... with Clay Drinko
2 weeks agoToday Chris is talking with Clay Drinko, Ph.D. Clay is an author and educator. He writes for Psychology Today about the intersection between improv comedy, science, and everyday life. He's also the author of the first academic book connecting improv and c ...
ISC StormCast for Monday, June 13th, 2022
2 weeks agoEPSScall: An Exploit Prediction Scoring System App
https://isc.sans.edu/foru
ms/diary/EPSScall+An+Expl
oit+Prediction+Scoring+Sy
stem+App/28732/
PACMan Attack
https://pacmanattack.com
https://twitter.com/wdorm
ann/status/15352459138573
51680
Carrier LenelS2 ...
Risky Business #667 -- "Shields Up" for cyber's forever war
2 weeks agoOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: “Shields Up” advice is now provably meaningless Russia to ditch offshore comms apps like WhatsApp Evil Corp’s Lockbit sanctions evasion attemp ...
ISC StormCast for Friday, June 10th, 2022
2 weeks agoTA570 QBot attempts to exploit CVE-2022-30190 (Follina)
https://isc.sans.edu/foru
ms/diary/TA570+Qakbot+Qbo
t+tries+CVE202230190+Foll
ina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/
blog/blog/phishing-tactic
s-how ...
WMI Providers for Script Kiddies
2 weeks agoIntroduction So, this WMI stuff seems legit. Admins get a powerful tool which Script Kiddies can also use for profit. But there’s gotta be more, right? What if I want to take my WMI-fu to the next level? In the previous blog post, “WMI for Scrip ...
S3 Ep86: The crooks were in our network for HOW long?! [Podcast + Transcript]
2 weeks agoLatest episode - listen (or read) now!
ISC StormCast for Thursday, June 9th, 2022
2 weeks agoSANS RSA Panel
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/foru
ms/diary/Atlassian+Conflu
ence+Exploits+Seen+By+Our
+Honeypots+CVE202226134/2
8722/
Fake CClenaer Malvertisements
https://blog.avast.com/fa
kecrack-camp ...
SSNDOB Market servers seized, identity theft “brokerage”” shut down
2 weeks agoThe online identity "brokerage" SSNDOB Market didn't want pople to be in any doubt what it was selling.
ISC StormCast for Wednesday, June 8th, 2022
2 weeks agoThe Trouble With Microsoft's Troubleshooters
https://irsl.medium.com/t
he-trouble-with-microsoft
s-troubleshooters-6e32fc8
0b8bd
QBot Uses Follina
https://twitter.com/threa
tinsight/status/153422744
4915482625
Deadbolt Ransomware
https://www.trendmicro.co
m/ ...
SN 874: Passkeys, Take 2 - ServiceNSW Responds, Follina, Windows Search URL, UNISOC Chip Vulnerability
3 weeks agoPicture of the Week. ServiceNSW Responds. ExpressVPN pulls the plug in India. And speaking of pulling the plug. "Follina" under active exploitation. And a Windows Search URL schema can be abused, too. "Critical UNISOC Chip Vulnerability Affects Mi ...
Know your enemy! Learn how cybercrime adversaries get in…
3 weeks agoHere's how 144 recent attacks actually went down in real life. Don't let this happen to you!
ISC StormCast for Tuesday, June 7th, 2022
3 weeks agoMS-MSDT RTF Maldocs Analysis oledump Plugins
https://isc.sans.edu/foru
ms/diary/msmsdt+RTF+Maldo
c+Analysis+oledump+Plugin
s/28718/
Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners
https://clouds
ek.com/whitepapers_report
s/cybercriminals-exp ...
ISC StormCast for Monday, June 6th, 2022
3 weeks agoSandbox Evasion... With Just a Filename!
https://isc.sans.edu/foru
ms/diary/Sandbox+Evasion+
With+Just+a+Filename/2870
8/
Atlassian Exploit Released
https://www.rapid7.com/bl
og/post/2022/06/02/active
-exploitation-of-confluen
ce-cve-2022-26134/
GitLab Critic ...
