On July 12, AT&T released a public statement on unauthorized access of customer data from a third-party cloud platform. AT&T also provided recommendations and resources for affected customers. CISA encourages customers to review the following AT&T
Continue ReadingMonth: July 2024
ISC Stormcast For Monday, July 8th, 2024 https://isc.sans.edu/podcastdetail/9042, (Mon, Jul 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingISC Stormcast For Friday, July 12th, 2024 https://isc.sans.edu/podcastdetail/9050, (Fri, Jul 12th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOverlooked Domain Name Resiliency Issues: Registrar Communications, (Fri, Jul 5th)
I often think the Internet would work better without DNS. People unable to remember an IP address would be unable to use it. But on the other hand, there is more to DNS than translating a
Continue ReadingUnderstanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots, (Thu, Jul 11th)
Some of the commands observed can be confusing for a novice looking at ssh honeypot logs. Sure, you have some obvious commands like "uname -a" to fingerprint the kernel. However, other commands are less intuitive and
Continue ReadingCISA Releases Twenty-one Industrial Control Systems Advisories
CISA released twenty-one Industrial Control Systems (ICS) advisories on July 11, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-193-01 Siemens Remote Connect Server ICSA-24-193-02 Siemens RUGGEDCOM APE 1808
Continue ReadingRockwell Automation ThinManager ThinServer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Input Validation 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to
Continue ReadingSiemens SINEMA Remote Connect Server
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingHMS Industrial Networks Anybus-CompactCom 30
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: HMS Industrial Networks Equipment: Anybus-CompactCom 30 Vulnerability: Cross-site Scripting 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to
Continue ReadingSiemens TIA Portal, SIMATIC, and SIRIUS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue Reading