Deprecated: Hook wp_smush_should_skip_parse is deprecated since version 3.16.1! Use wp_smush_should_skip_lazy_load instead. in /srv/www/cyberthreat.blog/wordpress/wp-includes/functions.php on line 6121

Deprecated: Hook wp_smush_should_skip_parse is deprecated since version 3.16.1! Use wp_smush_should_skip_lazy_load instead. in /srv/www/cyberthreat.blog/wordpress/wp-includes/functions.php on line 6121

Category: SANS ISC Bulletins

Zero Trust and Entra ID Conditional Access, (Sun, Jan 19th)

by Cyberthreat Blog | Jan 19, 2025 | SANS ISC Bulletins | 0 |

Microsoft Entra ID (Formerly Azure AD) Conditional Access (CA) policies are the key components to a Zero Trust strategy, as it provides the ability to function as the front door for users and devices. CA policies use attributes,...

More SSH Fun!, (Tue, Dec 24th)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

A few days ago, I wrote a diary[1] about a link file that abused the ssh.exe tool present in modern versions of Microsoft Windows. At the end, I mentioned that I will hunt for more SSH-related files/scripts. Guess what? I...

Compiling Decompyle++ For Windows, (Wed, Dec 25th)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

Occasionaly I decompile Python code, with decompilers written in Python. Recently I discovered...

Capturing Honeypot Data Beyond the Logs, (Thu, Dec 26th)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

By default, DShield Honeypots [1] collect firewall, web and cowrie (telnet/ssh) [2] data and log...

Phishing for Banking Information, (Fri, Dec 27th)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

It is again the time of the year when scammers are asking to verify banking information, whether...

Changes in SSL and TLS support in 2024, (Mon, Dec 30th)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

With the end of the year quickly approaching, it is undoubtedly a good time to take a look at what...

No Holiday Season for Attackers, (Tue, Dec 31st)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

While most of us are preparing the switch to a new year (If it’s already the case for you: Happy...

Goodware Hash Sets, (Thu, Jan 2nd)

by Cyberthreat Blog | Jan 2, 2025 | SANS ISC Bulletins | 0 |

In the cybersecurity landscape, we all need hashes! A hash is the result of applying a special...

Christmas “Gift” Delivered Through SSH, (Fri, Dec 20th)

by Cyberthreat Blog | Dec 20, 2024 | SANS ISC Bulletins | 0 |

Christmas is at our doors and Attackers use the holiday season to deliver always more and more gifts into our mailboxes! I found this interesting file this morning: “christmas_slab.pdf.lnk”[1]. Link files (.lnk) are...

Development Features Enabled in Prodcution, (Thu, Oct 24th)

by Cyberthreat Blog | Oct 24, 2024 | SANS ISC Bulletins | 0 |

We do keep seeing attackers “poking around” looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an...

Survey of CUPS exploit attempts, (Fri, Oct 4th)

by Cyberthreat Blog | Oct 4, 2024 | SANS ISC Bulletins | 0 |

It is about a week since the release of the four CUPS remote code execution vulnerabilities. After the vulnerabilities became known, I configured one of our honeypots that watches a larger set of IPs to specifically collect UDP...

23:59, Time to Exfiltrate!, (Tue, Sep 17th)

by Cyberthreat Blog | Sep 19, 2024 | SANS ISC Bulletins | 0 |

Last week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it’s used to host malicious files...