-
![RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)](/wp-content/uploads/2025/04/Jacob_Claycamp_Picture1-b8Nxcm.png)
RedTail, Remnux and Malware Management [Guest Diary], (Wed, Apr 16th)
[This is a Guest Diary by Jacob Claycamp, an ISC intern as part of the SANS.edu BACS program] Introduction When I first saw malware being uploaded to my honeypot, I was lacking the requisite experience to reverse engineer it, and to understand what was happening with the code. Even though I could use any text…
-
Apple Patches Exploited Vulnerability, (Wed, Apr 16th)
Today, Apple patched two vulnerabilities that had already been exploited. The vulnerabilities were exploited against iOS but also exist in macOS, tvOS, and visionOS. Apple released updates for all affected operating systems. iOS 18.4.1 and iPadOS 18.4.1 macOS Sequoia 15.4.1 tvOS 18.4.1 visionOS 2.4.1 CVE-2025-31200: Processing an audio stream in a maliciously crafted…
-
ISC Stormcast For Wednesday, April 16th, 2025 https://isc.sans.edu/podcastdetail/9410, (Wed, Apr 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Online Services Again Abused to Exfiltrate Data, (Tue, Apr 15th)
If Attackers can abuse free online services, they will do for sure! Why spend time to deploy a C2 infrastructure if you have plenty of ways to use “official” services. Not only, they don’t cost any money but the traffic can be hidden in the normal traffic; making them more difficult to detect. A very…
-
ISC Stormcast For Tuesday, April 15th, 2025 https://isc.sans.edu/podcastdetail/9408, (Tue, Apr 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
xorsearch.py: Searching With Regexes, (Mon, Apr 14th)
As promised in diary entry “XORsearch: Searching With Regexes“, I will outline another method to search with xorsearch and regexes. In stead of XORsearch.exe, the original tool that is written in C and compiled, we will use xorsearch.py, a new tool written in Python. Unlike XORsearch.exe, xorsearch.py supports YARA rules, and thus regex searches. Let’s…
-
ISC Stormcast For Monday, April 14th, 2025 https://isc.sans.edu/podcastdetail/9406, (Mon, Apr 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th)
Two weeks ago, version 1.3.0 of Langflow was released. The release notes list many fixes but do not mention that one of the “Bug Fixes” addresses a major vulnerability. Instead, the release notes state, “auth current user on code validation.” [1] Its website states, “Langflow is a low-code tool for developers that makes it easier…
-
ISC Stormcast For Friday, April 11th, 2025 https://isc.sans.edu/podcastdetail/9404, (Fri, Apr 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, April 10th, 2025 https://isc.sans.edu/podcastdetail/9402, (Thu, Apr 10th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
