News
Malicious ISO Embedded in an HTML Page, (Fri, Jan 28th)
I spotted an interesting phishing email. As usual, the message was delivered with a malicious attachment that is a simple HTML page called “Order_Receipt.html” (SHA256:a0989ec9ad1b74c5e8dedca4a02dcbb06abdd86ec05d1712bfc560bf209e3b39) with a low VT score of 5/59[1]! This is a text file and, therefore, looks less suspicious. When the page is opened in the victim’s browser, it displays a simple message and offers […]
Read moreISC Stormcast For Friday, January 28th, 2022 https://isc.sans.edu/podcastdetail.html?id=7856, (Fri, Jan 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreApple Patches Everything, (Thu, Jan 27th)
Trying something a bit new here. Please let me know if this works for you. Yesterday, Apple released security updates across its spectrum of operating systems. Apple tends to release these updates all at the same time. Targeting more enthusiasts and home users with its products, Apple is missing a lot of the details that […]
Read moreISC Stormcast For Thursday, January 27th, 2022 https://isc.sans.edu/podcastdetail.html?id=7854, (Thu, Jan 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreOver 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW, (Wed, Jan 26th)
Integrated Lights-Out (iLO) is a low-level server management system intended for out-of-band configuration, which is embedded by Hewlett-Packard Enterprise on some of their servers[1]. Besides its use for maintenance, it is often used by administrators for an emergency access to the server when everything “above it” (hypervisor or OS) fails and/or is unreachable. Since these kinds […]
Read moreISC Stormcast For Wednesday, January 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=7852, (Wed, Jan 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreLocal privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034), (Tue, Jan 25th)
Researchers from Qualys today published an advisory about a local privilege escalation vulnerability in the pkexec tool, that is installed as part of the Polkit (formerly PolicyKit) package. This package is used for controlling system-wide privileges. The pkexec tool, which is a command line tool, is used to define which authorized user can execute a […]
Read moreEmotet Stops Using 0.0.0.0 in Spambot Traffic, (Tue, Jan 25th)
Introduction Last week, I wrote a diary about Emotet using 0.0.0.0 in its spambot traffic instead of the actual IP address of the infected Windows host (link). Shortly after that diary, Emotet changed from using 0.0.0.0 to using the victim’s IP address, but with the octet values listed in reverse order. Details During a recent […]
Read moreISC Stormcast For Tuesday, January 25th, 2022 https://isc.sans.edu/podcastdetail.html?id=7850, (Tue, Jan 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreISC Stormcast For Monday, January 24th, 2022 https://isc.sans.edu/podcastdetail.html?id=7848, (Mon, Jan 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read more
