ISC Stormcast For Monday, April 14th, 2025 https://isc.sans.edu/podcastdetail/9406, (Mon, Apr 14th) 该页面展示了网络日志信息，包括值班人员Didier Stevens、绿色威胁级别、应用安全课程安排（5月5日至10日于圣地亚哥）及播客链接等资源。... 2025-4-14 02:0:2 | 阅读: 4 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 10th isc 5th papers feeds

Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248), (Sat, Apr 12th) Langflow 1.3.0版本发布后不久被发现存在重大安全漏洞，允许未经认证的远程代码执行。攻击者通过特定API端点获取系统敏感信息。该漏洞被公开披露后迅速被利用，攻击请求主要来自TOR节点。... 2025-4-13 00:21:28 | 阅读: 84 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu langflow horizon3 passwd python 617

ISC Stormcast For Friday, April 11th, 2025 https://isc.sans.edu/podcastdetail/9404, (Fri, Apr 11th) 该页面为SANS互联网风暴中心主页，显示值班人员Guy Bruneau及绿色威胁级别。提供安全培训课程信息、播客链接及互动功能，并展示数据统计工具与资源导航栏。... 2025-4-11 09:48:22 | 阅读: 4 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu papers 13th security feeds

ISC Stormcast For Thursday, April 10th, 2025 https://isc.sans.edu/podcastdetail/9402, (Thu, Apr 10th) 该页面为安全资源网站，提供课程信息、工具链接及数据服务等内容。... 2025-4-10 02:0:3 | 阅读: 6 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu security papers 13th feeds

Network Infraxploit [Guest Diary], (Wed, Apr 9th) 文章讨论了Cisco Smart Install功能中的远程代码执行漏洞CVE-2018-0171及其滥用风险。该功能默认启用且无需认证，攻击者可利用此漏洞窃取设备配置并提取敏感信息如加密密码。文章通过实验展示了攻击过程，并指出尽管该漏洞已存在多年仍被广泛利用，强调需加强网络设备安全防护以应对威胁。... 2025-4-10 00:38:56 | 阅读: 12 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu tftp network passwords 3750 siet

ISC Stormcast For Wednesday, April 9th, 2025 https://isc.sans.edu/podcastdetail/9400, (Wed, Apr 9th) ISC Stormcast报道网络威胁情报与安全动态，值班专家Xavier Mertens更新威胁级别为绿色（低风险），并预告下一届应用安全课程将于奥兰多举办。... 2025-4-9 10:11:12 | 阅读: 6 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu security feeds isc papers

Obfuscated Malicious Python Scripts with PyArmor, (Wed, Apr 9th) 代码混淆对开发者很重要，用于保护版权和防止逆向分析。PyArmor是一个流行的Python混淆工具。文章分析了一个恶意Python脚本的执行过程和行为，并使用Frida提取内存数据。最终发现该脚本是一个窃取工具。... 2025-4-9 06:30:5 | 阅读: 18 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu python pyarmor marshal python3 extractpath

Microsoft April 2025 Patch Tuesday, (Tue, Apr 8th) 微软本月发布补丁修复125个漏洞，其中11个为关键漏洞。零日漏洞CVE-2025-29824已被利用，允许攻击者提升权限至SYSTEM级别。其他关键漏洞包括LDAP和远程桌面服务相关问题，均存在远程代码执行风险。建议用户及时更新以增强安全性。... 2025-4-8 18:40:41 | 阅读: 52 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu remote exploited windows attacker security

ISC Stormcast For Tuesday, April 8th, 2025 https://isc.sans.edu/podcastdetail/9398, (Tue, Apr 8th) ISC Stormcast 播客讨论网络威胁与安全趋势，值班处理员 Didier Stevens 提供分析与建议。... 2025-4-8 02:40:16 | 阅读: 5 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 13th feeds security papers

XORsearch: Searching With Regexes, (Mon, Apr 7th) 文章介绍了如何利用XORsearch工具结合正则表达式进行文件分析。通过提取所有可能的字符串并使用grep的正则表达式过滤结果，可以找到特定模式（如IPv4地址）。示例展示了如何逐步获取更多信息，并提到未来将发布Python版本的XORsearch以支持YARA规则分析。... 2025-4-7 12:34:56 | 阅读: 8 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu xorsearch beacon didier stevens xavier

