433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (813) 563-2652

Shellcode Encoded in UUIDs, (Mon, Mar 10th)

I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on “strange” API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The fact that an API is used in a program does not always mean we are facing malicious code, but sometimes, some of them are derived from their official purpose. One of my hunting rules for malicious scripts is to search for occurrences of the ctypes[2] library. It allows Python to call functions in DLLs or shared libraries.
http://news.poseidon-us.com/TJR1Nn

March 2025 Patch Tuesday forecast: A return to normalcy

The February Patch Tuesday updates and activity during the month marked a return to normalcy for patch management. Following the January updates addressing 100+ vulnerabilities, we saw 37 CVEs fixed in Windows 11 and 33 CVEs in Windows 10. This was rounded out by 8 CVEs addressed in the Office 365 online versions and Office 2016 in standalone form. Microsoft made a few announcements and fixes in the last month you should be aware of. … More → The post March 2025 Patch Tuesday forecast: A return to normalcy appeared first on Help Net Security.
http://news.poseidon-us.com/TJQrTZ

Hetty: Open-source HTTP toolkit for security research

Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Built with the needs of penetration testers, security professionals, and bug bounty hunters in mind, Hetty provides a set of features for HTTP interception, analysis, and manipulation. Features MITM HTTP proxy – Capture and inspect traffic with advanced logging and search capabilities. HTTP client – Manually create, edit, and replay requests for detailed testing. … More → The post Hetty: Open-source HTTP toolkit for security research appeared first on Help Net Security.
http://news.poseidon-us.com/TJQrRm

How to safely dispose of old tech without leaving a security risk

Every year, millions of old tech are thrown away due to age, malfunctions, or to make way for new ones, which creates security risks related to the data on these devices. The data can often still be recovered if devices are erased without proper tools and procedures. Here’s why securely disposing of old tech is crucial. Old devices may still contain: Saved passwords and login credentials Banking and credit card information Personal photos, emails, and … More → The post How to safely dispose of old tech without leaving a security risk appeared first on Help Net Security.
http://news.poseidon-us.com/TJQpqL

Who’s in your digital house? The truth about third-party access

In this Help Net Security video, Fran Rosch, CEO at Imprivata, discusses organizations’ challenges in securing third-party access and offers valuable insights on how businesses can address these risks effectively. A recent report conducted by the Ponemon Institute, “The State of Third-Party Access in Cybersecurity,” found that third-party data breaches have severe consequences across critical sectors, with data theft and loss posing the greatest risk. Healthcare is the most affected, with 60% of breaches leading … More → The post Who’s in your digital house? The truth about third-party access appeared first on Help Net Security.
http://news.poseidon-us.com/TJQpqH

ISC Stormcast For Monday, March 10th, 2025 https://isc.sans.edu/podcastdetail/9356, (Mon, Mar 10th)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
http://news.poseidon-us.com/TJQlGn

Commonly Probed Webshell URLs, (Sun, Mar 9th)

Looking over some weblogs on my way back from class in Baltimore, I feel a reminder is appropriate that (a) weblogs are still a thing and (b) what some of the common webshells are that attackers are looking for.
http://news.poseidon-us.com/TJQT0r

Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: How QR code attacks work and how to protect yourself While QR codes are convenient, they also present significant risks. In the past few years, cybercriminals have increasingly turned to these codes as a tool to carry out scams. The CISO’s bookshelf: 10 must-reads for security leaders Discover essential reads for CISOs in this curated list of books covering cybersecurity … More → The post Week in review: How QR code attacks work and how to protect yourself, 10 must-reads for CISOs appeared first on Help Net Security.
http://news.poseidon-us.com/TJQD71