-
“Mirai” Now Exploits Samsung MaginINFO CMS (CVE-2024-7399), (Mon, May 5th)
Last August, Samsung patched an arbitrary file upload vulnerability that could lead to remote code execution [1]. The announcement was very sparse and did not even include affected systems: SVP-AUG-2024 SVE-2024-50018(CVE-2024-7399) Weakness : Improper limitation of a pathname to a restricted directory vulnerability in Samsung MagicINFO 9 Server allows attackers to write arbitrary file as…
-
ISC Stormcast For Monday, May 5th, 2025 https://isc.sans.edu/podcastdetail/9436, (Mon, May 5th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Steganography Challenge, (Sat, May 3rd)
If you are interested in experimenting with steganography and my tools, I propose the following challenge. This GitHub project is for a steganography tool. It has a PNG image of a stegosaurus with an encoded message. The challenge is to use my tools to decode the message. The steganographic algortihm is a bit different than…
-
ISC Stormcast For Friday, May 2nd, 2025 https://isc.sans.edu/podcastdetail/9434, (Fri, May 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Steganography Analysis With pngdump.py: Bitstreams, (Thu, May 1st)
A friend asked me if my pngdump.py tool can extract individual bits from an image (cfr. diary entry “Steganography Analysis With pngdump.py“). It can not. But another tool can: format-bytes.py. In the diary entry I mentioned, a PE file is embedded inside a PNG file according to a steganographic method: all the bytes of a…
-
ISC Stormcast For Thursday, May 1st, 2025 https://isc.sans.edu/podcastdetail/9432, (Thu, May 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Wednesday, April 30th, 2025 https://isc.sans.edu/podcastdetail/9430, (Wed, Apr 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Web Scanning Sonicwall for CVE-2021-20016, (Tue, Apr 29th)
There was a post initially published in January 2022 showing an exploitable “probable zero-day vulnerabilities”[1] for Sonicwall but looking back in what has been submitted in the past year to ISC, this past week was the first time we have been getting some reports. The activity occured on the 23 April 2025 between 18:00 –…
-
More Scans for SMS Gateways and APIs, (Tue, Apr 29th)
Last week, I wrote about scans for Teltonika Networks SMS Gateways. Attackers are always looking for cheap (free) ways to send SMS messages and gain access to not-blocklisted numbers. So, I took a closer look at similar scans we have seen. There are numerous ways to send SMS messages; using a hardware SMS gateway is…
-
ISC Stormcast For Tuesday, April 29th, 2025 https://isc.sans.edu/podcastdetail/9428, (Tue, Apr 29th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
