(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingBlog
ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 10.0 ATTENTION: Exploitable remotely/low attack complexity Vendor: ABB Equipment: ASPECT-Enterprise, NEXUS, and MATRIX series Vulnerabilities: Files or Directories Accessible to External Parties, Improper Validation of Specified Type of Input,
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-41713 Mitel MiCollab Path Traversal Vulnerability CVE-2024-55550 Mitel MiCollab Path Traversal Vulnerability CVE-2020-2883 Oracle WebLogic Server Unspecified Vulnerability Users and administrators are
Continue ReadingNedap Librix Ecoreader
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Nedap Librix Equipment: Ecoreader Vulnerability: Missing Authentication for Critical Function 2. RISK EVALUATION Successful exploitation of this vulnerability could result in remote
Continue ReadingCISA Releases Two Industrial Control Systems Advisories
CISA released two Industrial Control Systems (ICS) advisories on January 7, 2025. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-25-007-01 ABB ASPECT-Enterprise, NEXUS, and MATRIX Series Products ICSA-25-007-02 Nedap
Continue ReadingTracking Deployment of Russian Surveillance Technologies in Central Asia and Latin America
SummarySeveral countries in Central Asia and Latin America base their digital surveillance capabilities on Russias System for Operative Investigative Activities (SORM), indicating that Russian surveillance technology has proliferated in Russias near abroad and among its allies.
Continue ReadingPacketCrypt Classic Cryptocurrency Miner on PHP Servers, (Tue, Jan 7th)
The SANS DShield project receives a wide variety of logs submitted by participants of the DShield project. Looking at the “” URLs page, I observed an interesting URL and dived deeper to investigate. The URL recorded
Continue ReadingISC Stormcast For Tuesday, January 7th, 2025 https://isc.sans.edu/podcastdetail/9268, (Tue, Jan 7th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingHispanic Heritage Month: Path to Collective Power – Part Two
This year, our Hispanic Heritage Month program features a three-part series led by Nota Inclusion speakers. Futurists are invited to participate in virtual development sessions covering themes like overcoming adversity, unlocking personal potential, and harnessing the
Continue ReadingMake Malware Happy, (Mon, Jan 6th)
When I teach FOR610[1], I like to use a funny quotation with my students: “Make malware happy!” What does it mean? Yes, we like malware, and we need to treat it in a friendly way. To
Continue Reading