Intern Joshua Jobe’s deep dive into the DShield SIEM reveals the thrilling world of log analysis and attack observations. Discover how honing JSON parsing skills and leveraging network traffic insights can turn a mundane internship into a cybersecurity adventure. The DShield SIEM is the hero we need, but parsing logs is the sidekick we deserve!

CISA released a new ICS advisory on May 28, 2024. Keep your systems secure by reviewing the latest insights on vulnerabilities and exploits.

Cisco released security updates for ArcaneDoor exploitation of ASA devices and Firepower software. Active exploits of CVE-2024-20353 and CVE-2024-20359 have been reported. CISA urges updates and vigilance!

The Welch Allyn Connex Spot Monitor vulnerability uses a default cryptographic key, posing a remote exploitation risk. Attackers can modify device configurations and firmware, leading to potential compromises and delays in patient care. Update to Version 1.5.2.01 to mitigate this risk.

Westermo EDW-100 is vulnerable due to hard-coded passwords and cleartext credential exposure. Attackers can exploit these flaws remotely with low complexity, threatening critical infrastructure sectors. Mitigations include network segregation, perimeter protection, and physical security measures. Consider replacing EDW-100 with Lynx DSS L105-S1 for enhanced security.

CISA adds CVE-2017-3506 Oracle WebLogic Server OS Command Injection to its Known Exploited Vulnerabilities Catalog, highlighting its risk to federal enterprises.

Microsoft Security Response Center (MSRC) investigated Tenable Inc.’s report on cross-tenant access via service tags. Initially flagged as a vulnerability, it was found that service tags worked as intended but required better documentation. Microsoft updated the service tags documentation to clarify their use and emphasized multi-layered security.

Ever tried parsing binary protocols over TCP and ended up looking like a confused emoji? Fear not! I developed a Wireshark dissector in Lua, inspired by SANS ICS training, to decode firmware upload protocols. Configure fields, filter traffic, and extract data with ease. Check out my blog and video for a deep dive into network…

John Moutos reveals a tool that hijacks Avast’s proxy to disable Windows Defender. While this trick could soon be a favorite among threat groups, detecting it is as easy as monitoring event logs and blocking Avast’s certificate. Dive into the diary for more on defense evasion and the rise of no-defender.

CISA released four ICS advisories on June 4, 2024, detailing security vulnerabilities and recommended mitigations. Stay ahead of hackers and review these crucial updates now!

Cisco Webex Meetings bugs allowed unauthorized access to meeting data at the Frankfurt data center. The issues were fixed globally by May 28, 2024.

A hilarious Python script takes a page from food labels, only executing before a best-before date! This malicious code fetches a payload and evades detection with anti-VM and anti-debugging tricks. If the mouse isn’t moving, the clock isn’t ticking, or the timezone’s off, it won’t bite. Classic CobaltStrike behavior.

CISA released four ICS advisories on June 6, 2024, detailing critical security issues, vulnerabilities, and exploits. Review these advisories for essential technical details and mitigations.

Struggling to find your IoT device’s expiration date? The UK now mandates suppliers to declare support periods, ensuring you’re not left with a vulnerable gadget. Plus, hefty fines for non-compliance!

AWS Deployment Framework users: Upgrade to version 4.0+ to fix CVE-2024-37293 and mitigate privilege escalation risks. Temporary fix: add a permissions boundary in the management account. Thanks to Xidian University for the responsible disclosure.

CISA released six ICS advisories on June 11, 2024, detailing security issues and exploits. Users and administrators should review these ICS advisories for crucial technical details and mitigations.

Decoding MSMQ packets is like deciphering hieroglyphs with a magnifying glass. Yesterday’s Microsoft Patch Tuesday highlighted a critical code execution vulnerability in MSMQ, and port 1801 started humming suspiciously. Anyone fluent in MSMQ protocol? Let’s crack this code before it cracks us!

Impersonation scams using the names of government employees are on the rise. Beware: CISA staff will never ask for money, cryptocurrency, or gift cards. If you suspect a scam, hang up, note the number, and validate by calling CISA at (844) SAY-CISA.

CISA dropped twenty ICS advisories on June 13, 2024, unveiling the latest security issues, vulnerabilities, and exploits. Users and administrators are urged to dive into the details for technical insights and mitigations.

“Reporter Impact: High. Memory safety bugs in Firefox and Thunderbird could lead to exploitable crashes. Beware of malicious iframes, tricky ‘Save As’ extensions, and sneaky offscreen canvases!”