ISC Stormcast For Monday, April 7th, 2025 https://isc.sans.edu/podcastdetail/9396, (Mon, Apr 7th) ISC Stormcast播客于2025年4月7日发布，值班处理员为Johannes Ullrich，当前威胁级别为绿色。页面还包含应用安全课程信息、相关链接及工具介绍等内容。... 2025-4-7 01:20:47 | 阅读: 5 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu security feeds papers 18th

New SSH Username Report, (Sun, Apr 6th) 作者研究了SSH和Telnet凭证，使用Cowrie工具收集数据，并创建了用户名汇总报告。分析发现了一些有趣的用户名，如可能的拼写错误或特定职位相关名称。作者还在准备密码列表，并指出攻击者也会犯错。... 2025-4-6 19:52:7 | 阅读: 12 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu username ssh suspect honeypot passwords

ISC Stormcast For Friday, April 4th, 2025 https://isc.sans.edu/podcastdetail/9394, (Fri, Apr 4th) 文章描述了网络威胁监控平台的实时状态及功能模块，包括值班人员信息、威胁等级更新、播客链接及安全课程安排等内容。... 2025-4-4 02:0:3 | 阅读: 17 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu feeds 18th 13th security

ISC Stormcast For Thursday, April 3rd, 2025 https://isc.sans.edu/podcastdetail/9392, (Thu, Apr 3rd) ISC Stormcast 播客于2025年4月3日发布，值班处理员为Guy Bruneau，当前威胁级别为绿色。页面包含播客详情、课程安排（奥兰多Application Security课程时间为4月13日至18日）及多种信息安全资源链接。... 2025-4-3 02:0:2 | 阅读: 29 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 18th security isc papers 13th

Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive [Guest Diary], (Wed, Apr 2nd) Gregory Weber, an ISC intern, monitored DShield sensors as part of his BACS internship. He analyzed web server attacks, particularly rapid-fire URL submissions targeting WordPress servers. He experimented with frequency analysis to classify URLs as legitimate or intrusive, using dictionaries of words and phrases. The model showed promise but had limitations, especially with incomplete data.... 2025-4-3 00:51:32 | 阅读: 7 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu intrusive legit php phrases

Surge in Scans for Juniper "t128" Default User, (Wed, Apr 2nd) 上周发现针对Juniper设备默认账户"t128"的扫描激增,该账户及其密码为知名默认配置,源于Juniper收购的128 Technologies公司产品.扫描活动来自约3000个IP,多为SSH扫描,疑似Mirai类僵尸网络.建议检查并更改默认密码,因部分用户报告修改过程复杂或无效.... 2025-4-2 14:19:35 | 阅读: 2 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu username t128 passwords juniper ssr

ISC Stormcast For Wednesday, April 2nd, 2025 https://isc.sans.edu/podcastdetail/9390, (Wed, Apr 2nd) ISC Stormcast播客由Johannes Ullrich主持，讨论网络安全威胁与防护策略，并提供实时威胁情报与技术分析。... 2025-4-2 02:0:2 | 阅读: 13 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 18th feeds papers 13th security

ISC Stormcast For Tuesday, April 1st, 2025 https://isc.sans.edu/podcastdetail/9388, (Tue, Apr 1st) ISC Stormcast播客最新一期于2025年4月1日发布，主持人Johannes Ullrich介绍了当前网络安全威胁情况及防护建议，并提供了相关工具与资源链接供参考。... 2025-4-1 02:0:2 | 阅读: 7 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu 18th 13th feeds papers

Apple Patches Everything: March 31st 2025 Edition, (Mon, Mar 31st) 苹果发布多款产品更新，修复145个漏洞并包含针对已知安全问题的补丁。... 2025-3-31 23:46:37 | 阅读: 244 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu affects malicious maliciously termination memory

Apache Camel Exploit Attempt by Vulnerability Scan (CVE-2025-27636, CVE-2025-29891), (Mon, Mar 31st) Apache修复了两个可能导致远程代码执行的漏洞（CVE-2025-27636 和 CVE-2025-29891），默认配置下不会触发。问题在于HTTP头不区分大小写导致过滤器失效。目前攻击尝试来自授权扫描器，尚未被实际利用。示例请求显示利用方式。这些迹象表明攻击可能是内部测试而非外部攻击。... 2025-3-31 12:20:30 | 阅读: 37 | 收藏 | SANS Internet Storm Center, InfoCON: green - isc.sans.edu attacker camel trivial victim