ISC News Feeds
SANS Internet Storm Center - Cooperative Cyber Security Monitor
-
ISC Stormcast For Friday, April 26th, 2024 https://isc.sans.edu/podcastdetail/8956, (Fri, Apr 26th)
-
ISC Stormcast For Thursday, April 25th, 2024 https://isc.sans.edu/podcastdetail/8954, (Thu, Apr 25th)
-
Does it matter if iptables isn't running on my honeypot?, (Thu, Apr 25th)
I&#;x26;#;39;ve been working on comparing data from different DShield [1] honeypots to understand differences when the honeypots reside on different networks. One point of comparison is malware submitted to the honeypots. During a review of the summarized data, I noticed that one honeypot was an outlier in terms of malware captured. -
ISC Stormcast For Wednesday, April 24th, 2024 https://isc.sans.edu/podcastdetail/8952, (Wed, Apr 24th)
-
API Rug Pull - The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)
A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021: -
Struts "devmode": Still a problem ten years later?, (Tue, Apr 23rd)
Like many similar frameworks and languages, Struts 2 has a "developer mode" (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a "web shell" built into devmode. -
ISC Stormcast For Tuesday, April 23rd, 2024 https://isc.sans.edu/podcastdetail/8950, (Tue, Apr 23rd)
-
It appears that the number of industrial devices accessible from the internet has risen by 30 thousand over the past three years, (Mon, Apr 22nd)
It has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[1]. Back in May of 2021, I wrote a slightly optimistic diary mentioning that there were probably somewhere between 74.2 thousand (according to Censys) and 80.8 thousand (according to Shodan) such systems, and that based on long-term data from Shodan, it appeared as though there was a downward trend in the number of these systems. -
ISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd)
-
The CVE's They are A-Changing!, (Wed, Apr 17th)
The downloadable format of CVE&#;x26;#;39;s from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these downloads to populate your own feeds or product database, if you&#;x26;#;39;re not using the new format already you might be behind the eight ball!