Date Author Title
2025-01-13Johannes UllrichHikvision Password Reset Brute Forcing
2024-11-06Jesse La Grew[Guest Diary] Insights from August Web Traffic Surge
2024-10-31Guy BruneauOctober 2024 Activity with Username chenzilong
2024-10-16Johannes UllrichThe Top 10 Not So Common SSH Usernames and Passwords
2024-08-22Johannes UllrichOpenAI Scans for Honeypots. Artificially Malicious? Action Abuse?
2024-08-07Guy BruneauSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary]
2024-07-13Didier Stevens16-bit Hash Collisions in .xls Spreadsheets
2024-06-26Guy BruneauWhat Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary]
2024-02-28Johannes UllrichExploit Attempts for Unknown Password Reset Vulnerability
2024-01-17Jesse La GrewNumber Usage in Passwords
2024-01-06Xavier MertensAre you sure of your password?
2023-10-29Guy BruneauSpam or Phishing? Looking for Credentials & Passwords
2023-10-15Guy BruneauDomain Name Used as Password Captured by DShield Sensor
2023-09-29Xavier MertensAre You Still Storing Passwords In Plain Text Files?
2023-09-05Jesse La GrewCommon usernames submitted to honeypots
2023-09-02Jesse La GrewWhat is the origin of passwords submitted to honeypots?
2023-08-10Bojan ZdrnjaSome things never change ? such as SQL Authentication ?encryption?
2023-08-04Xavier MertensAre Leaked Credentials Dumps Used by Attackers?
2023-06-23Xavier MertensWord Document with an Online Attached Template
2023-06-05Johannes UllrichBrute Forcing Simple Archive Passwords
2023-05-04Xavier MertensInfostealer Embedded in a Word Document
2023-04-19Rob VandenBrinkTaking a Bite Out of Password Expiry Helpdesk Calls
2023-02-18Guy BruneauSpear Phishing Handlers for Username/Password
2022-09-16Didier StevensWord Maldoc With CustomXML and Renamed VBAProject.bin
2022-09-15Xavier MertensMalicious Word Document with a Frameset
2022-09-10Guy BruneauPhishing Word Documents with Suspicious URL
2022-08-13Guy BruneauPhishing HTML Attachment as Voicemail Audio Transcription
2022-06-12Didier StevensQuickie: Follina, RTF & Explorer Preview Pane
2022-06-06Didier Stevens"ms-msdt" RTF Maldoc Analysis: oledump Plugins
2022-06-05Didier StevensAnalysis Of An "ms-msdt" RTF Maldoc
2022-05-30Xavier MertensNew Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme (CVE-2022-30190)
2022-05-17Xavier MertensUse Your Browser Internal Password Vault... or Not?
2022-05-09Xavier MertensOctopus Backdoor is Back with a New Embedded Obfuscated Bat File
2022-04-24Didier StevensAnalyzing a Phishing Word Document
2022-04-04Johannes UllrichEmptying the Phishtank: Are WordPress sites the Mosquitoes of the Internet?
2022-03-10Xavier MertensCredentials Leaks on VirusTotal
2022-02-22Xavier MertensA Good Old Equation Editor Vulnerability Delivering Malware
2022-02-13Guy BruneauDHL Spear Phishing to Capture Username/Password
2022-02-02Johannes UllrichFinding elFinder: Who is looking for your files?
2021-12-02Brad DuncanTA551 (Shathak) pushes IcedID (Bokbot)
2021-11-30Johannes UllrichHunting for PHPUnit Installed via Composer
2021-11-15Rob VandenBrinkChanging your AD Password Using the Clipboard - Not as Easy as You'd Think!
2021-08-06Xavier MertensMalicious Microsoft Word Remains A Key Infection Vector
2021-05-14Xavier Mertens"Open" Access to Industrial Systems Interface is Also Far From Zero
2021-04-24Guy BruneauBase64 Hashes Used in Web Scanning
2021-02-19Xavier MertensDynamic Data Exchange (DDE) is Back in the Wild?
