Failed Malspam: Recovering The Password, (Mon, Jul 26th)

Jan's diary entry "One way to fail at malspam - give recipients the wrong password for an encrypted attachment" got my attention: it's an opportunity for me to do some password cracking :-) I asked Jan for the sample.

1h

ISC Stormcast For Monday, July 26th, 2021 https://isc.sans.edu/podcastdetail.html?id=7600, (Mon, Jul 26th)

15h

Wireshark 3.4.7 Released, (Sun, Jul 25th)

Wireshark version 3.4.7 was released.

1d

Active Directory Certificate Services (ADCS - PKI) domain admin vulnerability, (Sat, Jul 24th)

Phew, this was a really bad week for Microsoft (and a lot of reading for all of us). And just when we thought that the fiasco with the SAM hive was over, a new vulnerability popped up, which is much, much more dangerous unfortunately – it allows a user to completely take over a Windows domain that has the ADCS service running. And those are probably...

2d

Agent.Tesla Dropped via a .daa Image and Talking to Telegram, (Sat, Jul 24th)

A few days ago, I found an interesting file delivered by email (why change a winning combination?). The file has a nice extension: “.daa” (Direct Access Archive). We already reported such files in 2019 and Didier wrote a diary[1] about them. Default Windows installation, can’t process “.daa” files, you need a specific tool to open them (like PowerISO)....

2d

Uncovering Shenanigans in an IP Address Block via Hurricane Electric's BGP Toolkit (II), (Fri, Jul 23rd)

Today’s diary revisits hunting for dodgy domains via Hurricane Electric's BGP Toolkit [1]. This was previously done in an earlier diary [2], and I plan to do this occasionally to share potential or identified threats so that readers can be aware of them.

3d

ISC Stormcast For Friday, July 23rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7598, (Fri, Jul 23rd)

3d

Lost in the Cloud: Akamai DNS Outage, (Thu, Jul 22nd)

As we already got a number of notes from readers: Currently, Akamai's DNS service appears to experience an outage that affects numerous other large websites. 

4d

ISC Stormcast For Thursday, July 22nd, 2021 https://isc.sans.edu/podcastdetail.html?id=7596, (Thu, Jul 22nd)

4d

"Summer of SAM": Microsoft Releases Guidance for CVE-2021-36934, (Wed, Jul 21st)

Microsoft released a knowledge base article regarding CVE-2021-36934 [1]. Bojan yesterday explained the vulnerability in more detail. Recent versions of Microsoft Windows expose several system files due to overly permissive access control lists. Of main interest is the Security Accounts Manager (SAM), which exposes password hashes. It has been demonstrated...

5d