Last week, I posted a diary about suspicious Python modules. One of them was Firebase [1], the cloud service provided by Google[2]. Firebase services abused by attackers is not new, usually, it’s used to host malicious
Continue ReadingBlog
ISC Stormcast For Tuesday, September 17th, 2024 https://isc.sans.edu/podcastdetail/9140, (Tue, Sep 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingNew CISA Plan Aligns Federal Agencies in Cyber Defense
Today, the Cybersecurity and Infrastructure Security Agency (CISA) released the Federal Civilian Executive Branch (FCEB) Operational Cybersecurity Alignment (FOCAL) Plan. Developed in collaboration with FCEB agencies, this plan provides standard, essential components of enterprise operational cybersecurity
Continue ReadingCISA Adds Two Known Exploited Vulnerabilities to Catalog
CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-43461 Microsoft Windows MSHTML Platform Spoofing Vulnerability CVE-2024-6670 Progress WhatsUp Gold SQL Injection Vulnerability These types of vulnerabilities are
Continue ReadingManaging PE Files With Overlays, (Mon, Sep 16th)
There is a common technique used by attackers: They append some data at the end of files (this is called an overlay). This can be used for two main reasons: To hide the appended data from
Continue ReadingISC Stormcast For Monday, September 16th, 2024 https://isc.sans.edu/podcastdetail/9138, (Mon, Sep 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingYARA-X’s Dump Command, (Sun, Sep 15th)
YARA-X is not just a rewrite of YARA in Rust, it comes with new features too. One of these features is the dump command: yr.exe dump ... YARA-X can parse several file formats natively, to support
Continue ReadingYARA 4.5.2 Release, (Sat, Sep 14th)
YARA 4.5.2 was released with 3 small changes and 4 bugfixes. Didier Stevens Senior handler blog.DidierStevens.com (c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-8190 Ivanti Cloud Services Appliance OS Command Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious
Continue ReadingIvanti Releases Security Update for Cloud Services Appliance
Ivanti has released a security update addressing an OS command injection vulnerability (CVE-2024-8190) affecting Ivanti Cloud Services Appliance (CSA) 4.6 (all versions before patch 519). A cyber threat actor could exploit this vulnerability to take control
Continue Reading