-
Many Online Services and Websites Affected by an AWS Outage, (Mon, Oct 20th)
The info is spreading across the news websites: For approximatively two hours, many online services or websites are suffering of an Amazon Web Services outage. Some affected services: Signal Slack Zoom These may affect corporate communications. Some banks seem also affected. I did not mention all the games, entertainment and other services that are less business…
-
Using Syscall() for Obfuscation/Fileless Activity, (Mon, Oct 20th)
I found another piece of malware this weekend. This one looks more like a proof-of-concept because the second-stage payload is really “simple”, but it attracted my attention because it uses a nice technique to obfuscate the code. The dropper is a simple Python script (SHA256:e6f7afb92153561ff6c584fee1b04fb132ba984e8a28ca63708a88ebad15b939) with a low VT score of 4/62[1]. The script contains…
-
ISC Stormcast For Monday, October 20th, 2025 https://isc.sans.edu/podcastdetail/9662, (Sun, Oct 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
TikTok Videos Promoting Malware Installation, (Fri, Oct 17th)
Attackers are everywhere! They try to abuse victims using new communication channels and social engineering techniques! Somebody pointed my to the following Tik-Tok video: hxxps://vm[.]tiktok[.]com/ZGdaCkbEF/. The author pretends to provide you an easy way to activate Photoshop for free: Note that the video has already been liked more than 500 times! The technique is similar to…
-
ISC Stormcast For Friday, October 17th, 2025 https://isc.sans.edu/podcastdetail/9660, (Fri, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
New DShield Support Slack, (Thu, Oct 16th)
This week, we set up a new Slack workspace for DShield.org. This workspace replaces the old workspace we originally configured back in 2016 or 2017. The workspace was originally configured as a free workspace to support the DShield.org community. Over the years, it has had a good following and a good amount of traffic. Sadly, we…
-
ISC Stormcast For Thursday, October 16th, 2025 https://isc.sans.edu/podcastdetail/9658, (Wed, Oct 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Clipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)
For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping[1]. Note that the clipboard is a major risk when you don’t disable clipboard sharing between your virtual machines and hosts. A malware running in a sandbox will…
-
ISC Stormcast For Wednesday, October 15th, 2025 https://isc.sans.edu/podcastdetail/9656, (Tue, Oct 14th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)
I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft’s cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight…
