SANS ISC Bulletins Archives | Cyberthreat Blog from Fortify24x7

Exploring Uploads in a Dshield Honeypot Environment [Guest Diary], (Thu, Sep 18th)

by Cyberthreat Blog | Sep 17, 2025 | SANS ISC Bulletins | 0 |

[This is a Guest Diary by Nathan Smisson, an ISC intern as part of the SANS.edu BACS program] The...

CTRL-Z DLL Hooking, (Wed, Sep 17th)

by Cyberthreat Blog | Sep 17, 2025 | SANS ISC Bulletins | 0 |

When you’re debugging a malware sample, you probably run it into a debugger and define some breakpoints. The idea is to take over the program control before it will perform “interesting” actions. Usually, we set breakpoints on...

Why You Need Phishing Resistant Authentication NOW., (Tue, Sep 16th)

by Cyberthreat Blog | Sep 16, 2025 | SANS ISC Bulletins | 0 |

The recent (and still ongoing) phishing of NPM developer accounts showed yet again that even...

Apple Updates Everything – iOS/macOS 26 Edition, (Mon, Sep 15th)

by Cyberthreat Blog | Sep 15, 2025 | SANS ISC Bulletins | 0 |

Today, as expected, Apple released iOS/iPadOS/macOS/watchOS/tvOS 26. Going forward, Apple will adopt the same OS number across its different offerings, setting us up for a potential year 2100 issue. Notably, VisionOS was not...

Web Searches For Archives, (Sun, Sep 14th)

by Cyberthreat Blog | Sep 14, 2025 | SANS ISC Bulletins | 0 |

Johannes wrote a diary entry “Increasing Searches for ZIP Files” where he analyzed the increase of requests for ZIP files (like backup.zip, web.zip, …) for our web honeypots. I took a look at my logs, and...

DShield SIEM Docker Updates, (Wed, Sep 10th)

by Cyberthreat Blog | Sep 10, 2025 | SANS ISC Bulletins | 0 |

Since the last update [5], over the past few months I added several enhancements to DShield SIEM...

Microsoft Patch Tuesday September 2025, (Tue, Sep 9th)

by Cyberthreat Blog | Sep 9, 2025 | SANS ISC Bulletins | 0 |

As part of its September patch Tuesday, Microsoft addressed 177 different vulnerabilities, 86 of which affect Microsoft products. None of the vulnerabilities has been exploited before today. Two of the vulnerabilities were...

HTTP Request Signatures, (Mon, Sep 8th)

by Cyberthreat Blog | Sep 8, 2025 | SANS ISC Bulletins | 0 |

This weekend, I noticed three related headers being used in requests to some of our honeypots for the first time [1]: Signature-Input Signature-Agent Signature These headers are related to a relatively new feature, HTTP Message...

From YARA Offsets to Virtual Addresses, (Fri, Sep 5th)

by Cyberthreat Blog | Sep 5, 2025 | SANS ISC Bulletins | 0 |

YARA is an excellent tool that most of you probably already know and use daily. If you...

Exploit Attempts for Dassault DELMIA Apriso. CVE-2025-5086, (Wed, Sep 3rd)

by Cyberthreat Blog | Sep 3, 2025 | SANS ISC Bulletins | 0 |

When I am thinking about the security of manufacturing environments, I am usually focusing on IoT devices integrated into production lines. All the little sensors and actuators are often very difficult to secure. On the other...

A quick look at sextortion at scale: 1,900 messages and 205 Bitcoin addresses spanning four years, (Tue, Sep 2nd)

by Cyberthreat Blog | Sep 2, 2025 | SANS ISC Bulletins | 0 |

What can almost 2,000 sextortion messages tell us about how threat actors operate and whether they...

Wireshark 4.4.9 Released, (Sun, Aug 31st)

by Cyberthreat Blog | Aug 31, 2025 | SANS ISC Bulletins | 0 |

Wireshark release 4.4.9 fixes 5 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States...

Category: SANS ISC Bulletins