Fake DDoS Extortions Continue. Please Forward Us Any Threats You Have Received., (Fri, Jun 23rd)

We do continue to receive reports about DDoS extortion e-mail. These e-mails are essentially spammed to the owners of domains based on whois records. They claim to originate from well-known hacker groups like Anonymous who have been known to launch DDoS attacks in the past. These e-mails essentially use the notoriety of the groups name to make the threat sound more plausible. But there is no evidence that these threats originate from these groups, and so far we have not seen a single case of a DDoS being launched after a victim received these e-mails. So no reason to pay :)

Posted on: 23 June 2017 | 6:24 am

ISC Stormcast For Friday, June 23rd 2017 https://isc.sans.edu/podcastdetail.html?id=5556, (Fri, Jun 23rd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted on: 22 June 2017 | 8:35 pm

ISC Stormcast For Thursday, June 22nd 2017 https://isc.sans.edu/podcastdetail.html?id=5554, (Thu, Jun 22nd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted on: 22 June 2017 | 6:17 am

Obfuscating without XOR, (Thu, Jun 22nd)

Malicious files are generated and spread over the wild Internet daily (read: hourly). The goal of the attackers is to use files that are:

Posted on: 22 June 2017 | 1:48 am

It has been a month and a bit how is your new patching program holding up?, (Wed, Jun 21st)

Last months entertainment for many of us was of course the wannacray ms17-010 update. For some of you it was a relaxing time just like any other month. Unfortunately for the rest of us it was a rather busy period trying to patch systems that in some cases had not been patched in months or even years. Others discovered that whilst security teams have been saying you want to open what port to the internet? firewall rules were approved allowing port 445 and in other cases even 139. Another group of users discovered that the firewall that used to be enabled on their laptop was no longer enabled whilst connected to the internet. Anyway, that was last month. On the back of it we all made improvements to our vulnerability management processes. You did, right?

Posted on: 21 June 2017 | 8:57 am

ISC Stormcast For Wednesday, June 21st 2017 https://isc.sans.edu/podcastdetail.html?id=5552, (Wed, Jun 21st)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted on: 20 June 2017 | 8:40 pm

Windows Error Reporting: DFIR Benefits and Privacy Concerns, (Tue, Jun 20th)

This please let us know.

Posted on: 20 June 2017 | 8:00 am

ISC Stormcast For Tuesday, June 20th 2017 https://isc.sans.edu/podcastdetail.html?id=5550, (Tue, Jun 20th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Posted on: 19 June 2017 | 7:45 pm

As Your Admin Walks Out the Door .., (Mon, Jun 19th)

One of our readers (thanks Gebhard) mailed us a link to an article on what the press is apparently now calling a Revenge Wipe - a system administrator who has left the organization, and as a last hurrah, deletes or locks out various system or infrastructure components.

Posted on: 19 June 2017 | 7:40 pm