Update: Worldwide IT outage due to buggy Crowdstrike update

The world is 16+ hours into what looks like the biggest IT outage in history, triggered by a defective update for Crowdstrike endpoint security software for Windows machines. The price of both Crowdstrike’s and Microsoft’s shares has tumble… Continue reading Update: Worldwide IT outage due to buggy Crowdstrike update

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a pr… Continue reading Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Critical ownCloud flaw under attack (CVE-2023-49103)

Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over… Continue reading Critical ownCloud flaw under attack (CVE-2023-49103)

New twist on ZeroFont phishing technique spotted in the wild

Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack Documented and named by Avanan in 2018, the ZeroFont technique involves using text … Continue reading New twist on ZeroFont phishing technique spotted in the wild

[SANS ISC] macOS: Who’s Behind This Network Connection?

Today, I published the following diary on isc.sans.edu: “macOS: Who’s Behind This Network Connection?“: When you must investigate suspicious behavior or work on an actual incident, you could be asked to determine who’s behind a network connection. From a pure network point of view, your firewall or any network security

The post [SANS ISC] macOS: Who’s Behind This Network Connection? appeared first on /dev/random.

Continue reading [SANS ISC] macOS: Who’s Behind This Network Connection?

[SANS ISC] Python Malware Using Postgresql for C2 Communications

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

Continue reading [SANS ISC] Python Malware Using Postgresql for C2 Communications

[SANS ISC] More Exotic Excel Files Dropping AgentTesla

Today, I published the following diary on isc.sans.edu: “More Exotic Excel Files Dropping AgentTesla”: Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others!

The post [SANS ISC] More Exotic Excel Files Dropping AgentTesla appeared first on /dev/random.

Continue reading [SANS ISC] More Exotic Excel Files Dropping AgentTesla

[SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

Today, I published the following diary on isc.sans.edu: “Have You Ever Heard of the Fernet Encryption Algorithm?“: In cryptography, there is a gold rule that states to not develop your own algorithm because… it will be probably weak and broken! They are strong algorithms (like AES) that do a great job

The post [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm? appeared first on /dev/random.

Continue reading [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

[SANS ISC] Quick Malware Triage With Inotify Tools

Today, I published the following diary on isc.sans.edu: “Quick Malware Triage With Inotify Tools“: When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It’s impossible to investigate all files and a key point is to find interesting files

The post [SANS ISC] Quick Malware Triage With Inotify Tools appeared first on /dev/random.

Continue reading [SANS ISC] Quick Malware Triage With Inotify Tools

[SANS ISC] From a Zalando Phishing to a RAT

Today, I published the following diary on isc.sans.edu: “From a Zalando Phishing to a RAT“: Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German

The post [SANS ISC] From a Zalando Phishing to a RAT appeared first on /dev/random.

Continue reading [SANS ISC] From a Zalando Phishing to a RAT