When I wrote about the internal file format of protected spreadsheets, I mentioned a simple 16-bit hash for .xls files in diary entry "16-bit Hash Collisions in .xls Spreadsheets" and a complex hash based on SHA256
Continue ReadingCategory: Dynamic Threat Feeds
Even Linux users should take a look at this Microsoft KB article., (Fri, Aug 2nd)
Secure boot has been a standard feature since at least Windows 8. As the name implies, the feature protects the boot process. The integrity of the boot process is ensured by digitally signing any software ("firmware")
Continue ReadingISC Stormcast For Friday, August 2nd, 2024 https://isc.sans.edu/podcastdetail/9080, (Fri, Aug 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingProduction and Proliferation: The Risks of the Burgeoning Iranian Drone Industry
The physical threat of Iranian-made unmanned aerial vehicles (UAVs), commonly known as drones, has been evident in conflict zones over Israel, the Red Sea, and Ukraine. Irans burgeoning drone industry also poses significant challenges to global
Continue ReadingTracking Proxy Scans with IPv4.Games, (Thu, Aug 1st)
Today, I saw a proxy scan that was a little bit different: http://ipv4.games/claim?name=gang http://ipv4.games/claim?name=napucan I wasn't familiar with ipv4.games, so of course, I had to check out the site. I liked it for a couple of
Continue ReadingCISA Releases Nine Industrial Control Systems Advisories
CISA released nine Industrial Control Systems (ICS) advisories on August 1, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-214-01 Johnson Controls exacqVision Client and exacqVision Server ICSA-24-214-02 Johnson
Continue ReadingAVTECH IP Camera
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity/public exploits are available/known public exploitation Vendor: AVTECH SECURITY Corporation Equipment: IP camera Vulnerability: Command Injection 2. RISK EVALUATION Successful exploitation of this vulnerability
Continue ReadingThe Strategic and Economic Implications of Iran’s Expanding Drone Industry
The physical threat of Iranian-made unmanned aerial vehicles (UAVs), commonly known as drones, has been evident in conflict zones over Israel, the Red Sea, and Ukraine. Irans burgeoning drone industry also poses significant challenges to global
Continue ReadingJohnson Controls exacqVision Server Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 7.6 ATTENTION: Exploitable remotely Vendor: Johnson Controls Inc. Equipment: exacqVision Web Service Vulnerability: Permissive Cross-domain Policy with Untrusted Domains 2. RISK EVALUATION Successful exploitation of this vulnerability could allow
Continue ReadingJohnson Controls exacqVision Web Service
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.4 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: exacqVision Server Vulnerability: Improper Certificate Validation 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to perform
Continue Reading