I published the following diary on isc.sans.org: “Analysis of a Paypal phishing kit“. They are plenty of phishing kits in the wild that try to lure victims to provide their credentials. Services like Paypal are nice targets and we can find new fake pages almost daily. Sometimes, the web server isn’t
Category: SANS Internet Storm Center
[SANS ISC] Increase of phpMyAdmin scans
I published the following diary on isc.sans.org: “Increase of phpMyAdmin scans“. PMA (or “phpMyAdmin”) is a well-known MySQL front-end written in PHP that “brings MySQL to the web” as stated on the web site. The tool is very popular amongst web developers because it helps to maintain databases just by using
[SANS ISC] TinyPot, My Small Honeypot
I published the following diary on isc.sans.org: “TinyPot, My Small Honeypot“. Running honeypots is always interesting to get an overview of what’s happening on the Internet in terms of scanners or new threats. Honeypots are useful not only in the Wild but also on your internal networks. There are plenty
[SANS ISC] Bots Searching for Keys & Config Files
I published the following diary on isc.sans.org: “Bots Searching for Keys & Config Files“. If you don’t know our “404” project, I would definitively recommend having a look at it! The idea is to track HTTP 404 errors returned by your web servers. I like to compare the value of 404 errors
[SANS ISC] Backup Scripts, the FIM of the Poor
I published the following diary on isc.sans.org: “Backup Scripts, the FIM of the Poor“. File Integrity Management or “FIM” is an interesting security control that can help to detect unusual changes in a file system. By example, on a server, they are directories that do not change often. Example with
[SANS ISC] A VBScript with Obfuscated Base64 Data
I published the following diary on isc.sans.org: “A VBScript with Obfuscated Base64 Data“. A few months ago, I posted a diary to explain how to search for (malicious) PE files in Base64 data. Base64 is indeed a common way to distribute binary content in an ASCII form. There are plenty
[SANS ISC] Obfuscating without XOR
I published the following diary on isc.sans.org: “Obfuscating without XOR“. Malicious files are generated and spread over the wild Internet daily (read: “hourly”). The goal of the attackers is to use files that are: not know by signature-based solutions not easy to read for the human eye That’s why many
[SANS ISC] Systemd Could Fallback to Google DNS?
I published the following diary on isc.sans.org: “Systemd Could Fallback to Google DNS?“. Google is everywhere and provides free services to everyone. Amongst the huge list of services publicly available, there are the Google DNS, well known as 8.8.8.8, 8.8.4.4 (IPv4) and 2001:4860:4860::8888, 2001:4860:4860::8844Â (IPv6)… [Read more]
[SANS ISC] Phishing Campaigns Follow Trends
I published the following diary on isc.sans.org: “Phishing Campaigns Follow Trends“. Those phishing emails that we receive every day in our mailboxes are often related to key players in different fields (…) But the landscape of online services is ever changing and new actors (and more precisely their customers) become
[SANS ISC] Sharing Private Data with Webcast Invitations
I published the following diary on isc.sans.org: “Sharing Private Data with Webcast Invitations“. Last week, at a customer, we received a forwarded email in a shared mailbox. It was somebody from another department that shared an invitation for a webcast “that could be interesting for you, guys!â€. This time, no phishing