News
More File Selection Gaffes, (Sat, Oct 31st)
A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors. This malicious actor was not the only one mistakingly sending out their mass mailer project file: I found many other files. What follows is an overview of various fake email templates defined in these mass mailer […]
Read moreQuick Status of the CAA DNS Record Adoption, (Fri, Oct 30th)
In 2017, we already published a guest diary[1] about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since this diary? The initial RFC describing CAA has been issued in 2013 (RFC6844[2]). Since 2019, it is obsolete and has been replaced […]
Read moreISC Stormcast For Friday, October 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7232, (Fri, Oct 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreISC Stormcast For Thursday, October 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7230, (Thu, Oct 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read morePATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots, (Thu, Oct 29th)
Just about a week ago, as part of a massive quarterly “Criticial Patch Update” (aka “CPU”), Oracle patched CVE-2020-14882 in WebLogic. Oracle at the time assigned it a CVSS score of 9.8. We are now seeing active exploitation of the vulnerability against our honeypot after PoC exploits had been published. Vulnerable WebLogic Versions: 10.3.6.0.0, 12.1.3.0.0, […]
Read moreSMBGhost ? the critical vulnerability many seem to have forgotten to patch, (Wed, Oct 28th)
You probably remember that back in March, Microsoft released a patch for a vulnerability in SMBv3 dubbed SMBGhost (CVE-2020-0796), since at that time, it received as much media attention as was reasonable for a critical (CVSS 10.0) vulnerability in Windows, which might lead to remote code execution[1]. Luckily, achieving RCE through SMBGhost turned out to […]
Read more17th Annual CSAM – Week 4 Social Engineering Increases Risks in Cyber Security Posture
Hackers are getting more clever with social engineering tactics, especially through COVID-related campaigns, putting you and your organization at risk of handing over sensitive data and credentials. Simply put, social engineering is the non-technical strategy cyber attackers use to manipulate people into giving up confidential information. Instead of exploiting vulnerabilities in an application, they find […]
Read moreISC Stormcast For Wednesday, October 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7228, (Wed, Oct 28th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreISC Stormcast For Tuesday, October 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7226, (Tue, Oct 27th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.
Read moreExcel 4 Macros: "Abnormal Sheet Visibility", (Mon, Oct 26th)
Excel 4 macros are composed of formulas (commands) and values stored inside a sheet. Each sheet in a spreadsheet can be “visible”, “hidden” or “very hidden”. Malware authors will often make Excel 4 macro sheets hidden or very hidden. In .xls files, spreadsheet data is stored in the Workbook stream as BIFF records. There is […]
Read more
