LEGAL THREAT SPAM |
| 2014-08-05 | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
LEGAL |
| 2014-08-05/a> | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
| 2009-04-03/a> | Johannes Ullrich | Cyber Security Act of 2009 |
| 2008-10-31/a> | Rick Wanner | Day 31 - Legal Awareness |
THREAT |
| 2025-03-12/a> | Guy Bruneau | File Hashes Analysis with Power BI from Data Stored in DShield SIEM |
| 2025-03-06/a> | Guy Bruneau | DShield Traffic Analysis using ELK |
| 2025-02-20/a> | Guy Bruneau | Using ES|QL in Kibana to Queries DShield Honeypot Logs |
| 2025-02-13/a> | Guy Bruneau | DShield SIEM Docker Updates |
| 2024-10-03/a> | Guy Bruneau | Kickstart Your DShield Honeypot [Guest Diary] |
| 2024-09-25/a> | Guy Bruneau | OSINT - Image Analysis or More Where, When, and Metadata [Guest Diary] |
| 2024-09-11/a> | Guy Bruneau | Hygiene, Hygiene, Hygiene! [Guest Diary] |
| 2024-09-04/a> | Guy Bruneau | Attack Surface [Guest Diary] |
| 2024-08-27/a> | Guy Bruneau | Vega-Lite with Kibana to Parse and Display IP Activity over Time |
| 2024-08-20/a> | Guy Bruneau | Mapping Threats with DNSTwist and the Internet Storm Center [Guest Diary] |
| 2024-08-07/a> | Guy Bruneau | Same Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary] |
| 2024-07-16/a> | Guy Bruneau | Who You Gonna Call? AndroxGh0st Busters! [Guest Diary] |
| 2024-06-26/a> | Guy Bruneau | What Setting Live Traps for Cybercriminals Taught Me About Security [Guest Diary] |
| 2024-06-13/a> | Guy Bruneau | The Art of JQ and Command-line Fu [Guest Diary] |
| 2024-05-30/a> | Xavier Mertens | Feeding MISP with OSSEC |
| 2024-05-28/a> | Guy Bruneau | Is that It? Finding the Unknown: Correlations Between Honeypot Logs & PCAPs [Guest Diary] |
| 2024-05-22/a> | Guy Bruneau | Analysis of ?redtail? File Uploads to ICS Honeypot, a Multi-Architecture Coin Miner [Guest Diary] |
| 2024-04-29/a> | Guy Bruneau | Linux Trojan - Xorddos with Filename eyshcjdmzg |
| 2024-04-07/a> | Guy Bruneau | A Use Case for Adding Threat Hunting to Your Security Operations Team. Detecting Adversaries Abusing Legitimate Tools in A Customer Environment. [Guest Diary] |
| 2023-02-04/a> | Guy Bruneau | Assemblyline as a Malware Analysis Sandbox |
| 2022-11-10/a> | Xavier Mertens | Do you collect "Observables" or "IOCs"? |
| 2022-01-29/a> | Guy Bruneau | SIEM In this Decade, Are They Better than the Last? |
| 2021-09-09/a> | Johannes Ullrich | Updates to Our Datafeeds/API |
| 2021-01-02/a> | Guy Bruneau | Protecting Home Office and Enterprise in 2021 |
| 2020-12-05/a> | Guy Bruneau | Is IP 91.199.118.137 testing Access to aahwwx.52host.xyz? |
| 2020-12-04/a> | Guy Bruneau | Detecting Actors Activity with Threat Intel |
| 2020-01-25/a> | Guy Bruneau | Is Threat Hunting the new Fad? |
| 2019-07-24/a> | Xavier Mertens | May People Be Considered as IOC? |
| 2018-11-20/a> | Xavier Mertens | Querying DShield from Cortex |
| 2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
| 2018-10-17/a> | Russ McRee | RedHunt Linux - Adversary Emulation, Threat Hunting & Intelligence |
| 2018-07-29/a> | Guy Bruneau | Using RITA for Threat Analysis |
| 2017-05-31/a> | Pasquale Stirparo | Analysis of Competing Hypotheses, WCry and Lazarus (ACH part 2) |
| 2017-05-28/a> | Pasquale Stirparo | Analysis of Competing Hypotheses (ACH part 1) |
| 2016-09-25/a> | Pasquale Stirparo | Defining Threat Intelligence Requirements |
| 2016-07-31/a> | Pasquale Stirparo | Sharing (intel) is caring... or not? |
| 2016-05-16/a> | Rick Wanner | An oldie but a goodie - 419 Death Scam |
| 2016-04-25/a> | Guy Bruneau | Highlights from the 2016 HPE Annual Cyber Threat Report |
| 2014-12-23/a> | John Bambenek | How I learned to stop worrying and love malware DGAs.... |
| 2014-08-05/a> | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
