Finger.exe & ClickFix, (Sun, Nov 16th)
The finger.exe command is used in ClickFix attacks.
Author Archives: SANS Internet Storm Center, InfoCON: green
SANS Holiday Hack Challenge 2025, (Sun, Nov 16th)
Honeypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)
Like many have reported, we too noticed exploit attempts for CVE-2025-64446 in our honeypots.
Continue reading Honeypot: FortiWeb CVE-2025-64446 Exploits, (Sat, Nov 15th)
Microsoft Office Russian Dolls, (Fri, Nov 14th)
ISC Stormcast For Friday, November 14th, 2025 https://isc.sans.edu/podcastdetail/9700, (Fri, Nov 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, November 14th, 2025 https://isc.sans.edu/podcastdetail/9700, (Fri, Nov 14th)
Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)
When I’m teachning FOR610[1], I always say to my students that reverse engineering does not only apply to âexecutable filesâ (read: PE or ELF files). Most of the time, the infection path involves many stages to defeat the Security Analyst or security controls. Here is an example that I found yesterday. An email was received via an attached ZIP archive. It contained a simple file: âPayment_confirmation_copy_30K__202512110937495663904650431.vbsâ (SHA256:d9bd350b04cd2540bbcbf9da1f3321f8c6bba1d8fe31de63d5afaf18a735744f) identified by 17/65 antiviruses on VT[2]. Let’s have a look at the infection path.
Continue reading Formbook Delivered Through Multiple Scripts, (Thu, Nov 13th)
ISC Stormcast For Thursday, November 13th, 2025 https://isc.sans.edu/podcastdetail/9698, (Thu, Nov 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, November 13th, 2025 https://isc.sans.edu/podcastdetail/9698, (Thu, Nov 13th)
SmartApeSG campaign uses ClickFix page to push NetSupport RAT, (Wed, Nov 12th)
ISC Stormcast For Wednesday, November 12th, 2025 https://isc.sans.edu/podcastdetail/9696, (Wed, Nov 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, November 12th, 2025 https://isc.sans.edu/podcastdetail/9696, (Wed, Nov 12th)
Microsoft Patch Tuesday for November 2025, (Tue, Nov 11th)
Today&#;x26;#;39;s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical.
Continue reading Microsoft Patch Tuesday for November 2025, (Tue, Nov 11th)