Daily NCSC-FI news followup 2020-08-23

Remote Desktop (TCP/3389) and Telnet (TCP/23), What might they have in Common?

isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/ I’m glad you asked. I’m always interested in trends and reviewing the activity capture by my honeypot over this past week, it shows that no matter what port the RDP service is listening on, a specific RDP string (Cookie: mstshash=) might be sent to any ports to find out if it is listing for this service.

2020 CWE Top 25 Most Dangerous Software Weaknesses

cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html The 2020 Common Weakness Enumeration (CWE) Top 25 Most Dangerous Software Weaknesses (CWE Top 25) is a demonstrative list of the most common and impactful issues experienced over the previous two calendar years. These weaknesses are dangerous because they are often easy to find, exploit, and can allow adversaries to completely take over a system, steal data, or prevent an application from working.

Emotet Malware Over the Years: The History of an Active Cyber-Threat

heimdalsecurity.com/blog/emotet-malware-history/ Malware strains come and go while Internet users become more and more accustomed to online threats being dealt with swiftly by the competent authorities. But what happens when a Trojan constantly eludes everyones best efforts to stop it in its tracks?. In this article, I will go over the complex history of one of the longest-running cybercrime operations in recent history, Emotet. Keep reading to find out what it is, how it operates, and what it uses to take control of an entire network.

Why you should always scan UDP ports (part 2/2)

medium.com/bugbountywriteup/why-you-should-always-scan-udp-part-2-2-42050fb136d8 We finished part 1 having gained unprivileged access to a host in a new network. Afterwards, we wanted to gain privileges to continue. This is how we did it.. Part 1:

medium.com/bugbountywriteup/why-you-should-always-scan-udp-ports-part-1-2-d8ee7eb26727. In this story well see how we exploited snmp vulnerabilities, used a Jenkins console to call a reverse shell, bypassed firewall rules, worked around AppArmor and exploited bash injections to escalate privileges, amongst other things.

You might be interested in …

Daily NCSC-FI news followup 2020-04-14

Koronan ja 5g:n yhdistävä salaliittoteoria leviää nyt tukiasemat palavat Hollannissa www.is.fi/digitoday/mobiili/art-2000006474027.html Tuhopoltoiksi epäillyt tukiasemapalot levisivät Britanniasta Hollantiin. Hackers Targeting Critical Healthcare Facilities With Ransomware During Coronavirus Pandemic thehackernews.com/2020/04/ransomware-hospitals-coronavirus.html As hospitals around the world are struggling to respond to the coronavirus crisis, cybercriminalswith no conscience and empathyare continuously targeting healthcare organizations, research facilities, and other governmental […]

Read More

Daily NCSC-FI news followup 2020-02-28

RSAC 2020: Ransomware a National Crisis, CISA Says, Ramps ICS Focus threatpost.com/ransomware-national-crisis-cisa-ics/153322/ Industrial control systems (ICS) and critical infrastructure will be a main focus for the Department of Homeland Securitys Cybersecurity and Infrastructure Security Agency (CISA) this year especially as ransomware looms as a main threat to the sector going forward.. Thats according to Christopher […]

Read More

Daily NCSC-FI news followup 2019-09-18

Tortoiseshell Group Targets IT Providers in Saudi Arabia in Probable Supply Chain Attacks www.symantec.com/blogs/threat-intelligence/tortoiseshell-apt-supply-chain A previously undocumented attack group is using both custom and off-the-shelf malware to target IT providers in Saudi Arabia in what appear to be supply chain attacks with the end goal of compromising the IT providers customers.. The group, which we […]

Read More

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.