It can be helpful to simulate different kinds of system activity. I had an instance where I wanted to generate logs to test a log forwarding agent. This agent was processing DNS logs. There are a variety of
Continue ReadingCategory: Dynamic Threat Feeds
CISA and Partners Release Advisory on RansomHub Ransomware
Today, CISA—in partnership with the Federal Bureau of Investigation (FBI), Multi-State Information Sharing and Analysis Center (MS-ISAC), and Department of Health and Human Services (HHS)—released a joint Cybersecurity Advisory, #StopRansomware: RansomHub Ransomware. This advisory provides network defenders with
Continue Reading#StopRansomware: RansomHub Ransomware
Summary Note: This joint Cybersecurity Advisory is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors. These #StopRansomware advisories include recently and historically observed
Continue ReadingH1 2024 Check Fraud Report: Geographic Trends and Threat Actor Patterns
The 2024 Check Fraud Report highlights a significant rise in check fraud across the United States, with an estimated $21 billion in losses in 2023 alone. The report analyzes nearly a million stolen bank check images
Continue ReadingDelta Electronics DTN Soft
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.4 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DTN Soft Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to
Continue ReadingCISA Releases Three Industrial Control Systems Advisories
CISA released three Industrial Control Systems (ICS) advisories on August 29, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-242-01 Rockwell Automation ThinManager ThinServer ICSA-24-242-02 Delta Electronics DTN Soft
Continue ReadingRockwell Automation ThinManager ThinServer
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/Low attack complexity Vendor: Rockwell Automation Equipment: ThinManager ThinServer Vulnerabilities: Improper Privilege Management, Incorrect Permission Assignment for Critical Resource, Improper Input Validation 2. RISK EVALUATION Successful
Continue ReadingA Measure of Motive: How Attackers Weaponize Digital Analytics Tools
Adrian McCabe, Ryan Tomcik, Stephen Clement Introduction Digital analytics tools are vital components of the vast domain that is modern cyberspace. From system administrators managing traffic load balancers to marketers and advertisers working to deliver relevant
Continue ReadingLive Patching DLLs with Python, (Thu, Aug 29th)
In my previous diary[1], I explained why Python became popular for attackers. One of the given reason was that, from Python scripts, it’s possible to call any Windows API and, therefore, perform low-level activities on the
Continue ReadingISC Stormcast For Thursday, August 29th, 2024 https://isc.sans.edu/podcastdetail/9118, (Thu, Aug 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue Reading