(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMonth: August 2024
Video: Same Origin, CORS, DNS Rebinding and Localhost, (Mon, Aug 12th)
Trying something a bit different. A video demo to illustrate some concepts around "Origin" in web applications. Let me know if this is something you would like to see more of. Some references to go with
Continue ReadingISC Stormcast For Friday, August 9th, 2024 https://isc.sans.edu/podcastdetail/9090, (Fri, Aug 9th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingBest Practices for Cisco Device Configuration
In recent incidents, CISA has seen malicious cyber actors acquire system configuration files by leveraging available protocols or software on devices, such as abusing the legacy Cisco Smart Install feature. CISA recommends organizations disable Smart Install
Continue ReadingCISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on August 8, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-221-01 Dorsett Controls InfoScan CISA encourages users and administrators to
Continue ReadingDorsett Controls InfoScan
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Dorsett Controls Equipment: InfoScan Vulnerabilities: Exposure of Sensitive Information To An Unauthorized Actor, Path Traversal 2. RISK EVALUATION Successful exploitation of these
Continue ReadingISC Stormcast For Thursday, August 8th, 2024 https://isc.sans.edu/podcastdetail/9088, (Thu, Aug 8th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingRoyal Ransomware Actors Rebrand as “BlackSuit,” FBI and CISA Release Update to Advisory
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI)—released an update to joint Cybersecurity Advisory #StopRansomware: Royal Ransomware, #StopRansomware: BlackSuit (Royal) Ransomware. The updated advisory provides network defenders with recent and historically observed tactics, techniques,
Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-36971 Android Kernel Remote Code Execution Vulnerability CVE-2024-32113 Apache OFBiz Path Traversal Vulnerability These types of vulnerabilities are frequent
Continue ReadingSame Scripts, Different Day: What My DShield Honeypot Taught Me About the Importance of Security Fundamentals [Guest Diary], (Wed, Aug 7th)
[This is a Guest Diary by Riché Wiley, an ISC intern as part of the SANS.edu BACS program] I first set up a DShield honeypot as part of my internship with SANS Internet Storm Center, I
Continue Reading