| 2014-08-04/a> | Russ McRee | Threats & Indicators: A Security Intelligence Lifecycle |
| 2014-02-19/a> | Russ McRee | Threat modeling in the name of security |
| 2013-02-14/a> | Adam Swanger | ISC Monthly Threat Update - February 2013 http://isc.sans.edu/podcastdetail.html?id=3121 |
| 2013-02-04/a> | Adam Swanger | SAN Securing The Human Monthly Awareness Video - Advanced Persistent Threat (APT) http://www.securingthehuman.org/resources/ncsam |
| 2013-01-10/a> | Adam Swanger | ISC Monthly Threat Update New Format |
| 2013-01-09/a> | Johannes Ullrich | New Format for Monthly Threat Update |
| 2012-12-03/a> | John Bambenek | John McAfee Exposes His Location in Photo About His Being on Run |
| 2012-11-29/a> | Kevin Shortt | New Apple Security Update: APPLE-SA-2012-11-29-1 Apple TV 5.1.1 |
| 2012-11-28/a> | Mark Hofman | McAfee releases extraDAT for W32/Autorun.worm.aaeb-h |
| 2012-11-28/a> | Mark Hofman | New version of wireshark is available (1.8.4), some security fixes included. |
| 2012-11-27/a> | Chris Mohan | Can users' phish emails be a security admin's catch of the day? |
| 2012-11-26/a> | John Bambenek | Online Shopping for the Holidays? Tips, News and a Fair Warning |
| 2012-11-20/a> | John Bambenek | Behind the Random NTP Bizarreness of Incorrect Year Being Set |
| 2012-11-20/a> | John Bambenek | Firefox v 17.0 just released, more here: http://www.mozilla.org/en-US/firefox/17.0/releasenotes/ |
| 2012-11-19/a> | John Bambenek | MoneyGram fined $100 million for aiding wire fraud - http://krebsonsecurity.com/2012/11/moneygram-fined-100-million-for-wire-fraud/ |
| 2012-11-19/a> | John Bambenek | New Poll: Top 5 Unresolved Security Problems of 2012 |
| 2012-11-17/a> | Manuel Humberto Santander Pelaez | New Sysinternal Updates: AdExplorer v1.44, Contig v1.7, Coreinfo v3.2, Procdump v5.1. See http://blogs.technet.com/b/sysinternals/archive/2012/11/16/updates-adexplorer-v1-44-contig-v1-7-coreinfo-v3-2-procdump-v5-1.aspx?Redirected=true |
| 2012-11-12/a> | John Bambenek | Request for info: Robocall Phishing Against Local/Regional Banks |
| 2012-11-09/a> | Mark Baggett | Remote Diagnostics with PSR |
| 2012-11-09/a> | Mark Baggett | Fresh batch of Microsoft patches next week |
| 2012-11-07/a> | Mark Baggett | Help eliminate unquoted path vulnerabilities |
| 2012-11-07/a> | Mark Baggett | Multiple 0-Days Reported! |
| 2012-11-07/a> | Mark Baggett | Cisco TACACS+ Authentication Bypass |
| 2012-11-05/a> | Johannes Ullrich | Reminder: Ongoing SMTP Brute Forcing Attacks |
| 2012-11-05/a> | Johannes Ullrich | Possible Fake-AV Ads from Doubleclick Servers |
| 2012-11-04/a> | Lorna Hutcheson | What's important on your network? |
| 2012-10-31/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 31 - Business Continuity and Disaster Recovery |
| 2012-10-30/a> | Johannes Ullrich | Hurricane Sandy Update |
| 2012-10-30/a> | Richard Porter | Splunk 5.0 SP-CAAAHB4 http://www.splunk.com/view/SP-CAAAHB4 |
| 2012-10-28/a> | Tony Carothers | Firefox 16.02 Released |
| 2012-10-26/a> | Russ McRee | Cyber Security Awareness Month - Day 26 - Attackers use trusted domain to propagate Citadel Zeus variant |
| 2012-10-25/a> | Richard Porter | Cyber Security Awareness Month - Day 25 - Pro Audio & Video Packets on the Wire |
| 2012-10-24/a> | Russ McRee | Ongoing Windstream outage in the midwest - https://twitter.com/search?q=windstream |
| 2012-10-21/a> | Lorna Hutcheson | Potential Phish for Regular Webmail Accounts |
| 2012-10-21/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 22: Connectors |
| 2012-10-19/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 19: Standard log formats and CEE. |
| 2012-10-18/a> | Rob VandenBrink | Cyber Security Awareness Month - Day 18 - Vendor Standards: The vSphere Hardening Guide |
| 2012-10-17/a> | Mark Hofman | New Acrobat release (including reader) available. Version 11. Some security improvements more here -->http://blogs.adobe.com/adobereader/ |
