SANS Stormcast – infosecintel

eBanking Phishing Delivered Through IPv4-Mapped IPv6 Address, (Fri, Jun 19th)
June 19, 2026
I detected an interesting phishing email this morning. It targets a major Belgian bank:
ISC Stormcast For Thursday, June 18th, 2026 https://isc.sans.edu/podcastdetail/9978, (Thu, Jun 18th)
June 18, 2026
The Behavior of Coordinated SSH Brute Force Attacks over the last three months [Guest Diary], (Wed, Jun 17th)
June 18, 2026
[This is a Guest Diary by Adam Nason, an ISC intern as part of the SANS.edu BACS program]
The browser blind spot: Why your security tool may not be blocking what you think it is [Guest Diary], (Wed, Jun 17th)
June 17, 2026
[This is a guest diary submitted by Varun Murdula]
ISC Stormcast For Wednesday, June 17th, 2026 https://isc.sans.edu/podcastdetail/9976, (Wed, Jun 17th)
June 17, 2026
From a VHDX File to a Remcos RAT, (Tue, Jun 16th)
June 16, 2026
Yesterday, a reader reported to us a malicious ZIP archive (SHA256: a0104921a2d37ab87482ac9a9f5c3713479c118846c3e999178e75b81620c094[1]). Once unzipped, it contains a VHDX file that discloses a malicious JavaScript after being mounted (which is automatic on modern Windows OSs):
ISC Stormcast For Tuesday, June 16th, 2026 https://isc.sans.edu/podcastdetail/9974, (Tue, Jun 16th)
June 16, 2026
Evil MSI Background: BASE64 Statistical Analysis, (Mon, Jun 15th)
June 15, 2026
I like it when a fellow handler posts a diary entry about images with malicious content. Last one is Xavier: "The Evil MSI Background is Back!".
ISC Stormcast For Monday, June 15th, 2026 https://isc.sans.edu/podcastdetail/9972, (Mon, Jun 15th)
June 15, 2026
ISC Stormcast For Friday, June 12th, 2026 https://isc.sans.edu/podcastdetail/9970, (Fri, Jun 12th)
June 12, 2026