CISA released four Industrial Control Systems (ICS) advisories on October 24, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-298-01 VIMESA VHF/FM Transmitter Blue Plus ICSA-24-298-02 iniNet Solutions SpiderControl
Continue ReadingMonth: October 2024
Russian Strategic Information Attack for Catastrophic Effect
SummaryRussias Strategic Information Attack (SIA) concept focuses on non-kinetic methods to disrupt or destroy adversary national critical infrastructure (NCI) during strategic conflicts. Insikt Group acknowledges that SIA is not an official term used in Russian or
Continue ReadingISC Stormcast For Thursday, October 24th, 2024 https://isc.sans.edu/podcastdetail/9194, (Thu, Oct 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingInvestigating FortiManager Zero-Day Exploitation (CVE-2024-47575)
Written by: Foti Castelan, Max Thauer, JP Glab, Gabby Roncone, Tufail Ahmed, Jared Wilson Summary In October 2024, Mandiant collaborated with Fortinet to investigate the mass exploitation of FortiManager appliances across 50+ potentially compromised FortiManager devices
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation, as confirmed by Fortinet. CVE-2024-47575 Fortinet FortiManager Missing Authentication Vulnerability These types of vulnerabilities are frequent attack vectors for
Continue ReadingOperation Overload Impersonates Media to Influence 2024 US Election
SummaryOperation Overload, a Russia-aligned influence operation, is aggressively targeting the 2024 US presidential election. Using fake news, fact-checking sites, and AI-generated audio, it seeks to manipulate public opinion by impersonating trusted media organizations. This campaign primarily
Continue ReadingEverybody Loves Bash Scripts. Including Attackers., (Wed, Oct 23rd)
Today our "First Seen" page displayed a number of simple URLs: /wp-backup.sh /submit.sh /stage-deploy.sh /scripts/driverenv.sh /s3.sh /run-deploy.sh /passwords.sh /m/index.php /library.sh /installer.sh /envvars.sh /driverenv.sh /driver.sh /docker/startup.sh /develop.sh /bucket.sh /aws_cli.sh /aws-env.sh These URLs are not associated with a
Continue ReadingISC Stormcast For Wednesday, October 23rd, 2024 https://isc.sans.edu/podcastdetail/9192, (Wed, Oct 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingHow much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?, (Tue, Oct 22nd)
Back in June of 2010, The Electronic Frontier Foundation (EFF) released the first beta release of the "HTTPS Everywhere" plugin [1]. Even then, most websites offered HTTPS. But unlike today, HTTP was often still the default,
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-38094 Microsoft SharePoint Deserialization Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose
Continue Reading