| 2012-10-16/a> | Richard Porter | CyberAwareness Month - Day 15, Standards Body Soup (pt2), Same Soup Different Cook. |
| 2012-10-16/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 16: W3C and HTML |
| 2012-10-14/a> | Pedro Bueno | Cyber Security Awareness Month - Day 14 - Poor Man's File Analysis System - Part 1 |
| 2012-10-09/a> | Johannes Ullrich | Microsoft October 2012 Black Tuesday Update - Overview |
| 2012-10-07/a> | Tony Carothers | Cyber Security Awareness Month - Day 7 - Rollup Review of CSAM Week 1 |
| 2012-10-05/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 5: Standards Body Soup, So many Flavors in the bowl. |
| 2012-10-05/a> | Richard Porter | VMWare Security Advisory: VMSA-2012-0014 - http://www.vmware.com/security/advisories/VMSA-2012-0014.html |
| 2012-10-05/a> | Richard Porter | Reports of a Distributed Injection Scan |
| 2012-10-04/a> | Mark Hofman | And the SHA-3 title goes to .....Keccak |
| 2012-10-02/a> | Russ McRee | Cyber Security Awareness Month - Day 2 - PCI Security Standard: Mobile Payment Acceptance Security Guidelines |
| 2012-10-01/a> | Johannes Ullrich | Cyber Security Awareness Month |
| 2012-09-28/a> | Joel Esler | Adobe certification revocation for October 4th |
| 2012-09-26/a> | Johannes Ullrich | Some Android phones can be reset to factory default by clicking on links |
| 2012-09-26/a> | Johannes Ullrich | More Java Woes |
| 2012-09-21/a> | Johannes Ullrich | iOS 6 Security Roundup |
| 2012-09-20/a> | Russ McRee | Flash Player update but no announcement, check your version http://www.adobe.com/software/flash/about/ |
| 2012-09-20/a> | Russ McRee | Apple and Cisco Security Advisories 19 SEP 2012 |
| 2012-09-20/a> | Russ McRee | Financial sector advisory: attacks and threats against financial institutions |
| 2012-09-19/a> | Russ McRee | Script kiddie scavenging with Shellbot.S |
| 2012-09-17/a> | Rob VandenBrink | What's on your iPad? |
| 2012-09-14/a> | Lenny Zeltser | Scam Report - Fake Voice Mail Email Notification Redirects to Malicious Site |
| 2012-09-13/a> | Mark Baggett | TCP Fuzzing with Scapy |
| 2012-09-13/a> | Mark Baggett | Microsoft disrupts traffic associated with the Nitol botnet |
| 2012-09-13/a> | Mark Baggett | More SSL trouble |
| 2012-09-10/a> | Johannes Ullrich | Microsoft Patch Tuesday Pre-Release |
| 2012-09-10/a> | Johannes Ullrich | Godaddy DDoS Attack |
| 2012-09-10/a> | donald smith | Blue Toad publishing co compromise lead to UDID release. http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week?lite |
| 2012-09-06/a> | Johannes Ullrich | SSL Requests sent to port 80 (request for help/input) |
| 2012-09-04/a> | Johannes Ullrich | Another round of "Spot the Exploit E-Mail" |
| 2012-09-02/a> | Lorna Hutcheson | Demonstrating the value of your Intrusion Detection Program and Analysts |
| 2012-09-01/a> | Russ McRee | Blackhole targeting Java vulnerability via fake Microsoft Services Agreement email phish |
| 2012-08-31/a> | Russ McRee | Not so fast: Java 7 Update 7 critical vulnerability discovered in less than 24 hours |
| 2012-08-30/a> | Johannes Ullrich | Editorial: The Slumlord Approach to Network Security http://isc.sans.edu/j/editorial |
| 2012-08-29/a> | Johannes Ullrich | "Data" URLs used for in-URL phishing |
| 2012-08-27/a> | Johannes Ullrich | The Good, Bad and Ugly about Assigning IPv6 Addresses |
| 2012-08-27/a> | Johannes Ullrich | Malware Spam harvesting Facebook Information |
| 2012-08-26/a> | Lorna Hutcheson | Who ya gonna contact? |
| 2012-08-22/a> | Adrien de Beaupre | Apple Remote Desktop update fixes no encryption issue |
| 2012-08-22/a> | Adrien de Beaupre | Phishing/spam via SMS |
| 2012-08-21/a> | Adrien de Beaupre | YYABCAFU - Yes Yet Another Bleeping Critical Adobe Flash Update |
