On Wednesday, a phishing message made its way into our handler inbox that contained a fairly typical low-quality lure, but turned out to be quite interesting in the end nonetheless. That is because the accompanying credential stealing web page...
ISC Stormcast For Friday, March 13th, 2026 https://isc.sans.edu/podcastdetail/9848, (Fri, Mar 13th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Update: pdf-parser.py Version 0.7.14
Date inconnueThis is a fix for option –yarastrings. pdf-parser_V0_7_14.zip (http)MD5: EB3808ACE5497B428138594AFDC5205FSHA256: 6A60223D52B75F8AFF8C8CF19A58699A20829AC758C251B405B08EC734EF6A4A
iPhones and iPads Approved for NATO Classified Data
Date inconnueApple announcement: …iPhone and iPad are the first and only consumer devices in compliance with the information assurance requirements of NATO nations. This enables iPhone and iPad to be used with classified information up to the NATO restricted...
ISC Stormcast For Thursday, March 12th, 2026 https://isc.sans.edu/podcastdetail/9846, (Thu, Mar 12th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
[This is a Guest Diary by Adam Thorman, an ISC intern as part of the SANS.edu BACS program] Introduction Have you ever installed a new device on your home or company router? Even when setup instructions are straightforward, end users often skip...
Update: zipdump.py Version 0.0.34
Date inconnueThis update adds option forcedecompress when using options -f and -s. More info: Analyzing “Zombie Zip” Files (CVE-2026-0866). zipdump_v0_0_35.zip (http)MD5: F4A48AE14C1B258D688BF61D9ACF5E54SHA256:...
Introduction This blog post is a follow-up to our previous post describing how we managed to extract the firmware of a smartwatch. It contains many references and details introduced in our previous post, readers are therefore advised to read it...
Canada Needs Nationalized, Public AI
Date inconnueCanada has a choice to make about its artificial intelligence future. The Carney administration is investing $2-billion over five years in its Sovereign AI Compute Strategy. Will any value generated by “sovereign AI” be captured in Canada, making...
A new vulnerability (CVE-2026-0866) has been published: Zombie Zip. It's a method to create a malformed ZIP file that will bypass detection by most anti-virus engines. The malformed ZIP file can not be opened with a ZIP utility, a custom loader...
Update: zipdump.py Version 0.0.34
Date inconnueThis is a fix for option –yarastrings. zipdump_v0_0_34.zip (http)MD5: F2BB1DF9A4E1BA323D85C3F8F71B5E69SHA256: 2455A026DB2BE1678AD8F1AAC2D148D40A7AB7412CCE180C3E9E1FC4B39B9378
ISC Stormcast For Wednesday, March 11th, 2026 https://isc.sans.edu/podcastdetail/9844, (Wed, Mar 11th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Update: pecheck.py Version 0.7.20
Date inconnueThis is a fix for option –yarastrings. pecheck-v0_7_20.zip (http)MD5: DB34684DA9A5DEC0E94746328318FFE1SHA256: F6B702206E4DAE3971778263F4B234F7E77BA91A3A1F59419D12CA312316CA96
PageJack in Action: CVE-2022-0995 exploit
Date inconnueIntroduction In this article, we will explore how a relatively old CVE can be exploited using PageJack, a modern kernel exploitation technique introduced in 2024 by Zhiyun Qian at Black Hat USA. You can find a link to the full exploit at the end...
Microsoft Patch Tuesday March 2026, (Tue, Mar 10th)
Date inconnueMicrosoft today released patches for 93 vulnerabilities, including 9 vulnerabilities in Chromium affecting Microsoft Edge. 8 of the vulnerabilities are rated critical. 2 were disclosed prior to today but have not yet been exploited. This update...
Jailbreaking the F-35 Fighter Jet
Date inconnueCountries around the world are becoming increasingly concerned about their dependencies on the US. If you’ve purchase US-made F-35 fighter jets, you are dependent on the US for software maintenance. The Dutch Defense Secretary recently said that...
ISC Stormcast For Tuesday, March 10th, 2026 https://isc.sans.edu/podcastdetail/9842, (Tue, Mar 10th)
Date inconnue(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Update: search-for-compression.py 0.0.6
Date inconnueThis is a fix for option –yarastrings in search-for-compression.py.
Last week, two related RFCs were published: RFC 9848: Bootstrapping TLS Encrypted ClientHello with DNS Service Bindings RFC 9849: TLS Encrypted Client Hello These TLS extensions have been discussed quite a bit already, and Cloudflare, one of the...
New Attack Against Wi-Fi
Date inconnueIt’s called AirSnitch: Unlike previous Wi-Fi attacks, AirSnitch exploits core features in Layers 1 and 2 and the failure to bind and synchronize a client across these and higher layers, other nodes, and other network names such as SSIDs (Service...
Aucun article de sécurité disponible