-
ISC Stormcast For Wednesday, June 4th, 2025 https://isc.sans.edu/podcastdetail/9478, (Wed, Jun 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
vBulletin Exploits (CVE-2025-48827, CVE-2025-48828), (Tue, Jun 3rd)
Last week, Ryan Dewhurst disclosed an interesting and easily exploitable vulnerability in vBulltin. These days, bulletin boards are not quite as popular as they used to be, but they are still being used, and vBulletin is one of the most common commercially supported platforms to create a bulletin board. The vulnerability is remarkable as it exemplifies…
-
ISC Stormcast For Tuesday, June 3rd, 2025 https://isc.sans.edu/podcastdetail/9476, (Tue, Jun 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Monday, June 2nd, 2025 https://isc.sans.edu/podcastdetail/9474, (Mon, Jun 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Simple SSH Backdoor, (Mon, Jun 2nd)
For most system and network administrators, the free SSH client Putty has been their best friend for years! This tool was also (ab)used by attackers that deployed a trojanized version[1]. Microsoft had the good idea to include OpenSSH (beta version) in Windows 10 Fall Creators Update. One year later, it became a default component with Windows…
-
YARA 4.5.3 Release, (Sun, Jun 1st)
YARA 4.5.3 was released with 5 bugfixes. I want to take this as an opportunity to remind you that YARA is to be replaced with YARA-X, a rewrite in Rust. YARA-X is already powering VirusTotal. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
A PNG Image With an Embedded Gift, (Sat, May 31st)
While hunting, I found an interesting picture. It’s a PNG file that was concatenated with two interesting payloads. There are file formats that are good candidates to have data added at the end of the file. PNG is the case because the file format specifications says: “One notable restriction is that IHDR must appear first and IEND must appear…
-
ISC Stormcast For Friday, May 30th, 2025 https://isc.sans.edu/podcastdetail/9472, (Fri, May 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Usage of “passwd” Command in DShield Honeypots, (Fri, May 30th)
DShield honeypots [1] receive different types of attack traffic and the volume of that traffic can change over time. I’ve been collecting data from a half dozen honeypots for a little over a year to make comparisons. This data includes: Cowrie logs [2], which contain SSH and telnet attacks Web honeypot logs Firewall logs (iptables)…
-
ISC Stormcast For Thursday, May 29th, 2025 https://isc.sans.edu/podcastdetail/9470, (Thu, May 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
