Tag: fans

security

SANS Stormcast Tuesday, March 24th, 2026: Tax Scam to EDR Kill; Netscaler Patches; gRPC-Go Authz Bypass;

From W-2 to BYOVD: How a Tax Search Leads to Kernel-Mode AV/EDR Kill https://www.huntress.com/blog/w2-malvertising-to-kernel-mode-edr-kill NetScaler ADC and NetScaler Gateway Security Bulletin for CVE-2026-3055 and CVE-2026-4368 https://support.citrix.com/support-home/kbsearch/article?articleNumber=CTX696300 gRPC-Go Authorization bypass via missing leading slash in :path CVE-2026-33186 https://github.com/grpc/grpc-go/security/advisories/GHSA-p77j-4mvh-x3m3

Mehr lesen →
security

SANS Stormcast Monday, March 23rd, 2026: GSocket Backdoor in Bash; Oracle Security Alert; Rockwell Attacks

GSocket Backdoor Delivered Through Bash Script https://isc.sans.edu/diary/GSocket+Backdoor+Delivered+Through+Bash+Script/32816/#comments Oracle Security Alert CVE-2026-Adresse geschuetzt https://blogs.oracle.com/security/alert-cve-2026-21992 Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet and Harden PLCs to Protect from Cyber Threats https://www.rockwellautomation.com/en-us/trust-center/security-advisories/advisory.SD1771.html

Mehr lesen →
security

SANS Stormcast Friday, March 20th, 2026: Cowrie Strings; MSFT Intune Hardening; Unifi Network Update;

Interesting Cowrie Strings https://isc.sans.edu/diary/Interesting+Message+Stored+in+Cowrie+Logs/32810 Microsoft Intune Hardening Advice https://techcommunity.microsoft.com/blog/intunecustomersuccess/best-practices-for-securing-microsoft-intune/4502117 https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization Unifi Network Update https://community.ui.com/releases/Security-Advisory-Bulletin-062-062/c29719c0-405e-4d4a-8f26-e343e99f931b

Mehr lesen →
security

SANS Stormcast Thursday, March 19th, 2026: Adminer Scans; Apple WebKit Patch; another telnetd vuln; screenconnect vuln

Scans for „adminer“ https://isc.sans.edu/diary/Scans%20for%20%22adminer%22/32808 Background Security Improvement for WebKit https://support.apple.com/en-us/126604 Remote Pre-Auth Buffer Overflow in GNU Inetutils telnetd (LINEMODE SLC) https://lists.gnu.org/archive/html/bug-inetutils/2026-03/msg00031.html ScreenConnect 26.1 Security Hardening https://www.connectwise.com/company/trust/security-bulletins/2026-03-17-screenconnect-bulletin

Mehr lesen →
security

SANS Stormcast Tuesday, March 17th, 2026: Proxy URLs; Local Network Address Restrictions; Advanced Phishing

/proxy/ URL scans with IP addresses https://isc.sans.edu/forums/diary/proxy+URL+scans+with+IP+addresses/32800/ Local Network Address Restrictions https://learn.microsoft.com/en-us/deployedge/ms-edge-local-network-access#how-to-mitigate-impact-for-cross-origin-iframes https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel European Security Vendor Targeted by Hackers Fronting as Cisco Domain https://specopssoft.com/blog/phishing-campaign-cisco/

Mehr lesen →
security

SANS Stormcast Monday, March 16th, 2026: SmartApeSG and Remcos RAT; React Based Phishing; Google Chrome Patches; AdGaurd Vuln

SmartApeSG campaign uses ClickFix page to push Remcos RAT https://isc.sans.edu/diary/SmartApeSG%20campaign%20uses%20ClickFix%20page%20to%20push%20Remcos%20RAT/32796 A React-based phishing page with credential exfiltration via EmailJS https://isc.sans.edu/diary/32794 Google Chrome announced two zero-day fixes, then removed one. https://chromereleases.googleblog.com/2026/03/stable-channel-update-for-desktop_12.html AdGuard Vulnerability https://github.com/AdguardTeam/AdGuardHome/releases/tag/v0.107.73

Mehr lesen →
security

SANS Stormcast Thursday, March 12th, 2026: Zombie Zip;

Analyzing „Zombie Zip“ Files (CVE-2026-0866) https://isc.sans.edu/diary/Analyzing%20%22Zombie%20Zip%22%20Files%20%28CVE-2026-0866%29/32786 How „Strengthening Crypto“ Broke Authentication: FreshRSS and bcrypt’s 72-Byte Limit https://pentesterlab.com/blog/freshrss-bcrypt-truncation-auth-bypass

Mehr lesen →