SANS Internet Storm Center, InfoCON: green

In my last Diary, I shortly mentioned the need for correctly set Content Security Policy and/or the obsolete X-Frame-Options HTTP security headers (not just) in order to prevent phishing pages, w...

https://isc.sans.edu/diary/rss/29698

SANS Internet Storm Center - Cooperative Cyber Security Monitor

https://isc.sans.edu/diary/rss/29694

Yesterday, I found a malicious PowerShell script that was heavily obfuscated. The filename is “B0A4.ps1" (SHA256:b4814c8db16ecdd7904e81186715bf2a4b4ba28ef5853a41a8f59824f47f8f24), reported w...

https://isc.sans.edu/diary/rss/29692

SANS Internet Storm Center - Cooperative Cyber Security Monitor

https://isc.sans.edu/diary/rss/29690

Reader Martin asks us for some help extracting embedded content from a submitted malicious document.

https://isc.sans.edu/diary/rss/29688

SANS Internet Storm Center - Cooperative Cyber Security Monitor

https://isc.sans.edu/diary/rss/29686

A previous diary described processing some local PCAP data with Zeek. This data was collected using tcpdump on a DShield Honeypot. When looking at the Zeek connection logs, the connection state ...

https://isc.sans.edu/diary/rss/29664

SANS Internet Storm Center - Cooperative Cyber Security Monitor

https://isc.sans.edu/diary/rss/29684

Apple today released updates for all of its operating systems. The updates also apply for some of the older versions of iOS and macOS. For iOS/iPadOS 15, Apple now patched an already exploited vu...

https://isc.sans.edu/diary/rss/29682

In this series of diary entries, I will analyze an HTA file I found on MalwareBazaar.

https://isc.sans.edu/diary/rss/29674