-
ISC Stormcast For Thursday, November 21st, 2024 https://isc.sans.edu/podcastdetail/9228, (Thu, Nov 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Increase In Phishing SVG Attachments, (Thu, Nov 21st)
There is an increase in SVG attachments used in phishing emails (Scalable Vector Graphics, an XML-based vector image format). I took a look at the some samples mentioned in the Bleeping Computer article, and searched more samples on VirusTotal. These samples contain HTML & JavaScript code to display a blurry Excel PNG image, and a…
-
ISC Stormcast For Wednesday, November 20th, 2024 https://isc.sans.edu/podcastdetail/9226, (Wed, Nov 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Apple Fixes Two Exploited Vulnerabilities, (Tue, Nov 19th)
Today, Apple released updates patching two vulnerabilities that have already been exploited. Interestingly, according to Apple, the vulnerabilities have only been exploited against Intel-based systems, but they appear to affect ARM (M”x”) systems as well. CVE-2024-44308 A vulnerability in JavaScriptCore. It could be triggered by the user visiting a malicious web page and may lead…
-
Detecting the Presence of a Debugger in Linux, (Tue, Nov 19th)
Hello from Singapore where I’m with Johannes and Yee! This week, I’m teaching FOR710[1]. I spotted another Python script that looked interesting because, amongst the classic detection of virtualized environments, it also tries to detect the presence of a debugger. The script has been developed to target both environments: Windows & Linux. On Windows, it’s pretty easy to detect…
-
ISC Stormcast For Tuesday, November 19th, 2024 https://isc.sans.edu/podcastdetail/9224, (Tue, Nov 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Exploit attempts for unpatched Citrix vulnerability, (Mon, Nov 18th)
Last week, Watchtowr Labs released details describing a new and so far unpatched vulnerability in Citrix’s remote access solution [1]. Specifically, the vulnerability affects the “Virtual Apps and Desktops.” This solution allows “secure” remote access to desktop applications. It is commonly used for remote work, and I have seen it used in call center setups…
-
ISC Stormcast For Monday, November 18th, 2024 https://isc.sans.edu/podcastdetail/9222, (Mon, Nov 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Ancient TP-Link Backdoor Discovered by Attackers, (Sun, Nov 17th)
There are so many vulnerabilities in commonly used routers that attackers often leave many easily exploited vulnerabilities untouched, as they already have plenty of vulnerabilities to exploit. Looking today at our “First Seen URL” page, I noticed this odd URL: /userRpmNatDebugRpm26525557/start_art.html The URL is very “specific” in including a number, and at first, I…
-
ISC Stormcast For Wednesday, November 13th, 2024 https://isc.sans.edu/podcastdetail/9220, (Wed, Nov 13th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
