15°C
ciel dégagé
This article on the walls of Constantinople is fascinating. The system comprised four defensive lines arranged in formidable layers: The brick-lined ditch, divided by bulkheads and often flooded, 15Â20 meters wide and up to 7 meters deep. A low...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Starting March 10, 2026, my DShield sensor started getting probe for various AI models such as claude, openclaw, huggingface, etc. Reviewing the data already reported by other DShield sensors to ISC, the DShield database shows reporting of these...
This month's Microsoft Patch Tuesday looks like a record one, but let's look at it a bit closer to understand what is happening The update patches a total of 243 vulnerabilities. However, 78 of them are Chromium issues affecting Microsoft Edge....
This is a current list of where and when I am scheduled to speak: Iâm speaking at DemocracyXChange 2026 in Toronto, Ontario, Canada, on April 18, 2026. Iâm speaking at the SANS AI Cybersecurity Summit 2026 in Arlington, Virginia, USA, at 9:40 AM...
Interesting paper: âWhat hackers talk about when they talk about AI: Early-stage diffusion of a cybercrime innovation.â Abstract: The rapid expansion of artificial intelligence (AI) is raising concerns about its potential to transform cybercrime....
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Introduction During our work on SightHouse, we evaluated several binary similarity engines to find one that met our needs. After thorough evaluation, we chose Ghidra's Behavioral Similarity (BSIM) feature. One key difference of BSIM compared to...
The cybersecurity industry is obsessing over Anthropicâs new model, Claude Mythos Preview, and its effects on cybersecurity. Anthropic said that it is not releasing it to the general public because of its cyberattack capabilities, and has...
Last week, I wrote about attackers scanning for various webshells, hoping to find some that do not require authentication or others that use well-known credentials. But some attackers are paying attention and are deploying webshells with more...
All the leading AI chatbots are sycophantic, and thatâs a problem: Participants rated sycophantic AI responses as more trustworthy than balanced ones. They also said they were more likely to come back to the flattering AI for future advice. And...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Dear blog readers,Happy Easter.I wanted to let everyone know about my most recent project which I did on my own and where I intend to spend most of my time working on.It's called Cyberbuzz.org and it's basically a long dream come true where I aim...
Eighteen is a Windows Server 2025 assume-breach box starting with MSSQL credentials. Iâll use MSSQL login impersonation to access the financial planner database and recover a Werkzeug PBKDF2 hash for the web admin. After cracking the hash and...
Regulation is hard: The South Pacific Regional Fisheries Management Organization (SPRFMO) oversees fishing across roughly 59 million square kilometers (22 million square miles) of the South Pacific high seas, trying to impose order on a region...
Claude is actually pretty good on the issues.
I spotted an interesting piece of JavaScript code that was delivered via a phishing email in a RAR archive. The file was called âcbmjlzan.JSâ (SHA256:a8ba9ba93b4509a86e3d7dd40fd0652c2743e32277760c5f7942b788b74c5285) and is only identified as...
ProPublica has a scoop: In late 2024, the federal governmentâs cybersecurity evaluators rendered a troubling verdict on one of Microsoftâs biggest cloud computing offerings. The tech giantâs âlack of proper detailed security documentationâ left...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In a previous diary [1], we looked to see how numbers were used within passwords submitted to honeypots. One of the items of interest was how dates, and more specifically years, were represented within the data and how that changed over time. It...
Aucun article de sécurité disponible