I published the following diary on isc.sans.edu: “(Ab)Using Security Tools & Controls for the Bad“: As security practitioners, we give daily advice to our customers to increase the security level of their infrastructures. Install this tool, enable this feature, disable this function, etc. When enabled, these techniques can also be
Category: SANS Internet Storm Center
[SANS ISC] Keep an Eye on Your Users Mobile Devices (Simple Inventory)
I published the following diary on isc.sans.edu: “Keep an Eye on Your Users Mobile Devices (Simple Inventory)“: Today, smartphones are everywhere and became our best friends for many tasks. Probably your users already access their corporate mailbox via a mobile device. If it’s not yet the case, you probably have
[SANS ISC] Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
I published the following diary on isc.sans.edu: “Excel Recipe: Some VBA Code with a Touch of Excel4 Macro“: Microsoft Excel supports two types of macros. The legacy format is known as “Excel4 macro” and the new (but already used for a while) is based on VBA. We already cover both
[SANS ISC] Malicious Calendar Subscriptions Are Back?
I published the following diary on isc.sans.edu: “Malicious Calendar Subscriptions Are Back?“: Did this threat really disappear? This isn’t a brand new technique to deliver malicious content to mobile devices but it seems that attackers started new waves of spam campaigns based on malicious calendar subscriptions. Being a dad, you can imagine that
[SANS ISC] Attackers Will Always Abuse Major Events in our Lifes
I published the following diary on isc.sans.edu: “Attackers Will Always Abuse Major Events in our Lifes“: All major events in our daily life are potential sources of revenue for attackers. When elections or major sports events are organized, attackers will surf on these waves and try to make some profit or
[SANS ISC] Cryptocurrency Clipboard Swapper Delivered With Love
I published the following diary on isc.sans.edu: “Cryptocurrency Clipboard Swapper Delivered With Love“: Be careful if you’re a user of cryptocurrencies. My goal is not to re-open a debate about them and their associated financial risks. No, I’m talking here about technical risk. Wallet addresses are long strings of characters that
[SANS ISC] Waiting for the C2 to Show Up
published the following diary on isc.sans.edu: “Waiting for the C2 to Show Up“: Keep this in mind: “Patience is key”. Sometimes when you are working on a malware sample, you depend on online resources. I’m working on a classic case: a Powershell script decodes then injects a shellcode into a process. There
[SANS ISC] Malicious Microsoft Word Remains A Key Infection Vector
I published the following diary on isc.sans.edu: “Malicious Microsoft Word Remains A Key Infection Vector“: Despite Microsoft’s attempts to make its Office suite more secure and disable many automatic features, despite the fact that users are warned that suspicious documents should not be opened, malicious Word documents remain a key
[SANS ISC] Infected With a .reg File
I published the following diary on isc.sans.edu: “Infected With a .reg File“: Yesterday, I reported a piece of malware that uses archive.org to fetch its next stage. Today, I spotted another file that is also interesting: A Windows Registry file (with a “.reg” extension). Such files are text files created by exporting values
[SANS ISC] Malicious Content Delivered Through archive.org
I published the following diary on isc.sans.edu: “Malicious Content Delivered Through archive.org“: archive.org, also known as the “way back machine” is a very popular Internet site that allows you to travel back in time and browse old versions of a website (like the ISC website). It works like regular search engines and