| 2012-08-21/a> | Adrien de Beaupre | RuggedCom fails key management 101 on Rugged Operating System (ROS) |
| 2012-08-20/a> | Manuel Humberto Santander Pelaez | Do we need test procedures in our companies before implementing Antivirus signatures? |
| 2012-08-19/a> | Manuel Humberto Santander Pelaez | Authentication Issues between entities during protocol message exchange in SCADA Systems |
| 2012-08-12/a> | Tony Carothers | Oracle Security Alert for CVE-2012-3132 |
| 2012-08-12/a> | Tony Carothers | Layers of the Defense-in-Depth Onion |
| 2012-08-09/a> | Mark Hofman | Zeus/Citadel variant causing issues in the Netherlands |
| 2012-08-09/a> | Mark Hofman | SQL Injection Lilupophilupop style, Part 2 |
| 2012-08-07/a> | Adrien de Beaupre | Who protects small business? |
| 2012-08-04/a> | Kevin Liston | Vendors: More Patch-Release Options Please |
| 2012-07-27/a> | Daniel Wesemann | Cuckoo 0.4 is out - cool new features for malware analysis http://www.cuckoosandbox.org/ |
| 2012-07-24/a> | Richard Porter | Wireshark 1.8.1 Released http://www.wireshark.org/ |
| 2012-07-24/a> | Richard Porter | Report of spike in DNS Queries gd21.net |
| 2012-07-20/a> | Mark Baggett | Syria Internet connection cut? |
| 2012-07-19/a> | Mark Baggett | Diagnosing Malware with Resource Monitor |
| 2012-07-19/a> | Mark Baggett | A Heap of Overflows? |
| 2012-07-16/a> | Richard Porter | Sysinternals Update @ http://blogs.technet.com/b/sysinternals/archive/2012/07/16/updates-handle-v3-5-process-explorer-v15-22-process-monitor-v3-03-rammap-v1-21-zoomit-v4-3.aspx |
| 2012-07-13/a> | Richard Porter | Yesterday (not as on the ball as Rob) at SANSFire |
| 2012-07-13/a> | Russ McRee | 2 for 1: SANSFIRE & MSRA presentations |
| 2012-07-13/a> | Russ McRee | VMWare Security Advisory 12 JUL 2012 |
| 2012-07-13/a> | Russ McRee | Yahoo service SQL injection vuln leads to account exposure |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Multipoint Switch - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctms |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Recording Server - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctrs |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Immersive Endpoint Devices - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-cts |
| 2012-07-12/a> | Rick Wanner | Cisco Security Advisory: Multiple Vulnerabilities in Cisco TelePresence Manager - http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120711-ctsman |
| 2012-07-09/a> | Johannes Ullrich | The FBI will turn off the Internet on Monday (or not) |
| 2012-07-09/a> | Manuel Humberto Santander Pelaez | Internet Storm Center panel tonight at SANSFIRE 2012! |
| 2012-07-05/a> | Adrien de Beaupre | New OS X trojan backdoor MaControl variant reported |
| 2012-07-02/a> | Joel Esler | A rough guide to keeping your website up |
| 2012-07-02/a> | Joel Esler | Linux & Java leap second bug |
| 2012-06-29/a> | Jim Clausing | Updated SysInternals tools - Autoruns, Process Explorer, Process Monitor, PSKill -- http://blogs.technet.com/b/sysinternals/archive/2012/06/28/updates-autoruns-v11-32-process-explorer-v15-21-process-monitor-v3-02-pskill-v1-15-rammap-v1-2.aspx |
| 2012-06-28/a> | Chris Mohan | Massive spike in BGP traffic - Possible BGP poisoning? |
| 2012-06-21/a> | Russ McRee | Analysis of drive-by attack sample set |
| 2012-06-21/a> | Russ McRee | Wireshark 1.8.0 released 21 JUN 2012 http://www.wireshark.org/download.html |
| 2012-06-19/a> | Daniel Wesemann | Vulnerabilityqueerprocessbrittleness |
| 2011-11-19/a> | Pedro Bueno | Dragon Research Group (DRG) announced the white paper entitled "VNC: Threats and Countermeasures" : https://dragonresearchgroup.org/insight/vnc-tac.html |
| 2011-04-26/a> | John Bambenek | Is the Insider Threat Really Over? |
| 2010-07-07/a> | Kevin Shortt | Facebook, Facebook, What Do YOU See? |
