-
ISC Stormcast For Tuesday, November 19th, 2024 https://isc.sans.edu/podcastdetail/9224, (Tue, Nov 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Exploit attempts for unpatched Citrix vulnerability, (Mon, Nov 18th)
Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix’s remote access solution [1]. Specifically, the vulnerability affects the “Virtual Apps and Desktops.” This solution allows “secure” remote access to desktop applications. It is commonly used for remote work, and I have seen it used in call center setups…
-
ISC Stormcast For Monday, November 18th, 2024 https://isc.sans.edu/podcastdetail/9222, (Mon, Nov 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Ancient TP-Link Backdoor Discovered by Attackers, (Sun, Nov 17th)
There are so many vulnerabilities in commonly used routers that attackers often leave many easily exploited vulnerabilities untouched, as they already have plenty of vulnerabilities to exploit. Looking today at our “First Seen URL” page, I noticed this odd URL: /userRpmNatDebugRpm26525557/start_art.html The URL is very “specific” in including a number, and at first, I…
-
ISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Microsoft November 2024 Patch Tuesday, (Tue, Nov 12th)
This month, Microsoft is addressing a total of 83 vulnerabilities. Among these, 3 are classified as critical, 2 have been exploited in the wild, and another 2 have been disclosed prior to Patch Tuesday. Organizations are encouraged to prioritize these updates to mitigate potential risks and enhance their security posture. Notable Vulnerabilities: NTLM Hash Disclosure…
-
ISC Stormcast For Tuesday, November 12th, 2024 https://isc.sans.edu/podcastdetail/9218, (Tue, Nov 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
PDF Object Streams, (Mon, Nov 11th)
The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF. The second thing to do, is to look for the /ObjStm name, as I will explain in this diary entry. Take this phishing PDF and analyze it…
-
ISC Stormcast For Monday, November 11th, 2024 https://isc.sans.edu/podcastdetail/9216, (Mon, Nov 11th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
zipdump & PKZIP Records, (Sun, Nov 10th)
In yesterday’s diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. My tool zipdump.py can also inspect the data of PKZIP file records, and decompress it (not decrypt it). To select the data of a PKZIP file record, use option -s data.…
