(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingMonth: August 2024
[Guest Diary] 7 minutes and 4 steps to a quick win: A write-up on custom tools, (Fri, Aug 16th)
[This is a Guest Diary by Justin Leibach, an ISC intern as a part of the SANS.edu BACS [1] degree program] The web logs from my DShield [2] honeypot always produce the most interesting information. I
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-28986 SolarWinds Web Help Desk Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for malicious
Continue ReadingPTC Kepware ThingWorx Kepware Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 5.9 ATTENTION: Exploitable from adjacent network. Vendor: PTC Equipment: Kepware ThingWorx Kepware Server Vulnerability: Allocation of Resources Without Limits or Throttling 2. RISK EVALUATION Successful exploitation of this vulnerability
Continue ReadingSiemens COMOS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingSpeeding Toward Taiwan: China’s Amphibious Armored Vehicles Development
Chinas military and defense industry have prioritized the development of amphibious armored vehicles with high water speed (HWS) capabilities in preparation for potential Taiwan invasion scenarios. Following the successful development of the Type-05 family of HWS
Continue ReadingHacking Beyond.com — Enumerating Private TLDs
Written by: Idan Ron Background My story started a few months ago, when I performed a red team assessment for a major retail company. During the Open Source Reconnaissance (OSINT) phase, I reviewed the SSL
Continue ReadingSiemens LOGO! V8.3 BM Devices
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingSiemens INTRALOG WMS
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories
Continue ReadingAVEVA Historian Web Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Exploitable remotely/low attack complexity Vendor: AVEVA Equipment: Historian Server Vulnerability: SQL Injection 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated user to get
Continue Reading