A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at how quickly do we – as a global society – patch actively-exploited vulnerabilities when it comes to our internet-facing systems…

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at an actively exploited open redirect vulnerability in Google Travel service that enables threat actors to craft links pointing to www.google.com which cause redirection to an arbitrary URL…

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of security advisories published by national and governmental CSIRTs in connection with the backdoor in xz-utils…

An open redirect vulnerability exists in the remains of Google Web Light service, which is being actively exploited in multiple phishing campaigns. Google decided not to fix it, so it might be advisable to block access to the Web Light domain in corporate environments...

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a surprisingly high number of old network devices in Kazakhstan, which still support SSL version 2.0…

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at a new function of my TriOp tool and its use for passive identification of systems affected by vulnerabilities listed in the CISA KEV Catalog…

I’ve published version 1.5 of TriOp today. Besides the addition of several CVEs into the internal list of vulnerabilities, a new feature was also introduced, which enables automatic generation of Shodan queries for the current list of vulnerabilities from the CISA Known Exploited Vulnerabilities (KEV) Catalog...

67th meeting of the TF-CSIRT community took place this week and I've had a chance to contribute to it with two presentations - one discussing the speed with which we apply patches (from a global standpoint), and another one, in which we looked at a basic approach to threat modeling using MITRE ATT&CK. If you would like to take a look at the slides, they are now available for download...

A new Diary of mine was published today on the SANS Internet Storm Center website. In this one, we’ll take a look at the number of internet-exposed systems that are still vulnerable to the EternalBlue exploit…

Few weeks ago, I attended the 2022 TF-CSIRT Meeting & FIRST Regional Symposium Europe and gave a lighting talk there discussing couple of interesting trends seen in Log4shell exploitation attempts and the possibility to create a simple generic defense agains similar attacks in the future. Recordings of all the talks are now available on YouTube...