SANS ISC Handlers public
[search 0]

Download the App!

show episodes
Loading …
show series
 
Forensicating Azure VMs https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/ FriarFox Browser Extension Targeting GMail Accounts https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global JSON Parser Inconsistencies https://labs.bishopfox.com/tech-blog/an-exploration-of-…
 
Malspam Pushes GuLoader for Remcos RAT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/ vCenter Exploit / Vulnerability Details https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477 DNS CNAME Tracking https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/ Cisco…
 
Qakbot In a Response to Full Disclosure Post https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/ Firefox Total Cookie Protection https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ VMWare ESXi / vCenter Server Update https://www.vmware.com/security/advisories/VMSA-2021-0002.html Replacing Content …
 
Unprotecting Malicious Documents For Inspection https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/ Brave Browser DNS Leak https://www.theregister.com/2021/02/22/in_brief_security/ Telephony DoS https://www.ic3.gov/Media/Y2021/PSA210217By Johannes B. Ullrich, Ph.D.
 
Dynamic Data Exchange (DDE) is Back in the Wild https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/ https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/ macOS Malware "Prototype" https://redcanary.com/blog/clipping-silver-sparrows-wings/ New Phishing Attack Identifed: Malformed URL Prefixes https://www.greatho…
 
Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web…
 
The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surveilance Station Vulnerability https://www.qnap.com/en/security-advisory/qsa-21-07 Masslogger Exfiltrates User Credentials https://blog.talosintelligence.com/20…
 
More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remo…
 
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/ Apple to Proxy Safe Browsing Requests https://twitter.com/othermaciej/status/1359736220809531393 Power Outages and Some Network Outa…
 
AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DA…
 
Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/tec…
 
Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Appl…
 
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-priva…
 
Tshark and Malware Analysis https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/ Barcode Scanner Going Bad https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/ Morse Code Obfuscation https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse…
 
VBA Macro Trying to Alter the Application Menus https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/ The Great Suspender Going Malicious https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/ https://github.com/greatsuspender/thegreatsuspender/issues/1263 Google Chrome Zero …
 
Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/ Microsoft Defender ATP Google Chrome False Positive https://twitter.com/itquartz/status/1356940218138509312 Social Engineering Attacks against Security Researchers Used I…
 
Excel Spreadsheets Push SystemBC Malware https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/ SolarWinds Vulnerability https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389 SolarWinds SANS Lightning Summit https://www.sans.org/webcasts/solarwinds-lightning-summit-118550 SonicWall Pa…
 
New Example of XSL Script Processing aka "Mitre T1220" https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/ Camerfirma Certificate Authority Revocation https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw Kobalos HPC Linux Malware https://www.welivesecurity.com/2021/02/02/kobalos-complex-lin…
 
MacOS 11.2 Update https://support.apple.com/en-us/HT212147 Objective-See Tools Now Open Sources https://twitter.com/patrickwardle/status/1356149073045143553 iMessage Blastdoor https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html SonicWall Update https://www.sonicwall.com/support/product-notification/urgent-security-notic…
 
Perl.com Domain Hijacked https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html Spamcop Domain Expired https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/ libgcrypt vulnerability https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html Fingerprinting QUIC …
 
New Cryptojacking Malware https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/ SlipStreaming https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/ Shadowsocks https://shadowsocks.org/en/index.html…
 
Emotet vs. Windows Attack Surface Reduction https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/ Go Lang Vulnerability https://blog.golang.org/path-security Azure Docker Escape https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/By Johannes B. Ullrich, Ph.D.
 
Critical sudo Vulnerability https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit Quakbot (QBot) Update https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/ Targeting Security Researchers https://blog.google/threat-analysis-group/new-campaign-targeting…
 
Fun With nmap nse Scripts and DoH (DNS over HTTPS) https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/ Malicious NPM Module Stealing Discord Passwords https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains Mitigating the $I30 Bug https://www.osr.…
 
Another File Extension to Block: JNLP https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/ SonicWall Vulnerability Used to Breach SonicWall https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/ i…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login