Date Author Title
2025-04-02Guy BruneauExploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary]
2025-03-31Johannes UllrichApple Patches Everything: March 31st 2025 Edition
2025-03-26Jesse La Grew[Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
2025-03-11Johannes UllrichApple Fixes Exploited WebKit Vulnerability in iOS, MacOS, visionOS and Safari
2024-12-11Johannes UllrichApple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
2024-10-28Johannes UllrichApple Updates Everything
2024-10-07Xavier MertensmacOS Sequoia: System/Network Admins, Hold On!
2024-07-30Johannes UllrichApple Patches Everything. July 2024 Edition
2024-07-10Jesse La GrewFinding Honeypot Data Clusters Using DBSCAN: Part 1
2024-01-22Johannes UllrichApple Updates Everything - New 0 Day in WebKit
2024-01-19Xavier MertensmacOS Python Script Replacing Wallet Applications with Rogue Apps
2023-12-11Johannes UllrichApple Patches Everything
2023-09-26Johannes UllrichApple Releases MacOS Sonoma Including Numerous Security Patches
2023-09-11Johannes UllrichApple fixes 0-Day Vulnerability in Older Operating Systems
2023-09-07Johannes UllrichApple Releases iOS/iPadOS 16.6.1, macOS 13.5.2, watchOS 9.6.2 fixing two zeroday vulnerabilities
2023-08-26Xavier MertensmacOS: Who?s Behind This Network Connection?
2023-06-22Johannes UllrichApple Patches Exploited Vulnerabilities in iOS/iPadOS, macOS, watchOS and Safari
2023-04-07Johannes UllrichApple Patching Two 0-Day Vulnerabilities in iOS and macOS
2023-03-27Johannes UllrichApple Updates Everything (including Studio Display)
2022-07-26Xavier MertensHow is Your macOS Security Posture?
2022-07-20Johannes UllrichApple Patches Everything Day
2022-04-20Brad Duncan"aa" distribution Qakbot (Qbot) infection with DarkVNC traffic
2022-03-31Johannes UllrichApple Patches Actively Exploited Vulnerability in macOS, iOS and iPadOS,
2022-03-25Xavier MertensXLSB Files: Because Binary is Stealthier Than XML
2022-03-14Johannes UllrichApple Updates Everything: MacOS 12.3, XCode 13.3, tvOS 15.4, watchOS 8.5, iPadOS 15.4 and more
2022-02-10Johannes UllrichiOS/iPadOS and MacOS Update: Single WebKit 0-Day Vulnerability Patched
2022-01-27Johannes UllrichApple Patches Everything
2022-01-22Xavier MertensMixed VBA & Excel4 Macro In a Targeted Excel Sheet
2021-12-28Russ McReeLotL Classifier tests for shells, exfil, and miners
2021-12-20Jan KoprivaPowerPoint attachments, Agent Tesla and code reuse in malware
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-09-23Xavier MertensExcel Recipe: Some VBA Code with a Touch of Excel4 Macro
2021-09-01Brad DuncanSTRRAT: a Java-based RAT that doesn't care if you have Java
2021-08-06Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-04-23Xavier MertensMalicious PowerPoint Add-On: "Small Is Beautiful"
2021-03-12Guy BruneauMicrosoft DHCP Logs Shipped to ELK
2021-03-03Brad DuncanQakbot infection with Cobalt Strike
2021-02-25Daniel WesemannForensicating Azure VMs
2021-02-23Jan KoprivaQakbot in a response to Full Disclosure post
2021-02-05Xavier MertensVBA Macro Trying to Alter the Application Menus
2021-02-03Brad DuncanExcel spreadsheets push SystemBC malware
2021-02-02Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-20Brad DuncanQakbot activity resumes after holiday break
2021-01-14Bojan ZdrnjaDynamically analyzing a heavily obfuscated Excel 4 macro malicious file
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2020-12-22Xavier MertensMalware Victim Selection Through WiFi Identification
2020-12-09Brad DuncanRecent Qakbot (Qbot) activity
2020-11-20Xavier MertensMalicious Python Code and LittleSnitch Detection
2020-11-09Xavier MertensHow Attackers Brush Up Their Malicious Scripts
2020-10-26Didier StevensExcel 4 Macros: "Abnormal Sheet Visibility"
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-23Xavier MertensMalicious Word Document with Dynamic Content
2020-09-18Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-09-10Brad DuncanRecent Dridex activity
2020-09-09Johannes UllrichA First Look at macOS 11 Big Sur Network Traffic (New! Now with more GREASE!)
2020-08-26Xavier MertensMalicious Excel Sheet with a NULL VT Score
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-08-06Xavier MertensA Fork of the FTCode Powershell Ransomware
2020-08-03Xavier MertensPowershell Bot with Multiple C2 Protocols
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-11Guy BruneauVMware XPC Client validation privilege escalation vulnerability - https://www.vmware.com/security/advisories/VMSA-2020-0017.html
2020-07-10Brad DuncanExcel spreasheet macro kicks off Formbook infection
2020-07-04Russ McReeHappy FouRth of July from the Internet Storm Center
2020-06-12Xavier MertensMalicious Excel Delivering Fileless Payload
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-06-01Didier StevensXLMMacroDeobfuscator: An Update
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-05Guy BruneauMaldoc XLS Invoice with Excel 4 Macros
2020-03-29Didier StevensObfuscated Excel 4 Macros
2020-03-18Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-03-09Didier StevensMalicious Spreadsheet With Data Connection and Excel 4 Macros
2020-03-06Xavier MertensA Safe Excel Sheet Not So Safe
2020-02-24Didier StevensMaldoc: Excel 4 Macros and VBA, Devil and Angel?
