Last October, Forescout published a report disclosing several vulnerabilities in DrayTek routers. According to Forescount, about 700,000 devices were exposed to these vulnerabilities [1]. At the time, DrayTek released firmware updates for affected routers [2]. Forescout also noted that multiple…
Tag: SANS Internet Storm Center, InfoCON: green
ISC Stormcast For Friday, March 14th, 2025 https://isc.sans.edu/podcastdetail/9364, (Fri, Mar 14th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Friday, March 14th, 2025…
ISC Stormcast For Thursday, March 13th, 2025 https://isc.sans.edu/podcastdetail/9362, (Thu, Mar 13th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Thursday, March 13th, 2025…
File Hashes Analysis with Power BI from Data Stored in DShield SIEM, (Wed, Mar 12th)
I previously used Power BI [2] to analyze DShield sensor data and this time I wanted to show how it could be used by selecting certain type of data as a large dataset and export it for analysis. This time,…
Scans for VMWare Hybrid Cloud Extension (HCX) API (Log4j – not brute forcing), (Wed, Mar 12th)
Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) “sessions” endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information…
Scans for VMWare Hybrid Cloud Extension (HCX) API (Brutefording Credentials?), (Wed, Mar 12th)
Today, I noticed increased scans for the VMWare Hyprid Cloud Extension (HCX) “sessions” endpoint. These endpoints are sometimes associated with exploit attempts for various VMWare vulnerabilities to determine if the system is running the extensions or to gather additional information…
ISC Stormcast For Wednesday, March 12th, 2025 https://isc.sans.edu/podcastdetail/9360, (Wed, Mar 12th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Wednesday, March 12th, 2025…
Microsoft Patch Tuesday: March 2025, (Tue, Mar 11th)
The March patch Tuesday looks like a fairly light affair, with only 51 vulnerabilities total and only six rated as critical. However, this patch Tuesday also includes six patches for already exploited, aka “0-Day” vulnerabilities. None of the already exploited…
ISC Stormcast For Tuesday, March 11th, 2025 https://isc.sans.edu/podcastdetail/9358, (Tue, Mar 11th)
This post doesn’t have text content, please click on the link below to view the original article. This article has been indexed from SANS Internet Storm Center, InfoCON: green Read the original article: ISC Stormcast For Tuesday, March 11th, 2025…
Shellcode Encoded in UUIDs, (Mon, Mar 10th)
I returned from another FOR610[1] class last week in London. One key tip I give to my students is to keep an eye on “strange” API calls. In the Windows ecosystem, Microsoft offers tons of API calls to developers. The…