SANS ISC – Page 4 – WindowsTechs.com

[SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes

Posted on May 20, 2022 by Xavier

I published the following diary on isc.sans.edu: “A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes“: Yesterday, I analyzed a malicious archive for a customer. It was delivered to the mailbox of a user who, hopefully, was security-aware and reported it. The payload passed through the different security layers based on big

The post [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes appeared first on /dev/random.

Continue reading [SANS ISC] A ‘Zip Bomb’ to Bypass Security Controls & Sandboxes→

[SANS ISC] Use Your Browser Internal Password Vault… or Not?

Posted on May 17, 2022 by Xavier

I published the following diary on isc.sans.edu: “Use Your Browser Internal Password Vault… or Not?“: Passwords… a so hot topic! Recently big players (Microsoft, Apple & Google) announced that they would like to suppress (or, at least, reduce) the use of classic passwords. In the meantime, they remain the most common

The post [SANS ISC] Use Your Browser Internal Password Vault… or Not? appeared first on /dev/random.

Continue reading [SANS ISC] Use Your Browser Internal Password Vault… or Not?→

Attackers are attempting to exploit critical F5 BIG-IP RCE

Posted on May 9, 2022 by Zeljka Zorz

Researchers have developed PoC exploits for CVE-2022-1388, a critical remote code execution bug affecting F5 BIG-IP multi-purpose networking devices/modules. Simultaneously, in-the-wild exploitation attempts have also been detected. CVE-2022-1388 PoC exploits Security researchers have started sharing evidence of their successful exploitation attempts of CVE-2022-1388 during the weekend: #CVE-2022-1388 successfully exploited. pic.twitter.com/P04K4PJsAN — Matus Bursa #strongertogether (@BursaMatus) May 9, 2022 🔥 We have reproduced the fresh CVE-2022-1388 in F5’s BIG-IP. Successful exploitation could lead to RCE from … More →

The post Attackers are attempting to exploit critical F5 BIG-IP RCE appeared first on Help Net Security.

Continue reading Attackers are attempting to exploit critical F5 BIG-IP RCE→

[SANS ISC] Simple PDF Linking to Malicious Content

Posted on April 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “Simple PDF Linking to Malicious Content“: Last week, I found an interesting piece of phishing based on a PDF file. Today, most of the PDF files that are delivered to end-user are not malicious, I mean that they don’t contain an exploit to

The post [SANS ISC] Simple PDF Linking to Malicious Content appeared first on /dev/random.

Continue reading [SANS ISC] Simple PDF Linking to Malicious Content→

Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)

Posted on April 15, 2022 by Zeljka Zorz

Three days have passed since Microsoft’s latest Patch Tuesday, and CVE-2022-26809 has emerged as the vulnerability with the most exploitation potential. It’s easy to see why: it may be exploited by unauthenticated, remote attackers to breac… Continue reading Critical Microsoft RPC runtime bug: No PoC exploit yet, but patch ASAP! (CVE-2022-26809)→

Spring4Shell: No need to panic, but mitigations are advised

Posted on March 31, 2022 by Zeljka Zorz

Security teams around the world got another shock on Thursday when news of disclosure of a PoC for an unauthenticated RCE zero-day vulnerability in Spring Core, a massively popular framework for building modern Java-based enterprise applications, began… Continue reading Spring4Shell: No need to panic, but mitigations are advised→

[SANS ISC] XLSB Files: Because Binary is Stealthier Than XML

Posted on March 25, 2022 by Xavier

I published the following diary on isc.sans.edu: “XLSB Files: Because Binary is Stealthier Than XML“: In one of his last diaries, Brad mentioned an Excel sheet named with a .xlsb extension. Now, it was my turn to find one… What’s the magic behind this file extension? “XLS” means that we

The post [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML appeared first on /dev/random.

Continue reading [SANS ISC] XLSB Files: Because Binary is Stealthier Than XML→

[SANS ISC] Clean Binaries with Suspicious Behaviour

Posted on March 15, 2022 by Xavier

I published the following diary on isc.sans.edu: “Clean Binaries with Suspicious Behaviour“: EDR or “Endpoint Detection & Response” is a key element of many networks today. An agent is installed on all endpoints to track suspicious/malicious activity and (try to) block it. Behavioral monitoring is also a key element in

The post [SANS ISC] Clean Binaries with Suspicious Behaviour appeared first on /dev/random.

Continue reading [SANS ISC] Clean Binaries with Suspicious Behaviour→

[SANS ISC] Keep an Eye on WebSockets

Posted on March 11, 2022 by Xavier

I published the following diary on isc.sans.edu: “Keep an Eye on WebSockets“: It has been a while that I did not spot WebSockets used by malware. Yesterday I discovered an interesting piece of Powershell. Very small and almost undetected according to its Virustotal score (2/54). A quick reminder for those

The post [SANS ISC] Keep an Eye on WebSockets appeared first on /dev/random.

Continue reading [SANS ISC] Keep an Eye on WebSockets→

[SANS ISC] Credentials Leaks on VirusTotal

Posted on March 10, 2022 by Xavier

I published the following diary on isc.sans.edu: “Credentials Leaks on VirusTotal“: A few weeks ago, researchers published some information about stolen credentials that were posted on Virustotal. I’m keeping an eye on VT for my customers and searching for data related to them. For example, I looking for their domain name(s)

The post [SANS ISC] Credentials Leaks on VirusTotal appeared first on /dev/random.

Continue reading [SANS ISC] Credentials Leaks on VirusTotal→