-
ISC Stormcast For Monday, October 6th, 2025 https://isc.sans.edu/podcastdetail/9642, (Mon, Oct 6th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Friday, October 3rd, 2025 https://isc.sans.edu/podcastdetail/9640, (Fri, Oct 3rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
More .well-known Scans, (Thu, Oct 2nd)
I have been writing about the “.well-known” directory a few times before. Recently, about attackers hiding webshells [1], and before that, about the purpose of the directory and why you should set up a “/.well-known/security.txt” file. But I noticed something else when I looked at today’s logs on this web server. Sometimes you do not…
-
ISC Stormcast For Thursday, October 2nd, 2025 https://isc.sans.edu/podcastdetail/9638, (Thu, Oct 2nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Wednesday, October 1st, 2025 https://isc.sans.edu/podcastdetail/9636, (Wed, Oct 1st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
![[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)](/wp-content/uploads/2025/09/2025-10-01_figure1-MdQrvE.png)
[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)
[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor’s Degree in Applied Cybersecurity (BACS) program [1].] DShield Honeypots are constantly exposed to the internet and inundated with exploit traffic, login attempts, and other malicious activity. Analyzing the logged password attempts can help identify what attackers are targeting. To…
-
“user=admin”. Sometimes you don’t even need to log in., (Tue, Sep 30th)
One of the common infosec jokes is that sometimes, you do not need to “break” an application, but you have to log in. This is often the case for weak default passwords, which are common in IoT devices. However, an even easier method is to tell the application who you are. This does not even…
-
ISC Stormcast For Tuesday, September 30th, 2025 https://isc.sans.edu/podcastdetail/9634, (Tue, Sep 30th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Apple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th)
It is typical for Apple to release a “.0.1” update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The security vulnerability not only affects the “26” releases of iOS and macOS, but also older versions. Apple released fixes for…
-
Increase in Scans for Palo Alto Global Protect Vulnerability (CVE-2024-3400), (Mon, Sep 29th)
We are all aware of the abysmal state of security appliances, no matter their price tag. Ever so often, we see an increase in attacks against some of these vulnerabilities, trying to mop up systems missed in earlier exploit waves. Currently, on source in particular, %%ip:141.98.82.26%% is looking to exploit systems vulnerable to CVE-2024-3400. The…
