Microsoft Patch Tuesday, July 2024 Edition

Microsoft Corp. today issued software updates to plug 139 security holes in various flavors of Windows and other Microsoft products. Redmond says attackers are already exploiting at least two of the vulnerabilities in active attacks against Windows users. Continue reading Microsoft Patch Tuesday, July 2024 Edition

Microsoft Patch Tuesday, November 2023 Edition

Microsoft today released updates to fix more than five dozen security holes in its Windows operating systems and related software, including three “zero day” vulnerabilities that Microsoft warns are already being exploited in active attacks. Continue reading Microsoft Patch Tuesday, November 2023 Edition

[SANS ISC] macOS: Who’s Behind This Network Connection?

Today, I published the following diary on isc.sans.edu: “macOS: Who’s Behind This Network Connection?“: When you must investigate suspicious behavior or work on an actual incident, you could be asked to determine who’s behind a network connection. From a pure network point of view, your firewall or any network security

The post [SANS ISC] macOS: Who’s Behind This Network Connection? appeared first on /dev/random.

Continue reading [SANS ISC] macOS: Who’s Behind This Network Connection?

[SANS ISC] Python Malware Using Postgresql for C2 Communications

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

Continue reading [SANS ISC] Python Malware Using Postgresql for C2 Communications

[SANS ISC] More Exotic Excel Files Dropping AgentTesla

Today, I published the following diary on isc.sans.edu: “More Exotic Excel Files Dropping AgentTesla”: Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others!

The post [SANS ISC] More Exotic Excel Files Dropping AgentTesla appeared first on /dev/random.

Continue reading [SANS ISC] More Exotic Excel Files Dropping AgentTesla

[SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

Today, I published the following diary on isc.sans.edu: “Have You Ever Heard of the Fernet Encryption Algorithm?“: In cryptography, there is a gold rule that states to not develop your own algorithm because… it will be probably weak and broken! They are strong algorithms (like AES) that do a great job

The post [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm? appeared first on /dev/random.

Continue reading [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

[SANS ISC] Quick Malware Triage With Inotify Tools

Today, I published the following diary on isc.sans.edu: “Quick Malware Triage With Inotify Tools“: When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It’s impossible to investigate all files and a key point is to find interesting files

The post [SANS ISC] Quick Malware Triage With Inotify Tools appeared first on /dev/random.

Continue reading [SANS ISC] Quick Malware Triage With Inotify Tools

[SANS ISC] From a Zalando Phishing to a RAT

Today, I published the following diary on isc.sans.edu: “From a Zalando Phishing to a RAT“: Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German

The post [SANS ISC] From a Zalando Phishing to a RAT appeared first on /dev/random.

Continue reading [SANS ISC] From a Zalando Phishing to a RAT

[SANS ISC] Show me All Your Windows!

Today, I published the following diary on isc.sans.edu: “Show me All Your Windows!“: It’s a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it’s being debugged (executed in a debugger or its execution is slower than expected). Anti-analysis refers

The post [SANS ISC] Show me All Your Windows! appeared first on /dev/random.

Continue reading [SANS ISC] Show me All Your Windows!

[SANS ISC] Are Leaked Credentials Dumps Used by Attackers?

Today, I published the following diary on isc.sans.edu: “Are Leaked Credentials Dumps Used by Attackers?“: Leaked credentials are a common thread for a while. Popular services like “Have I Been Pwned” help everyone know if some emails and passwords have been leaked. This is a classic problem: One day, you create an account

The post [SANS ISC] Are Leaked Credentials Dumps Used by Attackers? appeared first on /dev/random.

Continue reading [SANS ISC] Are Leaked Credentials Dumps Used by Attackers?