SANS Internet Storm Center, InfoCON: green

Latest articles

If You Want Something Done Right, You Have To Do It Yourself... Malware Too!, (Wed, Jul 8th)

I’m teaching FOR610[1] this week and today is dedicated to malicious web and document files. That’s a good opportunity to share with you a Windows Script that uses a nice obfuscation technique. The attacker's idea is to use a big array containing the second stage payload and interesting strings:

ISC Stormcast For Wednesday, July 8th 2020 https://isc.sans.edu/podcastdetail.html?id=7070, (Wed, Jul 8th)

Happy Birthday DShield: DShield.org was registered 20 years ago., (Tue, Jul 7th)

And all DShield wants for its Birthday is your logs :). See here for details.

F5 BigIP vulnerability exploitation followed by a backdoor implant attempt, (Tue, Jul 7th)

While monitoring SANS Storm Center's honeypots today, I came across the second F5 BIGIP CVE-2020-5902 vulnerability exploitation followed by a backdoor deployment attempt. The first one was seen by Johannes yesterday [1].

ISC Stormcast For Tuesday, July 7th 2020 https://isc.sans.edu/podcastdetail.html?id=7068, (Tue, Jul 7th)

Summary of CVE-2020-5902 F5 BIG-IP RCE Vulnerability Exploits, (Mon, Jul 6th)

Our honeypots have been busy collecting exploit attempts for CVE-2020-5902, the F5 Networks BigIP vulnerability patched last week. Most of the exploits can be considered recognizance. We only saw one working exploit installing a backdoor. Badpackets reported seeing a DDoS bot being installed. 

CVE-2020-5902: F5 BIG-IP RCE Vulnerability, (Mon, Jul 6th)

A remote code execution vulnerability %%cve:2020-5902%% in F5's BIG-IP with CVSS score 10 is actively exploited.

ISC Stormcast For Monday, July 6th 2020 https://isc.sans.edu/podcastdetail.html?id=7066, (Mon, Jul 6th)

CVE-2020-5902 F5 BIG-IP Exploitation Attempt, (Sun, Jul 5th)

A quick heads-up: we are seeing scans for F5 BIG-IP's vulnerability %%cve:2020-5902%%.

Wireshark 3.2.5 Released, (Sun, Jul 5th)

Wireshark version 3.2.5 was released.

Discover, share and read the best on the web

Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters! Get unfiltered news feeds or filter them to your liking.

Get Inoreader
Inoreader - Subscribe to RSS Feeds, Blogs, Podcasts, Twitter searches, Facebook pages, even Email Newsletters!