SANS Internet Storm Center – Page 4

[SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes

Posted on May 20, 2022 by Xavier

I published the following diary on isc.sans.edu: “A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes“: Yesterday, I analyzed a malicious archive for a customer. It was delivered to the mailbox of a user who, hopefully, was security-aware and reported it. The payload passed through the different security layers based on big

The post [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes appeared first on /dev/random.

Continue reading [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes→

[SANS ISC] Use Your Browser Internal Password Vault… or Not?

Posted on May 17, 2022 by Xavier

I published the following diary on isc.sans.edu: “Use Your Browser Internal Password Vault… or Not?“: Passwords… a so hot topic! Recently big players (Microsoft, Apple & Google) announced that they would like to suppress (or, at least, reduce) the use of classic passwords. In the meantime, they remain the most common

The post [SANS ISC] Use Your Browser Internal Password Vault… or Not? appeared first on /dev/random.

Continue reading [SANS ISC] Use Your Browser Internal Password Vault… or Not?→

[SANS ISC] Simple PDF Linking to Malicious Content

Posted on April 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “Simple PDF Linking to Malicious Content“: Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they don’t contain an exploit to

The post [SANS ISC] Simple PDF Linking to Malicious Content appeared first on /dev/random.

Continue reading [SANS ISC] Simple PDF Linking to Malicious Content→

[SANS ISC] XLSB Files: Because Binary is Stealthier Than XML

Posted on March 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “XLSB Files: Because Binary is Stealthier Than XML“: In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one… What’s the magic behind this file extension? “XLS” means that we

The post [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML appeared first on /dev/random.

Continue reading [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML→

[SANS ISC] Clean Binaries with Suspicious Behaviour

Posted on March 15, 2022 by Xavier

I published the following diary on isc.sans.edu: “Clean Binaries with Suspicious Behaviour“: EDR or “Endpoint Detection & Response” is a key element of many networks today. An agent is installed on all endpoints to track suspicious/malicious activity and (try to) block it. Behavioral monitoring is also a key element in

The post [SANS ISC] Clean Binaries with Suspicious Behaviour appeared first on /dev/random.

Continue reading [SANS ISC] Clean Binaries with Suspicious Behaviour→

[SANS ISC] Keep an Eye on WebSockets

Posted on March 11, 2022 by Xavier

I published the following diary on isc.sans.edu: “Keep an Eye on WebSockets“: It has been a while that I did not spot WebSockets used by malware. Yesterday I discovered an interesting piece of Powershell. Very small and almost undetected according to its Virustotal score (2/54). A quick reminder for those

The post [SANS ISC] Keep an Eye on WebSockets appeared first on /dev/random.

Continue reading [SANS ISC] Keep an Eye on WebSockets→

[SANS ISC] Credentials Leaks on VirusTotal

Posted on March 10, 2022 by Xavier

I published the following diary on isc.sans.edu: “Credentials Leaks on VirusTotal“: A few weeks ago, researchers published some information about stolen credentials that were posted on Virustotal. I’m keeping an eye on VT for my customers and searching for data related to them. For example, I looking for their domain name(s)

The post [SANS ISC] Credentials Leaks on VirusTotal appeared first on /dev/random.

Continue reading [SANS ISC] Credentials Leaks on VirusTotal→

[SANS ISC] Infostealer in a Batch File

Posted on March 9, 2022 by Xavier

I published the following diary on isc.sans.edu: “Infostealer in a Batch File“: It’s pretty common to see malicious content delivered as email attachments. Every day, my mailboxes are flooded with malicious content… which is great from a research point of view. Am I the only one to be happy when I see

The post [SANS ISC] Infostealer in a Batch File appeared first on /dev/random.

Continue reading [SANS ISC] Infostealer in a Batch File→

[SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective

Posted on February 24, 2022 by Xavier

I published the following diary on isc.sans.edu: “Ukraine & Russia Situation From a Domain Names Perspective“: For a few days, the eyes of the world are on the situation between Russia and Ukraine. Today, operations are also organized in the “cyber” dimension (besides the classic ones – land, air, sea,

The post [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective appeared first on /dev/random.

Continue reading [SANS ISC] Ukraine & Russia Situation From a Domain Names Perspective→

[SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware

Posted on February 22, 2022 by Xavier

I published the following diary on isc.sans.edu: “A Good Old Equation Editor Vulnerability Delivering Malware“: Here is another sample demonstrating how attackers still rely on good old vulnerabilities… In 2017, Microsoft Office suffered from a critical vulnerability that affected its Equation Editor tool, known as CVE-2017-11882. It’s a memory corruption

The post [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware appeared first on /dev/random.

Continue reading [SANS ISC] A Good Old Equation Editor Vulnerability Delivering Malware→