In this week’s review Uber was hacked Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs Ransomware Developers Turn to Intermittent Encryption […]
8-19-22 Week in Review: Password Snooping, Supply Chain, Cl0p Ransomware
In this week’s review Cleartext Shenanigans: Gifting User Passwords to Adversaries With NPPSPY Realtek SDK Vulnerability Exposes Routers InfoSec Handlers Diary Blog – SANS […]
8-5-22 Week in Review: Evasive Phishing, Tricky Malware and Initial Access Brokers
In this week’s review Large-Scale AiTM Attack targeting enterprise users of Microsoft email services Deception at a scale Initial Access Brokers Are Key to […]
July 29th 2022 Week In Review: Intergalactic Planetary Phishing, ISOs & LNKs, Ransomware & Extortion
In this week’s review: IPFS The New Hotbed of Phishing How Threat Actors Are Adapting to a Post-Macro World Palo Alto 2022 Incident Response […]
July 22nd 2022 CTP Week in Review: RIP Macros, Bad Luck BlackCat, Mr. Eagle
In this week’s review: Microsoft resumes default blocking of Office macros after updating docs https://docs.microsoft.com/en-us/deployoffice/security/internet-macros-blocked A potentially dangerous macro has been blocked BlackCat ransomware […]
July 15th 2022 CTP Week in Review: Macros, Coin Miners, Rustomware, Cookie Phishing
In this week’s review: Microsoft DOES plan to work on blocking internet macros by default in Office, their pause is apparently temporary The DFIR […]
July 1st 2022 CTP Week in Review: LNK Malware – LockBit 3.0 Bug Bounty – PwnKit Exploitation In The Wild
In this week’s review Rise of LNK (Shortcut files) Malware LockBit 3.0 Released Now With Bug Bounty Program CISA Says PwnKit Exploited in the Wild […]
June 24th 2022 CTP Week In Review: DFSCoerce, Ransomware in OneDrive & PowerShell Forever
In this week’s review: New NTLM Relaying Attack via DFSCoerce Ransomware Potential for OneDrive & SharePoint Files Keeping PowerShell: Security Measures to Use and Embrace […]
June 17th 2022 CTP Week In Review: BlackCat – LockBit 2.0 – Saitama DNS Tunneling – Exposed Travis CI Logs
In this week’s review: The rise of BlackCat (ALPHV) ransomware Microsoft Analysis of BlackCat AdvIntel Analysis of BlackCat Ransomware Group Debuts Searchable Victim Data LockBit […]
June 10th 2022 CTP Week in Review: Dogwalk – Qakbot – Follina – ESXi Ransomware
In this week’s review: A DFIR Report with no Ransomware and no Cobalt Strike Path Traversal & MOTW Bypass – DIAGCAB Windows Zero-day aka “Dogwalk” […]