-
ISC Stormcast For Tuesday, November 4th, 2025 https://isc.sans.edu/podcastdetail/9684, (Tue, Nov 4th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
XWiki SolrSearch Exploit Attempts (CVE-2025-24893) with link to Chicago Gangs/Rappers, (Mon, Nov 3rd)
XWiki describes itself as “The Advanced Open-Source Enterprise Wiki” and considers itself an alternative to Confluence and MediaWiki. In February, XWiki released an advisory (and patch) for an arbitrary remote code execution vulnerability. Affected was the SolrSearch component, which any user, even with minimal “Guest” privileges, can use. The advisory included PoC code, so it is…
-
ISC Stormcast For Monday, November 3rd, 2025 https://isc.sans.edu/podcastdetail/9682, (Mon, Nov 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Scans for Port 8530/8531 (TCP). Likely related to WSUS Vulnerability CVE-2025-59287, (Sun, Nov 2nd)
Sensors reporting firewall logs detected a significant increase in scans for port 8530/TCP and 8531/TCP over the course of last week. Some of these reports originate from Shadowserver, and likely other researchers, but there are also some that do not correspond to known research-related IP addresses. CVE-2025-59287 is exploited by connecting to affected WSUS servers…
-
ISC Stormcast For Friday, October 31st, 2025 https://isc.sans.edu/podcastdetail/9680, (Fri, Oct 31st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
X-Request-Purpose: Identifying “research” and bug bounty related scans?, (Thu, Oct 30th)
This week, I noticed some new HTTP request headers that I had not seen before: X-Request-Purpose: Research and X-Hackerone-Research: plusultra X-Bugcrowd-Ninja: plusultra X-Bug-Hunter: true The purpose of these headers appears to be to identify them as being sent as part of a bug bounty. Some companies request the use of these headers as part of…
-
ISC Stormcast For Thursday, October 30th, 2025 https://isc.sans.edu/podcastdetail/9678, (Thu, Oct 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
How to collect memory-only filesystems on Linux systems, (Wed, Oct 29th)
I’ve been doing Unix/Linux IR and Forensics for a long time. I logged into a Unix system for the first time in 1983. That’s one of the reasons I love teaching FOR577[1], because I have stories that go back to before some of my students were even born that are still relevant today. In recent…
-
ISC Stormcast For Wednesday, October 29th, 2025 https://isc.sans.edu/podcastdetail/9676, (Wed, Oct 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
A phishing with invisible characters in the subject line, (Tue, Oct 28th)
While reviewing malicious messages that were delivered to our handler inbox over the past few days, I noticed that the “subject” of one phishing e-mail looked quite strange when displayed in the Outlook message list… As you can see, once the message was open, the subject was displayed as a normal, readable text. This suggested…