| 2010-05-22/a> | Rick Wanner | SANS 2010 Digital Forensics Summit - APT Based Forensic Challenge |
| 2009-11-05/a> | Swa Frantzen | Insider threat: The snapnames case |
| 2009-09-27/a> | Stephen Hall | Use Emerging Threats signatures? READ THIS! |
| 2009-09-20/a> | Mari Nichols | Insider Threat and Security Awareness |
| 2009-01-25/a> | Rick Wanner | Twam?? Twammers? |
| 2008-12-25/a> | Maarten Van Horenbeeck | Christmas Ecard Malware |
| 2008-11-25/a> | Andre Ludwig | The beginnings of a collaborative approach to IDS |
| 2008-06-02/a> | Jim Clausing | Emergingthreats.net and ThePlanet |
SPAM |
| 2025-03-20/a> | Johannes Ullrich | Some new Data Feeds, and a little "incident". |
| 2024-12-31/a> | Xavier Mertens | No Holiday Season for Attackers |
| 2024-05-27/a> | Jan Kopriva | Files with TXZ extension used as malspam attachments |
| 2024-02-05/a> | Jesse La Grew | Public Information and Email Spam |
| 2024-01-03/a> | Jan Kopriva | Interesting large and small malspam attachments from 2023 |
| 2023-11-08/a> | Xavier Mertens | Example of Phishing Campaign Project File |
| 2023-10-29/a> | Guy Bruneau | Spam or Phishing? Looking for Credentials & Passwords |
| 2023-06-29/a> | Brad Duncan | GuLoader- or DBatLoader/ModiLoader-style infection for Remcos RAT |
| 2023-05-30/a> | Brad Duncan | Malspam pushes ModiLoader (DBatLoader) infection for Remcos RAT |
| 2023-04-12/a> | Brad Duncan | Recent IcedID (Bokbot) activity |
| 2023-01-19/a> | Jan Kopriva | SPF and DMARC use on 100k most popular domains |
| 2023-01-05/a> | Brad Duncan | More Brazil malspam pushing Astaroth (Guildma) in January 2023 |
| 2022-12-02/a> | Brad Duncan | obama224 distribution Qakbot tries .vhd (virtual hard disk) images |
| 2022-11-19/a> | Guy Bruneau | McAfee Fake Antivirus Phishing Campaign is Back! |
| 2022-10-15/a> | Guy Bruneau | Malware - Covid Vaccination Supplier Declaration |
| 2022-08-19/a> | Brad Duncan | Brazil malspam pushes Astaroth (Guildma) malware |
| 2022-07-07/a> | Brad Duncan | Emotet infection with Cobalt Strike |
| 2022-06-17/a> | Brad Duncan | Malspam pushes Matanbuchus malware, leads to Cobalt Strike |
| 2022-04-06/a> | Brad Duncan | Windows MetaStealer Malware |
| 2022-03-16/a> | Brad Duncan | Qakbot infection with Cobalt Strike and VNC activity |
| 2022-02-09/a> | Brad Duncan | Example of Cobalt Strike from Emotet infection |
| 2022-01-25/a> | Brad Duncan | Emotet Stops Using 0.0.0.0 in Spambot Traffic |
| 2021-12-31/a> | Jan Kopriva | Do you want your Agent Tesla in the 300 MB or 8 kB package? |
| 2021-12-22/a> | Brad Duncan | December 2021 Forensic Contest: Answers and Analysis |
| 2021-12-20/a> | Jan Kopriva | PowerPoint attachments, Agent Tesla and code reuse in malware |
| 2021-11-16/a> | Brad Duncan | Emotet Returns |
| 2021-10-22/a> | Brad Duncan | October 2021 Contest: Forensic Challenge |
| 2021-09-17/a> | Xavier Mertens | Malicious Calendar Subscriptions Are Back? |
| 2021-09-02/a> | Xavier Mertens | Attackers Will Always Abuse Major Events in our Lifes |
| 2021-08-13/a> | Brad Duncan | Example of Danabot distributed through malspam |
| 2021-07-26/a> | Didier Stevens | Failed Malspam: Recovering The Password |
| 2021-07-14/a> | Jan Kopriva | One way to fail at malspam - give recipients the wrong password for an encrypted attachment |
| 2021-05-29/a> | Guy Bruneau | Spear-phishing Email Targeting Outlook Mail Clients |
| 2021-04-16/a> | Rick Wanner | Querying Spamhaus for IP reputation |
| 2021-04-06/a> | Jan Kopriva | Malspam with Lokibot vs. Outlook and RFCs |
| 2021-03-05/a> | Xavier Mertens | Spam Farm Spotted in the Wild |
| 2021-02-24/a> | Brad Duncan | Malspam pushes GuLoader for Remcos RAT |
| 2021-02-17/a> | Brad Duncan | Malspam pushing Trickbot gtag rob13 |
| 2021-01-20/a> | Brad Duncan | Qakbot activity resumes after holiday break |