2021-02-02Xavier MertensNew Example of XSL Script Processing aka "Mitre T1220"
2021-01-28Daniel WesemannEmotet vs. Windows Attack Surface Reduction
2021-01-26Brad DuncanTA551 (Shathak) Word docs push Qakbot (Qbot)
2021-01-24Didier StevensVideo: Doc & RTF Malicious Document
2021-01-23Didier StevensCyberChef: Analyzing OOXML Files for URLs
2021-01-13Brad DuncanHancitor activity resumes after a hoilday break
2021-01-10Didier StevensMaldoc Analysis With CyberChef
2021-01-09Didier StevensMaldoc Strings Analysis
2021-01-06Johannes UllrichScans for Zyxel Backdoors are Commencing.
2020-12-24Xavier MertensMalicious Word Document Delivering an Octopus Backdoor
2020-10-14Brad DuncanMore TA551 (Shathak) Word docs push IcedID (Bokbot)
2020-09-18Xavier MertensA Mix of Python & VBA in a Malicious Word Document
2020-08-19Xavier MertensExample of Word Document Delivering Qakbot
2020-08-07Brad DuncanTA551 (Shathak) Word docs push IcedID (Bokbot)
2020-07-26Didier StevensCracking Maldoc VBA Project Passwords
2020-07-15Brad DuncanWord docs with macros for IcedID (Bokbot)
2020-07-13Didier StevensVBA Project Passwords
2020-06-10Brad DuncanJob application-themed malspam pushes ZLoader
2020-05-20Brad DuncanMicrosoft Word document with malicious macro pushes IcedID (Bokbot)
2020-04-06Didier StevensPassword Protected Malicious Excel Files
2020-03-18Brad DuncanTrickbot gtag red5 distributed as a DLL file
2020-01-22Brad DuncanGerman language malspam pushes Ursnif
2019-12-11Brad DuncanGerman language malspam pushes yet another wave of Trickbot
2019-11-01Didier StevensTip: Password Managers and 2FA
2019-10-02Brad DuncanA recent example of Emotet malspam
2019-09-18Brad DuncanEmotet malspam is back
2019-07-18Xavier MertensMalicious PHP Script Back on Stage?
2019-06-10Xavier MertensInteresting JavaScript Obfuscation Example
2019-01-24Brad DuncanMalspam with Word docs uses macro to run Powershell script and steal system data
2018-12-18Brad DuncanMalspam links to password-protected Word docs that push IcedID (Bokbot)
2018-12-17Didier StevensPassword Protected ZIP with Maldoc
2018-11-15Brad DuncanEmotet infection with IcedID banking Trojan
2018-10-26Xavier MertensDissecting Malicious Office Documents with Linux
2018-08-22Deborah HaleEmail/password Frustration
2018-07-12Johannes UllrichNew Extortion Tricks: Now Including Your Password!
2018-06-13Xavier MertensA Bunch of Compromized Wordpress Sites
2018-01-09Jim ClausingAre you watching for brute force attacks on IPv6?
2017-11-28Xavier MertensApple High Sierra Uses a Passwordless Root Account
2017-11-07Xavier MertensInteresting VBA Dropper
2017-08-17Xavier MertensMaldoc with auto-updated link
2017-05-17Richard PorterWait What? We don?t have to change passwords every 90 days?
2017-05-05Xavier MertensHTTP Headers... the Achilles' heel of many applications
2017-04-26Johannes UllrichIf there are some unexploited MSSQL Servers With Weak Passwords Left: They got you now (again)
2017-04-23Didier StevensMalicious Documents: A Bit Of News
2017-04-10Didier StevensPassword History: Insights Shared by a Reader
2017-02-07Johannes UllrichMy Password is [taco] Using Emojis for Stronger Passwords
2017-02-04Xavier MertensDetecting Undisclosed Vulnerabilities with Security Tools & Features
2016-12-07Xavier MertensThe Passwords You Should Never Use
2016-09-15Xavier MertensIn Need of a OTP Manager Soon?
2016-07-21Didier StevensPractice ntds.dit File
2016-06-20Xavier MertensUsing Your Password Manager to Monitor Data Leaks
2015-12-06Mark HofmanMalware SPAM a new run has started.
2015-06-26Daniel WesemannCisco default credentials - again!
2015-05-09Didier StevensMalicious Word Document: This Time The Maldoc Is A MIME File
2015-03-13Guy BruneauBlind SQL Injection against WordPress SEO by Yoast
2015-02-20Tom WebbFast analysis of a Tax Scam
2014-11-20Johannes UllrichCritical WordPress XSS Update
2014-09-19Guy BruneauAdded today in oclhashcat 131 Django [Default Auth] (PBKDF2 SHA256 Rounds Salt) Support - http://hashcat.net/hashcat/
2014-08-22Richard PorterOCLHashCat 1.30 Released
2014-08-06Johannes UllrichAll Passwords have been lost: What's next?
