Brazil malspam pushes Astaroth (Guildma) malware, (Fri, Aug 19th)
Introduction Today’s diary is a quick post of an Astaroth (Guildma) malware infection I...
Read More
Category: SANS ISC Bulletins
Windows Security Blocks UPX Compressed (packed) Binaries, (Fri, Aug 19th)
Nothing surprising, but a nice story for the weekend: I was experimenting with compiling some...
Read More
Honeypot Attack Summaries with Python, (Thu, Aug 18th)
This diary was contributed by Jesse La Grew Looking through Cowrie [1] data on a DShield honeypot...
Read MoreApple Patches Two Exploited Vulnerabilities, (Wed, Aug 17th)
Apple fixed two vulnerabilities that are, according to Apple, already being exploited. The WebKit vulnerability could be used by a malicious website to execute arbitrary code, while the Kernel issue can then be used to escalate...
Read More
A Quick VoIP Experiment, (Wed, Aug 17th)
To better detect any exploit attempts taking advantage of the recent Realtek vulnerability, I...
Read More
VBA Maldoc & UTF7 (APT-C-35), (Tue, Aug 16th)
I was asked for help with this maldoc sample:...
Read MoreRealtek SDK SIP ALG Vulnerability: A Big Deal, but not much you can do about it. CVE 2022-27255, (Sun, Aug 14th)
On Friday, Octavio Gianatiempo & Octavio Galland released details about a vulnerability in Realtek’s eCos SDK. The release came as part of their talk at Defcon. Realtek patched the vulnerability they spoke about in...
Read More
Phishing HTML Attachment as Voicemail Audio Transcription, (Sat, Aug 13th)
I have been seeing this form of phishing in Microsoft Office 365 for several weeks. The email...
Read More
Monster Libra (TA551/Shathak) pushes IcedID (Bokbot) with Dark VNC and Cobalt Strike, (Fri, Aug 12th)
Introduction Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed...
Read More
InfoStealer Script Based on Curl and NSudo, (Thu, Aug 11th)
If sudo[1] is a well known tool used daily by most UNIX system administrators, NSudo[2] remains...
Read More
And Here They Come Again: DNS Reflection Attacks, (Wed, Aug 10th)
I know I have written about this same attack before [see here]. But well, it just doesn’t...
Read MoreMicrosoft August 2022 Patch Tuesday, (Tue, Aug 9th)
This month we got patches for 141 vulnerabilities. Of these, 17 are critical, 2 were previously disclosed, and one is already being exploited, according to Microsoft. The exploited vulnerability is a Remote Code Execution (RCE)...
Read More
- 1
- ...
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
- 106
- 107
- 108
- 109
- 110
- 111
- 112
- 113
- 114
- 115
- 116
- 117
- 118
- 119
- 120
- 121
- 122
- 123
- 124
- 125
- 126
- 127
- 128
- 129
- 130
- 131
- 132
- 133
- 134
- 135
- ...
- 136