SharePoint exploitation has entered the parasitic phase. We are seeing hits to >100 distinct possible web shell URLs. Some of them may just be guesses.
Sample:
spininstall[0-9].aspx,spinstallx.aspx,Error404.1.aspx,info3.aspx,error.aspx

spinstall0.thank_you_defeners_for_rapid_response.aspx :)

My presentation in San Diego tonight will be streamed online: sans.org/webcasts/dev...

Developers, Developers, Developers: Three Ways How Your Software Supply Chain is Attacked

To whoever uses the username "/usr/share/wordlists/logins.txt" to attempt to log in to our honeypots: You are using your brute forcing tool wrong! :) [at least use a file in your home directory so we can see your username... probably root?]

Happy 50th Birthday, Microsoft, and thanks for all the vulnerabilities over the years that have helped me pay many of my bills!

Attackers are leveraging Cisco Smart Licensing Utility static admin credentials (CVE-2024-20439)

📖 Read more: www.helpnetsecurity.com/2025/04/03/a...

#cybersecurity #cybersecuritynews #vulnerability
@jullrich.bsky.social

Some spam just makes you shake your head... what are they selling? IoT parenting solutions? There is an "Infant Industry"??

Scanning my news feed: Buffer overflows are a thing, Mirai is attacking routers, and SSL VPN gateway flaws are attacked. Come on: give me something to work with, give me hope! Can I get at a cool SSRF vuln? A Unicode encoding mistake? An IPv6 problem? SOMETHING TO PROVE THAT THAT ANYBODY CARES!!

16 years ago, I started the daily SANS Internet Storm Center Stormcast. Over 16 years, I recorded about 3,900 episodes and 26,000 minutes of content (sounds more impressive than 16 days :) ).

Subscribe to it wherever you find podcasts. (or Alexa Flash Briefings, YouTube)

isc.sans.edu/podcast.html

Just noted this fun memorabilia in my GIAC certification history. Who remembers Track 1 ? Also got a Track 2 (Firewalls) ;-)

First time seeing this, one day before the expected TikTok shut down. Final attempts to monetize soon to be obsolete scripts? Anything else behind these obvious scams?

The vulnerability Yee Ching wrote about in today's diary may be 12 years old. But Norton AnitVirus still can't distinguish an article about an attack from the attack itself. If your AV alerts are on isc.sans.edu, the site is safe. I promise :)

I'm doing a 24-year DShield anniversary special sticker giveaway for a week. Free stickers... there will be a limited number each day. You need to log in, and you will need to use the code BLUESKY . isc.sans.edu/sticker.html

Is anybody else getting spam like this from "academia.com"? The reason I call it spam is that (a) I probably didn't mention myself on a platform I am not using (b) the only way to see what I said about myself requires $5.

I am aware of similar platforms like Researchgate and am using them.

Clicking on "details" isn't exactly helpful in MSFT Defender

When your AI sales pitch falls flat..

First test post… and well, just trying to setup this 5G access point as Comcast is down … only one small issue with the default password