Category: SANS Internet Storm Center, InfoCON: green

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, November 10th, 2025…

Read more →

This is just a quick diary entry to report that I saw requests on my honeypot for (code) repositories: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Honeypot: Requests for (Code) Repositories,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, November 7th, 2025…

Read more →

[This is a Guest Diary by David Hammond, an ISC intern as part of the SANS.edu BACS program] This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: Binary Breadcrumbs: Correlating Malware Samples with…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, November 6th, 2025…

Read more →

For several years, we have offered a “new domain” list of recently registered (or, more accurately, recently discovered) domains. This list is offered via our API (https://isc.sans.edu/api). However, the size of the list has been causing issues, resulting in a…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, November 5th, 2025…

Read more →

Apple released its expected set of operating system upgrades. This is a minor feature upgrade that also includes fixes for 110 different vulnerabilities. As usual for Apple, many of the vulnerabilities affect multiple operating systems. None of the vulnerabilities is…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, November 4th, 2025…

Read more →

XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, November 3rd, 2025…

Read more →

Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, October 31st, 2025…

Read more →

This week, I noticed some new HTTP request headers that I had not seen before: This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu,…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, October 30th, 2025…

Read more →

I've been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for the first time in 1983. That's one of the reasons I love teaching FOR577[1], because I have stories that go back to…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, October 29th, 2025…

Read more →

While reviewing malicious messages that were delivered to our handler inbox over the past few days, I noticed that the “subject” of one phishing e-mail looked quite strange when displayed in the Outlook message list… This article has been indexed…

Read more →

This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, October 28th, 2025…

Read more →

I was intrigued when Johannes talked about malware that uses BASE64 over DNS to communicate. Take a DNS request like this: label1.label2.tld. Labels in a request like this can only be composed with letters (not case-sensitive), digits and a hyphen…

Read more →