The Evil MSI Background is Back!, (Fri, Jun 5th)

A few months ago, I wrote a diary about a payload that was embedded into a JPEG picture. It was a MSI-branded background[1]. Yesterday, I spotted another one! It seems that the technic is getting more and more popular. This time, it started with a mail containing a WeTransfer link.

Continue reading The Evil MSI Background is Back!, (Fri, Jun 5th)

Posted in Uncategorized

Continuing Scans for swagger.json, (Wed, Jun 3rd)

Enterprise applications often still use complex standards like SOAP for web services. The big advantage of SOAP is its tight and extensive standards, which enable interoperability across an enterprise governed by web services. The disadvantage of SOAP: First, while it is de facto usually used over HTTP, it does not leverage HTTP, leading to unnecessary complexity. Secondly, kids don&#;x26;#;39;t RTFM, and developers these days tend not to appreciate the art of careful system design; they rather throw code at an IDE to see what sticks, if they don&#;x26;#;39;t vibe code it anyway.

Continue reading Continuing Scans for swagger.json, (Wed, Jun 3rd)

Posted in Uncategorized

New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)

For a few days, my SANS ISC mailbox is flooded with emails that delivers SVG files. An SVG (“Scalable Vector Graphic”) is a web-friendly vector file format used for graphics and icons. No URL in the body, just “an image”, that’s the perfect way to deliver some malicious content. This isn’t the first time that we see this technique used by threat actors[1].

Continue reading New Wave Of Phishing Emails with SVG Files, (Tue, Jun 2nd)

Posted in Uncategorized