INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Windows 11 Snipping Tool Privacy Bug: Inspecting PNG Files
Published: 2023-03-22
Last Updated: 2023-03-22 17:52:44 UTC
by Didier Stevens (Version: 1)
In today's Stormcast (https://isc.sans.edu/podcastdetail.html?podcastid=8420), Johannes discussed a privacy issue with Windows 11's snipping tool.
The issue is the following: if you use Windows 11's snipping tool to open an existing image, then modify the image to make it smaller (cropping for example), and then save the image again under the same name, then the file will not be truncated. The file will keep its original data after the beginning of the file has been overwritten with the new image.
I tested this with a PNG file on Windows 11, and could indeed reproduce the issue. The reason why this doesn't work on Windows 10, is that as far as I know, Windows 10's snipping tool can not open an existing file.
Read the full entry:
https://isc.sans.edu/diary/Windows+11+Snipping+Tool+Privacy+Bug+Inspecting+PNG+Files/29660/
Simple Shellcode Dissection
Published: 2023-03-16
Last Updated: 2023-03-16 06:41:02 UTC
by Xavier Mertens (Version: 1)
Most people will never execute a suspicious program or “executable”. Also, most of them cannot be delivered directly via email. Most antispam and antivirus solutions block them. But, then, how could people be so easily infected?
I’ll explain with the help of a file I found in a phishing campaign. The filename is “Swift23544679066.xlsx" (SHA256:421d30c99381f9fe4295c8c33d7e7278b323821c793bbe2f45d6003536871347) and is still unknown on VirusTotal.
Read the full entry:
https://isc.sans.edu/diary/Simple+Shellcode+Dissection/29642/