21°C
couvert
A DoorDash driver stole over $2.5 million over several months: The driver, Sayee Chaitainya Reddy Devagiri, placed expensive orders from a fraudulent customer account in the DoorDash app. Then, using DoorDash employee credentials, he manually...
Dear blog readers,Do you remember the Koobface botnet? And did you know that the Koobface botnet master KrotReal used to maintain a legitimate Facebook account back in 2011 at the peak of the Koobface botnet that no one has ever referenced or...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
âFifty Years of Mathematical Cryptanalysis (1937-1987),â by Glenn F. Stahly, was just declassifiedâwith a lot of redactionsâby the NSA. I have not read it yet. If you find anything interesting in the document, please tell us about it in the comments.
Like .Net, AutoIT[1] remains a popular language for years in the malware ecosystem. It's a simple language that can interact with all the components of the Windows operating system. I regularly discover AutoIT3 binaries (yes, it can be compiled)....
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Heal starts off with a resume generation website that uses three domains. Thereâs the main site, an API, and a survey site. Iâll abuse a file read / directory traversal in the API to get access to the Ruby configuration and eventually the SQLite3...
A couple years ago I published tool xorsearch.py for this diary entry: "Small Challenge: A Simple Word Maldoc - Part 4". It could be used to search for XOR-encoded text: This was a beta version, and its user interface was subject to change. The...
From Hackaday.com, this is a neural network simulation of a pet squid. Autonomous Behavior: The squid moves autonomously, making decisions based on his current state (hunger, sleepiness, etc.). Implements a vision cone for food detection,...
This is a weird story: U.S. energy officials are reassessing the risk posed by Chinese-made devices that play a critical role in renewable energy infrastructure after unexplained communication equipment was found inside some of them, two people...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
In what experts are calling a novel legal outcome, the 22-year-old former administrator of the cybercrime community Breachforums will forfeit nearly $700,000 to settle a civil lawsuit from a health insurance company whose customer data was posted...
On April 14, Dubaiâs ruler, Sheikh Mohammed bin Rashid Al Maktoum, announced that the United Arab Emirates would begin using artificial intelligence to help write its laws. A new Regulatory Intelligence Office would use the technology to...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
I published on the 29 Apr 2025 a diary [1] on scanning activity looking for SonicWall and since this publication this activity has grown 10-fold. Over the past 14 days, several BACS students have reported activity related to SonicWall scans all...
In this just obtained video in my line of inspiration and work you can basically see everything you ever wanted to see about the Yekaterinburg's based Plastika Recording Studio and Linkvil (ĐĐČĐłĐ”ĐœĐžĐč ĐĄĐ°ĐŒŃĐŸĐœĐŸĐČ) and basically get a better picture of...
This is a current list of where and when I am scheduled to speak: Iâm speaking (remotely) at the Sektor 3.0 Festival in Warsaw, Poland, May 21-22, 2025. The list is maintained on this page.
Microsoft on Tuesday released software updates to fix at least 70 vulnerabilities in Windows and related products, including five zero-day flaws that are already seeing active exploitation. Adding to the sense of urgency with this monthâs patch...
Google has extended its Advanced Protection features to Android devices. Itâs not for everybody, but something to be considered by high-risk users. Wired article, behind a paywall.
A couple of weeks ago, I came across a phishing campaign that highlights a recurring issue with open redirect vulnerabilities in well-known and trusted services. The phishing message that was delivered to us, here at the ISC, was a variation on...
Aucun article de sécurité disponible