| 2021-01-13/a> | Brad Duncan | Hancitor activity resumes after a hoilday break |
| 2020-12-09/a> | Brad Duncan | Recent Qakbot (Qbot) activity |
| 2020-10-31/a> | Didier Stevens | More File Selection Gaffes |
| 2020-10-14/a> | Brad Duncan | More TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-08-07/a> | Brad Duncan | TA551 (Shathak) Word docs push IcedID (Bokbot) |
| 2020-07-10/a> | Brad Duncan | Excel spreasheet macro kicks off Formbook infection |
| 2020-06-16/a> | Johannes Ullrich | Odd "Protest" Spam (Scam?) Targeting Atlanta Police Foundation |
| 2020-06-10/a> | Brad Duncan | Job application-themed malspam pushes ZLoader |
| 2020-05-13/a> | Brad Duncan | Malspam with links to zip archives pushes Dridex malware |
| 2020-04-08/a> | Brad Duncan | German malspam pushes ZLoader malware |
| 2020-04-01/a> | Brad Duncan | Qakbot malspam sent from an infected Windows host |
| 2020-03-25/a> | Brad Duncan | Recent Dridex activity |
| 2020-03-05/a> | Xavier Mertens | Will You Put Your Password in a Survey? |
| 2020-02-12/a> | Brad Duncan | Malpsam pushes Ursnif through Italian language Word docs |
| 2020-02-03/a> | Jan Kopriva | Analysis of a triple-encrypted AZORult downloader |
| 2020-01-22/a> | Brad Duncan | German language malspam pushes Ursnif |
| 2020-01-16/a> | Jan Kopriva | Picks of 2019 malware - the large, the small and the one full of null bytes |
| 2019-12-18/a> | Brad Duncan | Emotet infection with spambot activity |
| 2019-12-11/a> | Brad Duncan | German language malspam pushes yet another wave of Trickbot |
| 2019-12-03/a> | Brad Duncan | Ursnif infection with Dridex |
| 2019-11-20/a> | Brad Duncan | Hancitor infection with Pony, Evil Pony, Ursnif, and Cobalt Strike |
| 2019-11-13/a> | Brad Duncan | An example of malspam pushing Lokibot malware, November 2019 |
| 2019-11-09/a> | Guy Bruneau | Fake Netflix Update Request by Text |
| 2019-11-06/a> | Brad Duncan | More malspam pushing Formbook |
| 2019-10-02/a> | Brad Duncan | A recent example of Emotet malspam |
| 2019-10-01/a> | Johannes Ullrich | A Quick Look at Some Current Comment Spam |
| 2019-09-25/a> | Brad Duncan | Malspam pushing Quasar RAT |
| 2019-09-18/a> | Brad Duncan | Emotet malspam is back |
| 2019-06-18/a> | Brad Duncan | Malspam with password-protected Word docs pushing Dridex |
| 2019-04-07/a> | Guy Bruneau | Fake Office 365 Payment Information Update |
| 2019-03-21/a> | Xavier Mertens | New Wave of Extortion Emails: Central Intelligence Agency Case |
| 2019-03-13/a> | Brad Duncan | Malspam pushes Emotet with Qakbot as the follow-up malware |
| 2019-03-06/a> | Brad Duncan | Malspam with password-protected word docs still pushing IcedID (Bokbot) with Trickbot |
| 2019-02-20/a> | Brad Duncan | More Russian language malspam pushing Shade (Troldesh) ransomware |
| 2019-02-06/a> | Brad Duncan | Hancitor malspam and infection traffic from Tuesday 2019-02-05 |
| 2019-01-24/a> | Brad Duncan | Malspam with Word docs uses macro to run Powershell script and steal system data |
| 2019-01-16/a> | Brad Duncan | Emotet infections and follow-up malware |
| 2019-01-10/a> | Brad Duncan | Heartbreaking Emails: "Love You" Malspam |
| 2018-12-18/a> | Brad Duncan | Malspam links to password-protected Word docs that push IcedID (Bokbot) |
| 2018-12-05/a> | Brad Duncan | Campaign evolution: Hancitor changes its Word macros |
| 2018-12-04/a> | Brad Duncan | Malspam pushing Lokibot malware |
| 2018-11-29/a> | Brad Duncan | Russian language malspam pushing Shade (Troldesh) ransomware |
| 2018-11-15/a> | Brad Duncan | Emotet infection with IcedID banking Trojan |
| 2018-11-14/a> | Brad Duncan | Day in the life of a researcher: Finding a wave of Trickbot malspam |
| 2018-10-31/a> | Brad Duncan | More malspam using password-protected Word docs |
