HackDig : Dig high-quality web security articles

[SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro

I published the following diary on isc.sans.edu: “Excel Recipe: Some VBA Code with a Touch of Excel4 Macro“: Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both formats in many diaries. Yesterday, I spotted an interesting sa
Publish At:2021-09-23 10:45 | Read:126 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Excel4 Macro SAN

[SANS ISC] Malicious Calendar Subscriptions Are Back?

I published the following diary on isc.sans.edu: “Malicious Calendar Subscriptions Are Back?“: Did this threat really disappear? This isn’t a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions. Being a dad, you can imagine
Publish At:2021-09-17 10:45 | Read:157 | Comments:0 | Tags:SANS Internet Storm Center Security SANS ISC Spam

[SANS ISC] Cryptocurrency Clipboard Swapper Delivered With Love

I published the following diary on isc.sans.edu: “Cryptocurrency Clipboard Swapper Delivered With Love“: Be careful if you’re a user of cryptocurrencies. My goal is not to re-open a debate about them and their associated financial risks. No, I’m talking here about technical risk. Wallet addresses are long strings of characters that
Publish At:2021-08-30 06:48 | Read:301 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Clipboard Crypto

Microsoft Patch Tuesday, August 2021 Edition

Microsoft today released software updates to plug at least 44 security vulnerabilities in its Windows operating systems and related products. The software giant warned that attackers already are pouncing on one of the flaws, which ironically enough involves an easy-to-exploit bug in the software component responsible for patching Windows 10 PCs and Windows S
Publish At:2021-08-10 19:43 | Read:252 | Comments:0 | Tags:Time to Patch AskWoody.com CVE-2021-26424 CVE-2021-34481 CVE

[SANS ISC] Using Sudo with Python For More Security Controls

I published the following diary on isc.sans.edu: “Using Sudo with Python For More Security Controls“: I’m a big fan of the Sudo command. This tool, available on every UNIX flavor, allows system administrators to provide access to certain users/groups to certain commands as root or another user. This is performed with a lot of granularity
Publish At:2021-07-08 11:40 | Read:343 | Comments:0 | Tags:Python SANS Internet Storm Center Software plugin SANS ISC S

[SANS ISC] Python DLL Injection Check

I published the following diary on isc.sans.edu: “Python DLL Injection Check“: They are many security tools that inject DLL into processes running on a Windows system. The classic examples are anti-virus products. They like to inject plenty of code that, combined with API hooking, implements security checks. If DLLs are injected into processes
Publish At:2021-07-07 08:22 | Read:284 | Comments:0 | Tags:Python SANS Internet Storm Center Security Anti-debugging De

[SANS ISC] Keeping an Eye on Dangerous Python Modules

I published the following diary on isc.sans.edu: “Keeping an Eye on Dangerous Python Modules“: With Python getting more and more popular, especially on Microsoft Operating systems, it’s common to find malicious Python scripts today. I already covered some of them in previous diaries. I like this language because it is very powerful: You
Publish At:2021-06-11 09:33 | Read:428 | Comments:0 | Tags:Python SANS Internet Storm Center Security Malware SANS ISC

[SANS ISC] Malicious PowerShell Hosted on script.google.com

I published the following diary on isc.sans.edu: “Malicious PowerShell Hosted on script.google.com“: Google has an incredible portfolio of services. Besides the classic ones, there are less known services and… they could be very useful for attackers too. One of them is Google Apps Script. Google describes it like this: “Apps Scr
Publish At:2021-05-28 08:19 | Read:527 | Comments:0 | Tags:Malware SANS Internet Storm Center Security Google PowerShel

[SANS ISC] “Serverless” Phishing Campaign

I published the following diary on isc.sans.edu: “‘Serverless’ Phishing Campaign“: The Internet is full of code snippets and free resources that you can embed in your projects. SmtpJS is one of those small projects that are very interesting for developers but also bad guys. It’s the first time that I spot a phishing camp
Publish At:2021-05-22 11:51 | Read:1261 | Comments:0 | Tags:SANS Internet Storm Center Security JavaScript SANS ISC Serv

[SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero

I published the following diary on isc.sans.edu: “‘Open’ Access to Industrial Systems Interface is Also Far From Zero“: Jan’s last diary about the recent attack against the US pipeline was in perfect timing with the quick research I was preparing for a few weeks. If core components of industrial systems are less exposed in th
Publish At:2021-05-14 08:24 | Read:608 | Comments:0 | Tags:SANS Internet Storm Center Security Industrial Remote Contro

[SANS ISC] How Safe Are Your Docker Images?

I published the following diary on isc.sans.edu: “How Safe Are Your Docker Images?“: Today, I don’t know any organization that is not using Docker today. For only test and development only or to full production systems, containers are deployed everywhere! In the same way, most popular tools today have a “dockerized” version r
Publish At:2021-04-22 07:39 | Read:747 | Comments:0 | Tags:Docker SANS Internet Storm Center Security SANS ISC Tool Vul

[SANS ISC] HTTPS Support for All Internal Services

I published the following diary on isc.sans.edu: “HTTPS Support for All Internal Services“: SSL/TLS has been on stage for a while with deprecated protocols, free certificates for everybody. The landscape is changing to force more and more people to switch to encrypted communications and this is good! Like Johannes explained yesterday, Chrome 9
Publish At:2021-04-16 06:44 | Read:652 | Comments:0 | Tags:SANS Internet Storm Center Security HTTPS network SANS ISC

[SANS ISC] No Python Interpreter? This Simple RAT Installs Its Own Copy

I published the following diary on isc.sans.edu: “No Python Interpreter? This Simple RAT Installs Its Own Copy“: For a while, I’m keeping an eye on malicious Python code targeting Windows environments. If Python looks more and more popular, attackers are facing a major issue: Python is not installed by default on most Windows operating s
Publish At:2021-04-09 06:24 | Read:733 | Comments:0 | Tags:Malware Python SANS Internet Storm Center Security RAT SANS

[SANS ISC] C2 Activity: Sandboxes or Real Victims?

I published the following diary on isc.sans.edu: “C2 Activity: Sandboxes or Real Victims?“: In my last diary, I mentioned that I was able to access screenshots exfiltrated by the malware sample. During the first analysis, there were approximately 460 JPEG files available. I continued to keep an eye on the host and the number slightly increased
Publish At:2021-04-02 06:38 | Read:879 | Comments:0 | Tags:Malware SANS Internet Storm Center Security C2 Sandbox SANS

[SANS ISC] Quick Analysis of a Modular InfoStealer

I published the following diary on isc.sans.edu: “Quick Analysis of a Modular InfoStealer“: This morning, an interesting phishing email landed in my spam trap. The mail was redacted in Spanish and, as usual, asked the recipient to urgently process the attached document. The filename was “AVISO.001” (This extension is used by multi-
Publish At:2021-03-31 07:47 | Read:780 | Comments:0 | Tags:Malware SANS Internet Storm Center Security DLL InfoStealer

Announce

Share high-quality web security related articles with you:)
Tell me why you support me <3

Tag Cloud