- feeds
- popular
- recent
- reader
- about
- story
- technologies
- what is rss
- connect
- dmca
- contact
- Feed Preview SANS Internet Storm Center, InfoCON: green
Use of X-Frame-Options and CSP frame-ancestors security headers on 1 million most popular domains, (Fri, Mar 31st)
In my last Diary, I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, w...
ISC Stormcast For Friday, March 31st, 2023 https://isc.sans.edu/podcastdetail.html?id=8434, (Fri, Mar 31st)
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Bypassing PowerShell Strong Obfuscation, (Thu, Mar 30th)
Yesterday, I found a malicious PowerShell script that was heavily obfuscated. The filename is âB0A4.ps1" (SHA256:b4814c8db16ecdd7904e81186715bf2a4b4ba28ef5853a41a8f59824f47f8f24), reported w...
ISC Stormcast For Thursday, March 30th, 2023 https://isc.sans.edu/podcastdetail.html?id=8432, (Thu, Mar 30th)
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Extracting Multiple Streams From OLE Files, (Wed, Mar 29th)
Reader Martin asks us for some help extracting embedded content from a submitted malicious document.
ISC Stormcast For Wednesday, March 29th, 2023 https://isc.sans.edu/podcastdetail.html?id=8430, (Wed, Mar 29th)
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Network Data Collector Placement Makes a Difference, (Tue, Mar 28th)
A previous diary described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state ...
ISC Stormcast For Tuesday, March 28th, 2023 https://isc.sans.edu/podcastdetail.html?id=8428, (Tue, Mar 28th)
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Apple Updates Everything (including Studio Display), (Mon, Mar 27th)
Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vu...
Another Malicious HTA File Analysis - Part 1, (Mon, Mar 27th)
In this series of diary entries, I will analyze an HTA file I found on MalwareBazaar.