10°C
ciel dégagé
Je colle ci-dessous mes notes que je commenterai ensuite Mardi 17 février vers 10h15Bus [xxx]Un homme taille moyenne blanc lunettes noires bonnet barbe courte.Il agresse verbalement le chauffeur en haussant la voix et en le traitant de connard.Le...
In his last two diaries, Xavier discussed recent malware campaigns that download JPEG files with embedded malicious payload[1,2]. At that point in time, Iâve not come across the malicious âMSI imageâ myself, but while I was going over malware...
Good article on password managers that secretly have a backdoor. New research shows that these claims arenât true in all cases, particularly when account recovery is in place or password managers are set to share vaults or organize users into...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Giveback starts with a WordPress website with a donation plugin thatâs vulnerable to a RCE exploit. Iâll get a shell in a Kubernetes pod, and use it to scan an internal legacy app running PHP-CGI. Iâll abuse a vulnerability in that application to...
Introduction For at least the past year or so, I've been receiving Japanese-language phishing emails to my blog email addresses at @malware-traffic-analysis.net. I'm not Japanese, but I suppose my blog's email addresses ended up on a list used by...
This is a fix for option âyarastrings. rtfdump_V0_0_15.zip (http)MD5: C70F327DDC11B549A399B2F85B2B9607SHA256: 9EFDEB5978372BD93065BCDAB6486DAECA4CB7E2EDA15DD5BD4C98AF69FB19A7
I like this one. As usual, you can also use this squid post to talk about the security stories in the news that I havenât covered. Blog moderation policy.
Itâs a demonstration of how toxic the surveillance-tech company Flock has become when Amazonâs Ring cancels the partnership between the two companies. As Hamilton Nolan advises, remove your Ring doorbell.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
This update adds option -C (âcombinations). When this option is used together with -j (âjsonoutput), 2 extra versions of each stream are added. One with option -H enabled, and one with option -H and -S enabled. rtfdump_V0_0_14.zip (http)MD5:...
[This is a Guest Diary contributed by John Moutos] Overview In this post, I'm going over my analysis of DynoWiper, a wiper family that was discovered during attacks against Polish energy companies in late December of 2025. ESET Research [1] and...
Interesting: Summary: An AI agent of unknown ownership autonomously wrote and published a personalized hit piece about me after I rejected its code, attempting to damage my reputation and shame me into accepting its changes into a mainstream...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
The title of the post isâWhat AI Security Research Looks Like When It Works,â and I agree: In the latest OpenSSL security release> on January 27, 2026, twelve new zero-day vulnerabilities (meaning unknown to the maintainers at time of disclosure)...
A few days ago I wrote a diary called "Malicious Script Delivering More Maliciousness"[1]. In the malware infection chain, there was a JPEG picture that embedded the last payload delimited with "BaseStart-" and "-BaseEnd" tags. Today, I...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Here are three papers describing different side-channel attacks against LLMs. âRemote Timing Attacks on Efficient Language Model Inferenceâ: Abstract: Scaling up language models has significantly increased their capabilities. But larger models...
This morning, I received an interesting phishing email. Iâve a âlove & hateâ relation with such emails because I always have the impression to lose time when reviewing them but sometimes itâs a win because you spot interesting âTTPsâ (âtools,...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Aucun article de sécurité disponible