Tuesday, September 27, 2022
SANS ISC

ISC StormCast for Monday, September 26th, 2022

Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading
SANS ISC

ISC StormCast for Friday, September 23rd, 2022

RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing
SANS ISC

ISC StormCast for Thursday, September 22nd, 2022

Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of
SANS ISC

ISC StormCast for Wednesday, September 21st, 2022

Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU
SANS ISC

ISC StormCast for Tuesday, September 20th, 2022

Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining
SANS ISC

ISC StormCast for Monday, September 19th, 2022

Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on
SANS ISC

ISC StormCast for Friday, September 16th, 2022

Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
SANS ISC

ISC StormCast for Thursday, September 15th, 2022

Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing
SANS ISC

ISC StormCast for Wednesday, September 14th, 2022

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fishpig
SANS ISC

ISC StormCast for Tuesday, September 13th, 2022

VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222
SANS ISC

ISC StormCast for Monday, September 12th, 2022

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers
SANS ISC

ISC StormCast for Friday, September 9th, 2022

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/29028 pfBlockerNG Unauthenticated RCE https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/29028
SANS ISC

ISC StormCast for Thursday, September 8th, 2022

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis
SANS ISC

ISC StormCast for Wednesday, September 7th, 2022

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service
SANS ISC

ISC StormCast for Tuesday, September 6th, 2022

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive
The Register

Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure

Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…

BrandPost: Extortion Economics: Ransomware’s New Business Model

Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...

Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says

Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...

Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats

Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.

Zoho ManageEngine flaw is actively exploited, CISA warns

A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...