procdump Version 10.1, (Sun, Aug 1st)Sun, 01 Aug 2021 09:22:25 GMT A new version of procdump, the Sysinternals tool to create process dumps, was released.
Unsolicited DNS Queries, (Sat, Jul 31st)Sat, 31 Jul 2021 12:38:25 GMT This week I started seeing more DNS related activity being identified by Threatintel and that got me curious. While reviewing my logs, I noticed that Wednesday and Thursday had an unusual spike for many inbound unsolicited DNS queries for the domain census.gov.
Infected With a .reg File, (Fri, Jul 30th)Fri, 30 Jul 2021 12:32:17 GMT Yesterday, I reported a piece of malware that uses&#;x26;#;xc2;&#;x26;#;xa0;archive.org to fetch its next stage&#;x26;#;x5b;1&#;x26;#;x5d;. Today, I spotted another file that is also interesting: A Windows Registry file (with a ".reg" extension). Such files are&#;x26;#;xc2;&#;x26;#;xa0;text&#;x26;#;xc2;&#;x26;#;xa0;files created by exporting values from the Registry (export) but they can also&#;x26;#;xc2;&#;x26;#;xa0;be used to add or change values in the Registry (import). Being text files, they don&#;x26;#;39;t look suspicious.
Apple Patches for CVE-2021-30807, (Tue, Jul 27th)Fri, 30 Jul 2021 08:52:40 GMT Apple has released another update (previous update was only about 5 days ago) to address CVE-2021-30807 that was discovered by an anonymous researcher. This update resolves an issue with IOMobileFrameBuffer which could allow an application to execute arbitrary code with kernel privileges [1], [2]. This issue may have been actively exploited.
Malicious Content Delivered Through archive.org, (Thu, Jul 29th)Thu, 29 Jul 2021 07:18:21 GMT archive.org[1], also known as the "way back machine" is a very popular Internet site that allows you to travel back in time and browse old versions of a website (like the ISC website[2]). It works like regular search engines and continuously crawls the internet via bots. But there is another way to store content on archive.org: You may create an account and upload some content by yourself.
A sextortion e-mail from...IT support?!, (Wed, Jul 28th)Wed, 28 Jul 2021 06:34:05 GMT E-mails claiming that their author has recorded the recipient through a webcam while they were "in flagrante delicto" enjoying a visit to some pornographic site, and will publish the recording unless the recipient pays them, have been with us for quite a while now. Over time, these messages haven't changed much. It is no wonder – since the “hook†they use is fairly timeless and nearly universal in nature, the same messages can be effective for a long time without any substantial modifications.
Novel Meteor Wiper Used in Attack that Crippled Iranian Train SystemFri, 30 Jul 2021 15:21:41 +0000 A July 9th attack disrupted service and taunted Iran’s leadership with hacked screens directing customers to call the phone of Iranian Supreme Leader Khamenei with complaints.
CISA’s Top 30 Bugs: One’s Old Enough to Buy BeerThu, 29 Jul 2021 18:39:56 +0000 There are patches or remediations for all of them, but they're still being picked apart. Why should attackers stop if the flaws remain unpatched, as so many do?
BlackMatter & Haron: Evil Ransomware Newborns or RebirthsWed, 28 Jul 2021 18:33:02 +0000 They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
Reboot of PunkSpider Tool at DEF CON Stirs DebateWed, 28 Jul 2021 17:44:50 +0000 Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.
Podcast: Why Securing Active Directory Is a NightmareWed, 28 Jul 2021 11:01:33 +0000 Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.