2020-02-23Didier StevensMaldoc: Excel 4 Macros in OOXML Format
2020-02-21Xavier MertensQuick Analysis of an Encrypted Compound Document Format
2020-01-22Brad DuncanGerman language malspam pushes Ursnif
2020-01-09Xavier MertensQuick Analyzis of a(nother) Maldoc
2019-12-11Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-12-04Jan KoprivaAnalysis of a strangely poetic malware
2019-10-02Brad DuncanA recent example of Emotet malspam
2019-09-26Rob VandenBrinkMining MAC Address and OUI Information
2019-09-18Brad DuncanEmotet malspam is back
2019-07-08Didier StevensMachine Code? No!
2019-07-04Didier StevensMachine Code?
2019-06-18Brad DuncanMalspam with password-protected Word docs pushing Dridex
2019-03-17Didier StevensVideo: Maldoc Analysis: Excel 4.0 Macro
2019-03-16Didier StevensMaldoc: Excel 4.0 Macros
2019-03-13Brad DuncanMalspam pushes Emotet with Qakbot as the follow-up malware
2019-01-24Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-11-27Xavier MertensMore obfuscated shell scripts: Fake MacOS Flash update
2018-11-15Brad DuncanEmotet infection with IcedID banking Trojan
2018-11-04Pasquale StirparoBeyond good ol' LaunchAgent - part 1
2018-10-21Pasquale StirparoBeyond good ol’ LaunchAgent - part 0
2018-08-24Xavier MertensMicrosoft Publisher Files Delivering Malware
2018-06-29Remco VerhoefCrypto community target of MacOS malware
2018-05-25Xavier MertensAntivirus Evasion? Easy as 1,2,3
2018-05-23Remco VerhoefTrack naughty and nice binaries with Google Santa
2018-05-01Xavier MertensDiving into a Simple Maldoc Generator
2017-12-19Xavier MertensExample of 'MouseOver' Link in a Powerpoint File
2017-12-16Xavier MertensMicrosoft Office VBA Macro Obfuscation via Metadata
2017-11-15Xavier MertensIf you want something done right, do it yourself!
2017-09-19Jim ClausingNew tool: mac-robber.py
2017-02-26Guy BruneauIt is Tax Season - Watch out for Suspicious Attachment
2016-09-30Xavier MertensAnother Day, Another Malicious Behaviour
2015-02-19Daniel WesemannMacros? Really?!
2014-01-24Chris MohanSecurity Update for OS X for CVE-2014-1252 http://support.apple.com/kb/HT6117
2013-12-17Adrien de BeaupreApple security updates Mac OS X and Safari
2013-10-22Richard PorterGreenbone and OpenVAS Scanner
2013-10-02John BambenekObamacare related domain registration spike, Government shutdown domain registration beginning
2013-09-10Swa FrantzenMacs need to patch too!
2013-08-09Kevin ShorttCopy Machines - Changing Scanned Content
2013-03-02Scott FendleyApple Blocks Older Insecure Versions of Flash Player
2012-07-05Adrien de BeaupreNew OS X trojan backdoor MaControl variant reported
2012-05-05Tony CarothersVulnerability Exploit for Snow Leopard
2012-04-12Guy BruneauApple Java Updates for Mac OS X
2012-02-24Guy BruneauFlashback Trojan in the Wild
2012-02-04Scott FendleyApple Security Advisory 2012-001 v1.1
2011-08-05donald smithNew Mac Trojan: BASH/QHost.WB
2011-06-23Jim ClausingApple Security Updates 2011-004
2011-06-15Pedro BuenoHit by MacDefender, Apple Web Security (name your Mac FakeAV here)...
2011-05-26Swa FrantzenMacDefender ups the ante with removing the password need for installation
2011-05-06Richard PorterUnpatched Exploit: Skype for MAC
2010-11-16Guy BruneauMac OS X Server v10.6.5 (10H575) Security Update: http://support.apple.com/kb/HT4452
2010-06-17Deborah HaleDigital Copy Machines - Security Risk?
2010-06-15Manuel Humberto Santander PelaezApple releases advisory for Mac OS X - Multiple vulnerabilities discovered
2010-03-29Adrien de BeaupreAPPLE-SA-2010-03-29-1 Security Update 2010-002 / Mac OS X v10.6.3
2010-02-05Jim ClausingMemory Analysis - time to move beyond XP
2010-01-12Adrien de BeauprePoC for CVE-2009-0689 MacOS X 10.5/10.6 vulnerability
2009-12-07Rob VandenBrinkLayer 2 Network Protections – reloaded!
2009-11-09Guy BruneauApple Security Update 2009-006 for Mac OS X v10.6.2
2009-01-24Pedro BuenoIdentifying and Removing the iWork09 Trojan
2008-07-17Mari NicholsFirefox Releases 3.0.1 and fixes 3 security vulnerabilities
2008-04-30Bojan Zdrnja(Minor) evolution in Mac DNS changer malware
2008-04-02Adrien de BeaupreWhen is a DMG file not a DMG file
2006-12-12Swa FrantzenMicrosoft Office 2004 - Mac OS X updated
2006-11-29Toby KohlenbergNew Vulnerability Announcement and patches from Apple