Learn how to extract an embedded executable from a Word document using Didier Stevens’ tools. Uncover the secrets of malicious Word documents, which don’t execute the file upon opening but rely on social engineering to lure users into double-clicking. Stay safe and informed with this step-by-step guide!

Beware of ghosts in your machine! Paxton Net2 software has a spooky flaw that can expose personal info and mess with access control—all without needing to haunt your computer physically. No fix is on the horizon, so guard your gadgets like they’re the last slice of pizza at a party!

Howling Scorpius is shaking up the cybercrime scene like a tech-savvy scorpion at a disco. Specializing in double extortion, they’ve got small to medium businesses in North America, Europe, and Australia dancing to their tune. With a retro-green Tor-based leak site, they’re like the 80s, but with ransomware instead of leg warmers.

Warning: Cisco’s fine print might cause drowsiness. Use the information at your own risk, because warranties are as rare as unicorns here. Keep checking back—surprise updates could happen anytime!

In the world of assumed breach scenarios, red teams simulate attackers with a foothold in organizations. Using tactics like unconstrained delegation, they can snag a user’s Ticket Granting Ticket. But watch out, Credential Guard is the party pooper, blocking this tactic and others. Let’s hope your organization’s ready for its inevitable takeover!

Trap-Stealer is a malware script cleverly masquerading as a JPEG file, using obfuscation to slip past security controls. Think of it as a master of disguise in the cyber world, making analysts’ lives just a tad more complicated. It’s like a magician hiding an elephant in plain sight—except it’s a malware file.

Learn how to decode BASE64 encoded IOCs from phishing SVG files using grep and base64dump.py. Didier Stevens explains how to extract and format email addresses from these deceptive attachments, all while protecting victims’ privacy. A must-read for anyone dealing with phishing threats!

Stored Cross-Site Scripting in Omada Identity could lead to unexpected “Oops!” moments for users. Vulnerability CVE-2024-52951 is like inviting a prankster to your digital party. Stay cautious and keep the tech gremlins at bay!

Siemens SM-2558 Protocol Element, CP-2016, and CP-2019 have been caught in a sticky situation with unlocked JTAG interfaces and buffer overflows. It’s like leaving your house keys in the door and finding raccoons inside hosting a party. Time to patch up those vulnerabilities before the uninvited guests overstay their welcome!

Qualys Security Advisory reveals needrestart vulnerabilities that turn your Ubuntu server into a bug hotel. Three major LPEs (CVE-2024-48990, CVE-2024-48991, CVE-2024-10224) allow local users to become root without lifting a finger. Just when you thought your server’s “apt-get upgrade” couldn’t be more thrilling!

RedTail malware is causing a digital kerfuffle through SSH connections, like an uninvited hacker at a LAN party. Secure your networks by avoiding default passwords or you’ll be mining Monero instead of catching up on emails. Set up Snort or Zeek to detect these sneaky scripts before they turn your server into a cryptocurrency ATM.

Don’t let ShimCache and AmCache fool you—they’re not the exclusive bouncers at the “program execution” club. They might let you in, but it’s not guaranteed. Analysts should always seek out a diverse guest list of data sources to truly understand what’s happening on the digital dance floor.

Attention all tech warriors: Schneider Electric’s suite, including EcoStruxure Control Expert, is under siege! Vulnerabilities like improper enforcement of message integrity and hard-coded credentials threaten system integrity. CVSS v3 score: 8.1. Grab your metaphorical shields and update to fend off the digital hordes!

Who’s got time for email security exploits? Not you! So, Thunderbird 128.5 swoops in to save the day, addressing vulnerabilities like memory corruption and URL spoofing. It’s like a superhero for your inbox, just without the cape—or the ability to fly.

In the latest Mozilla Foundation security advisory, Thunderbird 133 tackles a slew of vulnerabilities, leaving no stone unturned—or punycode unspoofed. From memory corruption in Apple GPU drivers to tapjacking exploits, these fixes keep your emails safe from digital mischief-makers. Watch out, bugs; Thunderbird 133 is coming to get you!

Unlock the secrets of your browsing needs with our additional Cookies. No, not the chocolate chip kind, but the ones that promise to enhance your experience while valuing your privacy.

Mozilla Foundation has patched several high-impact vulnerabilities in Firefox ESR 128.5. Notably, a memory corruption flaw in Apple GPU drivers affected macOS users. Meanwhile, URL bar spoofing and download protections were bypassed on Windows. Users should update immediately to avoid these security risks.

Mozilla Foundation Security Advisory 2024-63 reveals a laughably long list of vulnerabilities fixed in Firefox 133. From memory corruption on macOS to tapjacking exploits on Android, this update is like a Swiss cheese of security holes. Thankfully, most are patched, ensuring your browsing experience is more secure and less of a comedy of errors.

In this diary entry about phishing SVG attachments, Didier Stevens shares his quick dynamic analysis technique. He opens the SVG file in a network-disconnected VM, uses Edge’s developer tools, and reveals the deobfuscated URL and payload without the hassle of static analysis.

In “Analyzing an Encrypted Phishing PDF,” Didier Stevens cracks the code on a phishing PDF with a DRM (owner password) but hits a snag with a user password-encrypted file. No password? No fun! Time to crack it or risk staying locked out.