Author Archives: SANS Internet Storm Center, InfoCON: green

On March 6th, Searchlight Cyber published a blog revealing details about a new deserialization vulnerability in Sitecore &#;x26;#;x5b;1&#;x26;#;x5d;. Sitecore calls itself a “Digital Experience Platform (CXP),” which is a fancy content management system&#;x26;#;xc2;&#;x26;#;xa0;(CMS). Sitecore itself is written in .Net and is often sold as part of a solution offered by Sitecore partners. Like other CMSs, it makes it easy to manage a website&#;x26;#;39;s content. It offers several attractive features to marketing professionals seeking more insight into user patterns.

Continue reading Sitecore “thumbnailsaccesstoken” Deserialization Scans (and some new reports) CVE-2025-27218, (Thu, Mar 27th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Thursday, March 27th, 2025 https://isc.sans.edu/podcastdetail/9382, (Thu, Mar 27th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Wednesday, March 26th, 2025 https://isc.sans.edu/podcastdetail/9380, (Wed, Mar 26th)→

[This is a Guest Diary by Wee Ki Joon, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].]

Continue reading [Guest Diary] Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest, (Wed, Mar 26th)→

Creating a secure Wiki is hard. The purpose of a wiki is to allow “random” users to edit web pages. A good Wiki provides users with great flexibility, but with great flexibility comes an even “greater” attack surface. File uploads and markup (or markdown) are all well-known security issues affecting various Wikis in the past.

Continue reading X-Wiki Search Vulnerability exploit attempts (CVE-2024-3721), (Tue, Mar 25th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Tuesday, March 25th, 2025 https://isc.sans.edu/podcastdetail/9378, (Tue, Mar 25th)→

Staring long enough at honeypot logs, I am sure you will come across one or the other “oddity.” Something that at first does not make any sense, but then, in some way, does make sense. After looking at the Next.js issue yesterday, I looked through our logs for other odd headers I may spot. I came across a header that is somewhat normal, but not usually used by bot:

Continue reading Privacy Aware Bots, (Mon, Mar 24th)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Monday, March 24th, 2025 https://isc.sans.edu/podcastdetail/9376, (Mon, Mar 24th)→

Walking my dog earlier, I came across the sign on the right. Having just looked at yet another middleware/HTTP header issue (the Next.js problem that became public this weekend) [;1];, I figured I should write something about HTTP headers. We all know HTTP headers. But it appears some do not know them well enough. Just like this sign, proxies and other middleboxes hardly ever stop unsafe behaviors.Â; ;

Continue reading Let’s Talk About HTTP Headers., (Sun, Mar 23rd)→

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Continue reading ISC Stormcast For Friday, March 21st, 2025 https://isc.sans.edu/podcastdetail/9374, (Fri, Mar 21st)→