-
Reminder: 7-Zip & MoW, (Mon, Feb 10th)
CVE-2025-0411 is a vulnerability in 7-zip that has been reported to be exploited in recent attacks. The problem is that Mark-of-Web (MoW) isn’t propagated correctly: when extracted, a file inside a ZIP file inside another ZIP file will not have the MoW propagated from the outer ZIP file. That’s good to know, but what I…
-
ISC Stormcast For Monday, February 10th, 2025 https://isc.sans.edu/podcastdetail/9316, (Mon, Feb 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Crypto Wallet Scam: Not For Free, (Sat, Feb 8th)
I did some research into multisig wallets (cfr “Crypto Wallet Scam“), and discovered that setting up such a wallet on the TRON network comes with a cost: about $23. First I used the TronLink extension to create a wallet: Then I went to that wallet on Tronscan, and selected the Permissions tab: And there I…
-
SSL 2.0 turns 30 this Sunday… Perhaps the time has come to let it die?, (Fri, Feb 7th)
The SSL 2.0 protocol was originally published back in February of 1995[1], and although it was quickly found to have significant security weaknesses, and a more secure alternative was released only a year later[2], it still received a fairly wide adoption. Nevertheless, since it was officially deprecated nearly 14 years ago, in March of 2011[3],…
-
ISC Stormcast For Friday, February 7th, 2025 https://isc.sans.edu/podcastdetail/9314, (Fri, Feb 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
The Unbreakable Multi-Layer Anti-Debugging System, (Thu, Feb 6th)
The title of this diary is based on the string I found in a malicious Python script that implements many anti-debugging techniques. If some were common, others were interesting and demonstrated how low-level high-level languages like Python can access operating system information. Let’s review some of them! Anti-debugging techniques are like a cat-and-mouse game. If you’re…
-
ISC Stormcast For Thursday, February 6th, 2025 https://isc.sans.edu/podcastdetail/9312, (Thu, Feb 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Phishing via “com-” prefix domains, (Wed, Feb 5th)
Phishing is always a “whack the mole” like game. Attackers come up with new ways to fool victims. Security tools are often a step behind. Messages claiming to collect unpaid tolls are one current common theme among phishing (smishing?) messages. I just received another one today: The FBI’s Internet Crime Complaint Center warned of these…
-
ISC Stormcast For Wednesday, February 5th, 2025 https://isc.sans.edu/podcastdetail/9310, (Wed, Feb 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Some updates to our data feeds, (Tue, Feb 4th)
We have offered several different data feeds via our API or other means. However, we are often not very good at documenting what these feeds are all about. Currently, I am in the process of fixing the documentation around these data feeds. These data feeds are used to augment our data, but may also be…
