Angler Exploit Kit, Bedep, and CryptXXX, (Sat, Apr 23rd)
Introduction On Friday 2016-04-15, Proofpoint researchers spotted CryptXXX [1], a new type of ransomware from the actors behind Reveton. CryptXXX is currently spread through Bedep infections sent by...
View ArticleISC Stormcast For Monday, April 25th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHighlights from the 2016 HPE Annual Cyber Threat Report, (Mon, Apr 25th)
HP released their annual report for 2016 that covers a broad range of information (96 pages) in various sectors and industries. The report is divided in 7 themes, those that appear the most interesting...
View ArticleISC Stormcast For Tuesday, April 26th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleAn Introduction to Mac memory forensics, (Tue, Apr 26th)
Unfortunately when its come to the memory forensics Mac in environment doesnt have the luxury that we have in the Windows environment. The first step of the memory forensics is capturing the memory,...
View ArticleISC Stormcast For Wednesday, April 27th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleKippos Cousin Cowrie, (Wed, Apr 27th)
We have mentioned Kippo a lot on the site, but a nice fork is a program called cowrie. (hxxps://github.com/micheloosterhof/cowrie). It has some nice new features including built-in support for Dshield!...
View ArticleDNS and DHCP Recon using Powershell, (Thu, Apr 28th)
I recently had a client pose an interesting problem. They wanted to move all their thin clients to a separate VLAN. In order to do that, I needed to identify which switch port each was on. Since there...
View ArticleISC Stormcast For Thursday, April 28th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Friday, April 29th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSysinternals Updated today - Updates to Sysmon, Procdump and Sigcheck....
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleNew release of PCI DSS (version 3.2) is available, (Fri, Apr 29th)
A new version of the standard was released today, version 3.2. There are a number of changes that will affect those that need to comply with thestandard, especially for service providers. For service...
View ArticleISC Stormcast For Monday, May 2nd 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleFake Chrome update for Android, (Mon, May 2nd)
There have been numerous reports of a fake update for Chrome for Android. A fake update for Android is not in itself very unusualor interesting, but this particular bit of malware is somewhat more...
View ArticleLean Threat Intelligence, (Mon, May 2nd)
Zach Allen over at Fastlyhas published a couple of posts on Lean Threat Intelligence. Part 1describes a methodology for Threat Intelligence planning and design that can be reused virtuallyanywhere....
View ArticleReminder: OpenSSL releases later today!, (Tue, May 3rd)
-- Rick Wanner MSISE - rwanner at isc dot sans dot edu - http://namedeplume.blogspot.com/ - Twitter:namedeplume (Protected) (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons...
View ArticleISC Stormcast For Tuesday, May 3rd 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleOpenSSL Updates, (Tue, May 3rd)
TheOpenSSLupdates pre-announced last week have dropped. The latest versions are1.0.1t and 1.0.2h. These updates dont come with same level of urgency as some we have seen in the recent past, but these...
View ArticleNeutrino exploit kit sends Cerber ransomware, (Wed, May 4th)
Introduction Seems like were always finding new ransomware. In early March 2016, BleepingComputer announced a new ransomware named Cerber had appeared near the end of February [1]. A few days later,...
View ArticleISC Stormcast For Wednesday, May 4th 2016...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article