CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-33044 Dahua IP Camera Authentication Bypass Vulnerability CVE-2021-33045 Dahua IP Camera Authentication Bypass Vulnerability CVE-2022-0185 Linux Kernel Heap-Based Buffer
Continue ReadingMonth: August 2024
ISC Stormcast For Wednesday, August 21st, 2024 https://isc.sans.edu/podcastdetail/9106, (Wed, Aug 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMapping Threats with DNSTwist and the Internet Storm Center [Guest Diary], (Tue, Aug 20th)
[This is a Guest Diary by Michael Tigges, an ISC intern as part of the SANS.edu BACS program] On July 16, 2024, I received notification of a suspicious tunnel being opened via SSH in relation to
Continue ReadingWhere are we with CVE-2024-38063: Microsoft IPv6 Vulnerability, (Tue, Aug 20th)
I recorded a quick live stream with a quick update on CVE-2024-38063. The video focuses on determining the exploitability, particularly whether your systems are reachable by IPv6. After recording this video, Stephen Sims pointed me to
Continue ReadingGreenCharlie Infrastructure Linked to US Political Campaign Targeting
Insikt Group has identified a significant increase in cyber threat activity from GreenCharlie, an Iran-nexus group that overlaps with Mint Sandstorm, Charming Kitten, and APT42. Targeting US political and government entities, GreenCharlie utilizes sophisticated phishing operations
Continue ReadingISC Stormcast For Tuesday, August 20th, 2024 https://isc.sans.edu/podcastdetail/9104, (Tue, Aug 20th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23897 Jenkins Command Line Interface (CLI) Path Traversal Vulnerability These types of vulnerabilities are frequent attack vectors for malicious
Continue Reading“WireServing” Up Credentials: Escalating Privileges in Azure Kubernetes Services
Written by: Nick McClendon, Daniel McNamara, Jacob Paullus Executive Summary Mandiant disclosed this vulnerability to Microsoft via the Microsoft Security Response Center (MSRC) vulnerability disclosure program, and Microsoft has fixed the underlying issue. An attacker
Continue ReadingDo you Like Donuts? Here is a Donut Shellcode Delivered Through PowerShell/Python, (Mon, Aug 19th)
I found a tiny .bat file that looked not suspicious at all: 3650.bat (SHA256:bca5c30a413db21f2f85d7297cf3a9d8cedfd662c77aacee49e821c8b7749290) with a very low VirusTotal score (2/65)[1]. The file is very simple, it invokes a PowerShell: @shift /0 @echo off powershell.exe -WindowStyle Hidden
Continue ReadingISC Stormcast For Monday, August 19th, 2024 https://isc.sans.edu/podcastdetail/9102, (Mon, Aug 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Reading