Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks Bit IP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed.
A remote code execution vulnerability &#;x26;#;x25;&#;x26;#;x25;cve:2020-5902&#;x26;#;x25;&#;x26;#;x25; in F5&#;x26;#;39;s BIG-IP with CVSS score 10 is actively exploited.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, July 6th 2020 https://isc.sans.edu/podcastdetail.html?id=7066, (Mon, Jul 6th)
A quick heads-up: we are seeing scans for F5 BIG-IP&#;x26;#;39;s vulnerability %%cve:2020-5902%%.
Wireshark version 3.2.5 was released.
For our readers in the United States, the 4th of July is Independence Day. As the 4th, under normal COVID-free circumstances, is typically celebrated with fireworks events, I thought I&#;x26;#;39;d deviate a bit from information security topics and instead share a bit of code to create your own fireworks using R, a language and environment for statistical computing and graphics. My teams and I use R and Python constantly as part of security data analytics, particularly for data science and machine learning to further our detection practices and better identify anomalies of significance. You can follow along at home using RStudio as your IDE, and the latest version of R, 4.0.2 as this is written. All credit is due specifically to Edward Visel of Uptake, this is entirely his code, just modified ever so slightly for our purposes here. Edward was experimenting on his path to the perfect R-generated firework but I like each of them as variants in and of themselves. In the spirit of the old red, white, and blue, I selected three specific patterns, namely his explosion, particles and gnats, and the final firework. This work uses the tidyverse, sf, and gganimate packages, I pulled in magick to manipulate the resulting GIFs a bit. If you just want the TL;DR version, the results of the effort follows immediately, the code is in-line immediately thereafter. Happy 4th of July for those of you who celebrate it, cheers, stay safe and healthy to all!
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, July 2nd 2020 https://isc.sans.edu/podcastdetail.html?id=7064, (Thu, Jul 2nd)
After Johannes did his Tech Tuesday presentation last week on setting up Dshield honeypots, I thought I&#;x26;#;39;d walk you through how I setup my honeypots. I like to combine the Dshield honeypot with Didier Stevens&#;x26;#;39; tcp-honeypot so I can capture more suspicious traffic. Today, I&#;x26;#;39;ll walk you through my setup using a VM hosted by Digital Ocean, though the steps would work for pretty much any cloud provider.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, July 1st 2020 https://isc.sans.edu/podcastdetail.html?id=7062, (Wed, Jul 1st)