SANS ISC Archives - Help Net Security

SANS ISC

Attackers are probing Citrix controllers and gateways through recently patched flaws

July 10, 2020

Earlier this week, Citrix released security updates for Citrix Application Delivery Controller (ADC), Citrix Gateway, and the Citrix SD-WAN WANOP appliance, and urged admins …

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

July 8, 2020

Attackers are bypassing a mitigation for the BIG-IP TMUI RCE vulnerability (CVE-2020-5902) originally provided by F5 Networks, NCC Group’s Research and Intelligence …

Better cybersecurity hinges on understanding actual risks and addressing the right problems

July 7, 2020

SANS Technology Institute’s Internet Storm Center (ISC) has been a valuable warning service and source of critical cyber threat information to internet users, …

Kwampirs threat actor continues to breach transnational healthcare orgs

March 31, 2020

The Kwampirs (aka Orangeworm) attack group continues to target global healthcare entities in this time of crisis, the FBI has warned. “Targeted entities range from major …

First patches for the Citrix ADC, Gateway RCE flaw released

January 21, 2020

As attackers continue to hit vulnerable Citrix (formerly Netscaler) ADC and Gateway installations, Citrix has released permanent fixes for some versions and has promised to …

January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSA

January 14, 2020

As forecasted, January 2020 Patch Tuesday releases by Microsoft and Adobe are pretty light: the “star of the show” is CVE-2020-0601, a Windows flaw flagged by the …

Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing

January 13, 2020

With several exploits targeting CVE-2019-19781 having been released over the weekend and the number of vulnerable endpoints still being over 25,000, attackers are having a …

Critical Exim flaw exploitable locally and remotely, patch ASAP!

June 7, 2019

A critical vulnerability in Exim, the mail transfer agent (MTA) deployed on over half of all Internet-facing mail servers, may allow attackers to run commands as the …

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

November 21, 2018

Adobe has released a Flash Player update that plugs a critical vulnerability (CVE-2018-15981) that could lead to remote code execution, and is urging users to implement it as …

Apache Struts 2.3.x vulnerable to two year old RCE flaw

November 6, 2018

The Apache Software Foundation is urging users that run Apache Struts 2.3.x to update the Commons FileUpload library to close a serious vulnerability that could be exploited …

Access misconfiguration opens 3D printers to remote attacks

September 5, 2018

Spurred by a report coming from a regular reader, SANS ISC handlers Richard Porter and Xavier Mertens searched for OctoPrint interfaces for 3D printers exposed online and …

New Drupal RCE vulnerability under active exploitation, patch ASAP!

April 26, 2018

Yet another Drupal remote code execution vulnerability has been patched by the Drupal security team, who urge users to implement the offered updates immediately as the flaw is …

SANS ISC

Attackers are probing Citrix controllers and gateways through recently patched flaws

Attackers are bypassing F5 BIG-IP RCE mitigation – you might want to patch after all

Better cybersecurity hinges on understanding actual risks and addressing the right problems

Kwampirs threat actor continues to breach transnational healthcare orgs

First patches for the Citrix ADC, Gateway RCE flaw released

January 2020 Patch Tuesday: Microsoft nukes Windows crypto flaw flagged by the NSA

Exploits for Citrix ADC and Gateway flaw abound, attacks are ongoing

Critical Exim flaw exploitable locally and remotely, patch ASAP!

Adobe plugs critical RCE Flash Player flaw, update ASAP! Exploitation may be imminent

Apache Struts 2.3.x vulnerable to two year old RCE flaw

Access misconfiguration opens 3D printers to remote attacks

New Drupal RCE vulnerability under active exploitation, patch ASAP!

Don't miss

CISA orders federal agencies to implement Zerologon fix by Monday

5 simple steps to bring cyber threat intelligence sharing to your organization

Phish Scale: New method helps organizations better train their employees to avoid phishing

Whitepaper: Mobile banking regulations, threats and fraud prevention

Justifying your 2021 cybersecurity budget