Category: SANS Internet Storm Center, InfoCON: green

Introduction This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: SmartApeSG campaign pushes Remcos RAT, NetSupport RAT, StealC, and Sectop RAT (ArechClient2), (Wed, Mar 25th)

Read more →

I have written about how to use IP KVMs securely, and recently, researchers at Eclypsium published yet another report on IP KVM vulnerabilities. But there is another issue I haven't mentioned yet with IP KVMs: rogue IP KVMs. IP KVMs are often…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 24th, 2026…

Read more →

So, I've been slow to get on the Claude Code/OpenCode/Codex/OpenClaw bandwagon, but I had some time last week so I asked Claude to review (/security-review) some of my python scripts. He found more than I'd like to admit, so I…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 23rd, 2026…

Read more →

Yesterday, I discovered a malicious Bash script that installs a GSocket backdoor on the victim&#x27s computer. I don&#x27t know the source of the script not how it is delivered to the victim. This article has been indexed from SANS Internet…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 20th, 2026…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 19th, 2026…

Read more →

This activity was found and reported by BACS student Adam Thorman as part of one of his assignments which I posted his final paper [1] last week. This activity appeared to only have occurred on the 19 Feb 2026 where at…

Read more →

A very popular target of attackers scanning our honeypots is “phpmyadmin”. phpMyAdmin is a script first released in the late 90s, before many security concepts had been discovered. It's rich history of vulnerabilities made it a favorite target. Its alternative, “adminer”,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 18th, 2026…

Read more →

Yesterday, in my diary about the scans for “/proxy/” URLs, I noted how attackers are using IPv4-mapped IPv6 addresses to possibly obfuscate their attack. These addresses are defined in RFC 4038. These addresses are one of the many transition mechanisms…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 17th, 2026…

Read more →

Attempts to find proxy servers are among the most common scans our honeypots detect. Most of the time, the attacker attempts to use a host header or include the hostname in the URL to trigger the proxy server forwarding the…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, March 16th, 2026…

Read more →

Introduction This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: SmartApeSG campaign uses ClickFix page to push Remcos RAT, (Sat, Mar 14th)

Read more →

On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page was…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 13th, 2026…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 12th, 2026…

Read more →

[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: When your IoT Device Logs in…

Read more →