SANS Internet Storm Center, InfoCON: green

↧

ISC Stormcast For Wednesday, July 26th 2017...

July 25, 2017, 6:05 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Malspam pushing Emotet malware, (Wed, Jul 26th)

July 26, 2017, 11:20 am

2017-07-26 update: After publishing this diary, we were contacted by several people who provided samples of the emails. Screenshots of these emails have been added after my signature block. Thanks to...

View Article

ISC Stormcast For Thursday, July 27th 2017...

July 26, 2017, 7:15 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

TinyPot, My Small Honeypot, (Thu, Jul 27th)

July 27, 2017, 6:02 am

Running honeypots is always interesting to get an overview of whats happening on the Internet in terms of scanners or new threats. Honeypots are useful not only in the Wild but also on your internal...

View Article

ISC Stormcast For Friday, July 28th 2017...

July 27, 2017, 8:20 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Image may be NSFW.
Clik here to view.

Static Analysis of Emotet Maldoc, (Fri, Jul 28th)

July 28, 2017, 3:33 pm

Brad wrote a great analysis of an Emotet maldoc send to us by a reader. In this diary, I would like to show how this maldoc can be staticaly analyzed with a couple of tools. oledump.py confirms it is...

View Article

Maldoc Submitted and Analyzed, (Sat, Jul 29th)

July 29, 2017, 8:48 am

Reader Jason submitted a malicious document he received via email. Although it contains VBA code with string obfuscation that is not too complex, it has a very low VirusTotal detection score. Let...

View Article

Image may be NSFW.
Clik here to view.

SMBLoris - the new SMB flaw, (Sun, Jul 30th)

July 30, 2017, 7:31 am

While studying the infamous EternalBlue exploit about 2 months ago, researchers Sean Dillon (zerosum0x0) and Zach Harding (Aleph-Naught-) found a new flaw in the Server Message Block (SMB) protocol...

View Article

Re-release of MS Oulook Security Patches...

July 30, 2017, 11:42 am

----------- Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...

View Article

Text Banking Scams, (Sun, Jul 30th)

July 30, 2017, 2:38 pm

Over the past few days I have been getting a few phone text scams that kind of look realistic except for certain flaws that are fairly easy to pick out, however this is where it is important to read...

View Article

ISC Stormcast For Monday, July 31st 2017...

July 30, 2017, 5:40 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

ISC Stormcast For Tuesday, August 1st 2017...

July 31, 2017, 5:50 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Rooting Out Hosts that Support Older Samba Versions, (Tue, Aug 1st)

July 31, 2017, 10:15 pm

Ive had a number of people ask how they can find services on their network that still support SMBv1. In an AD Domain you can generally have good control of patching and the required registry keys to...

View Article

ISC Stormcast For Wednesday, August 2nd 2017...

August 1, 2017, 6:40 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Attacking NoSQL applications (part 2), (Wed, Aug 2nd)

August 2, 2017, 5:27 am

Last week I was lucky enough to attend SANSFIRE, which is one of the biggest SANS events (I attended the SEC660 course by Tim Medin and just as my personal opinion: this is probably the best course I...

View Article

ISC Stormcast For Thursday, August 3rd 2017...

August 2, 2017, 4:25 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Using a Raspberry Pi honeypot to contribute data to DShield/ISC, (Thu, Aug 3rd)

August 3, 2017, 7:06 am

We have been working for a while now on a honeypot based on a Raspberry Pi. Thanks to our volunteers, we now have a version of the honeypot that provides us not just with the firewall data that we...

View Article

ISC Stormcast For Friday, August 4th 2017...

August 3, 2017, 5:25 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article

Use of the Open Graph Protocol to Disguise Malicious Facebook Links, (Fri,...

August 4, 2017, 2:16 pm

Whenever a link is posted to Facebook or other social media sites, the site will likely scan the destination page for Open Graph tags [1]. These tags may provide a link to an image to be displayed, or...

View Article

ISC Stormcast For Monday, August 7th 2017...

August 6, 2017, 6:45 pm

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

View Article