ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining
ISC StormCast for Monday, September 19th, 2022
Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on
ISC StormCast for Friday, September 16th, 2022
Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
ISC StormCast for Thursday, September 15th, 2022
Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing
ISC StormCast for Wednesday, September 14th, 2022
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fishpig
ISC StormCast for Tuesday, September 13th, 2022
VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222
ISC StormCast for Monday, September 12th, 2022
Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers
ISC StormCast for Friday, September 9th, 2022
Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/29028 pfBlockerNG Unauthenticated RCE https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/29028
ISC StormCast for Thursday, September 8th, 2022
PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis
ISC StormCast for Wednesday, September 7th, 2022
Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service
ISC StormCast for Tuesday, September 6th, 2022
James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive
Ukraine fears ‘massive’ Russian cyberattacks on power, infrastructure
Will those be before or after the nuke strikes Putin keeps banging on about? Russia plans to conduct "massive cyberattacks" on Ukraine and its allies' critical infrastructure and energy sector, according to Kyiv.…
BrandPost: Extortion Economics: Ransomware’s New Business Model
Did you know that over 80% of ransomware attacks can be traced to common configuration errors in software and devices? This ease of access is one of many reasons why cybercriminals have become emboldened by the underground ransomware economy.And...
Police ‘all over’ dark web ransom threat to release 10,000 customer records a day, Optus CEO says
Purported hackers post ultimatum demanding $1m within four days after massive Optus data breachFollow our Australia news live blog for the latest updatesGet our free news app, morning email briefing or daily news podcastThe chief executive of Optus, Kelly...
Barracuda Unveils New Capabilities To Protect Against Persistent And Evolving Threats
Barracuda announced a number of product enhancements and innovative new capabilities at its recent Secured.22 virtual conference to expand the protection for customers and help them defend against the latest cyber threats.
Zoho ManageEngine flaw is actively exploited, CISA warns
A remote code execution vulnerability in Zoho's ManageEngine, a popular IT management solution for enterprises, is being exploited in the wild. The US Cybersecurity & Infrastructure Security Agency (CISA) added the flaw to its catalog of known exploited vulnerabilities...
