Possible Hunt for Vulnerable Apache Geode Servers (CVE-2022-37021)

Internet Storm Center Diary 2022-09-04, Author: Didier Stevens | Continue reading

@isc.sans.edu | 1 year ago

Odd DNS Requests that are Normal

Odd DNS Requests that are Normal, Author: Johannes Ullrich | Continue reading

@isc.sans.edu | 1 year ago

Ctx Python Library Updated with “Extra” Features

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 1 year ago

Sans-ISC – StormCast – March-29-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

XLSB Files: Because Binary Is Stealthier Than XML

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Statement by President Biden – What you need to do (or not do)

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-22-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-21-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Scans – TCP Connections with Data That Starts With: Mglndd_

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

SolarWinds Advisory – Unauthenticated Access in Web Help Desk (12.7.5)

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Scans for Movable Type Vulnerability (CVE-2021-20837)

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-17-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Qakbot (Qbot) Infection with Cobalt-Strike and VNC Activity

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Clean Binaries with Suspicious Behaviour

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-15-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Apple Updates: macOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4, more

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-14-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Credentials Leaks on VirusTotal

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Sans-ISC – StormCast – March-10-2022

Daily Cyber Security News Podcast, Author: Dr. Johannes B. Ullrich | Continue reading

@isc.sans.edu | 2 years ago

Info Stealer in a Batch File

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Microsoft's Patch Tuesday · March-2022

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Scam Email Impersonating Red Cross – Follow Up

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Scam Email – Impersonating Red Cross – Solicit Donations via Bitcoin

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Attackers Search for Exposed (LuCI) Folders – OpenWRT?

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Geoblocking when you can't Geoblock

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

TShark and Multiple IP Addresses

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Over 20k servers have their iLO exposed to the internet

Continue reading

@isc.sans.edu | 2 years ago

Phishing Email – With an Advertisement?

Continue reading

@isc.sans.edu | 2 years ago

Log4Shell Attacks – Getting Smarter

Continue reading

@isc.sans.edu | 2 years ago

Log4j 2.15.0 – Previously suggested mitigations may not be enough

Continue reading

@isc.sans.edu | 2 years ago

Undetected PowerShell Backdoor

Continue reading

@isc.sans.edu | 2 years ago

'Contact Forms' malware-campaign tricks people

Continue reading

@isc.sans.edu | 2 years ago

Phishing page hiding itself using dynamically adjusted IP-based allow list

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Malware: Downloader Disguised as Excel Add-In (XLL)

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Microsoft Out of Band Update Resolves Kerberos Issue

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Emotet Botnet Returns

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

JavaScript Downloader Delivers Agent Tesla Trojan

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

In Memory of Alan Paller

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Obfuscated Maldoc: Reversed BASE64

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Attackers Will Always Abuse Major Events in Our Lifes

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

Microsoft June 2021 Patch Tuesday

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 2 years ago

“Serverless” Phishing Campaign

"Serverless" Phishing Campaign, Author: Xavier Mertens | Continue reading

@isc.sans.edu | 2 years ago

Hunting phishing websites with favicon hashes

Hunting phishing websites with favicon hashes, Author: Jan Kopriva | Continue reading

@isc.sans.edu | 3 years ago

Another File Extension to Block in Your MTA: .jnlp

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 3 years ago

Scans for Zyxel Backdoors Are Commencing

Scans for Zyxel Backdoors are Commencing., Author: Johannes Ullrich | Continue reading

@isc.sans.edu | 3 years ago

What's the Deal with Openportstats.com?

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 3 years ago

HTML Based Phishing Run

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 3 years ago

Sysmon and File Deletion

SANS Internet Storm Center - A global cooperative cyber threat / internet security monitor and alert system. Featuring daily handler diaries with summarizing and analyzing new threats to networks and internet security events. | Continue reading

@isc.sans.edu | 3 years ago