CISA released an ICS advisory on May 21, 2024, warning about security vulnerabilities in industrial control systems. Users and administrators should review the details and apply mitigations faster than a cat chasing a laser pointer.

Unlock the secrets of NMAP with Shodan’s API! Learn how to “scan” networks without actually scanning them. This nifty trick will have you gathering port and service data faster than you can say TCP!

Cisco has released security updates addressing ArcaneDoor exploitation in Cisco ASA and FTD devices. Active exploitation of CVE-2024-20353 and CVE-2024-20359 has been reported.

Cisco releases security updates to address ArcaneDoor vulnerabilities in ASA devices and Firepower Threat Defense software. Active exploitation of CVE-2024-20353 and CVE-2024-20359 reported. Apply updates, hunt for malicious activity, and report findings.

Coin miners like “redtail” are the sneaky cyber burglars of the digital world, covertly hijacking your computer’s resources to mine cryptocurrency. This malware, capable of running on multiple CPU architectures, exemplifies the cunning and adaptability of modern coin miners. Discover how they operate and how to spot them before they strike!

CISA released a new ICS advisory on May 23, 2024. Stay ahead of the curve with timely updates on security issues, vulnerabilities, and exploits in Industrial Control Systems.

Operation Diplomatic Specter has been targeting political entities in the Middle East, Africa, and Asia since late 2022. Leveraging rare email exfiltration techniques and custom malware, the Chinese APT group focuses on espionage. Organizations should prioritize patching vulnerabilities to mitigate risks from advanced persistent threats.

YARA 4.5.0 brings minor regex tweaks and bugfixes. But hold on, Victor says it’s time to embrace YARA-X! Despite being in beta, it’s stable enough for command-line use and Python scripts. Long live YARA-X!

Cisco patches ArcaneDoor vulnerabilities in ASA and FTD devices. Exploited flaws CVE-2024-20353 and CVE-2024-20359 can give cyber actors system control. CISA urges prompt updates and reporting.

CISA has updated its Known Exploited Vulnerabilities Catalog with three new entries, including CVE-2024-20353. These vulnerabilities are prime targets for cyberattacks, and timely remediation is crucial for all organizations.

Cisco released security updates to tackle ArcaneDoor exploitation in Cisco ASA devices and Firepower Threat Defense software. Active exploits of CVE-2024-20353 and CVE-2024-20359 have been reported.

Intern Joshua Jobe’s deep dive into the DShield SIEM reveals the thrilling world of log analysis and attack observations. Discover how honing JSON parsing skills and leveraging network traffic insights can turn a mundane internship into a cybersecurity adventure. The DShield SIEM is the hero we need, but parsing logs is the sidekick we deserve!

CISA released a new ICS advisory on May 28, 2024. Keep your systems secure by reviewing the latest insights on vulnerabilities and exploits.

Cisco released security updates for ArcaneDoor exploitation of ASA devices and Firepower software. Active exploits of CVE-2024-20353 and CVE-2024-20359 have been reported. CISA urges updates and vigilance!

The Welch Allyn Connex Spot Monitor vulnerability uses a default cryptographic key, posing a remote exploitation risk. Attackers can modify device configurations and firmware, leading to potential compromises and delays in patient care. Update to Version 1.5.2.01 to mitigate this risk.

Westermo EDW-100 is vulnerable due to hard-coded passwords and cleartext credential exposure. Attackers can exploit these flaws remotely with low complexity, threatening critical infrastructure sectors. Mitigations include network segregation, perimeter protection, and physical security measures. Consider replacing EDW-100 with Lynx DSS L105-S1 for enhanced security.

CISA adds CVE-2017-3506 Oracle WebLogic Server OS Command Injection to its Known Exploited Vulnerabilities Catalog, highlighting its risk to federal enterprises.

Microsoft Security Response Center (MSRC) investigated Tenable Inc.’s report on cross-tenant access via service tags. Initially flagged as a vulnerability, it was found that service tags worked as intended but required better documentation. Microsoft updated the service tags documentation to clarify their use and emphasized multi-layered security.

Ever tried parsing binary protocols over TCP and ended up looking like a confused emoji? Fear not! I developed a Wireshark dissector in Lua, inspired by SANS ICS training, to decode firmware upload protocols. Configure fields, filter traffic, and extract data with ease. Check out my blog and video for a deep dive into network…

John Moutos reveals a tool that hijacks Avast’s proxy to disable Windows Defender. While this trick could soon be a favorite among threat groups, detecting it is as easy as monitoring event logs and blocking Avast’s certificate. Dive into the diary for more on defense evasion and the rise of no-defender.