View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.1 ATTENTION: Low attack complexity Vendor: Hughes Network Systems Equipment: WL3000 Fusion Software Vulnerabilities: Insufficiently Protected Credentials, Missing Encryption of Sensitive Data 2. RISK EVALUATION Successful exploitation of these
Continue ReadingMonth: September 2024
CISA Releases Four Industrial Control Systems Advisories
CISA released four Industrial Control Systems (ICS) advisory on September 5, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-249-01 Hughes Network Systems WL3000 Fusion Software ICSMA-24-249-01 Baxter Connex
Continue ReadingPredator Spyware Infrastructure Returns Following Exposure and Sanctions
Following exposure and sanctions by the US government, Intellexas Predator spyware activity appeared to decline. However, recent findings by Insikt Group reveal that Predator's infrastructure is back with modifications to evade detection and anonymize users. This
Continue ReadingISC Stormcast For Thursday, September 5th, 2024 https://isc.sans.edu/podcastdetail/9126, (Thu, Sep 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingAttack Surface [Guest Diary], (Wed, Sep 4th)
[This is a Guest Diary by Joshua Tyrrell, an ISC intern as part of the SANS.edu BACS program] Managing the Attack Surface You’ve begun the journey of reviewing your IT infrastructure and attempting to figure out
Continue ReadingScans for Moodle Learning Platform Following Recent Update, (Wed, Sep 4th)
On August 10th, the popular learning platform "Moodle" released an update fixing %%cve:2024-43425%%. RedTeam Pentesting found the vulnerability and published a detailed blog post late last week. The blog post demonstrates in detail how a user with
Continue ReadingISC Stormcast For Wednesday, September 4th, 2024 https://isc.sans.edu/podcastdetail/9124, (Wed, Sep 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2021-20123 Draytek VigorConnect Path Traversal Vulnerability CVE-2021-20124 Draytek VigorConnect Path Traversal Vulnerability CVE-2024-7262 Kingsoft WPS Office Path Traversal Vulnerability These
Continue ReadingLOYTEC Electronics LINX Series
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: LOYTEC electronics GmbH Equipment: LINX series Vulnerabilities: Cleartext Transmission of Sensitive Information, Missing Authentication for Critical Function, Cleartext Storage
Continue ReadingCISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on September 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-247-01 LOYTEC Electronics LINX Series CISA encourages users and administrators
Continue Reading