SANS Database 2024 2024() 2023(26) 2022(52) 2021(93) 2020(1197) 2019(572) 2018(627) 2017(632) 2016(647) 2015(692) 2014(796) 2013(0) 2012(0)
DATE | NAME | CATEGORY | CATEG. | WEB |
15.9.24 | YARA 4.5.2 Release | YARA 4.5.2 was released with 3 small changes and 4 bugfixes. | SANS | |
15.9.24 | Finding Honeypot Data Clusters Using DBSCAN: Part 2 | In an earlier diary, I reviewed how using tools like DBSCAN can be useful to group similar data. I used DBSCAN to try and group similar commands submitted to Cowrie and URL paths submitted to the DShield web honeypot. | SANS | |
15.9.24 | Python Libraries Used for Malicious Purposes | Since I’m interested in malicious Python scripts, I found multiple samples that rely on existing libraries. | SANS | |
3.8.24 | Increased Activity Against Apache OFBiz CVE-2024-32113 | As part of its extensive project portfolio, the Apache Foundation supports OFBiz, a Java-based framework for creating ERP (Enterprise Resource Planning) applications. OFBiz appears to be far less prevalent than commercial alternatives. However, just as with any other ERP system, organizations rely on it for sensitive business data, and the security of these ERP systems is critical. | SANS | |
27.7.24 | ExelaStealer Delivered "From Russia With Love" | Some simple PowerShell scripts might deliver nasty content if executed by the target. I found a very simple one (with a low VT score of 8/65): | SANS | |
25.7.24 | "Mouse Logger" Malicious Python Script | Keylogging is a pretty common feature of many malware families because recording the key pressed on a keyboard may reveal a lot of interesting information like usernames, passwords, etc. | SANS | |
24.7.24 | New Exploit Variation Against D-Link NAS Devices (CVE-2024-3273) | In April, an OS command injection vulnerability in various D-Link NAS devices was made public [1]. The vulnerability, %%CVE:2024-3273%% was exploited soon after it became public. Many of the affected devices are no longer supported. | SANS |