ISC Stormcast For Monday, November 20th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Tuesday, November 21st 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleInternet Wide Ethereum JSON-RPC Scans, (Tue, Nov 21st)
Ethereum is certainly getting a lot of press this year, and with this, we also see the bad guys spending more effort to steal the shiny fresh off the digital mint crypto coins. Etherum itself is a...
View ArticleISC Stormcast For Wednesday, November 22nd 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Proactive Malicious Domain Search, (Thu, Nov 23rd)
In a previous diary[1], I presented a dashboard that I’m using to keep track of the DNS traffic on my networks. Tracking malicious domains is useful but what if you could, in a certain way, “predict”...
View ArticleBenefits associated with the use of Open Source Software, (Sat, Nov 25th)
This week I ran across an interesting story talking about the benefits of using open source software in an enterprise. This article has "Eleven CISOs from across industries weighed in, with most saying...
View ArticleExim Remote Code Exploit, (Sat, Nov 25th)
A use-after-free(UAF) vulnerability has been found in Exim version 4.88 and 4.89 which could lead to the execution of arbitrary code or DoS. The patch has been made available today and is available for...
View ArticleClik here to view.
9 Fast and Easy Ways To Lose Your Crypto Coins, (Sun, Nov 26th)
Looking at the cost of cryptocurrencies this weekend, it looks like many of you will find a few bitcoins under your tree instead of a new game console. It appears to become a big holiday gift. With all...
View ArticleISC Stormcast For Monday, November 27th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleISC Stormcast For Tuesday, November 28th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleApple High Sierra Uses a Passwordless Root Account, (Tue, Nov 28th)
Today, a security researcher twitted[1] about a dangerous behaviour he found in the Apple High Sierra operating system: It is possible to get administrator rights (the "root" account on UNIX) by...
View ArticleISC Stormcast For Wednesday, November 29th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Fileless Malicious PowerShell Sample, (Wed, Nov 29th)
Pastebin.com remains one of my favourite place for hunting. I’m searching for juicy content and report finding in a Splunk dashboard: Yesterday, I found an interesting pastie[1] with a simple Windows...
View ArticleISC Stormcast For Thursday, November 30th 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
More Malspam pushing Emotet malware, (Thu, Nov 30th)
Introduction I published a diary on malicious spam (malspam) pushing Emotet back in June 2017 (link). Since then, I continue to catch the occasional sample, and this malspam appears to occur on a...
View ArticleISC Stormcast For Friday, December 1st 2017...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Phishing Kit (Ab)Using Cloud Services, (Fri, Dec 1st)
When you build a phishing kit, they are several critical points to address. You must generate a nice-looking page which will match as close as possible to the original one and you must work stealthily...
View ArticleUsing Bad Material for the Good, (Sat, Dec 2nd)
There is a huge amount of information shared online by attackers. Once again, pastebin.com is a nice place to start hunting. As this material is available for free, why not use it for the good?...
View ArticleStartSSL: Termination of Services is Now Scheduled, (Sun, Dec 3rd)
StartCom[1] has been a key player for years in the landscape of SSL certificate providers with its 'StartSSL' services. They provided free SSL certificates for everybody and permitted a lot of small...
View ArticleClik here to view.
Phishing campaign uses old ".bat" script to spread banking malware - and it...
While hunting this week, I came across a phishing campaign spreading a banking malware using an old DOS Batch script to drop it. Surprisingly enough, the “.bat” file has a VT 0/58 rating helping...
View Article