Brazil malspam pushes Astaroth (Guildma) malware, (Fri, Aug 19th)
Introduction Today’s diary is a quick post of an Astaroth (Guildma) malware infection I...
Read MoreIntroduction Today’s diary is a quick post of an Astaroth (Guildma) malware infection I...
Read MoreNothing surprising, but a nice story for the weekend: I was experimenting with compiling some...
Read MoreThis diary was contributed by Jesse La Grew Looking through Cowrie [1] data on a DShield honeypot...
Read MoreApple fixed two vulnerabilities that are, according to Apple, already being exploited. The WebKit vulnerability could be used by a malicious website to execute arbitrary code, while the Kernel issue can then be used to escalate...
Read MoreTo better detect any exploit attempts taking advantage of the recent Realtek vulnerability, I...
Read MoreI was asked for help with this maldoc sample:...
Read MoreOn Friday, Octavio Gianatiempo & Octavio Galland released details about a vulnerability in Realtek’s eCos SDK. The release came as part of their talk at Defcon. Realtek patched the vulnerability they spoke about in...
Read MoreI have been seeing this form of phishing in Microsoft Office 365 for several weeks. The email...
Read MoreIntroduction Since 2019, threat actor Monster Libra (also known as TA551 or Shathak) has pushed...
Read MoreIf sudo[1] is a well known tool used daily by most UNIX system administrators, NSudo[2] remains...
Read MoreI know I have written about this same attack before [see here]. But well, it just doesn’t...
Read MoreThis month we got patches for 141 vulnerabilities. Of these, 17 are critical, 2 were previously disclosed, and one is already being exploited, according to Microsoft. The exploited vulnerability is a Remote Code Execution (RCE)...
Read More