SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging;

The Unbreakable Multi-Layer Anti-Debugging System
Xavier found a nice Python script that included what it calls the "Unbreakable Multi-Layer Anti-Debugging System". Leave it up to Xavier to tear it appart for you.
https://isc.sans.edu/diary/The%20Unbreakable%20Multi-Layer%20Anti-Debugging%20System/31658
Take my money: OCR crypto stealers in Google Play and App Store
Malware using OCR on screen shots was available not just via Google Play, but also the Apple App Store.
https://securelist.com/sparkcat-stealer-in-app-store-and-google-play-2/115385/
Threat Actors Still Leveraging Legit RMM Tool ScreenConnect
Unsurprisingly, threat actors still like to use legit remote admin tools, like ScreenConnect, as a command and control channel. Silent Push outlines the latest trends and IoCs they found
https://www.silentpush.com/blog/screenconnect/
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Java deserializing strikes again to allow arbitrary code execution. Cisco fixed this vulnerability and a authorization bypass issue in its Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF
F5 Update
F5 fixes an interesting authentication bypass problem affecting TLS client certificates
https://my.f5.com/manage/s/article/K000149173