Written by: Mike Stokkel, Pierre Gerlings, Renato Fontana, Luis Rocha, Jared Wilson, Stephen Eckels, Jonathan Lepore Executive Summary In collaboration with Google’s Threat Analysis Group (TAG), Mandiant has observed a sustained campaign by the advanced
Continue ReadingMonth: July 2024
ISC Stormcast For Thursday, July 18th, 2024 https://isc.sans.edu/podcastdetail/9058, (Thu, Jul 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-34102 Adobe Commerce and Magento Open Source Improper Restriction of XML External Entity Reference (XXE) Vulnerability CVE-2024-28995 SolarWinds Serv-U
Continue ReadingAI-Powered Learning: Your NIST NICE Prompt Library (Built with Google Gemini)
Written by: Jake Liefer In the ever-evolving landscape of cybersecurity, staying ahead of threats demands continuous learning and skill development. The NIST NICE framework provides a roadmap, but mastering its extensive tasks, knowledge, and skills
Continue ReadingISC Stormcast For Wednesday, July 17th, 2024 https://isc.sans.edu/podcastdetail/9056, (Wed, Jul 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingWho You Gonna Call? AndroxGh0st Busters! [Guest Diary], (Tue, Jul 16th)
[This is a Guest Diary by Michael Gallant, an ISC intern as part of the SANS.edu BACS program]
Continue ReadingRockwell Automation Pavilion 8
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.7 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: Pavilion 8 Vulnerability: Incorrect Permission Assignment for Critical Resource 2. RISK EVALUATION Successful exploitation of this vulnerability could allow
Continue ReadingCISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on July 16, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-198-01 Rockwell Automation Pavilion 8 CISA encourages users and administrators
Continue ReadingTAG-100 Uses Open-Source Tools in Suspected Global Espionage Campaign, Compromising Two Asia-Pacific Intergovernmental Bodies
SummaryRecorded Futures Insikt Group identified a suspected cyber-espionage campaign by TAG-100, targeting global government and private sector organizations. TAG-100 exploited internet-facing devices and used open-source tools like the Go backdoor Pantegana. The campaign compromised two Asia-Pacific
Continue Reading“Reply-chain phishing” with a twist, (Tue, Jul 16th)
Few weeks ago, I was asked by a customer to take a look at a phishing message which contained a link that one of their employees clicked on. The concern was whether the linked-to site was
Continue Reading