[SANS ISC] Ransomware Defenses, (Mon, May 17th)

Ransomware attacks continue to be in the headlines everywhere, and are also an almost weekly reoccurring subject in the SANS Newsbites. As useful as many of the reports are that security firms and researchers publish on the subject, they often focus heavily on one particular incident or type of ransomware, and the associated “indicators of […]

Read More

[SANS ISC] “Open” Access to Industrial Systems Interface is Also Far From Zero, (Fri, May 14th)

Jan’s last diary about the recent attack against the US pipeline[1] was in perfect timing with the quick research I was preparing for a few weeks. If core components of industrial systems are less exposed in the wild, as said Jan, there is another issue with such infrastructures: remote access tools. Today, buildings, factories, farms must […]

Read More

[SANS ISC] Number of industrial control systems on the internet is lower then in 2020…but still far from zero, (Wed, May 12th)

With the recent ransomware attack that impacted operation of one of the major US pipelines[1], I thought it might be a good time to revisit the old topic of internet-connected industrial systems. Since operational technologies are generally used to support/control processes that directly impact the physical world, the danger of successful attacks on them should […]

Read More

[SANS ISC] Microsoft May 2021 Patch Tuesday, (Tue, May 11th)

This month we got patches for 55 vulnerabilities. Of these, 4 are critical, 3 were previously disclosed and none is being exploited according to Microsoft. One of the critical vulnerabilities which requires special attention this month is a remote code execution (RCE) on HTTP Protocol Stack (CVE-2021-31166). An unauthenticated attacker could send a specially crafted […]

Read More

[SANS ISC] Correctly Validating IP Addresses: Why encoding matters for input validation., (Mon, May 10th)

Recently, a number of libraries suffered from a very similar security flaw: IP addresses expressed in octal were not correctly interpreted. The result was that an attacker was able to bypass input validation rules that restricted IP addresses to specific subnets.  The vulnerability was documented in (this list is unlikely to be complete): Node.js netmask […]

Read More