-
Alerts in Three Minutes
Spend three minutes examining Alerts in Security Onion.
-
Random Login Failures
A brief look at a very small sampling of failed logins. I’ve used green to highlight IP addresses known to be “OK” – Starlink out of Denver where my own connection terminates. Others are highlighted in dark pink and represent attacks with certainty. The orange highlighter is for other “items of interest”. Namely the use…
-
Apple “Point Releases”
Apple has released significant “point releases” for all its operating systems. Along with new features, we also receive patches for 29 different vulnerabilities. There is a ZERO DAY exploit observed in the wild against the Apple Webkit. These most recent updates are absolutely essential to maintain the security of your devices. How do I update…
-
Backup Migration Plugin for WordPress
Analysis of network traffic for the period alerted on a generic rule: “ET EXPLOIT file_put_contents php base64 encoded Remote Code Execution 2.” The specific URL requested: http://[redacted].com/wp-content/plugins/backup-backup/includes/backup-heart.php1. The payload is fragmented across six frames and reassembled in hopes of avoiding automated forms of analysis. The vulnerability allows unauthenticated attackers to execute remote code via the…
-
Gitlab Critical Zero-Day
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction. The most critical security issue GitLab patched has the maximum severity score (10 out of 10) and is being tracked as CVE-2023-7028. Successful exploitation does not require any interaction.…
-
QR Codes and qrDecoder
Quick Response (QR) codes are two-dimensional barcodes that can store a variety of data, such as alphanumeric text, URLs, or other binary data. They were initially created by Denso Wave, a subsidiary of Toyota, in 1994 for tracking automotive parts during manufacturing. QR codes have gained widespread popularity due to their ability to store large…
-
Serial to Parallel Updates
If you’re an old BASH head like I am, you’ve probably leaned on a FOR loop countless times. It’s become natural enough over the years to just whip one up on the command line, and I use it in scripting every day. Dear Bash FOR loop, You have indeed been trusty and true for many…
-
OAUTH Scans Rising
I’ve been monitoring a rise in OAUTH vulnerability scans. Here’s one that hit one of my sensors in Israel between 2023-12-26 16:51:52 and 2023-12-26 16:53:01. Sensor: Israel Source IP: 85.206.173.215 The URL /openam/oauth2/..;/ccversion/Version is associated with a pre-auth remote code execution (RCE) vulnerability in ForgeRock identity and access management software 1. This vulnerability, identified as…
-
Closing out 2023
2023 was an absolute rollercoaster for me on so many levels.I’m not too humble to pat myself on the back because I’m extremely proud of overcoming _every_ obstacle that presented itself as a roadblock on this journey. You can do this too! In the course of the year, I’ve completed six new certifications. Let’s forge…
-
SEC Cyber 8-K Rules Now Effective
The U.S. Securities and Exchange Commission’s (“SEC”) new Form 8-K rules for reporting material cybersecurity incidents took effect on December 18, for filers other than smaller reporting companies. Publicly owned companies operating in the U.S. must comply with a new set of rules requiring them to disclose “material” cyber incidents within 96 hours.Why should the…
-
Terrapin Attack – What You Should Know
Named Terrapin, the new attack works when an attacker obtains an active adversary-in-the-middle position between a ssh client and server. The exploit allows the attacker to assume the identity of both parties, allowing interception and alteration of communications. There are a host of resources available on the Internet for a “deeper dive” into this issue.…
-
Think about building a “Go Bag”.
When the phone rings it’s important to have anticipated anything you may need and have it on hand – especially if you’re walking into an airgap. Here are a few I recently obtained that are performing exceptionally well for me. It’s also a good idea to have more than one, based on functional need. I…
-
Uptick in Scams, Because “Holidays”
As a security practitioner, I receive perhaps more than my fair share of nefarious email. With “Black Friday” and the impending consumer rush I’ve seen an uptick in the behavior. YOU WILL LIKELY SEE A SUBSTANTIAL INCREASE BETWEEN NOW AND JANUARY 5, 2024. Here we have a pair of fairly classic “scam” emails. Both include…