(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCategory: Dynamic Threat Feeds
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-45519 Synacor Zimbra Collaboration Command Execution Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors
Continue ReadingDelta Electronics DIAEnergie
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: Delta Electronics Equipment: DIAEnergie Vulnerabilities: SQL Injection 2. RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to retrieve records
Continue ReadingTEM Opera Plus FM Family Transmitter
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available Vendor: TEM Equipment: Opera Plus FM Family Transmitter Vulnerabilities: Missing Authentication for Critical Function, Cross-Site Request Forgery (CSRF) 2. RISK
Continue ReadingCISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on October 3, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-277-01 TEM Opera Plus FM Family Transmitter ICSA-24-277-02 Subnet Solutions
Continue ReadingSubnet Solutions Inc. PowerSYSTEM Center
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 7.5 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Subnet Solutions Inc. Equipment: PowerSYSTEM Center Vulnerabilities: Server-Side Request Forgery (SSRF), Inefficient Regular Expression Complexity, Cross-Site Request Forgery (CSRF) 2. RISK EVALUATION
Continue ReadingISC Stormcast For Thursday, October 3rd, 2024 https://isc.sans.edu/podcastdetail/9164, (Thu, Oct 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingKickstart Your DShield Honeypot [Guest Diary], (Thu, Oct 3rd)
[This is a Guest Diary by Joshua Gilman, an ISC intern as part of the SANS.edu BACS program] Introduction Setting up a DShield honeypot is just the beginning. The real challenge lies in configuring all the
Continue ReadingSecurity related Docker containers, (Wed, Oct 2nd)
Over the last 9 months or so, I've been putting together some docker containers that I find useful in my day-to-day malware analysis and forensicating. I have been putting them up on hub.docker.com and decided, I might as
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-29824 Ivanti Endpoint Manager (EPM) SQL Injection Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber
Continue Reading