Archiv für Juni 2025

How Long Until the Phishing Starts? About Two Weeks After setting up a Google Workspace and adding a new user, it took only two weeks for the new employee to receive somewhat targeted phishing emails. https://isc.sans.edu/diary/How%20Long%20Until%20the%20Phishing%20Starts%3F%20About%20Two%20Weeks/32052 Scammers hijack websites of Bank of America, Netflix, Microsoft, and more to insert fake phone numbers Scammers are placing […]

Extracting Data From JPEGs Didier shows how to efficiently extract data from JPEGs using his tool jpegdump.py https://isc.sans.edu/diary/A%20JPEG%20With%20A%20Payload/32048 Windows Recall Export in Europe In its latest insider build for Windows 11, Microsoft is testing an export feature for data stored by Recall. The feature is limited to European users and requires that you note an […]

Katz Stealer in JPG Xavier found some multistage malware that uses an Excel Spreadsheet and an HTA file to load an image that includes embeded a copy of Katz stealer. https://isc.sans.edu/diary/More+Steganography/32044 https://unit42.paloaltonetworks.com/malicious-javascript-using-jsfiretruck-as-obfuscation/ JavaScript obfuscated with JSF*CK is being used on over 200,000 websites to direct victims to malware Expired Discord Invite Links Used for Malware […]

Automated Tools to Assist with DShield Honeypot Investigations https://isc.sans.edu/diary/Automated%20Tools%20to%20Assist%20with%20DShield%20Honeypot%20Investigations%20%5BGuest%20Diary%5D/32038 EchoLeak: Zero-Click Microsoft 365 Copilot Data Leak Microsoft fixed a vulnerability in Copilot that could have been abused to exfiltrate data from Copilot users. Copilot mishandled instructions an attacker included in documents inspected by Copilot and executed them. https://www.aim.security/lp/aim-labs-echoleak-blogpost Thunderbolt Vulnerability Thunderbolt users may be tricked […]

Quasar RAT Delivered Through Bat Files Xavier is walking you through a quick reverse analysis of a script that will injection code extracted from a PNG image to implement a Quasar RAT. https://isc.sans.edu/diary/Quasar%20RAT%20Delivered%20Through%20Bat%20Files/32036 Delayed Windows 11 24H2 Rollout Microsoft slightly throttled the rollout of windows 11 24H2 due to issues stemming from the patch Tuesday […]

Microsoft Patch Tuesday Microsoft today released patches for 67 vulnerabilities. 10 of these vulnerabilities are rated critical. One vulnerability has already been exploited and another vulnerability has been publicly disclosed before today. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202025/32032 Adobe Vulnerabilities Adobe released patches for 7 different applications. Two significant ones are Adobe Commerce and Adobe Acrobat Reader. All vulnerabilities patched […]

OctoSQL & Vulnerability Data OctoSQL is a neat tool to query files in different formats using SQL. This can, for example, be used to query the JSON vulnerability files from CISA or NVD and create interesting joins between different files. https://isc.sans.edu/diary/OctoSQL+Vulnerability+Data/32026 Mirai vs. Wazuh The Mirai botnet has now been observed exploiting a vulnerability in […]

Extracting With pngdump.py Didier extended his pngdump.py script to make it easier to extract additional data appended to the end of the image file. https://isc.sans.edu/diary/Extracting%20With%20pngdump.py/32022 16 React Native Packages for GlueStack Backdoored Overnight 16 npm packages with over a million weekly downloads between them were compromised. The compromised packages include a remote admin tool that […]