Internet Security öffentlich
[search 0]
Mehr
Download the App!
show episodes
 
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minutes long summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Storm Center. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
  continue reading
 
Loading …
show series
 
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks…
  continue reading
 
SANS Stormcast Friday, March 27th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218 Our honeypots detected a deserialization attack against the CMS Sitecore using a “thumnailaccesstoken” header. The underlying vulnerability was pat…
  continue reading
 
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors,…
  continue reading
 
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolut…
  continue reading
 
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code te…
  continue reading
 
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details; XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721) Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but ap…
  continue reading
 
Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796 Critical Ingress Nightmare Vulnerability ingress-nginx fixed four new vulnerabilities, one of which ma…
  continue reading
 
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware Privacy Aware Bots A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them. https://isc.sans.edu/…
  continue reading
 
Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw http…
  continue reading
 
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse Critical Next.js Vulnerability CVE-2025-29927 A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications. https://zhero-web-sec.github.io/research-and-things/nextjs-an…
  continue reading
 
Some New Data Feeds and Little Incident We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode. https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786 Veeam Deserialization Vulnerability Veeam released details regarding the latest vulner…
  continue reading
 
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE; Some New Data Feeds and Little Incident We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode. https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22…
  continue reading
 
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential i…
  continue reading
 
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440 Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the…
  continue reading
 
Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778 Tomcat RCE Correction To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options mu…
  continue reading
 
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day Python Bot Delivered Through DLL Side-Loading A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Sid…
  continue reading
 
Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code. https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774 SAMLStorm: Critical Authenticatio…
  continue reading
 
SANS Stormcast Monday Mar 17th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation Static Analysis of GUID Encoded Shellcode Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration informat…
  continue reading
 
Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong. https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20R…
  continue reading
 
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vu…
  continue reading
 
File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764 Apache Camel Vulnerability Apache released…
  continue reading
 
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln File Hashes Analysis with Power BI Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool. https://isc.sans.edu/diary/File%20Hashes%2…
  continue reading
 
Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hy…
  continue reading
 
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates; Log4J Scans for VMWare Hyhbrid Cloud Extensions An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attac…
  continue reading
 
Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756 Apple Updates iOS/macOS Apple released an update to address a single, alr…
  continue reading
 
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement Microsoft Patch Tuesday Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches. https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesda…
  continue reading
 
Loading …

Kurzanleitung

Hören Sie sich diese Show an, während Sie die Gegend erkunden
Abspielen