"There is an Incorrect Authorization vulnerability in Micro Focus Service Management Automation (SMA) product affecting version 2018.05 to 2020.02. The vulnerability could be exploited to provide unauthorized access to the Container Deployment Foundation."
"Pi-hole Web v4.3.2 (aka AdminLTE) allows Remote Code Execution by privileged dashboard users via a crafted DHCP static lease."
"IBM Security Identity Governance and Intelligence 5.2.6 could allow an unauthorized user to obtain sensitive information through user enumeration."
"A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 may allow remote attackers to execute arbitrary code on affected installations. Authentication is required to exploit this vulnerability."
"Improper Access Control in the Kiosk Mode functionality of Bosch Recording Station allows a local unauthenticated attacker to escape from the Kiosk Mode and access the underlying operating system."
Check Point researchers believe they have identified the individual behind the VandaTheGod hacktivist campaigns
With the new misp-opendata software, MISP datasets can be automatically extracted and published on @EU_opendata @OpenDataLU portals automatically. #threatintel #opendata
https://github.com/MISP/misp-opendata … This work is part of the @VARIoT_project and co-funded by @inea_eu #CEFtelecom #PODpic.twitter.com/qF3gcwupOO
DFIR Training Materials by @circl_lu : Edition May 2020 computer forensic training are published. "Post-mortem Digital Forensics", "File System Forensics and Data Recovery" and "Windows-, Memory- and File Forensics".
https://www.circl.lu/services/forensic-training-materials/ … #DFIR #Forensicpic.twitter.com/y3707L3aX2
AZORult payload URL:
#RagnarLocker deploying an old VirtualBox and a Windows XP image (totalling more than 400 MB), then mounting the drives to encrypt the files on the host from the VM. This is *really* dirty... and pretty smart when you think about AV evasion.
Are you collecting 4624 events from your endpoints? Look for unexpected type 10 (Remote Interactive, i.e. RDP or terminal services) logins. And look for unexplained 4720 (account created) too.
QUIC & The Dead: Which of the Most Common IDS/IPS Tools Can Best Identify QUIC Traffic?
https://www.sans.org/reading-room/whitepapers/detection/quic-dead-common-ids-ips-tools-identify-quic-traffic-39590 … [PDF]pic.twitter.com/PoeeXKL4tA
Added most of the @Secureworks threat actor names as synonyms to the @MISPProject galaxy today.
Thanks to Nils @0x3c7 and @Secureworks for the contribution. MISP threat-actor galaxy is updated, published on the website, available in core MISP and all tools using the MISP project galaxies.
"An exploitable authentication bypass vulnerability exists in the ESPON Web Control functionality of Epson EB-1470Ui MAIN: 98009273ESWWV107 MAIN2: 8X7325WWV303"