Introduction In a recent incident response case, we discovered a new and notable ransomware family in active use by the attackers, which we named “Ymir”. The artifact has interesting features….

Hewlett Packard Enterprise (HPE) has released security updates to address multiple vulnerabilities impacting Aruba Networking Access Point products, including two critical bugs that could result in unauthenticated command execution. The….

The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF. The second….

Cybersecurity researchers have discovered a new phishing campaign that spreads a new fileless variant of known commercial malware called Remcos RAT. Remcos RAT “provides purchases with a wide range of….

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

In yesterday’s diary entry “zipdump & Evasive ZIP Concatenation” I showed how one can inspect the PKZIP records that make up a ZIP file. My tool zipdump.py can also inspect….

The Federal Bureau of Investigation (FBI) is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use….

This was a much longer than usual update, largely due to the amount of time spent discussing the Earth 2 incident. As I said in the video (many times!), the….

On Friday’s Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection. This gives me a good opportunity to….

Microsoft on Tuesday revealed that two security flaws impacting Windows NT LAN Manager (NTLM) and Task Scheduler have come under active exploitation in the wild. The security vulnerabilities are among….