Sign up to save your podcasts
Or
Share SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware
xorsearch Update
Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions.
https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854
Shorter Lived Certificates
The CA/Brower Forum passed an update to reduce the maximum livetime of
certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates.
https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs
https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI
New Malware Harvesting Data from USB drives and infecting them.
Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files.
https://securelist.com/goffee-apt-new-attacks/116139/
View all episodes
By Johannes Ullrichxorsearch Update
Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions.
https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854
Shorter Lived Certificates
The CA/Brower Forum passed an update to reduce the maximum livetime of
certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates.
https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs
https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI
New Malware Harvesting Data from USB drives and infecting them.
Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files.
https://securelist.com/goffee-apt-new-attacks/116139/