Written by:Bernardo Quintero, Founder of VirusTotal and Security Director, Google Cloud SecurityAlex Berry, Security Manager of the Mandiant FLARE Team, Google Cloud SecurityIlfak Guilfanov, author of IDA Pro and CTO, Hex-RaysVijay Bolina, Chief Information Security Officer &
Continue ReadingCategory: Dynamic Threat Feeds
Protected OOXML Spreadsheets, (Mon, Jul 15th)
I was asked a question about the protection of an .xlsm spreadsheet. I've written before on the protection of .xls spreadsheets, for example in diary entries "Unprotecting Malicious Documents For Inspection" and "16-bit Hash Collisions in
Continue ReadingISC Stormcast For Monday, July 15th, 2024 https://isc.sans.edu/podcastdetail/9052, (Mon, Jul 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWireshark 4.2.6 Released, (Sun, Jul 14th)
Wireshark release 4.2.6 fixes 1 vulnerability (SPRT parser crash) and 10 bugs. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Tuesday, July 9th, 2024 https://isc.sans.edu/podcastdetail/9044, (Tue, Jul 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Reading16-bit Hash Collisions in .xls Spreadsheets, (Sat, Jul 13th)
A couple years ago, in diary entry "Unprotecting Malicious Documents For Inspection" I explain how .xls spreadsheets are password protected (but not encrypted). And in follow-up diary entry "Maldocs: Protection Passwords", I talk about an update
Continue ReadingKunai: Keep an Eye on your Linux Hosts Activity, (Mon, Jul 8th)
Microsoft has a very popular tool (part of the SysInternals) called Sysmon[1]. It is a system service and device driver designed to monitor and log system activity, including very useful events like process creations, network connections,
Continue ReadingAttacks against the “Nette” PHP framework CVE-2020-15227, (Fri, Jul 12th)
Today, I noticed some exploit attempts against an older vulnerability in the "Nette Framework", CVE-2020-15227 [1]. Nette is a PHP framework that simplifies the development of web applications in PHP. In 2020, an OS command injection
Continue ReadingAT&T Discloses Breach of Customer Data
On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers. CISA encourages customers to review the following AT&T
Continue ReadingISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Reading