VBA Maldoc and UTF7 (APT-C-35)https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946Disrupting SEABORGIUM's Ongoing Phishing Operationshttps://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-

ISC StormCast for Thursday, May 18th, 2023

May 18th, 2023 5m 46s

Increase in Malicious RAR SFX Fileshttps://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/FriendlyName Buffer Overflow in Wemo Smartplughttps://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-

ISC StormCast for Wednesday, May 17th, 2023

May 17th, 2023 5m 36s

Signals Defense With Faraday Bagshttps://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/Microsoft Sharepoint Scans Password Protected Fileshttps://infosec.exchange/@threatresearch/110373860

ISC StormCast for Tuesday, May 16th, 2023

May 16th, 2023 5m 18s

Ongoing Facebook Phishing campaign Without a Sender and (almost) without Linkshttps://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848Intel Microcode Updates Do N

ISC StormCast for Monday, May 15th, 2023

May 15th, 2023 7m 5s

The .zip gTLD: Risks and Opportunitieshttps://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/Brave Forgetful Browsinghttps://brave.com/privacy-updates/25-forgetful-browsing/Intel Mystery Microcode Patchhttps://www.

ISC StormCast for Friday, May 12th, 2023

May 12th, 2023 6m 20s

Geolocating IPs is Harder Than You Thinkhttps://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834Pre-Infected Mobile Phoneshttps://www.theregister.com/2023/05/11/bh_asia_mobile_phones/Dragos Breachhttps://www

ISC StormCast for Thursday, May 11th, 2023

May 11th, 2023 5m 51s

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828Microsoft Patched Outlook (actually Windows) vulnerabi

ISC StormCast for Wednesday, May 10th, 2023

May 10th, 2023 5m 57s

Microsoft Patch Tuesdayhttps://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826GitHub "Push Protection" now out of Betahttps://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-reposito

ISC StormCast for Tuesday, May 9th, 2023

May 9th, 2023 6m 20s

QR Codes Used in Fake Parking Tickets and Surveyshttps://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/Microsoft Edge Updatehttps://learn.microsoft.com/en-us/deployedge/microsoft-e

ISC StormCast for Friday, May 10th, 2024

1 day ago 5m 53s

Analyzing PDF Streamshttps://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908F5 Next Central Manager Vulnerabilitieshttps://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/Veeam Patcheshttps://www.veeam.com/kb4441https://w

ISC StormCast for Thursday, May 9th, 2024

2 days ago 6m 9s

Analzying Synology Diskshttps://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904RSA Panelhttps://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%

ISC StormCast for Wednesday, May 8th, 2024

3 days ago 8m 13s

Detecting XFinity/Comcast DNS Spoofinghttps://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898Weblogic PoC CVE-2024-21006https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20

ISC StormCast for Tuesday, May 7th, 2024

4 days ago 6m 27s

DHCP Based VPN Routing Leakshttps://www.leviathansecurity.com/blog/tunnelvisionMullvad VPN DNS Traffic Leakhttps://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-androidTiny Proxy Vulnerability https://talosintellige

ISC StormCast for Monday, May 6th, 2024

6 days ago 5m 32s

DNS Debugging with nslookuphttps://isc.sans.edu/diary/nslookups+Debug+Options/30894/Microsoft Plans DNS Lockdownhttps://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366Microsoft Graph A

ISC StormCast for Friday, May 3rd, 2024

9 days ago 5m 33s

https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796Buffer Overflow Vulnerabilities in ArubaOShttps://www.

ISC StormCast for Thursday, May 2nd, 2024

10 days ago 6m 50s

Linux Trojan - Xorddos with Filename eyshcjdmzghttps://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880AWS S3 Denial of Wallet Amplification Attackhttps://medium.com/@maciej.pocwierz/how-an-empty-s3-buck

ISC StormCast for Wednesday, May 1st, 2024

10 days ago 6m 38s

Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884

ISC StormCast for Tuesday, April 30th, 2024

12 days ago 6m 55s

DLink NAS Exploit Variationhttps://www.qnap.com/en/security-advisory/qsa-24-09Muddling Meerkat DNS Abusehttps://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/Android TV Data Leakage

ISC StormCast for Monday, April 29th, 2024

13 days ago 6m 35s

Okta warns of increase in credential stuffinghttps://sec.okta.com/blockanonymizersFake payment cards used by Police in Japanhttps://twitter.com/vxunderground/status/1783522097425211887Phishing Campaigns Targeting USPShttps://www.akamai.

ISC StormCast for Friday, April 26th, 2024

16 days ago 20m 28s

Does it matter if iptables isn't running on my honeypot?https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/Unplugging PlugX: Singholing the PlugX USB worm botnethttps://blog

ISC StormCast for Thursday, April 25th, 2024

17 days ago 6m 9s

API Rug Pull - The NIST NVD Database and APIhttps://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868Cisco Patches Vulnerabilities and Discovers Arcane Backdoorhttps://blog.ta

ISC StormCast for Wednesday, April 24th, 2024

18 days ago 6m 21s

Struts2 devmode Still a Problem Ten Years Laterhttps://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38

ISC StormCast for Tuesday, April 23rd, 2024

19 days ago 6m 5s

Number of Industrial Devices Accessible From Internet Up 30 Thousand over three yearshttps://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thou

ISC StormCast for Monday, April 22nd, 2024

20 days ago 5m 35s

The CVE's They are A-Changinghttps://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850CrushFTP 0-Day Vulnerabilityhttps://www.crushftp.com/crush11wiki/Wiki.jsp?page=Updatehttps://www.reddit.com/r/crowdstrike/comments/1c88

ISC StormCast for Friday, April 19th, 2024

23 days ago 5m 6s

Delinea Secret Server Authn Authz Bypasshttps://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3Ivanti Avalanche Poc/Detailshttps://www.tenable.com/security/research/tra-202