A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day
March 26, 2025
7:11
6.3 MB
Downloads: 0
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790
Malware found on npm infecting local package with reverse shell
Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader.
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Google Patched Google Chrome 0-day
Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html