| 2018-10-30/a> | Brad Duncan | Campaign evolution: Hancitor malspam starts pushing Ursnif this week |
| 2018-10-05/a> | Jim Clausing | A strange spam |
| 2018-09-26/a> | Brad Duncan | One Emotet infection leads to three follow-up malware infections |
| 2018-08-15/a> | Brad Duncan | More malspam pushing password-protected Word docs for AZORult and Hermes Ransomware |
| 2018-08-02/a> | Brad Duncan | DHL-themed malspam reveals embedded malware in animated gif |
| 2018-07-27/a> | Brad Duncan | Malspam with password-protected Word docs pushes Hermes ransomware |
| 2018-07-24/a> | Brad Duncan | Recent Emotet activity |
| 2018-06-18/a> | Xavier Mertens | Malicious JavaScript Targeting Mobile Browsers |
| 2018-06-13/a> | Xavier Mertens | A Bunch of Compromized Wordpress Sites |
| 2018-03-02/a> | Xavier Mertens | Common Patterns Used in Phishing Campaigns Files |
| 2018-02-01/a> | Xavier Mertens | Adaptive Phishing Kit |
| 2017-12-18/a> | Didier Stevens | Phish or scam? - Part 2 |
| 2017-12-17/a> | Didier Stevens | Phish or scam? - Part 1 |
| 2017-11-30/a> | Brad Duncan | More Malspam pushing Emotet malware |
| 2017-10-19/a> | Brad Duncan | HSBC-themed malspam uses ISO attachments to push Loki Bot malware |
| 2017-10-17/a> | Brad Duncan | Hancitor malspam uses DDE attack |
| 2017-09-18/a> | Xavier Mertens | Getting some intelligence from malspam |
| 2017-09-01/a> | Brad Duncan | Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox |
| 2017-08-14/a> | Didier Stevens | Sometimes it's just SPAM |
| 2017-07-26/a> | Brad Duncan | Malspam pushing Emotet malware |
| 2017-07-14/a> | Brad Duncan | NemucodAES and the malspam that distributes it |
| 2017-06-28/a> | Brad Duncan | Catching up with Blank Slate: a malspam campaign still going strong |
| 2017-05-24/a> | Brad Duncan | Jaff ransomware gets a makeover |
| 2017-04-11/a> | Brad Duncan | Dridex malspam seen on Monday 2017-04-10 |
| 2017-03-28/a> | Xavier Mertens | Logical & Physical Security Correlation |
| 2017-02-10/a> | Brad Duncan | Hancitor/Pony malspam |
| 2016-10-25/a> | Xavier Mertens | Another Day, Another Spam... |
| 2016-10-19/a> | Xavier Mertens | Spam Delivered via .ICS Files |
| 2016-06-20/a> | Xavier Mertens | Ongoing Spam Campaign Related to Swift |
| 2016-05-12/a> | Xavier Mertens | Another Day, Another Wave of Phishing Emails |
| 2015-12-06/a> | Mark Hofman | Malware SPAM a new run has started. |
| 2015-09-01/a> | Daniel Wesemann | Gift card from Marriott? |
| 2015-06-22/a> | Johannes Ullrich | SMTP Brute Forcing |
| 2015-04-09/a> | Brad Duncan | An example of the malicious emails sometimes sent to the ISC handler addresses |
| 2015-03-23/a> | Rick Wanner | Interesting Home Depot Spam |
| 2015-01-31/a> | Guy Bruneau | Beware of Phishing and Spam Super Bowl Fans! |
| 2014-09-17/a> | Daniel Wesemann | Your online background check is now public! |
| 2014-08-05/a> | Johannes Ullrich | Legal Threat Spam: Sometimes it Gets Personal |
| 2014-06-17/a> | Rob VandenBrink | Canada's Anti-Spam Legislation (CASL) 2014 |
| 2014-06-08/a> | Guy Bruneau | efax Spam Containing Malware |
| 2014-04-05/a> | Jim Clausing | Those strange e-mails with URLs in them can lead to Android malware |
| 2014-03-22/a> | Guy Bruneau | How the Compromise of a User Account Lead to a Spam Incident |
| 2014-02-21/a> | Johannes Ullrich | UPS Malware Spam Using Fake SPF Headers |
| 2014-01-24/a> | Johannes Ullrich | How to send mass e-mail the right way |
| 2013-12-24/a> | Daniel Wesemann | Mr Jones wants you to appear in court! |
| 2013-10-17/a> | Adrien de Beaupre | New spamming technique - onmicrosoft.com |
| 2013-09-30/a> | Adrien de Beaupre | Twitter DM spam/malware |
| 2013-09-03/a> | Rob VandenBrink | Is "Reputation Backscatter" a Thing? |
| 2013-07-18/a> | Chris Mohan | Blog Spam - annoying junk or a source of intelligence? |
| 2013-03-28/a> | John Bambenek | Where Were You During the Great DDoS Cybergeddon of 2013? |
