Category Archives: SANS Internet Storm Center

[SANS ISC] A Backdoor with Smart Screenshot Capability

Posted on by

I published the following diary on isc.sans.edu: “A Backdoor with Smart Screenshot Capability“: Today, everything is “smart” or “intelligent”. We have smartphones, smart cars, smart doorbells, etc. Being “smart” means performing actions depending on the context, the environment, or user actions. For a while, backdoors and trojans have implemented screenshot

The post [SANS ISC] A Backdoor with Smart Screenshot Capability appeared first on /dev/random.

Continue reading [SANS ISC] A Backdoor with Smart Screenshot Capability

[SANS ISC] A First Malicious OneNote Document

Posted on by

I published the following diary on isc.sans.edu: “A First Malicious OneNote Document“: Attackers are always trying to find new ways to deliver malware to victims. They recently started sending Microsoft OneNote files in massive phishing campaigns. OneNote files (ending the extension “.one”) are handled automatically by computers that have the

The post [SANS ISC] A First Malicious OneNote Document appeared first on /dev/random.

Continue reading [SANS ISC] A First Malicious OneNote Document

[SANS ISC] Do you collect “Observables” or “IOCs”?

Posted on by

I published the following diary on isc.sans.edu: “Do you collect “Observables” or “IOCs”?“: Indicators of Compromise, or IOCs, are key elements in blue team activities. IOCs are mainly small pieces of technical information that have been collected during investigations, threat hunting activities or malware analysis. About the last example, the malware analyst’s goal

The post [SANS ISC] Do you collect “Observables” or “IOCs”? appeared first on /dev/random.

Continue reading [SANS ISC] Do you collect “Observables” or “IOCs”?

[SANS ISC] Another Script-Based Ransomware

Posted on by

I published the following diary on isc.sans.edu: “Another Script-Based Ransomware“: In the past, I already found some script-based ransomware samples written in Python or Powershell. The last one I found was only a “proof-of-concept” (my guess) but it demonstrates how easy such malware can be developed and how they remain

The post [SANS ISC] Another Script-Based Ransomware appeared first on /dev/random.

Continue reading [SANS ISC] Another Script-Based Ransomware

Patch Tuesday, November 2022 Election Edition

Posted on by

Let’s face it: Having “2022 election” in the headline above is probably the only reason anyone might read this story today. Still, while most of us here in the United States are anxiously awaiting the results of how well we’ve patched our Democracy, it seems fitting that Microsoft Corp. today released gobs of security patches for its ubiquitous Windows operating systems. November’s patch batch includes fixes for a whopping six zero-day security vulnerabilities that miscreants and malware are already exploiting in the wild. Continue reading Patch Tuesday, November 2022 Election Edition

Microsoft Patch Tuesday, August 2022 Edition

Posted on by

Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows. Redmond also addressed multiple flaws in Exchange Server — including one that was disclosed publicly prior to today — and it is urging organizations that use Exchange for email to update as soon as possible and to enable additional protections. Continue reading Microsoft Patch Tuesday, August 2022 Edition

[SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky

Posted on by

I published the following diary on isc.sans.edu: “Malicious Python Script Behaving Like a Rubber Ducky“: Last week, it was SANSFIRE in Washington where I presented a SANS@Night talk about malicious Python scripts in Windows environment. I’m still looking for more fresh meat and, yesterday, I found another interesting one. Do you

The post [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky appeared first on /dev/random.

Continue reading [SANS ISC] Malicious Python Script Behaving Like a Rubber Ducky

[SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions

Posted on by

I published the following diary on isc.sans.edu: “Malicious PowerShell Targeting Cryptocurrency Browser Extensions“: While hunting, I found an interesting PowerShell script. After a quick check, my first conclusion was that it is again a simple info stealer. After reading the code more carefully, the conclusion was different: It targets crypto-currency browser

The post [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions appeared first on /dev/random.

Continue reading [SANS ISC] Malicious PowerShell Targeting Cryptocurrency Browser Extensions

[SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper

Posted on by

I published the following diary on isc.sans.edu: “Houdini is Back Delivered Through a JavaScript Dropper“: Houdini is a very old RAT that was discovered years ago. The first mention I found back is from 2013! Houdini is a simple remote access tool written in Visual Basic Script. The script is not very interesting

The post [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper appeared first on /dev/random.

Continue reading [SANS ISC] Houdini is Back Delivered Through a JavaScript Dropper

[SANS ISC] Sandbox Evasion… With Just a Filename!

Posted on by

I published the following diary on isc.sans.edu: “Sandbox Evasion… With Just a Filename!“: Today, many sandbox solutions are available and deployed by most organizations to detonate malicious files and analyze their behavior. The main problem with some sandboxes is the filename used to submit the sample. The file can be

The post [SANS ISC] Sandbox Evasion… With Just a Filename! appeared first on /dev/random.

Continue reading [SANS ISC] Sandbox Evasion… With Just a Filename!