SANS Internet Storm Center - Cooperative Cyber Security Monitor
Updated: 4 hours 36 min ago
Here is a nice example of phishing attack that I found while reviewing data captured by my honeypots. We all know that phishing is a pain and attackers are always searching for new tactics to entice the potential victim to click on a link, disclose personal information or more…
Reader Vince asked for help with the analysis of a malicious Word document. He started the analysis himself, following the method I illustrated in diary entry "Word maldoc: yet another place to hide a command".
December 2018 Security Updates
Richard Porter --- ISC Handler on Duty
Last week, the arrest of MENG Wanzou made big waves in the news. Ms. Meng was arrested in Canada based on an arrest warrant issued for the United States Department of justice. Ms. Meng, as CFO of Huawei and possible heir to her father, the CEO of Huawei, is assumed to have access to substantial wealth. This led to a wave of advanced fee scams levering this news.
String analysis: extracting and analyzing strings from binary files (like executables) to assist with reverse engineering.
Reader Jason submitted a ZIP file received via email. It contains an MHT file, an when Jason received it, it had 0 detections on VirusTotal.
Last few days we're seeing increased attacks from %%ip:220.127.116.11%%, which is trying to exploit open Docker instances (%%port:2375%%). The container (being named java123) is based on image ahtihhebs/picture124, and executed with payload:
If you haven't uninstalled Flash yet, maybe today should be that day. The update posted yesterday has a remote code exec proof-of-concept already here:
In many penetration tests, there'll be a point where you need to exfiltrate some data. Sometimes this is a situation of "OK, we got the crown jewels, let's get the data off premise". Or sometimes in this phase of the test the goal is "let's make some noise and see if they're watching for data exfiltration - hmm, nothing yet, let's make some LOUDER noise and see (and so on)". As with most things, there's a spectrum of methods to move the target data out, with various levels of difficulty for detection.