Atlassian announces 0-day hole in Confluence Server – update soon!
3 weeks agoZero-day announced - here's what you need to know
ISC StormCast for Friday, June 3rd, 2022
3 weeks agoQuick Answers in Incident Response RECmd.exe
https://isc.sans.edu/foru
ms/diary/Quick+Answers+in
+Incident+Response+RECmde
xe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/
blog/2022/06/02/zero-day-
exploitation-of-atlassian
-c ...
S3 Ep85: Now THAT’S what I call a Microsoft Office exploit! [Podcast]
3 weeks agoLatest episode - listen now!
Yet another zero-day (sort of) in Windows “search URL” handling
3 weeks agoMore trouble with special-purpose URLs on Windows.
ISC StormCast for Thursday, June 2nd, 2022
3 weeks agoHTML Phishing Attachments - Now With Anti-Analysis Features
https://isc.sans.edu/foru
ms/diary/HTML+phishing+at
tachments+now+with+antian
alysis+features/28702/
Un
official Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2
022/06/free-micropatches ...
Firefox 101 is out, this time with no 0-day scares (but update anyway!)
3 weeks agoAfter an intriguing month of Firefox releases, here's one with a bit less drama, probably to the collective relief of Mozilla's coders.
ISC StormCast for Wednesday, June 1st, 2022
4 weeks agoFollina Update
https://isc.sans.edu/foru
ms/diary/First+Exploitati
on+of+Follina+Seen+in+the
+Wild/28698/
https://isc.sans.edu/foru
ms/diary/New+Microsoft+Of
fice+Attack+Vector+via+ms
msdt+Protocol+Scheme+CVE2
02230190/28694/
Open Automation Software Platform ...
SN 873: DuckDuckGone? - Digital Driver's License, MS Office 0-day, GhostTouch, Vodafone TrustPiD
4 weeks agoPicture of the Week. New South Wales DDL — Digital Driver's License. The latest Microsoft Office 0-day remote code execution vulnerability. GhostTouch. Vodafone's new TrustPiD. Closing the Loop. DuckDuckGone? We invite you to read our show note ...
Risky Business #666 -- The msdt RTF of DOOM
4 weeks agoOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: The msdt/office lolbinapalooza Microsoft to introduce sensible defaults to Azure Twitter fined $150m for sms 2fa spam It turns out npm got owned i ...
Mysterious “Follina” zero-day hole in Office – what to do?
4 weeks agoNews has emerged of a "feature" in Office that has been abused as a zero-day bug to run evil code. Turning off macros doesn't help!
ISC StormCast for Tuesday, May 31st, 2022
4 weeks agoNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme
https://isc.sans.edu/foru
ms/diary/New+Microsoft+Of
fice+Attack+Vector+via+ms
msdt+Protocol+Scheme/2869
4/
Beware the Smish! Home delivery scams with a professional feel…
4 weeks agoHome delivery scams are getting leaner, and meaner, and more likely to "look about right". Here's an example to show you what we mean...
S3 Ep84: Government demand, Mozilla velocity, and Clearview fine [Podcast]
1 month agoLatest episode - listen now!
ISC StormCast for Friday, May 27th, 2022
1 month agoHuge Signed PE Files
https://isc.sans.edu/foru
ms/diary/Huge+Signed+PE+F
ile/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/v
mware-authentication-bypa
ss-vulnerability-cve-2022
-22972-technical-deep-div
e/
Quanta Server BMC Vulnerability
ht ...
Intro to Web App Security Testing: Burp Suite Tips & Tricks
1 month agoA brief list of useful things we wish we had known sooner Burp Suite Pro can be complicated and intimidating. Even after learning and becoming comfortable with the core functionality, there remains a great deal of depth throughout Burp Suite, and many ...
Who’s watching your webcam? The Screencastify Chrome extension story…
1 month agoWhen you really need to make exceptions in cybersecurity, specify them as explicitly as you can.
