Collaborate Disseminate
A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:
Continue reading API Rug Pull – The NIST NVD Database and API (Part 4 of 3), (Wed, Apr 24th)
Like many similar frameworks and languages, Struts 2 has a “developer mode” (devmode) offering additional features to aid debugging. Error messages will be more verbose, and the devmode includes an OGNL console. OGNL, the Object-Graph Navigation Language, can interact with Java, but in the end, executing OGNL results in arbitrary code execution. This OGNL console resembles a “web shell” built into devmode.
Continue reading Struts “devmode”: Still a problem ten years later?, (Tue, Apr 23rd)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, April 23rd, 2024 https://isc.sans.edu/podcastdetail/8950, (Tue, Apr 23rd)
It has been nearly three years since we last looked at the number of industrial devices (or, rather, devices that communicate with common OT protocols, such as Modbus/TCP, BACnet, etc.) that are accessible from the internet[1]. Back in May of 2021, I wrote a slightly optimistic diary mentioning that there were probably somewhere between 74.2 thousand (according to Censys) and 80.8 thousand (according to Shodan) such systems, and that based on long-term data from Shodan, it appeared as though there was a downward trend in the number of these systems.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, April 22nd, 2024 https://isc.sans.edu/podcastdetail/8948, (Mon, Apr 22nd)
The downloadable format of CVE&#;x26;#;39;s from Miter will be changing in June 2024, so if you are using CVE downloads to populate your scanner, SIEM or to feed a SOC process, now would be a good time to look at that. If you are a vendor and use these downloads to populate your own feeds or product database, if you&#;x26;#;39;re not using the new format already you might be behind the eight ball!
Continue reading The CVE’s They are A-Changing!, (Wed, Apr 17th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, April 19th, 2024 https://isc.sans.edu/podcastdetail/8946, (Fri, Apr 19th)
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, April 18th, 2024 https://isc.sans.edu/podcastdetail/8944, (Thu, Apr 18th)
The NVD (National Vulnerability Database) announcement page (https://nvd.nist.gov/general/news/nvd-program-transition-announcement) indicates a growing backlog of vulnerabilities that are causing delays in their process.
Continue reading A Vuln is a Vuln, unless the CVE for it is after Feb 12, 2024, (Wed, Apr 17th)
Billions of PDF files are exchanged daily and many people trust them because they think the file is “read-only” and contains just “a bunch of data”. In the past, badly crafted PDF files could trigger nasty vulnerabilities in PDF viewers. All of them were affected at least once, especially Acrobat or FoxIt readers. A PDF file can also be pretty “dynamic” and embed JavaScript scripts, auto-open action to trigger the execution of a script (for example PowerShell on Windows, etc), or any other type of embedded data.
Continue reading Malicious PDF File Used As Delivery Mechanism, (Wed, Apr 17th)