In diary entry “Formbook Delivered Through Multiple Scripts“, Xavier mentions that the following line: Nestlers= array(79+1,79,80+7,60+9,82,83,72,69,76,76) decodes to the string POWERSHELL. My tool numbers-to-hex.py is a tool that extracts numbers from text files, and converts them to hexadecimal. Like this: I can then use another tool, hex-to-bin.py to convert the hexadecimal numbers to binary, and […]
Google has disclosed that the company’s continued adoption of the Rust programming language in Android has resulted in the number of memory safety vulnerabilities falling below 20% of total vulnerabilities for the first time. “We adopted Rust for its security and are seeing a 1000x reduction in memory safety vulnerability density compared to Android’s C […]
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
Microsoft this week pushed security updates to fix more than 60 vulnerabilities in its Windows operating systems and supported software, including at least one zero-day bug that is already being exploited. Microsoft also fixed a glitch that prevented some Windows 10 users from taking advantage of an extra year of security updates, which is nice […]
Google will start taking action on Android apps in the official Google Play store that have high background activity and cause excessive battery draining. […] Read More
The finger.exe command is used in ClickFix attacks. finger is a very old UNIX command, that was converted to a Windows executable years ago, and is part of Windows since then. In the ClickFix attacks, it is used to retrieve a malicious script via the finger protocol. We wrote about finger.exe about 3 years ago: […]
The SANS Holiday Hack Challenge™ 2025 is available. (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More
Microsoft has confirmed it is investigating a bug causing the Windows 10 KB5068781 extended security update to fail to install with 0x800f0922 errors on devices with corporate licensing. […] Read More
The decades-old “finger” command is making a comeback,, with threat actors using the protocol to retrieve remote commands to execute on Windows devices. […] Read More