After reviewing the Top 10 Not So Common SSH Usernames and Passwords [1] published by Johannes 2 weeks ago, I noticed activity by one in his list that we don't really know what it is. Beginning 12 October 2024, my…
Category: SANS Internet Storm Center, InfoCON: green
Scans for RDP Gateways, (Wed, Oct 30th)
RDP is one of the most prominent entry points into networks. Ransomware actors have taken down many large networks after initially entering via RDP. Credentials for RDP access are often traded by “initial access brokers”. This article has been indexed…
ISC Stormcast For Wednesday, October 30th, 2024 https://isc.sans.edu/podcastdetail/9202, (Wed, Oct 30th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, October 30th, 2024…
ISC Stormcast For Tuesday, October 29th, 2024 https://isc.sans.edu/podcastdetail/9200, (Tue, Oct 29th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, October 29th, 2024…
Apple Updates Everything, (Mon, Oct 28th)
Today, Apple released updates for all of its operating systems. These updates include new AI features. For iOS 18 users, the only upgrade path is iOS 18.1, which includes the AI features. Same for users of macOS 15 Sequoia. For…
Self-contained HTML phishing attachment using Telegram to exfiltrate stolen credentials, (Mon, Oct 28th)
Phishing authors have long ago discovered that adding HTML attachments to the messages they send out can have significant benefits for them – especially since an HTML file can contain an entire credential-stealing web page and does not need to…
ISC Stormcast For Monday, October 28th, 2024 https://isc.sans.edu/podcastdetail/9198, (Mon, Oct 28th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Monday, October 28th, 2024…
Two currently (old) exploited Ivanti vulnerabilities, (Sun, Oct 27th)
Ivanti products have given us a rich corpus of vulnerabilities in recent months (years). Of course, we do see occasional scans attempting to exploit them. Just today, I spotted two of them. None of them is particularly new, but a…
ISC Stormcast For Friday, October 25th, 2024 https://isc.sans.edu/podcastdetail/9196, (Fri, Oct 25th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, October 25th, 2024…
Development Features Enabled in Prodcution, (Thu, Oct 24th)
We do keep seeing attackers “poking around” looking for enabled development features. Developers often use these features and plugins to aid in debugging web applications. But if left behind, they may provide an attacker with inside to the application. In…