Collaborate Disseminate
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, September 30th, 2025 https://isc.sans.edu/podcastdetail/9634, (Tue, Sep 30th)
It is typical for Apple to release a “.0.1” update soon after releasing a major new operating system. These updates typically fix various functional issues, but this time, they also fix a security vulnerability. The security vulnerability not only affects the “26” releases of iOS and macOS, but also older versions. Apple released fixes for iOS 18 and 26, as well as for macOS back to Sonoma (14). Apple also released updates for WatchOS and tvOS, but these updates do not address any security issues. For visionOS, updates were only released for visionOS 26.
Continue reading Apple Patches Single Vulnerability CVE-2025-43400, (Mon, Sep 29th)
We are all aware of the abysmal state of security appliances, no matter their price tag. Ever so often, we see an increase in attacks against some of these vulnerabilities, trying to mop up systems missed in earlier exploit waves. Currently, on source in particular, %%ip:141.98.82.26%% is looking to exploit systems vulnerable to CVE-2024-3400. The exploit is rather straightforward. Palo Alto never considered it necessary to validate the session id. Instead, they use the session ID “as is” to create a session file. The exploit is well explained by watchTowr [1].
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, September 29th, 2025 https://isc.sans.edu/podcastdetail/9632, (Mon, Sep 29th)
In SANS FOR577&#;x26;#;x5b;1&#;x26;#;x5d;, we talk about timelines on day 5, both filesystem and super-timelines. but sometimes, I want something quick and dirty and rather than fire up plaso, just to create a timeline of .bash&#;x26;#;x5f;history data, it is nice to just be able to parse them and, if timestamps are enabled, see them in a human-readable form. I&#;x26;#;39;ve had some students in class write scripts to do this and even had one promise to share it with me after class, but I never ended up getting it so I decided to write my own. This script takes the path to 1 or more .bash&#;x26;#;x5f;history files and returns a PSV (pipe separated values) list (on stdout) in the form: || where the is in ISO-8601 format (the one true date time format, but only to 1 sec resolution since that his the best that the .bash&#;x26;#;x5f;history file will give us). In a future version I will probably offer an option to change from PSV to CSV.
Continue reading New tool: convert-ts-bash-history.py, (Fri, Sep 26th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, September 26th, 2025 https://isc.sans.edu/podcastdetail/9630, (Fri, Sep 26th)
Ever so often, I see requests for files in .well-known recorded by our honeypots. As an example:
Continue reading Webshells Hiding in .well-known Places, (Thu, Sep 25th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, September 25th, 2025 https://isc.sans.edu/podcastdetail/9628, (Thu, Sep 25th)
I notice a new URL showing up in our web honeypot logs, which looked a bit interesting:
Continue reading Exploit Attempts Against Older Hikvision Camera Vulnerability, (Wed, Sep 24th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, September 24th, 2025 https://isc.sans.edu/podcastdetail/9626, (Wed, Sep 24th)