As expected, Apple today released macOS Sonoma (14.0). This update, in addition to new features, provides patches for about 60 different vulnerabilities. Older MacOS versions received updates addressing these vulnerabilities...
Read More
Last week, I came across an interesting phishing e-mail, in which a text written in a font with...
Read MoreThe upcoming version of YARA 4.4.0 will include a new module for .lnk files. Release Candidate 1 for version 4.4.0 can be found here. Didier Stevens Senior handler Microsoft MVP blog.DidierStevens.com (c) SANS Internet Storm...
Read More
Today while reviewing my honeypot logs, I noticed an HTTP request for a directory this week I had...
Read MoreBrute-forcing passwords for VPN access has become a standard technique for various actors to access corporate networks to exfiltrate data later or deploy ransomware. After identifying the VPN, an attacker may use simple brute...
Read More
Adobe Experience Manager (AEM) is a complex enterprise-level content management system built...
Read More
I am trying to start a series of brief diaries about “what’s normal.” Analysts...
Read MoreThis update patches three already exploited vulnerabilities: (1) CVE-2023-41993 Remote code execution in WebKit. This could be used as an initial access vector (2) CVE-2023-41992 Privilege Escalation. A follow-up after the...
Read MoreWindows Defender has had Zeek built into it since October 2022, and it comes in handy with remote workforces when trying to do Incident response. Initially released, it only supported a few protocols, but now it supports 7....
Read More
Our honeypots see a lot of DNS over HTTP(s) requests against the “/dns-query”...
Read More
Phishing scams have frequently arrived as an SMS message (sometimes called...
Read MoreIPv6 has always been a hot topic! Available for years, many ISP’s deployed IPv6 up to their residential customers. In Belgium, we were for a long time, the top-one country with IPv6 deployment because all big players...
Read More