INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Your Business Data and Machine Learning at Risk: Attacks Against Apache NiFi
Published: 2023-05-30
Last Updated: 2023-05-31 11:07:11 UTC
by Johannes Ullrich (Version: 1)
Apache NiFi describes itself as “an easy-to-use, powerful, and reliable system to process and distribute data.” In simple terms, NiFi implements a web-based interface to define how data is moved from a source to a destination. Users may define various “processors” to manipulate data along the way. This is often needed when processing business data or preparing data for machine learning. A dataset used for machine learning may arrive in one format (let's say JSON), but to conveniently use it for training, it must be converted to JSON or inserted into a database. The features are not just attractive to machine learning, but many business processes require similar functionality.
Read the full entry:
Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT
Published: 2023-05-30
Last Updated: 2023-05-30 01:01:59 UTC
by Brad Duncan (Version: 1)
Also known as DBatLoader, ModiLoader is malware that retreives and runs payloads like Formbook, Warzone RAT, Remcos RAT, or other types of malware. Today's diary reviews a ModiLoader infection for Remcos RAT on Monday 2023-05-29.
I caught the email in one of my honeypot accounts on Monday 2023-05-29 at 4:14 UTC. These messages often spoof companies sending invoices or purchase orders. This campaign didn't appear to be specifically targeted at my honeypot account.
Read the full entry:
https://isc.sans.edu/diary/Malspam+pushes+ModiLoader+DBatLoader+infection+for+Remcos+RAT/29896/
Analyzing Office Documents Embedded Inside PPT (PowerPoint) Files
Published: 2023-05-29
Last Updated: 2023-05-29 07:27:43 UTC
by Didier Stevens (Version: 1)
I was asked how to analyze Office Documents that are embedded inside PPT files. PPT is the "standard" binary format for PowerPoint, it's an olefile. You can analyze it with oledump.py.
All embedded content is found inside stream "PowerPoint Document". For VBA, I already wrote a blog post a couple years ago: "Analyzing PowerPoint Maldocs with oledump Plugin plugin_ppt".
The analysis process for embedded files is quite similar.
Read the full entry:
https://isc.sans.edu/diary/Analyzing+Office+Documents+Embedded+Inside+PPT+PowerPoint+Files/29894/