CISA has added five new vulnerabilities to its Known Exploited Vulnerabilities Catalog. While these aren’t exactly the Fab Five you’d want, they are actively being exploited by cyber troublemakers. So, federal agencies and beyond, time to patch up and keep those digital doors locked!

SOC analysts want fewer alerts, but with weak security foundations, they might as well wish for unicorns. Security stacks built on shaky grounds are like pies without crusts—messy and unsatisfying. Without proper configuration and asset inventory, all the fancy tools in the world won’t help when you’re swimming in false positives.

In the world of cybersecurity, spotting “strange” API calls can be key. A malicious Python script using the UuidFromStringA() API call cleverly disguised its shellcode as UUIDs. This technique is a sneaky way to stay under the radar, with the script’s VT score a measly 2/61. Keep an eye out for those UUIDs!

Join Xavier Mertens at the Internet Storm Center as he keeps the threat level green and your spirits high. Discover the latest in application security with his upcoming Orlando class. Perfect for anyone who’s ever asked, “What could possibly go wrong with my web apps and APIs?” Spoiler: A lot, but Xavier’s got you covered!

Remember, webshells are like the party crashers of the internet—uninvited, often disguised, and always up to no good. Check your server for odd files, like teorema505 or upl.php, and ensure you’re not accidentally hosting your own webshell bash. It’s like leaving your door wide open for hackers!

In early 2024, a security assessment of the ICONICS Suite SCADA system revealed five vulnerabilities in versions 10.97.2 and earlier for Windows, including DLL hijacking. These vulnerabilities can lead to privilege escalation, denial of service, or even full system compromise. Fortunately, ICONICS has released patches and advisories to address these security concerns.

Tune in to the ISC Stormcast for the latest threat level updates and discover how to secure web applications, APIs, and microservices. Don’t miss the upcoming class in Orlando, where you’ll learn to shield your digital fortress like a pro! Whether you’re a code ninja or aspiring to be one, we’ve got an API for…

Beware the “BianLian Group” scam! Cybercriminals are masquerading as this group, threatening corporate execs with extortion letters. Their demand? Pay up or watch your sensitive information go public. The FBI’s Internet Crime Complaint Center (IC3) has issued an alert to keep businesses informed and protected from these digital mischief-makers.

View CSAF: A vulnerability in Hitachi Energy’s Relion 670/650/SAM600-IO series could let a mischievous user with credentials bypass security controls. The CVSS v4 score is 8.6, making it as dangerous as a toddler with a permanent marker. Mitigation includes updating software versions and implementing strict security practices. Keep your systems safe!

When life gives you typo DGAs, make sure your security systems can spot the difference. Our graph-intelligence pipeline uncovered a campaign using typo DGAs, evading detection like a ninja in the night. If you’re worried about rogue domains and sneaky redirects, better call the Unit 42 Incident Response team pronto!

Cisco TMS has reached the end-of-life stage, leaving its vulnerability unpatched. Customers should migrate to alternative service providers and consult Cisco Security Advisories for guidance. For those clinging to TMS, it’s like holding onto a rotary phone in a smartphone world. Time to upgrade!

Cisco’s releasing free software updates to tackle vulnerabilities, but remember, no free lunches here! License holders only, please. For those sans service contracts, get your upgrade by calling Cisco TAC with your product serial number. For more details, visit the Cisco Support and Downloads page.

Malicious traffic distribution systems are like the Swiss Army knives of cybercrime, redirecting victims through a maze of URLs that would make even a GPS question its life choices. From phishing to malvertising, these TDS networks keep attackers one step ahead, proving that crime does pay—just not in a currency you’d want to declare.

View CSAF vulnerabilities like a comedic Greek tragedy: with low attack complexity and high stakes, GMOD Apollo’s software is a hacker’s paradise. Forget the Trojan horse—this one’s full of privilege escalations, bypassed authentications, and sensitive disclosures. But fear not, update to version 2.8.0, and your digital Achilles heel will be patched!

Cyber attackers have a new recipe: searching for secrets files on exposed web servers like a sommelier hunting for the perfect vintage. They even used a Romanian distillery’s network for this “fine selection” of scans. Cheers to them, but remember to secure your .env files and protect those precious credentials!

Beware: a cunning Cisco Webex vulnerability in Release 45.2 could let sneaky hackers access data and credentials if SIP communication isn’t secure. A simple config change can fix it, but if your Webex isn’t in Windows or predates Release 45.2, you’re safe. Time to update or risk being a victim of the digital heist!

Breaking news in the world of digital sleuthing: Jim Clausing’s mac-robber.py script had a sneaky bug causing chaos for soft/symbolic links. The bug is now squashed, so update immediately to keep your forensic investigations on the straight and narrow!

Malware authors are like ninjas with keyboards, using obfuscation techniques to sneak their creations past sandbox security. From Agent Tesla to XWorm, these malware families employ tricks like code virtualization and staged payloads. Static analysis in sandboxes can help uncover their secrets, but automation in unpacking these malware samples would be a game-changer.

The Mark of the Web (MoTW) is like a digital sticky note Windows slaps on files from the Internet, warning your apps to handle them with care. It’s like your computer’s way of saying, “Proceed with caution, this file might have cooties!” Stay vigilant, as sneaky threat actors are constantly finding ways to dodge it.

Wireshark release 4.4.5 swooped in faster than a caffeinated squirrel to fix a bug that made it crash when users clicked on a column header.