2014-07-22Daniel Wesemann WordPress brute force attack via wp.getUsersBlogs
2014-06-19Tony CarothersWordPress and Security
2014-05-22Rob VandenBrinkAnother Site Breached - Time to Change your Passwords! (If you can that is)
2014-03-14Richard PorterWord Press Shenanigans? Anyone seeing strange activity today?
2014-03-12Johannes UllrichWordpress "Pingback" DDoS Attacks
2013-11-22Rick WannerTales of Password Reuse
2013-07-21Guy BruneauUbuntu Forums Security Breach
2013-06-11Swa FrantzenStore passwords the right way in your application
2013-05-14Jim ClausingSo what passwords are those ssh scanners trying?
2013-03-18Kevin ShorttCisco IOS Type 4 Password Issue: http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20130318-type4
2013-01-18Russ McReeInteresting reads for Friday 18 JAN 2013
2013-01-04Daniel WesemannBlue for Reset?
2012-11-15Jim ClausingAnother month another password disclosure breach
2012-07-16Jim ClausingAn analysis of the Yahoo! passwords
2012-06-06Jim ClausingPotential leak of 6.5+ million LinkedIn password hashes
2012-05-22Johannes Ullrichnmap 6 released
2012-04-21Guy BruneauWordPress Release Security Update
2012-01-05Russ McReeWordPress 3.3.1 fixes 15 issues with WordPress 3.3 including XSS. Download 3.3.1 or visit Dashboard --> Updates in your site admin panel.
2012-01-03Rick WannerAnalysis of the Stratfor Password List
2011-10-10Tom ListonWhat's In A Name?
2011-08-10Johannes UllrichTheoretical and Practical Password Entropy
2011-06-30Guy BruneauWordPress 3.1.4 Security Update - http://wordpress.org/news/2011/06/wordpress-3-1-4/
2011-06-28Johannes UllrichHashing Passwords
2011-06-22Guy BruneauWordPress Forces Password Reset
2011-05-30Johannes UllrichAllied Telesis Passwords Leaked
2011-04-18John BambenekWordpress.com Security Breach
2011-02-08Mark HofmanWordPress 3.0.5 (and 3.1 RC4) are out
2010-12-30Johannes UllrichCritcal Wordpress Security Update http://wordpress.org/news/2010/12/3-0-4-update/
2010-12-28John BambenekMozilla Notifies of Relatively Minor Security Breach
2010-12-15Manuel Humberto Santander PelaezHP StorageWorks P2000 G3 MSA hardcoded user
2010-12-13Deborah HaleGawker Media Breach of Security
2010-12-02Kevin JohnsonSQL Injection: Wordpress 3.0.2 released
2010-11-26Mark HofmanUsing password cracking as metric/indicator for the organisation's security posture
2010-08-27Mark HofmanFTP Brute Password guessing attacks
2010-05-19Kyle HaugsnessWordpress blog attacks... again
2010-05-10Toby KohlenbergAnother round of WordPress Attacks
2010-03-30Pedro BuenoSharing the Tools
2010-02-25Chris CarboniPass The Hash
2010-02-05Jim ClausingWordPress iframe injection?
2010-02-02Johannes UllrichTwitter Mass Password Reset due to Phishing
2009-12-04Daniel WesemannThe economics of security advice (MSFT research paper)
2009-11-30Bojan ZdrnjaDistributed Wordpress admin account cracking
2009-11-02Daniel WesemannPassword rules: Change them every 25 years
2009-10-23Johannes UllrichLittle new tool: reversing md5/sha1 hashes http://isc.sans.org/tools/reversehash.html
2009-10-21Pedro BuenoWordPress Hardening
2009-08-11Swa FrantzenWordpress unauthenticated administrator password reset
2008-11-11Swa FrantzenPhishing for Google adwords
2008-09-22Jim ClausingLessons learned from the Palin (and other) account hijacks
2008-09-09Swa Frantzenwordpress upgrade
2008-07-17Mari NicholsAdobe Reader 9 Released
2008-07-09Johannes UllrichUnpatched Word Vulnerability
2008-04-23Mari NicholsWhat's New, Old and Morphing?