xorsearch.py: Python Functions Didier s xorsearch tool now supports python functions to filter output https://isc.sans.edu/diary/xorsearch.py%3A%20Python%20Functions/31858 Pwn2Own Berlin 2025 Last weeks Pwn2Own contest in Berlin allowed researchers to demonstrate a number of new exploits with a large focus on privilege escalation and virtual machine escape. https://www.zerodayinitiative.com/blog/2025/5/17/pwn2own-berlin-2025-day-three-results Senior US Officials Impersonated in Read More
Web Scanning SonicWall for CVE-2021-20016 - Update Scans for SonicWall increased by an order of magnitude over the last couple of weeks. Many of the attacks appear to originate from Global Host , a low-cost virtual hosting provider. https://isc.sans.edu/diary/Web%20Scanning%20SonicWall%20for%20CVE-2021-20016%20-%20Update/31952 Google Update Patches Exploited Chrome Flaw Google released an update for Read More
Another day, another phishing campaign abusing google.com open redirects Google s links from it s maps page to hotel listings do suffer from an open redirect vulnerability that is actively exploited to direct users to phishing pages. https://isc.sans.edu/diary/Another%20day%2C%20another%20phishing%20campaign%20abusing%20google.com%20open%20redirects/31950 Adobe Patches Adobe patched 12 different applications. Of particular interest is the Read More
Tune in as John Moon, retired Assistant Chief of Pittsburgh E.M.S. and a former Freedom House Ambulance Service paramedic, shares the powerful story of Freedom House, the first Black-led EMS organization in the U.S. We learn how they revolutionized emergency medical services, providing critical care when it was desperately needed Read More
Tune in as John Moon, retired Assistant Chief of Pittsburgh E.M.S. and a former Freedom House Ambulance Service paramedic, shares the powerful story of Freedom House, the first Black-led EMS organization in the U.S. We learn how they revolutionized emergency medical services, providing critical care when it was desperately needed Read More
Send a textDr. Michael Koren shares exciting news about the revival of an oral COVID vaccine study previously halted by government spending cuts. The non-mRNA vaccine trial represents an important alternative approach that apparently received priority status even under strict budget reviews.• Oral COVID vaccine study in Jacksonville now actively Read More
Send a textUrologist and president of the Duval County Medical Society Dr. Ali Kasraeian joins Dr. Michael Koren to update us on recent advances in Urology. In Part 3 of this series, Dr. Koren and Dr. Kasraeian dive deep into the latest advancements in prostate cancer detection and treatment options. Read More
Microsoft Patch Tuesday Microsoft patched 70-78 vulnerabilities (depending on how you count them). Five of these vulnerabilities are already being exploited. In particular, a remote code execution vulnerability in the scripting engine should be taken seriously. It requires the Microsoft Edge browser to run in Internet Explorer mode. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20May%202025/31946 Security Read More
Most freight tech stacks are a tangled mess of tools that don’t talk to each other. Ezequiel Peralta, VP of Technology at SPI Logistics, is working to fix that. This episode strips away the hype and digs into what it really takes to build functional, secure, and scalable freight systems. Peralta Read More
Apple Updates Everything Apple patched all of its operating systems. This update ports a patch for a recently exploited vulnerability to older versions of iOS and macOS. https://isc.sans.edu/diary/31942 It Is 2025, And We Are Still Dealing With Default IoT Passwords And Stupid 2013 Router Vulnerabilities Versions of the Mirai botnet Read More
Send a textDr. Michael Koren shares insights from his recent speaking tour across Saudi Arabia where he delivered 14 lectures in 6 days to sophisticated healthcare providers eager for American medical research. His observations reveal surprising aspects of Saudi healthcare including English as the professional language, universal insurance coverage, and Read More
Steganography Challenge Didier revealed the solution to last weekend s cryptography challenge. The image used the same encoding scheme as Didier described before, but the columns and rows were transposed. https://isc.sans.edu/forums/diary/Steganography%20Challenge%3A%20My%20Solution/31912/ FBI Warns of End-of-life routers The FBI is tracking larger botnets taking advantage of unpatched routers. Many of these Read More
No Internet Access: SSH to the Rescue If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932 SAMSUNG magicINFO 9 Server Flaw Still exploitable The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last Read More
Welcome to Episode 401 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben Stegink and Scott Hoag dive into the intricacies of implementing Zero Trust principles within Microsoft 365 environments. They explore the foundational aspects of Zero Trust, starting with identity management and the importance of Entra ID. Read More
Example of Modular Malware Xavier analyzes modular malware that downloads DLLs from GitHub if specific features are required. In particular, the webcam module is inspected in detail. https://isc.sans.edu/diary/Example%20of%20%22Modular%22%20Malware/31928 Sysaid XXE Vulnerabilities IT Service Management Software Sysaid patched a number of XXE vulnerabilities. Without authentication, an attacker is able to obtain Read More
Our guest Kristal DeSantis is a Licensed Marriage and Family Therapist and the author of "STRONG: A Relationship Field Guide for the Modern Man." Her approach blends psychology, attachment theory, and practical strategies to help people build thriving relationships.We’ll explore the unique challenges first responders and military personnel encounter in Read More
Send a textUrologist and president of the Duval County Medical Society Dr. Ali Kasraeian joins Dr. Michael Koren to update us on recent advances in Urology. In Part 2 of this series, Dr. Koren and Dr. Kasraeian explore into the controversial history of PSA testing. Dr. Kasraeian explains how this Read More
Python InfoStealer with Embedded Phishing Webserver Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites. https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924 Android Update Fixes Freetype 0-Day Google released its monthly Android update. As part of the update, it patched a vulnerability Read More
Barges move over 70 percent of U.S. grain and can carry the equivalent of 4,000 truckloads with a single tugboat. Yet this massive freight channel has remained invisible to most supply chains due to outdated systems and zero visibility. In this episode, OpenTug CEO Jason Aristides shares how his team is Read More
Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399 The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far. https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920 Read More
