Talk With an Expert

Internet Storm Center Tech Corner

SANS Internet StormCast: Friday, February 7, 2025

https://isc.sans.edu/podcastdetail/9314

The Unbreakable Multi-Layer Anti-Debugging System

Xavier found a nice Python script that included what it calls the "Unbreakable Multi-Layer Anti-Debugging System". Leave it up to Xavier to tear it apart for you.

https://isc.sans.edu/diary/The+Unbreakable+MultiLayer+AntiDebugging+System/31658

Take my money: OCR crypto stealers in Google Play and App Store

Malware using OCR on screen shots was available not just via Google Play, but also the Apple App Store.

https://thehackernews.com/2025/02/sparkcat-malware-uses-ocr-to-extract.html

Threat Actors Still Leveraging Legit RMM Tool ScreenConnect

Unsurprisingly, threat actors still like to use legit remote admin tools, like ScreenConnect, as a command and control channel. Silent Push outlines the latest trends and IoCs they found

https://www.silentpush.com/blog/screenconnect/

Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities

Java deserializing strikes again to allow arbitrary code execution. Cisco fixed this vulnerability and a authorization bypass issue in its Identity Services Engine

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF

F5 Update

F5 fixes an interesting authentication bypass problem affecting TLS client certificates

https://my.f5.com/manage/s/article/K000149173

SANS Internet StormCast: Thursday, February 6, 2025

com- prefix domain phishing; Win 10 ESU pricing; Firewall CT Policy; Veeam and Netgear patches

https://isc.sans.edu/podcastdetail/9312

Phishing via com- prefix domains

Every day, attackers are registering a few hundred domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links.

https://isc.sans.edu/diary/Phishing+via+com+prefix+domains/31654

Microsoft Windows 10 Extended Security Updates

Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year.

https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates

Mozilla Enforcing Certificate Transparency

Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements.

https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ

https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies

Veeam Update

Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position.

https://www.veeam.com/kb4712

Netgear Unauthenticated RCE

https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039

SANS Internet StormCast: Wednesday, February 5, 2025

Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security

https://isc.sans.edu/podcastdetail/9310

Some Updates to Our Data Feeds

We made some updates to the documentation for our data feeds, and added the neat Rosti Feed to our list as well as to our ipinfo page.

https://isc.sans.edu/diary/Some+updates+to+our+data+feeds/31650

8 Million Request Later We Made the SolarWinds Supply Chain Attack Look Amateur

While the title is a bit of watchTowr hyperbole, the problem of resurrecting dead S3 buckets back to live is real and needs to be addressed. Boring solutions will help not becoming an exciting headline.

https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/

Let's Encrypt Ending Expiration Emails

Let's Encrypt will no longer send emails for expiring certificates. They suggest other free services to send these emails for you

https://letsencrypt.org/2025/01/22/ending-expiration-emails/

Guidance and Strategies Protect Network Edge Edvices

CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices.

https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices

View Older Issues

Catch up on recent editions of NewsBites or browse our full archive of expert-curated cybersecurity news.

Browse Archive