Author Archives: SANS Internet Storm Center, InfoCON: green

For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping&#;x26;#;x5b;1&#;x26;#;x5d;. Note that the clipboard is a major risk when you don&#;x26;#;39;t disable clipboard sharing between your virtual machines and hosts. A malware running in a sandbox will access your (host) clipboard without problem!

Continue reading Clipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, October 15th, 2025 https://isc.sans.edu/podcastdetail/9656, (Tue, Oct 14th)→

I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft&#;x26;#;39;s cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight of the vulnerabilities are rated critical.

Continue reading Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, October 14th, 2025 https://isc.sans.edu/podcastdetail/9654, (Mon, Oct 13th)→

In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL injection issues and weaknesses in the encryption used to safeguard documents. In other words: A typical “secure” document management system. The product appears to be targeting the Chinese market, and with a website all in Chinese, I doubt it is used much, if at all, outside China.

Continue reading Heads Up: Scans for ESAFENET CDG V5 , (Mon, Oct 13th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, October 13th, 2025 https://isc.sans.edu/podcastdetail/9652, (Sun, Oct 12th)→

Wireshark release 4.4.10 fixes 6 bugs and 1 vulnerability (in the MONGO dissector).

Continue reading Wireshark 4.4.10 and 4.6.0 Released, (Sun, Oct 12th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, October 10th, 2025 https://isc.sans.edu/podcastdetail/9650, (Fri, Oct 10th)→

[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].]

Continue reading [Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, October 9th, 2025 https://isc.sans.edu/podcastdetail/9648, (Thu, Oct 9th)→