Clik here to view.
What is new?, (Mon, Jan 1st)
How to best start the new year? How about a new tool: what-is-new.py. It's something I have to do often, and I'm sure you do too: you make lists at regular intervals (for example every week), and you...
View ArticleISC Stormcast For Tuesday, January 2nd 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View Article
PDF documents & URLs: video, (Tue, Jan 2nd)
I received some questions about my diary entry "PDF documents & URLs: update", and to beter explain the analysis method, I created a video. Didier Stevens Microsoft MVP Consumer Security...
View ArticleISC Stormcast For Wednesday, January 3rd 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Phishing to Rural America Leads to Six-figure Wire Fraud Losses, (Wed, Jan 3rd)
We often focus on malware and hacking in terms of the tools the criminals use, but often good old-fashioned deception is simple enough. A recent case I worked on involves phishing sent to rural real...
View ArticleISC Stormcast For Thursday, January 4th 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleFirefox confirms web-based exploitation of Meltdown/Spectre possible, patch...
-- John Bambenek bambenek \at\ gmail /dot/ com Fidelis Cybersecurity (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleSpectre and Meltdown: What You Need to Know Right Now, (Thu, Jan 4th)
By now, you've heard about the processor vulnerabilities affecting almost every processor in common use today; those vulnerabilities are called Meltdown and Spectre. The only common platform that seems...
View ArticleISC Stormcast For Friday, January 5th 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleVMware Security Advisory for V4H and V4PA desktop agent privilege escalation...
----------- Guy Bruneau IPSS Inc. Twitter: GuyBruneau gbruneau at isc dot sans dot edu (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...
View ArticleClik here to view.
Meltdown and Spectre: clearing up the confusion, (Sat, Jan 1st)
Unless you’ve been living under a rock (or on a remote island, with no Internet connection), you’ve heard about the latest vulnerabilities that impact modern processors. I’m sure that most of our...
View ArticleClik here to view.
SSH Scans by Clients Types, (Sun, Jan 7th)
I'm always curious what is scanning my honeypot but I was particularly interested what kind of client applications are used to attempt to login via SSH into that service. This graph shows the activity...
View ArticleStone Soup Security, (Sun, Jan 7th)
Humans have been telling stories to each other much longer than we've had computers. I still think it's a powerful tool. Over the holiday I've been telling various updated versions of the "Stone...
View ArticleClik here to view.
Campaign is using a recently released WebLogic exploit to deploy a Monero...
In the last couple of days, we received some reports regarding a malicious campaign which is deploying Monero cryptocurrency miners on victim’s machines. After analyzing a compromised environment,...
View ArticleISC Stormcast For Monday, January 8th 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
Fake anti-virus pages popping up like weeds, (Mon, Jan 8th)
Introduction With recent media coverage on Meltdown and Spectre, many other security issues get buried in the mix. One such issue I've run across for many months now is fake anti-virus (AV) web pages...
View ArticleISC Stormcast For Tuesday, January 9th 2018...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
View ArticleClik here to view.
What is going on with port 3333?, (Tue, Jan 9th)
We've seen a spike over the last day or so in reports of apparent scanning on TCP %%port:3333%%. I have serious doubts that anyone is actually looking for DEC Notes which is the registered IANA use for...
View ArticleClik here to view.
A Story About PeopleSoft: How to Make $250k Without Leaving Home., (Mon,...
Yesterday, Renato published a diary about an intrusion taking advantage of a recent flaw in WebLogic. Oracle’s WebLogic is a Java EE application server [1]. PeopleSoft, another popular Oracle product...
View ArticleMicrosoft January 2018 Patch Tuesday, (Tue, Jan 9th)
Microsoft, as expected included last weeks Meltdown/Spectre update in this months patch Tuesday. But note that in addition to these two flaws, we have a number of other "traditional" privilege...
View Article