| 2013-03-26/a> | Daniel Wesemann | How your Webhosting Account is Getting Abused |
| 2013-03-18/a> | Kevin Shortt | Spamhaus DDOS |
| 2013-02-08/a> | Kevin Shortt | Is it Spam or Is it Malware? |
| 2012-12-06/a> | Daniel Wesemann | Rich Quick Make Money! |
| 2012-10-10/a> | Kevin Shortt | Facebook Scam Spam |
| 2012-09-09/a> | Guy Bruneau | Phishing/Spam Pretending to be from BBB |
| 2012-08-22/a> | Adrien de Beaupre | Phishing/spam via SMS |
| 2012-03-21/a> | Johannes Ullrich | Virus Bulletin Spam Filter Test |
| 2012-02-17/a> | Mark Hofman | Intersting Facebook SPAM |
| 2011-11-28/a> | Rob VandenBrink | It's Cyber Monday - Click Here! |
| 2011-11-16/a> | Adrien de Beaupre | GET BACK TO ME ASAP |
| 2011-10-20/a> | Johannes Ullrich | Evil Printers Sending Mail |
| 2011-08-31/a> | Johannes Ullrich | Phishing e-mail to custom e-mail addresses |
| 2011-06-30/a> | Guy Bruneau | Symantec Report - Spam Surge against Social Networks |
| 2011-06-27/a> | Kevin Shortt | Phishy Spam |
| 2011-06-08/a> | Johannes Ullrich | Spam from compromised Hotmail accounts |
| 2011-03-29/a> | Daniel Wesemann | Requesting deletion of "free" email and chat accounts |
| 2011-01-11/a> | Kevin Shortt | Spam Cannons on Holiday |
| 2010-12-03/a> | Mark Hofman | T'is the season to be SPAMMY, trallalalaa la la la laaa |
| 2010-11-22/a> | Lenny Zeltser | Adobe Acrobat Spam Going Strong - More to Come? |
| 2010-09-18/a> | Rick Wanner | I'm fine, thanks! |
| 2010-08-29/a> | Swa Frantzen | Abandoned free email accounts |
| 2010-07-15/a> | Deborah Hale | Be on the Alert |
| 2010-07-03/a> | Deborah Hale | Delivery Status Failure Notice That Packed A Wallop |
| 2010-06-21/a> | Adrien de Beaupre | GoDaddy Scam/Phish/Spam |
| 2010-06-10/a> | Deborah Hale | Another Morning of Fun |
| 2010-06-02/a> | Rob VandenBrink | SPAM pretending to be from Habitat for Humanity |
| 2010-04-22/a> | Deborah Hale | Don't Be Fooled by Twitter Spam in Your Inbox |
| 2010-04-13/a> | Johannes Ullrich | More Legal Threat Malware E-Mail |
| 2010-03-17/a> | Deborah Hale | Spam was killing us! Here is what we did to help! |
| 2010-03-15/a> | Adrien de Beaupre | Spamassassin Milter Plugin Remote Root Attack |
| 2010-02-03/a> | Johannes Ullrich | Anatomy of a Form Spam Campaign (in progress against isc.sans.org right now) https://blogs.sans.org/appsecstreetfighter/ |
| 2009-12-02/a> | Rob VandenBrink | SPAM and Malware taking advantage of H1N1 concerns |
| 2009-11-03/a> | Andre Ludwig | SURBL now posting abuse statistics for TLD's |
| 2009-10-12/a> | Mark Hofman | Some interesting SSL SPAM |
| 2009-10-08/a> | Johannes Ullrich | Cyber Security Awareness Month - Day 8 - Port 25 - SMTP |
| 2009-10-07/a> | Joel Esler | Spam rate increase is seen |
| 2009-09-10/a> | Johannes Ullrich | Healthcare Spam |
| 2009-07-28/a> | Adrien de Beaupre | Twitter spam/phish |
| 2009-06-25/a> | Mark Hofman | Michael J & Farrah F death SPAM |
| 2009-06-20/a> | Scott Fendley | Situational Awareness: Spam Crisis and China |
| 2009-04-06/a> | Adrien de Beaupre | Abuse addresses |
| 2009-01-25/a> | Rick Wanner | Twam?? Twammers? |
| 2009-01-16/a> | G. N. White | ...and all that SPAM - Evolution of Spam Bots in 2009 |
| 2008-09-09/a> | Swa Frantzen | The complaint that's an attack |
| 2008-08-13/a> | Adrien de Beaupre | CNN switched to MSNBC |
| 2008-08-10/a> | Stephen Hall | Fake IE 7 update spam doing the rounds |
| 2008-08-06/a> | Bojan Zdrnja | When spammers use your own e-mails |
| 2008-08-05/a> | Daniel Wesemann | The news update you never asked for |
| 2008-05-02/a> | Adrien de Beaupre | Hi, remember me?... |
| 2008-04-22/a> | donald smith | Spam to your calendar via Google agenda? |
| 2008-03-26/a> | Raul Siles | ORDB.org blocklisting all IP addresses |
| 2006-10-08/a> | Swa Frantzen | Spam Backscatter |
