Author Archives: SANS Internet Storm Center, InfoCON: green

Continuing Scans for swagger.json, (Wed, Jun 3rd)

Posted on by

Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over HTTP, it does not leverage HTTP, leading to unnecessary complexity. Secondly, kids don&#;x26;#;39;t RTFM, and developers these days tend not to appreciate the art of careful system design; they rather throw code at an IDE to see what sticks, if they don&#;x26;#;39;t vibe code it anyway.

Continue reading Continuing Scans for swagger.json, (Wed, Jun 3rd)

Posted in Uncategorized

New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)

Posted on by

For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG (“Scalable Vector Graphic”) is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an image”, that’s the perfect way to deliver some malicious content. This isn’t the first time that we see this technique used by threat actors[1].

Continue reading New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)

Posted in Uncategorized

Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)

Posted on by

Using the data collected over the past year and using Kibana these two ES|QL query to summarize the data, this shows the list of the most uploaded threat to two DShield sensors (local and cloud) over the past year. I have sorted the activity by months that shows the evolution of files uploaded to the sensors each month. The activity peaked during the winter months (Dec 2025 – Feb 2026) and started decreasing in March 2026 for each sensor.

Continue reading Analysis of a Year of Files Uploaded to DShield Sensors, (Wed, May 27th)

Posted in Uncategorized