News

More File Selection Gaffes, (Sat, Oct 31st)

Published October 31, 2020

A reader submitted a file, that turned out to be a mass mailer project file used by malicious actors. This malicious actor was not the only one mistakingly sending out their mass mailer project file: I found many other files. What follows is an overview of various fake email templates defined in these mass mailer […]

Read more

Quick Status of the CAA DNS Record Adoption, (Fri, Oct 30th)

Published October 30, 2020

In 2017, we already published a guest diary[1] about “CAA” or “Certification Authority Authorization”. I was curious about the status of this technique and the adoption level in 2020. Has it been adopted massively since this diary? The initial RFC describing CAA has been issued in 2013 (RFC6844[2]). Since 2019, it is obsolete and has been replaced […]

Read more

ISC Stormcast For Friday, October 30th 2020 https://isc.sans.edu/podcastdetail.html?id=7232, (Fri, Oct 30th)

Published October 29, 2020

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

ISC Stormcast For Thursday, October 29th 2020 https://isc.sans.edu/podcastdetail.html?id=7230, (Thu, Oct 29th)

Published October 28, 2020

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

PATCH NOW: CVE-2020-14882 Weblogic Actively Exploited Against Honeypots, (Thu, Oct 29th)

Published October 28, 2020

Just about a week ago, as part of a massive quarterly “Criticial Patch Update” (aka “CPU”), Oracle patched CVE-2020-14882 in WebLogic. Oracle at the time assigned it a CVSS score of 9.8. We are now seeing active exploitation of the vulnerability against our honeypot after PoC exploits had been published. Vulnerable WebLogic Versions: 10.3.6.0.0, 12.1.3.0.0, […]

Read more

SMBGhost ? the critical vulnerability many seem to have forgotten to patch, (Wed, Oct 28th)

Published October 28, 2020

You probably remember that back in March, Microsoft released a patch for a vulnerability in SMBv3 dubbed SMBGhost (CVE-2020-0796), since at that time, it received as much media attention as was reasonable for a critical (CVSS 10.0) vulnerability in Windows, which might lead to remote code execution[1]. Luckily, achieving RCE through SMBGhost turned out to […]

Read more

17th Annual CSAM – Week 4 Social Engineering Increases Risks in Cyber Security Posture

Published October 27, 2020

Hackers are getting more clever with social engineering tactics, especially through COVID-related campaigns, putting you and your organization at risk of handing over sensitive data and credentials. Simply put, social engineering is the non-technical strategy cyber attackers use to manipulate people into giving up confidential information. Instead of exploiting vulnerabilities in an application, they find […]

Read more

ISC Stormcast For Wednesday, October 28th 2020 https://isc.sans.edu/podcastdetail.html?id=7228, (Wed, Oct 28th)

Published October 27, 2020

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

ISC Stormcast For Tuesday, October 27th 2020 https://isc.sans.edu/podcastdetail.html?id=7226, (Tue, Oct 27th)

Published October 26, 2020

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Reposted from SANS. View original.

Read more

Excel 4 Macros: "Abnormal Sheet Visibility", (Mon, Oct 26th)

Published October 26, 2020

Excel 4 macros are composed of formulas (commands) and values stored inside a sheet. Each sheet in a spreadsheet can be “visible”, “hidden” or “very hidden”. Malware authors will often make Excel 4 macro sheets hidden or very hidden. In .xls files, spreadsheet data is stored in the Workbook stream as BIFF records. There is […]

Read more