EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Suppl…
Author: Dr. Johannes B. Ullrich
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, July 5th, 2022
by Dr. Johannes B. Ullrich •
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, July 1st, 2022
by Dr. Johannes B. Ullrich •
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, June 30th, 2022
by Dr. Johannes B. Ullrich •
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azur…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, June 29th, 2022
by Dr. Johannes B. Ullrich •
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openss…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, June 28th, 2022
by Dr. Johannes B. Ullrich •
Encrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, June 27th, 2022
by Dr. Johannes B. Ullrich •
Python Abusing the Windows GUI
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, June 23rd, 2022
by Dr. Johannes B. Ullrich •
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense….
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, June 22nd, 2022
by Dr. Johannes B. Ullrich •
Experimental New Domain / Domain Age API
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
h…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, June 21st, 2022
by Dr. Johannes B. Ullrich •
Odd TCP Fast Open Packets
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-nt…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, June 20th, 2022
by Dr. Johannes B. Ullrich •
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, June 17th, 2022
by Dr. Johannes B. Ullrich •
Houdini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/drif…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, June 16th, 2022
by Dr. Johannes B. Ullrich •
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email – Stealing Clear=Text Credenitals via Memcache Injection
https://blog.s…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, June 15th, 2022
by Dr. Johannes B. Ullrich •
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
SynLapse Vulnerability
https://orca.security/resources/blog/synlapse-critical-az…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, June 14th, 2022
by Dr. Johannes B. Ullrich •
Translating Saitama’s DNS Tunneling
https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: “Syslogk” a kernel…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, June 13th, 2022
by Dr. Johannes B. Ullrich •
EPSScall: An Exploit Prediction Scoring System App
https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/
PACMan Attack
https://pacmanattack.com
https://twitter.com/wdormann/status/1535245913857351680
Carrier Lene…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, June 10th, 2022
by Dr. Johannes B. Ullrich •
TA570 QBot attempts to exploit CVE-2022-30190 (Follina)
https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, June 9th, 2022
by Dr. Johannes B. Ullrich •
SANS RSA Panel
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-c…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, June 8th, 2022
by Dr. Johannes B. Ullrich •
The Trouble With Microsoft’s Troubleshooters
https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.c…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, June 7th, 2022
by Dr. Johannes B. Ullrich •
MS-MSDT RTF Maldocs Analysis oledump Plugins
https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/
Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners
https://cloudsek.com/whitepapers_reports/cybercriminals-…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, June 6th, 2022
by Dr. Johannes B. Ullrich •
Sandbox Evasion… With Just a Filename!
https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Cri…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, June 3rd, 2022
by Dr. Johannes B. Ullrich •
Quick Answers in Incident Response RECmd.exe
https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassia…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, June 2nd, 2022
by Dr. Johannes B. Ullrich •
HTML Phishing Attachments – Now With Anti-Analysis Features
https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatc…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, June 1st, 2022
by Dr. Johannes B. Ullrich •
Follina Update
https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platfo…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, May 31st, 2022
by Dr. Johannes B. Ullrich •
New Microsoft Office Attack Vector via “ms-msdt” Protocol Scheme
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, May 27th, 2022
by Dr. Johannes B. Ullrich •
Huge Signed PE Files
https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, May 26th, 2022
by Dr. Johannes B. Ullrich •
Using NMAP to Assess Hosts in Load Balanced Clusters
https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims “Research”
https://www.bleepingcomputer.com/news/security/hacker-sa…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, May 25th, 2022
by Dr. Johannes B. Ullrich •
ctx Python Library Updated with “Extra” Features
https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
ht…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, May 24th, 2022
by Dr. Johannes B. Ullrich •
Attacker Scanning for jQuery-File-Upload
https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory – CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM …
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, May 23rd, 2022
by Dr. Johannes B. Ullrich •
A “Zip Bomb” to Bypass Security Controls & Sandboxes
https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, May 20th, 2022
by Dr. Johannes B. Ullrich •
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, May 19th, 2022
by Dr. Johannes B. Ullrich •
VMWare Flaws
https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://r…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, May 18th, 2022
by Dr. Johannes B. Ullrich •
Use Your Browser Internal Password Vault… or Not?
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, May 17th, 2022
by Dr. Johannes B. Ullrich •
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Bef…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, May 16th, 2022
by Dr. Johannes B. Ullrich •
From 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
htt…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Friday, May 13th, 2022
by Dr. Johannes B. Ullrich •
When Get-WebRequest Fails You
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/conten…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Thursday, May 12th, 2022
by Dr. Johannes B. Ullrich •
TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https:…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Wednesday, May 11th, 2022
by Dr. Johannes B. Ullrich •
Microsoft May 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm “foreach” package domain takeover
https://www.theregister.com/2022/0…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Tuesday, May 10th, 2022
by Dr. Johannes B. Ullrich •
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/15…
Europe, Exploits, Global Security News, Latin America, Malware Indicators (IoCs), North America
ISC StormCast for Monday, May 9th, 2022
by Dr. Johannes B. Ullrich •
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
h…