PowerShell 5.1 for Windows 7 and later , (Fri, Jan 20th)
Microsoft has released Windows Management Framework 5.1 for windows 7 and later. WMF 5.1 upgrades Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2012 R2 to the...
View ArticleSage 2.0 Ransomware, (Sat, Jan 21st)
Introduction On Friday 2017-01-20, I checked a malicious spam (malspam) campaign that normally distributes Cerber ransomware. That Friday it delivered ransomware Id never seen before called Sage. More...
View ArticleISC Stormcast For Monday, January 23rd 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleHow to Have Fun With IPv6 Fragments and Scapy, (Mon, Jan 23rd)
I may extend this with a second entry later this week. But as so often, I found myself on a long flight with some time on my hands, and since the IETF just released a new RFC regarding IPv6 atomic...
View ArticleCritical Vulnerability in Cisco WebEx Chrome Plugin, (Tue, Jan 24th)
The Google 0-Day project announced a critical remote code execution vulnerability in Ciscos WebEx plugin for Google Chrome. This vulnerability allows a remote attacker to execute arbitrary code on the...
View ArticleAll things Apple Updated today: iTunes 12.5.5 (Windows), Safari 10.0.3,...
=============== Rob VandenBrink Metafore (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Tuesday, January 24th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Wednesday, January 25th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleMalicious SVG Files in the Wild, (Tue, Jan 24th)
In November 2016, the Facebook messenger application was used to deliver malicious SVG files to people [1]. SVG files (or Scalable Vector Graphics) are vector images that can be displayed in most...
View ArticleISC Stormcast For Thursday, January 26th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleIOC's: Risks of False Positive Alerts Flood Ahead, (Thu, Jan 26th)
Yesterday, I wrote a blog post[1] which explained how to interconnect a Cuckoo[2] sandbox and the MISP[3] sharing platform. MISP has a nice REST API that allows you to extract useful IOCs in different...
View ArticleISC Stormcast For Friday, January 27th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleWhat Keeps My Honeypot Busy These Days, (Fri, Jan 27th)
Sometimes, it isnt the new and sophisticated attacks that keep your honeypots (and with that: you) busy, but things that make you go that works?. Looking over my honeypot today, I had a couple...
View ArticleRequest for Packets and Logs - TCP 5358, (Sat, Jan 28th)
Starting Sunday (22 Jan 17), there was a huge spike this week against TCP 5358. If anyone has logs o r packets (traffic) that might help identify what it is can submit them via our contact page would...
View ArticlePacket Analysis - Where do you start?, (Sat, Jan 28th)
We had a reader who sent an email to us tonight asking for some guidance when tearing into packets. They are wanting to expand their skills at packet analysis. Since Guy was asking for packets earlier...
View ArticleISC Stormcast For Monday, January 30th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Articlepy2exe Decompiling - Part 2, (Mon, Jan 30th)
In Diary entry py2exe Decompiling - Part 1 we took a quick look at py2exe files. How can we identify an .exe file generated by py2exe? A quick test is to check if the PE file has a resource...
View ArticleISC Stormcast For Tuesday, January 31st 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleVMWare Security Advisory for AirWatch...
--- Johannes B. Ullrich, Ph.D. STI|Twitter|LinkedIn (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Malicious Office files using fileless UAC bypass to drop KEYBASE malware,...
This is a Guest Diary submitted by Ismael Valenzuela and Marc Rivero. Interested in writing a guest diary? Let us know via our contact page. Macro based malware that hides in Microsoft Word or Excel...
View Article