Handler on Duty: Didier Stevens
Threat Level: green
Renato Marinho Diaries
- Microsoft August 2024 Patch Tuesday
- Microsoft May 2024 Patch Tuesday
- Microsoft February 2024 Patch Tuesday
- Microsoft September 2023 Patch Tuesday
- Microsoft August 2023 Patch Tuesday
- Microsoft May 2023 Patch Tuesday
- Guildma is now abusing colorcpl.exe LOLBIN
- Microsoft April 2023 Patch Tuesday
- Microsoft March 2023 Patch Tuesday
- Microsoft January 2023 Patch Tuesday
- Microsoft December 2022 Patch Tuesday
- Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines
- Microsoft November 2022 Patch Tuesday
- Microsoft September 2022 Patch Tuesday
- Microsoft August 2022 Patch Tuesday
- Microsoft July 2022 Patch Tuesday
- Microsoft June 2022 Patch Tuesday
- Translating Saitama's DNS tunneling messages
- Microsoft May 2022 Patch Tuesday
- WSO2 RCE exploited in the wild
- Microsoft April 2022 Patch Tuesday
- Microsoft March 2022 Patch Tuesday
- Microsoft February 2022 Patch Tuesday
- Attackers are abusing MSBuild to evade defenses and implant Cobalt Strike beacons
- Example of how attackers are trying to push crypto miners via Log4Shell
- Log4j 2.15.0 and previously suggested mitigations may not be enough
- Microsoft December 2021 Patch Tuesday
- Log4Shell exploited to implant coin miners
- Microsoft November 2021 Patch Tuesday
- Microsoft October 2021 Patch Tuesday
- Microsoft September 2021 Patch Tuesday
- Microsoft August 2021 Patch Tuesday
- Microsoft July 2021 Patch Tuesday
- Microsoft June 2021 Patch Tuesday
- Guildma is now using Finger and Signed Binary Proxy Execution to evade defenses
- Microsoft May 2021 Patch Tuesday
- Microsoft March 2021 Patch Tuesday
- Microsoft February 2021 Patch Tuesday
- Microsoft January 2021 Patch Tuesday
- Microsoft November 2020 Patch Tuesday
- Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
- Microsoft October 2020 Patch Tuesday
- Microsoft September 2020 Patch Tuesday
- Microsoft August 2020 Patch Tuesday
- Microsoft July 2020 Patch Tuesday - Patch Now!
- F5 BigIP vulnerability exploitation followed by a backdoor implant attempt
- Microsoft June 2020 Patch Tuesday
- Microsoft May 2020 Patch Tuesday
- Microsoft April 2020 Patch Tuesday
- Microsoft Patch Tuesday for February 2020
- Citrix ADC Exploits Update
- Microsoft December 2019 Patch Tuesday
- Microsoft October 2019 Patch Tuesday
- Microsoft September 2019 Patch Tuesday
- Guildma malware is now accessing Facebook and YouTube to keep up-to-date
- GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
- Microsoft May 2019 Patch Tuesday
- Vulnerable Apache Jenkins exploited in the wild
- Microsoft April 2019 Patch Tuesday
- Microsoft March 2019 Patch Tuesday
- Microsoft February 2019 Patch Tuesday
- Enriching Radare2 and x64dbg malware analysis with statically decoded strings
- Criminals Don't Read Instructions or Use Strong Passwords
- Silently Profiling Unknown Malware Samples
- WebLogic Exploited in the Wild (Again)
- Cisco Smart Install vulnerability exploited in the wild
- ARP Spoofing in 2018: are you protected?
- Apache SOLR: the new target for cryptominers
- Statically Unpacking a Brazilian Banker Malware
- Campaign is using a recently released WebLogic exploit to deploy a Monero miner
- Phishing campaign uses old ".bat" script to spread banking malware - and it is flying under the radar
- "Catch-All" Google Chrome Malicious Extension Steals All Posted Data
- Baselining Servers to Detect Outliers
- XPCTRA Malware Steals Banking and Digital Wallet User's Credentials
- Ongoing Ykcol (Locky) campaign
- Second Google Chrome Extension Banker Malware in Two Weeks
- EngineBox Malware Supports 10+ Brazilian Banks
- (Banker(GoogleChromeExtension)).targeting("Brazil")
- SMBLoris - the new SMB flaw
- Uber drivers new threat: the "passenger"
- Black Hat is coming and with it a good reason to update your "Broadcom-based" devices
- SMS Phishing induces victims to photograph its own token card
- July's Microsoft Patch Tuesday
- DDoS Extortion E-mail: Yet Another Bluff?
- Windows Error Reporting: DFIR Benefits and Privacy Concerns
- Exploring a P2P Transient Botnet - From Discovery to Enumeration
- A very convincing Typosquatting + Social Engineering campaign is targeting Santander corporate customers in Brazil