ISC StormCast for Thursday, May 26th, 2022
1 month agoUsing NMAP to Assess Hosts in Load Balanced Clusters
https://isc.sans.edu/foru
ms/diary/Using+NMAP+to+As
sess+Hosts+in+Load+Balanc
ed+Clusters/28682/
Attack
er Modifying Libraries Claims "Research"
https://www.bleepingcompu
ter.com/news/security/hac
ker-says- ...
ISC StormCast for Wednesday, May 25th, 2022
1 month agoctx Python Library Updated with "Extra" Features
https://isc.sans.edu/foru
ms/diary/ctx+Python+Libra
ry+Updated+with+Extra+Fea
tures/28678/
Zoom Updates
https://explore.zoom.us/e
n/trust/security/security
-bulletin/
VMWare Exploit About to Be Released
https ...
SN 872: Dis-CONTI-nued: The End of Conti? - Clearview AI in Ukraine, Vancouver Pwn2Own, Voyager 1
1 month agoPicture of the Week. Emergency mid-cycle update for Active Directory. Clearview AI -vs- {Illinois, Australia, Canada and the United Kingdom}. Clearview AI in Ukraine. Pwn2Own Vancouver 2022. The DoJ takes a welcome step back. Sometimes, unlocking ...
Risky Business -- #665 You can ransomware whole countries now
1 month agoOn this week’s show Patrick Gray and Adam Boileau discuss the week’s security news, including: Conti’s war against Costa Rica DoJ revises CFAA guidance Naughty kids get access to DEA portal A look at a Russian disinfo tool PyPI and PHP s ...
Poisoned Python and PHP packages purloin passwords for AWS access
1 month agoMore supply chain trouble - this time with clear examples so you can learn how to spot this stuff yourself.
Pwnton Pack: An Unlicensed 802.11 Particle Accelerator
1 month agoThis past Christmas, I received a terrific gift from my in-laws: a replica Ghostbusters Proton Pack. I was thrilled. You see, growing up in the mid 80s, Ghostbusters was my jam. Fast forward 37 years and with the recent Ghostbusters: Afterlife film releas ...
ISC StormCast for Tuesday, May 24th, 2022
1 month agoAttacker Scanning for jQuery-File-Upload
https://isc.sans.edu/foru
ms/diary/Attacker+Scannin
g+for+jQueryFileUpload/28
674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/se
curity-alerts/alert-cve-2
022-21500.html
How to find NPM dep ...
Clearview AI face-matching service fined a lot less than expected
1 month agoThe fine has finally gone through... but it's less than 45% of what was originally proposed.
ISC StormCast for Monday, May 23rd, 2022
1 month agoA "Zip Bomb" to Bypass Security Controls & Sandboxes
https://isc.sans.edu/foru
ms/diary/A+Zip+Bomb+to+By
pass+Security+Controls+Sa
ndboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/s
ecurity/center/content/Ci
s ...
Mozilla patches Wednesday’s Pwn2Own double-exploit… on Friday!
1 month agoThat was quick! 48 hours from exploit report to published patch.
Microsoft patches the Patch Tuesday patch that broke authentication
1 month agoRemember the good old days when security patches rarely needed patches? Because security patches themlelves were rare enough anyway?
Splunk SPL Queries for Detecting gMSA Attacks
1 month ago1 Introduction What is a group Managed Service Account (gMSA)? If your job is to break into networks, a gMSA can be a prime target for a path to escalate privileges, perform credential access, move laterally or even persist in a domain via a ‘g ...
US Government says: Patch VMware right now, or get off our network
1 month agoFind and patch. Right now. If you can't patch, get it off the network. Right now! Oh, and show us what you did to comply.
ISC StormCast for Friday, May 20th, 2022
1 month agoBumblebee Malware from TransferXL URLs
https://isc.sans.edu/foru
ms/diary/Bumblebee+Malwar
e+from+TransferXL+URLs/28
664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.co
m/en-us/windows/release-h
ealth/status-windows-11-2
1h ...
