News

Malicious ISO Embedded in an HTML Page, (Fri, Jan 28th)

Published January 27, 2022

I spotted an interesting phishing email. As usual, the message was delivered with a malicious attachment that is a simple HTML page called “Order_Receipt.html” (SHA256:a0989ec9ad1b74c5e8dedca4a02dcbb06abdd86ec05d1712bfc560bf209e3b39) with a low VT score of 5/59[1]! This is a text file and, therefore, looks less suspicious. When the page is opened in the victim’s browser, it displays a simple message and offers […]

Read more

ISC Stormcast For Friday, January 28th, 2022 https://isc.sans.edu/podcastdetail.html?id=7856, (Fri, Jan 28th)

Published January 27, 2022

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Apple Patches Everything, (Thu, Jan 27th)

Published January 27, 2022

Trying something a bit new here. Please let me know if this works for you. Yesterday, Apple released security updates across its spectrum of operating systems. Apple tends to release these updates all at the same time. Targeting more enthusiasts and home users with its products, Apple is missing a lot of the details that […]

Read more

ISC Stormcast For Thursday, January 27th, 2022 https://isc.sans.edu/podcastdetail.html?id=7854, (Thu, Jan 27th)

Published January 26, 2022

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Over 20 thousand servers have their iLO interfaces exposed to the internet, many with outdated and vulnerable versions of FW, (Wed, Jan 26th)

Published January 26, 2022

Integrated Lights-Out (iLO) is a low-level server management system intended for out-of-band configuration, which is embedded by Hewlett-Packard Enterprise on some of their servers[1]. Besides its use for maintenance, it is often used by administrators for an emergency access to the server when everything “above it” (hypervisor or OS) fails and/or is unreachable. Since these kinds […]

Read more

ISC Stormcast For Wednesday, January 26th, 2022 https://isc.sans.edu/podcastdetail.html?id=7852, (Wed, Jan 26th)

Published January 25, 2022

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Local privilege escalation vulnerability in polkit's pkexec (CVE-2021-4034), (Tue, Jan 25th)

Published January 25, 2022

Researchers from Qualys today published an advisory about a local privilege escalation vulnerability in the pkexec tool, that is installed as part of the Polkit (formerly PolicyKit) package. This package is used for controlling system-wide privileges. The pkexec tool, which is a command line tool, is used to define which authorized user can execute a […]

Read more

Emotet Stops Using 0.0.0.0 in Spambot Traffic, (Tue, Jan 25th)

Published January 24, 2022

Introduction Last week, I wrote a diary about Emotet using 0.0.0.0 in its spambot traffic instead of the actual IP address of the infected Windows host (link). Shortly after that diary, Emotet changed from using 0.0.0.0 to using the victim’s IP address, but with the octet values listed in reverse order. Details During a recent […]

Read more

ISC Stormcast For Tuesday, January 25th, 2022 https://isc.sans.edu/podcastdetail.html?id=7850, (Tue, Jan 25th)

Published January 24, 2022

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

ISC Stormcast For Monday, January 24th, 2022 https://isc.sans.edu/podcastdetail.html?id=7848, (Mon, Jan 24th)

Published January 23, 2022

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more