(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCategory: Dynamic Threat Feeds
DigiCert Certificate Revocations
DigiCert, a certificate authority (CA) organization, is revoking a subset of transport layer security (TLS) certificates due to a non-compliance issue with domain control verification (DCV). Revocation of these certificates may cause temporary disruptions to websites,
Continue ReadingApple Patches Everything. July 2024 Edition, (Tue, Jul 30th)
Yesterday, Apple released patches across all of its operating systems. A standalone patch for Safari was released to address WebKit problems in older macOS versions. Apple does not provide CVSS scores or severity ratings. The ratings
Continue ReadingCISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-37085 VMware ESXi Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and
Continue ReadingApple Releases Security Updates for Multiple Products
Apple released security updates to address vulnerabilities in Safari, iOS, iPadOS, macOS, watchOS, tvOS, and visionOS. A cyber threat actor could exploit some of these vulnerabilities to take control of an affected system. CISA encourages users
Continue ReadingISC Stormcast For Tuesday, July 30th, 2024 https://isc.sans.edu/podcastdetail/9074, (Tue, Jul 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCISA Adds Three Known Exploited Vulnerabilities to Catalog
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-4879 ServiceNow Improper Input Validation Vulnerability CVE-2024-5217 ServiceNow Incomplete List of Disallowed Inputs Vulnerability CVE-2023-45249 Acronis Cyber Infrastructure (ACI)
Continue ReadingUNC4393 Goes Gently into the SILENTNIGHT
Written by: Josh Murchie, Ashley Pearson, Joseph Pisano, Jake Nicastro, Joshua Shilko, Raymond Leong Overview In mid-2022, Mandiant's Managed Defense detected multiple intrusions involving QAKBOT, leading to the deployment of BEACON coupled with other pre-ransomware
Continue ReadingISC Stormcast For Monday, July 29th, 2024 https://isc.sans.edu/podcastdetail/9072, (Mon, Jul 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Continue ReadingCrowdStrike Outage Themed Maldoc, (Mon, Jul 29th)
I found a malicious Word document with VBA code using the CrowdStrike outage for social engineering purposes. It's an .ASD file (AutoRecover file). My tool oledump.py can analyze it: Before I dive into the VBA code,
Continue Reading