SAMPLE PODCAST: Risky Biz News: FSB-linked DDoS tool could also be used for disinformation campaigns
1 month agoThe following is a sample of our latest podcast, Risky Business News, which is published into a new RSS feed. It’s a short podcast published three times a week that updates listeners on the security news of the last few days, as prepared and presented b ...
S3 Ep83: Cracking passwords, patching Firefox, and Apple vulns [Podcast]
1 month agoLatest episode - listen now!
ISC StormCast for Thursday, May 19th, 2022
1 month agoVMWare Flaws
https://core.vmware.com/v
msa-2022-0014-questions-a
nswers-faq
https://blog.barracuda.co
m/2022/05/17/threat-spotl
ight-attempts-to-exploit-
new-vmware-vulnerabilitie
s/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://rese ...
Pwn2Own hacking schedule released – Windows and Linux are top targets
1 month agoWhat's better? Disclose early, patch fast? Or dig deep, disclose in full, patch more slowly?
ISC StormCast for Wednesday, May 18th, 2022
1 month agoUse Your Browser Internal Password Vault... or Not?
https://isc.sans.edu/foru
ms/diary/Use+Your+Browser
+Internal+Password+Vault+
or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftS
ecIntel/status/1526680337
216114693
UpdateAgent Adapts Again
h ...
Risky Biz Soap Box: While you're watching a quiet one a noisy one will kill you
1 month agoIn this Soap Box edition of the show Proofpoint’s EVP of Cybersecurity Strategy Ryan Kalember joins host Patrick Gray to talk about why some security spending is just misguided. So much of the infosec industry is geared towards protecting organisations ...
SN 871: The New EU Surveillance State - Eventful Patch Tuesday, Open Source Maintenance Crew, BIG-IP Boxes
1 month agoPicture of the Week. An "eventful" Patch Tuesday. Patch Tuesday. Apple patched a 0-day. Google's "Open Source Maintenance Crew". Conti suggests overthrowing the new Costa Rican government. Policing the Google Play Store. The situation has grown m ...
Apple patches zero-day kernel hole and much more – update now!
1 month agoYou'll find fixes for numerous kernel-level code execution holes, including an 0-day vulnerability in many (though not all) versions.
ISC StormCast for Tuesday, May 17th, 2022
1 month agoApple Patches Everything
https://isc.sans.edu/foru
ms/diary/Apple+Patches+Ev
erything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/220
5.06114.pdf
Third-Party Web Trackers Log What You Type Before ...
Putting the team in red team
1 month agoOne of the more common questions we receive during a red team scoping call or RFP Q&A call is, how many dedicated consultants will be involved in the assessment? There is no “correct” answer to this question, and ultimately, the answer as to how red t ...
Ep. 170 - Security Awareness Series - Rapport is the key to security with Adam Glick
1 month agoThis month, Chris Hadnagy and Ryan MacDougall are joined by Adam Glick. Adam is currently the Chief Information Security Officer for SimpliSafe in Boston, MA. In this position and his previous jobs, Adam has had the responsibility of managing all matters ...
ISC StormCast for Monday, May 16th, 2022
1 month agoFrom 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/foru
ms/diary/From+0Day+to+Mir
ai+7+days+of+BIGIP+Exploi
ts/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.soni
cwall.com/vuln-detail/SNW
LID-2022-0009
Zonealarm Patch
https: ...
Firefox out-of-band update to 100.0.1 – just in time for Pwn2Own?
1 month agoA new point-release of Firefox. Not unusual, but the timing of this one is interesting, with Pwn2Own coming up in a few days.
He cracked passwords for a living – now he’s serving 4 years in prison
1 month agoCrooks don't need a password for every user on your network to break in and wreak havoc. One could be enough...
