VBA Maldoc and UTF7 (APT-C-35)https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946Disrupting SEABORGIUM's Ongoing Phishing Operationshttps://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-

ISC StormCast for Thursday, May 18th, 2023

May 18th, 2023 5m 46s

Increase in Malicious RAR SFX Fileshttps://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/FriendlyName Buffer Overflow in Wemo Smartplughttps://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-

ISC StormCast for Wednesday, May 17th, 2023

May 17th, 2023 5m 36s

Signals Defense With Faraday Bagshttps://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/Microsoft Sharepoint Scans Password Protected Fileshttps://infosec.exchange/@threatresearch/110373860

ISC StormCast for Tuesday, May 16th, 2023

May 16th, 2023 5m 18s

Ongoing Facebook Phishing campaign Without a Sender and (almost) without Linkshttps://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848Intel Microcode Updates Do N

ISC StormCast for Monday, May 15th, 2023

May 15th, 2023 7m 5s

The .zip gTLD: Risks and Opportunitieshttps://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/Brave Forgetful Browsinghttps://brave.com/privacy-updates/25-forgetful-browsing/Intel Mystery Microcode Patchhttps://www.

ISC StormCast for Friday, May 12th, 2023

May 12th, 2023 6m 20s

Geolocating IPs is Harder Than You Thinkhttps://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834Pre-Infected Mobile Phoneshttps://www.theregister.com/2023/05/11/bh_asia_mobile_phones/Dragos Breachhttps://www

ISC StormCast for Thursday, May 11th, 2023

May 11th, 2023 5m 51s

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828Microsoft Patched Outlook (actually Windows) vulnerabi

ISC StormCast for Wednesday, May 10th, 2023

May 10th, 2023 5m 57s

Microsoft Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826GitHub "Push Protection" now out of Betahttps://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-reposito

ISC StormCast for Tuesday, May 9th, 2023

May 9th, 2023 6m 20s

QR Codes Used in Fake Parking Tickets and Surveyshttps://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/Microsoft Edge Updatehttps://learn.microsoft.com/en-us/deployedge/microsoft-e

ISC StormCast for Friday, June 28th, 2024

6 days ago 7m 29s

What Setting Live Traps For Cybercriminals Taught Me About Securityhttps://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038TeamViewer Compromisehttps://www

ISC StormCast for Thursday, June 27th, 2024

7 days ago 6m 22s

Critical Progress MOVEit Authentication Bypass Vulnerabilityhttps://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Aler

ISC StormCast for Wednesday, June 26th, 2024

8 days ago 6m 23s

TCP Latency Sidechannelhttps://www.snailload.com/snailload.pdfMicrosoft Management Console for Intial Access and Evasionhttps://www.elastic.co/security-labs/grimresourceWyze Camera Vulnerabilitieshttps://forums.wyze.com/t/security-advis

ISC StormCast for Tuesday, June 25th, 2024

9 days ago 5m 25s

Configuration Scans Expandhttps://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032SQL Server Emergency Fixhttps://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2

ISC StormCast for Monday, June 24th, 2024

10 days ago 7m 6s

Sysinternals Process Monitor Version 4 Releasedhttps://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026Kaspersky Sanctionshttps://home.treasury.gov/news/press-releases/jy2420Phoenix UEFI Buffer Overflo

ISC StormCast for Friday, June 21st, 2024

13 days ago 5m 9s

No Excuses: Free Tools to Help Secure Authentication in Ubuntuhttps://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024Handling BOM MIME Fileshttps://i

ISC StormCast for Tuesday, June 18th, 2024

16 days ago 4m 46s

New NetSupport Campaign Deleivered Through MSIX Packageshttps://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018D-Link Router Backdoorhttps://www.twcert.org.tw/en/cp-139-7880-629f5-2.htmlhttps:

ISC StormCast for Monday, June 17th, 2024

17 days ago 5m 26s

Overview of My Tools That Handle JSON Datahttps://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012Python Serialization and "Sleepy Pickle"https://x.com/MarkBaggett/status/1801732554740969561Detecting Headl

ISC StormCast for Friday, June 14th, 2024

20 days ago 5m 34s

The Art of JQ and Command-Line Fuhttps://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006Microsoft Outlook Vulnerablity Detailshttps://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerab

ISC StormCast for Thursday, June 13th, 2024

21 days ago 5m 20s

MSMQ Packetshttps://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004Adobe Updateshttps://helpx.adobe.com/security/products/magento/apsb24-40.htmlBlack Basta Exploited CVE-2024-26169 Prior to Patchhttps://s

ISC StormCast for Wednesday, June 12th, 2024

22 days ago 5m 39s

Microsoft Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000JetBrains IntelliJ Based IDE GitHub Plugin Vulnerabilityhttps://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intel

ISC StormCast for Tuesday, June 11th, 2024

23 days ago 6m 3s

Veeam Exploit CVE-2024-29849https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/SORBS Shutdownhttps://www.theregister.com/2024/06/07/sorbs_closed/Rogue Cell Tower Shut Down in Londonhttps://www.cityoflondon.p

ISC StormCast for Monday, June 10th, 2024

24 days ago 8m 10s

PHP Unicode Remote Code Execution Exploithttps://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.htmlhttps://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/PyTorch Distributed RPC Framework Remote Code Executionhttps:

ISC StormCast for Friday, June 7th, 2024

27 days ago 6m 10s

Malicious Python Script with a "Best Before" Datehttps://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988FBI Obtained 7,000 LockBit Ransomware Keyshttps://www.fbi.gov/news/speeches/fbi-cyber-assi

ISC StormCast for Thursday, June 6th, 2024

28 days ago 6m 28s

WatchGuard VPN Brutefordinghttps://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984TotalRecall Tool To Extract Data from Microsoft Recallhttps://github.com/xaitax/TotalRecallWebEx Flawhttps://www

ISC StormCast for Wednesday, June 5th, 2024

29 days ago 5m 33s

No Defender Yes Defenderhttps://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980Fake Job Ads Lead to Stolen Crypto Currencyhttps://www.ic3.gov/Media/Y2024/PSA240604Zyxel NAS Vulnerabilitieshttps://outpost24.com/blog/zyxel-nas-crit