-
ISC Stormcast For Wednesday, November 12th, 2025 https://isc.sans.edu/podcastdetail/9696, (Wed, Nov 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Microsoft Patch Tuesday for November 2025, (Tue, Nov 11th)
Today’s Microsoft Patch Tuesday offers fixes for 80 different vulnerabilities. One of the vulnerabilities is already being exploited, and five are rated as critical. Notable Vulnerabilities: %%cve:2025-62215%%: This vulnerability is already being exploited. It is a privilege escalation vulnerability in the Windows Kernel. These types of vulnerabilities are often exploited as part of a more…
-
ISC Stormcast For Tuesday, November 11th, 2025 https://isc.sans.edu/podcastdetail/9694, (Tue, Nov 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
It isn’t always defaults: Scans for 3CX usernames, (Mon, Nov 10th)
Today, I noticed scans using the username “FTP_3cx” showing up in our logs. 3CX is a well-known maker of business phone system software [1]. My first guess was that this was a default user for one of their systems. But Google came up empty for this particular string. The 3CX software does not appear to…
-
ISC Stormcast For Monday, November 10th, 2025 https://isc.sans.edu/podcastdetail/9692, (Mon, Nov 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Honeypot: Requests for (Code) Repositories, (Sat, Nov 8th)
This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories: /.git/logs/refs/remotes/origin/main /.git/objects/info /.github /.github/dependabot.yml /.github/funding.yml /.github/ISSUE_TEMPLATE /.gitlab/issue_templates /.gitlab-ci /.git-secret /.svnignore /aws/bucket /s3/backup /s3/bucket /s3/credentials So watch out what you publish online when you deploy a repository to your web site. Didier Stevens Senior handler blog.DidierStevens.com…
-
ISC Stormcast For Friday, November 7th, 2025 https://isc.sans.edu/podcastdetail/9690, (Fri, Nov 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)](/wp-content/uploads/2025/11/David_Hammond_pic1-mzej7f.png)
Binary Breadcrumbs: Correlating Malware Samples with Honeypot Logs Using PowerShell [Guest Diary], (Wed, Nov 5th)
[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] My last college credit on my way to earning a bachelor’s degree was an internship opportunity at the Internet Storm Center. A great opportunity, but one that required the care and feeding of a honeypot. The day…
-
ISC Stormcast For Thursday, November 6th, 2025 https://isc.sans.edu/podcastdetail/9688, (Thu, Nov 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Updates to Domainname API, (Wed, Nov 5th)
For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues, resulting in a “cut-off” list being returned. To resolve this issue, I updated the API call. It is…
