SANS.edu Internet Storm Center
@sans_isc
@[email protected] - http://isc.sans.edu - Global Network Security Information Sharing Community -
At #SANSFIRE, SANS Social Reporter Rich Greene caught up with @sans_isc Handlers Jesse and Guy, who broke down how you can start contributing to threat intelligence—right from home. From spinning up honey pots on a Raspberry Pi to writing analysis diaries that might get…
SANS Stormcast Monday, July 28th, 2025: Linux Namespaces; UI Automation Abuse; Autoswagger isc.sans.edu/podcastdetail/…
Sinkholing Suspicious Scripts or Executables on Linux isc.sans.edu/diary/32144
SANS Stormcast Friday, July 25th, 2025: ficheck.py; Mital and SonicWall Patches isc.sans.edu/podcastdetail/…
SharePoint exploitation has now entered the parasitic phase. We are seeing hits to more then 100 distinct possible web shell URLs. Some of them may just be guesses, but a good part of them are likely webshells created by the Toolshell exploit over the last couple days.
New Tool: ficheck.py isc.sans.edu/diary/32136
SANS Stormcast Thursday, July 24th, 2025: Reversing SharePoint Exploit; NPM “is” Compromise; isc.sans.edu/podcastdetail/…
Analyzing Sharepoint Exploits (CVE-2025-53770, CVE-2025-53771) isc.sans.edu/diary/32138
SANS Stormcast Wednesday, July 23rd, 2025: Sharepoint 2016 Patch; MotW Privacy and WinZip; Interlock Ransomware; Sophos Patches isc.sans.edu/podcastdetail/…
WinRAR MoTW Propagation Privacy isc.sans.edu/diary/32130
Wireshark 4.4.8 Released isc.sans.edu/diary/32128
SANS Stormcast Tuesday, July 22nd, 2025: SharePoint Emergency Patches; How Long Does Patching Take; HPE Wifi Vuln; Zoho WorkDrive Abused isc.sans.edu/podcastdetail/…
How quickly do we patch? A quick look from the global viewpoint isc.sans.edu/diary/32126
SANS Stormcast Monday July 21st, 2025: Sharepoint Exploited; Veeam Fake Voicemail Phish; Passkey Phishing Attack isc.sans.edu/podcastdetail/…
Critical Sharepoint 0-Day Vulnerablity Exploited CVE-2025-53770 (ToolShell) isc.sans.edu/diary/32122
Veeam Phishing via Wav File isc.sans.edu/diary/32120
SANS Stormcast Friday, July 18th, 2025: Extended File Attributes; Critical Cisco ISE Patch; VMWare Patches; Quarterly Oracle Patches isc.sans.edu/podcastdetail/…
Hiding Payloads in Linux Extended File Attributes isc.sans.edu/diary/32116
SANS Stormcast Thursday, July 17th, 2025: catbox.moe abuse; Sonicwall Attacks; Rendering Issues isc.sans.edu/podcastdetail/…
More Free File Sharing Services Abuse isc.sans.edu/diary/32112