ISC StormCast for Friday, May 13th, 2022
1 month agoWhen Get-WebRequest Fails You
https://isc.sans.edu/foru
ms/diary/When+GetWebReque
st+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us
-en/document/ish_6184733-
6184761-16/hpsbhf03788
IN
TEL BIOS Advisory
https://www.intel.com/con
tent/w ...
S3 Ep82: Bugs, bugs, bugs (and Colonial Pipeline again) [Podcast]
1 month agoLatest episode - lots to learn - plain English - fun with a serious side - listen now!
Serious Security: Learning from curl’s latest bug update
1 month agoLearn how to write plain-speaking and purposeful security advisories from one of the most widely-used open source tools in the world.
ISC StormCast for Thursday, May 12th, 2022
1 month agoTA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/foru
ms/diary/TA578+using+thre
adhijacked+emails+to+push
+ISO+files+for+Bumblebee+
malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://w ...
SN 870: That "Passkeys" Thing - White House and Quantum Computers, Android 0-day, Ransomware snapshot
1 month agoPicture of the Week. Google updates Android to patch an actively exploited vulnerability. Connecticut's recently passed data privacy bill became law last Wednesday. Ransomware victim snapshot. US State Department offering $10 million reward ...
ISC StormCast for Wednesday, May 11th, 2022
1 month agoMicrosoft May 2022 Patch Tuesday
https://isc.sans.edu/foru
ms/diary/Microsoft+May+20
22+Patch+Tuesday/28632/
A
dobe Updates
https://helpx.adobe.com/s
ecurity/security-bulletin
.html
npm "foreach" package domain takeover
https://www.theregister.c
om/2022/05/1 ...
Colonial Pipeline facing $1,000,000 fine for poor recovery plans
1 month agoHow good is your cybersecurity? Are you making the same mistakes as lots of other people? Here's some real-life advice...
Diving into pre-created computer accounts
1 month agoI was on an engagement where I simply could not elevate privileges, so I had to become creative and look deep into my old bucket (bucket being my head) of knowledge, and this resulted in some fun stuff. I had found that the client had a vulnerable certifi ...
ISC StormCast for Tuesday, May 10th, 2022
1 month agoOctopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/foru
ms/diary/Octopus+Backdoor
+is+Back+with+a+New+Embed
ded+Obfuscated+Bat+File/2
8628/#comments
CVE-2022-1
388 (BIG-IP) Exploits
https://twitter.com/sans_
isc/status/15237 ...
RubyGems supply chain rip-and-replace bug fixed – check your logs!
1 month agoImagine if you could assume the identity of, say, Franklin Delano Roosevelt simply by showing up and calling yourself "Frank".
Ep. 169 - Human Element Series - A Real Life Doogie Howser with Dr. Abbie Maroño
1 month agoToday we will be talking with Abbie Maroño, a nonverbal communications and social influence coach. Abbie published her first paper in nonverbal communication at 19 years old, going on to do her PhD in behavior analysis and become a university lecturer at ...
ISC StormCast for Monday, May 9th, 2022
1 month agoF5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
https://isc.sans.edu/foru
ms/diary/F5+BIGIP+Unauthe
nticated+RCE+Vulnerabilit
y+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-d
e/security-advisory/qsa-2
2-07
Raspberry Robin Worm
http ...
You didn’t leave enough space between ROSE and AND, and AND and CROWN
1 month agoWhat weird Google Docs bug connects the words THEREFORE, AND, SECONDLY, WHY, BUT and BESIDES?
ISC StormCast for Friday, May 6th, 2022
1 month agoPassword-protected Excel Spreadsheet Pushes Remcos RAT
https://isc.sans.edu/foru
ms/diary/Passwordprotecte
d+Excel+spreadsheet+pushe
s+Remcos+RAT/28616/
Micro
soft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.c
om/2022/05/05/ ...
S3 Ep81: Passwords (still with us!), Github, Firefox at 100, and network worms [Podcast]
1 month agoLatest episode - listen now!