SANS ISC – WindowsTechs.com

Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)

Posted on March 14, 2024 by Zeljka Zorz

A recently fixed SQL injection vulnerability (CVE-2023-48788) in Fortinet’s FortiClient Endpoint Management Server (EMS) solution has apparently piqued the interest of many: Horizon3’s Attack Team means to publish technical details and a pr… Continue reading Critical FortiClient EMS vulnerability fixed, (fake?) PoC for sale (CVE-2023-48788)→

Critical ownCloud flaw under attack (CVE-2023-49103)

Posted on November 28, 2023 by Zeljka Zorz

Attackers are trying to exploit a critical information disclosure vulnerability (CVE-2023-49103) in ownCloud, a popular file sharing and collaboration platform used in enterprise settings. Greynoise and SANS ISC say attemps have been first spotted over… Continue reading Critical ownCloud flaw under attack (CVE-2023-49103)→

New twist on ZeroFont phishing technique spotted in the wild

Posted on September 27, 2023 by Helga Labus

Cybercriminals are leveraging the ZeroFont technique to trick users into trusting phishing emails, SANS ISC handler Jan Kopriva has warned. The ZeroFont phishing attack Documented and named by Avanan in 2018, the ZeroFont technique involves using text … Continue reading New twist on ZeroFont phishing technique spotted in the wild→

[SANS ISC] macOS: Who’s Behind This Network Connection?

Posted on August 26, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “macOS: Who’s Behind This Network Connection?“: When you must investigate suspicious behavior or work on an actual incident, you could be asked to determine who’s behind a network connection. From a pure network point of view, your firewall or any network security

The post [SANS ISC] macOS: Who’s Behind This Network Connection? appeared first on /dev/random.

Continue reading [SANS ISC] macOS: Who’s Behind This Network Connection?→

[SANS ISC] Python Malware Using Postgresql for C2 Communications

Posted on August 25, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Python Malware Using Postgresql for C2 Communications“: For modern malware, having access to its C2 (Command and control) is a crucial point. There are many ways to connect to a C2 server using tons of protocols, but today, HTTP remains very common

The post [SANS ISC] Python Malware Using Postgresql for C2 Communications appeared first on /dev/random.

Continue reading [SANS ISC] Python Malware Using Postgresql for C2 Communications→

[SANS ISC] More Exotic Excel Files Dropping AgentTesla

Posted on August 23, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “More Exotic Excel Files Dropping AgentTesla”: Excel is an excellent target for attackers. The Microsoft Office suite is installed on millions of computers, and people trust these files. If we have the classic xls, xls, xlsm file extensions, Excel supports many others!

The post [SANS ISC] More Exotic Excel Files Dropping AgentTesla appeared first on /dev/random.

Continue reading [SANS ISC] More Exotic Excel Files Dropping AgentTesla→

[SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?

Posted on August 22, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Have You Ever Heard of the Fernet Encryption Algorithm?“: In cryptography, there is a gold rule that states to not develop your own algorithm because… it will be probably weak and broken! They are strong algorithms (like AES) that do a great job

The post [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm? appeared first on /dev/random.

Continue reading [SANS ISC] Have You Ever Heard of the Fernet Encryption Algorithm?→

[SANS ISC] Quick Malware Triage With Inotify Tools

Posted on August 21, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Quick Malware Triage With Inotify Tools“: When you handle a lot of malicious files, you must have a process and tools in place to speedup the analysis. It’s impossible to investigate all files and a key point is to find interesting files

The post [SANS ISC] Quick Malware Triage With Inotify Tools appeared first on /dev/random.

Continue reading [SANS ISC] Quick Malware Triage With Inotify Tools→

[SANS ISC] From a Zalando Phishing to a RAT

Posted on August 18, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “From a Zalando Phishing to a RAT“: Phishing remains a lucrative threat. We get daily emails from well-known brands (like DHL, PayPal, Netflix, Microsoft, Dropbox, Apple, etc). Recently, I received a bunch of phishing emails targeting Zalando customers. Zalando is a German

The post [SANS ISC] From a Zalando Phishing to a RAT appeared first on /dev/random.

Continue reading [SANS ISC] From a Zalando Phishing to a RAT→

[SANS ISC] Show me All Your Windows!

Posted on August 11, 2023 by Xavier

Today, I published the following diary on isc.sans.edu: “Show me All Your Windows!“: It’s a key point for attackers to implement anti-debugging and anti-analysis techniques. Anti-debugging means the malware will try to detect if it’s being debugged (executed in a debugger or its execution is slower than expected). Anti-analysis refers

The post [SANS ISC] Show me All Your Windows! appeared first on /dev/random.

Continue reading [SANS ISC] Show me All Your Windows!→