-
Two currently (old) exploited Ivanti vulnerabilities, (Sun, Oct 27th)
Ivanti products have given us a rich corpus of vulnerabilities in recent months (years). Of course, we do see occasional scans attempting to exploit them. Just today, I spotted two of them. None of them is particularly new, but a reminder to keep patching (or disabling): CVE-2023-46805 and CVE-2024-21887 “tests” POST /api/v1/totp/user-backup-code/../../system/maintenance/archiving/cloud-server-test-connection HTTP/1.1 Host: [honeypot…
-
ISC Stormcast For Friday, October 25th, 2024 https://isc.sans.edu/podcastdetail/9196, (Fri, Oct 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Development Features Enabled in Prodcution, (Thu, Oct 24th)
We do keep seeing attackers “poking around” looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In their simplest form, these features provide detailed configuration information. More severe cases may leak credentials…
-
ISC Stormcast For Thursday, October 24th, 2024 https://isc.sans.edu/podcastdetail/9194, (Thu, Oct 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Everybody Loves Bash Scripts. Including Attackers., (Wed, Oct 23rd)
Today our “First Seen” page displayed a number of simple URLs: /wp-backup.sh /submit.sh /stage-deploy.sh /scripts/driverenv.sh /s3.sh /run-deploy.sh /passwords.sh /m/index.php /library.sh /installer.sh /envvars.sh /driverenv.sh /driver.sh /docker/startup.sh /develop.sh /bucket.sh /aws_cli.sh /aws-env.sh These URLs are not associated with a specific vulnerability. But they all have a couple of things in common: Based on the .sh extension, they appear…
-
ISC Stormcast For Wednesday, October 23rd, 2024 https://isc.sans.edu/podcastdetail/9192, (Wed, Oct 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?, (Tue, Oct 22nd)
Back in June of 2010, The Electronic Frontier Foundation (EFF) released the first beta release of the “HTTPS Everywhere” plugin [1]. Even then, most websites offered HTTPS. But unlike today, HTTP was often still the default, and HTTPS was not always implemented across the entire site. The world has changed quite a bit since then.…
-
ISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
A Network Nerd’s Take on Emergency Preparedness, (Tue, Oct 15th)
Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little “Lessons Learned” exercise. It made me reconsider some of my emergency preparations. I will take a “geek spin” on emergency preparedness in…
-
ISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
