[This is a Guest Diary by Riché Wiley, an ISC intern as part of the SANS.edu BACS program] I first set up a DShield honeypot as part of my internship with SANS Internet Storm Center, I
Continue ReadingCategory: Dynamic Threat Feeds
CISA Releases Secure by Demand Guidance
Today, CISA and the Federal Bureau of Investigation (FBI) have released Secure by Demand Guide: How Software Customers Can Drive a Secure Technology Ecosystem to help organizations drive a secure technology ecosystem by ensuring their software
Continue ReadingA Survey of Scans for GeoServer Vulnerabilities, (Tue, Aug 6th)
A little bit over a year ago, I wrote about scans for GeoServer [1][2]. GeoServer is a platform to process geographic data [3]. It makes it easy to share geospatial data in various common standard formats.
Continue ReadingDelta Electronics DIAScreen
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 8.5 ATTENTION: Low attack complexity Vendor: Delta Electronics Equipment: DIAScreen Vulnerability: Stack-based Buffer Overflow 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to cause a
Continue ReadingCISA Releases One Industrial Control Systems Advisory
CISA released one Industrial Control Systems (ICS) advisory on August 6, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-219-01 Delta Electronics DIAScreen CISA encourages users and administrators to
Continue ReadingISC Stormcast For Tuesday, August 6th, 2024 https://isc.sans.edu/podcastdetail/9084, (Tue, Aug 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2018-0824 Microsoft COM for Windows Deserialization of Untrusted Data Vulnerability These types of vulnerabilities are frequent attack vectors for
Continue ReadingScript obfuscation using multiple instances of the same function, (Mon, Aug 5th)
Threat actors like to make detection and analysis of any malicious code they create as difficult as possible – for obvious reasons. There are any number of techniques which they may employ in this area, nevertheless,
Continue ReadingISC Stormcast For Monday, August 5th, 2024 https://isc.sans.edu/podcastdetail/9082, (Mon, Aug 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingOOXML Spreadsheets Protected By Verifier Hashes, (Sat, Aug 3rd)
When I wrote about the internal file format of protected spreadsheets, I mentioned a simple 16-bit hash for .xls files in diary entry "16-bit Hash Collisions in .xls Spreadsheets" and a complex hash based on SHA256
Continue Reading