-
ISC Stormcast For Tuesday, October 22nd, 2024 https://isc.sans.edu/podcastdetail/9190, (Tue, Oct 22nd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
A Network Nerd’s Take on Emergency Preparedness, (Tue, Oct 15th)
Over the last month, two hurricanes barely missed me. Luckily, neither caused me any significant inconvenience. Sadly, others were not as lucky, and I think this is a good time to do a little “Lessons Learned” exercise. It made me reconsider some of my emergency preparations. I will take a “geek spin” on emergency preparedness in…
-
ISC Stormcast For Monday, October 21st, 2024 https://isc.sans.edu/podcastdetail/9188, (Mon, Oct 21st)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Friday, October 18th, 2024 https://isc.sans.edu/podcastdetail/9186, (Fri, Oct 18th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
ISC Stormcast For Thursday, October 17th, 2024 https://isc.sans.edu/podcastdetail/9184, (Thu, Oct 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Scanning Activity from Subnet 15.184.0.0/16, (Thu, Oct 17th)
I noticed in my logs 2 weeks ago regular probe from a subnet in the Amazone cloud only scanning for TCP/8080 capture by the iptables of my DShield sensor. The scanning started on the 15 Aug – 4 Oct 2024 where the sensor recorded 1046 individual IPs from this network. The IP use the most was 15.184.38.31…
-
The Top 10 Not So Common SSH Usernames and Passwords, (Wed, Oct 16th)
Our list of “Top” ssh usernames and password is pretty static. Well known defaults, like “root” and “admin” are at the top of the list. But there are always some usernames and password in the list that are not as well known, or only showed up more recently. I will focus in this diary on…
-
ISC Stormcast For Wednesday, October 16th, 2024 https://isc.sans.edu/podcastdetail/9182, (Wed, Oct 16th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
-
Angular-base64-update Demo Script Exploited (CVE-2024-42640), (Tue, Oct 15th)
Demo scripts left behind after installing applications or frameworks are an ongoing problem. After installation, removing any “demo” or “example” folders is usually best. A few days ago, Ravindu Wickramasinghe noticed that the Angular-base64-upload project is leaving behind a demo folder with a script allowing arbitrary file uploads without authentication [1]. Exploitation of the vulnerability is trivial.…
-
ISC Stormcast For Tuesday, October 15th, 2024 https://isc.sans.edu/podcastdetail/9180, (Tue, Oct 15th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
