SANS Internet Storm Center – Page 6

[SANS ISC] More Undetected PowerShell Dropper

Posted on December 21, 2021 by Xavier

I published the following diary on isc.sans.edu: “More Undetected PowerShell Dropper“: Last week, I published a diary about a PowerShell backdoor running below the radar with a VT score of 0! This time, it’s a dropper with multiple obfuscation techniques in place. It is also important to mention that the injection technique used is similar

The post [SANS ISC] More Undetected PowerShell Dropper appeared first on /dev/random.

Continue reading [SANS ISC] More Undetected PowerShell Dropper→

[SANS ISC] Simple but Undetected PowerShell Backdoor

Posted on December 15, 2021 by Xavier

I published the following diary on isc.sans.edu: “Simple but Undetected PowerShell Backdoor“: For a while, most security people agree on the fact that antivirus products are not enough for effective protection against malicious code. If they can block many threats, some of them remain undetected by classic technologies. Here is

The post [SANS ISC] Simple but Undetected PowerShell Backdoor appeared first on /dev/random.

Continue reading [SANS ISC] Simple but Undetected PowerShell Backdoor→

Microsoft Patch Tuesday, December 2021 Edition

Posted on December 14, 2021 by BrianKrebs

Microsoft, Adobe, and Google all issued security updates to their products today. The Microsoft patches include six previously disclosed security flaws, and one that that is already being actively exploited. But this month’s Patch Tuesday is being overshadowed by the “Log4Shell” 0-day exploit in a popular Java library that web server administrators are now racing to find and patch amid widespread exploitation of the flaw. Continue reading Microsoft Patch Tuesday, December 2021 Edition→

[SANS ISC] Python Shellcode Injection From JSON Data

Posted on December 10, 2021 by Xavier

I published the following diary on isc.sans.edu: “Python Shellcode Injection From JSON Data“: My hunting rules detected a niece piece of Python code. It’s interesting to see how the code is simple, not deeply obfuscated, and with a very low VT score: 2/56!. I see more and more malicious Python code

The post [SANS ISC] Python Shellcode Injection From JSON Data appeared first on /dev/random.

Continue reading [SANS ISC] Python Shellcode Injection From JSON Data→

[SANS ISC] The UPX Packer Will Never Die!

Posted on December 3, 2021 by Xavier

I published the following diary on isc.sans.edu: “The UPX Packer Will Never Die!“: Today, many malware samples that you can find in the wild are “packed”. The process of packing an executable file is not new and does not mean that it is de-facto malicious. Many developers decide to pack

The post [SANS ISC] The UPX Packer Will Never Die! appeared first on /dev/random.

Continue reading [SANS ISC] The UPX Packer Will Never Die!→

[SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data

Posted on December 1, 2021 by Xavier

I published the following diary on isc.sans.edu: “Info-Stealer Using webhook.site to Exfiltrate Data“: We already reported multiple times that, when you offer an online (cloud) service, there are a lot of chances that it will be abused for malicious purposes. I spotted an info-stealer that exfiltrates data through webhook.site. Today, many

The post [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data appeared first on /dev/random.

Continue reading [SANS ISC] Info-Stealer Using webhook.site to Exfiltrate Data→

[SANS ISC] Shadow IT Makes People More Vulnerable to Phishing

Posted on November 10, 2021 by Xavier

I published the following diary on isc.sans.edu: “Shadow IT Makes People More Vulnerable to Phishing“: Shadow IT is a real problem in many organizations. Behind this term, we speak about pieces of hardware or software that are installed by users without the approval of the IT department. In many cases,

The post [SANS ISC] Shadow IT Makes People More Vulnerable to Phishing appeared first on /dev/random.

Continue reading [SANS ISC] Shadow IT Makes People More Vulnerable to Phishing→

[SANS ISC] (Ab)Using Security Tools & Controls for the Bad

Posted on November 8, 2021 by Xavier

I published the following diary on isc.sans.edu: “(Ab)Using Security Tools & Controls for the Bad“: As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be

The post [SANS ISC] (Ab)Using Security Tools & Controls for the Bad appeared first on /dev/random.

Continue reading [SANS ISC] (Ab)Using Security Tools & Controls for the Bad→

Patch Tuesday, October 2021 Edition

Posted on October 12, 2021 by BrianKrebs

Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited in active attacks. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Continue reading Patch Tuesday, October 2021 Edition→

[SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory)

Posted on September 24, 2021 by Xavier

I published the following diary on isc.sans.edu: “Keep an Eye on Your Users Mobile Devices (Simple Inventory)“: Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it’s not yet the case, you probably have

The post [SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory) appeared first on /dev/random.

Continue reading [SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory)→