Overview The Kiwire Captive Portal, provided by SynchroWeb, is an internet access gateway intended for providing guests internet access where many users will want to connect. Three vulnerabilities were discovered within the...
Read More![[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/10/2025-10-09_figure1-627x219.png?lossy=1&strip=1&webp=1)
[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor’s...
Read MoreToday, I spoted on VirusTotal an interesting Python RAT. They are tons of them but this one attracted my attention based on some function names present in the code: self_modifying_wrapper(), decrypt_and_execute()...
Read MoreFreePBX is a popular PBX system built around the open source VoIP system Asterisk. To manage Asterisk more easily, it provides a capable web-based admin interface. Sadly, like so many web applications, it has had its share of...
Read MoreThis weekend, Oracle published a surprise security bulletin announcing an exploited vulnerability in Oracle E-Business Suite. As part of the announcement, which also included a patch, Oracle published IoC observed as part of the...
Read MoreOverview A remote code execution (RCE) vulnerability, tracked as CVE-2025-10547, was discovered through the EasyVPN and LAN web administration interface of Vigor routers by Draytek. A script in the LAN web administration...
Read More
I have been writing about the “.well-known” directory a few times before. Recently,...
Read MoreThis informational webinar will provide general information regarding the CRDO Broad Agency Announcement (BAA) published on September 24, 2025. It will offer general guidance on preparing White Papers and if invited,...
Read More![[Guest Diary] Comparing Honeypot Passwords with HIBP, (Wed, Oct 1st)](https://b923496.smushcdn.com/923496/wp-content/uploads/2025/09/2025-10-01_figure1-627x303.png?lossy=1&strip=1&webp=1)
[This is a Guest Diary by Draden Barwick, an ISC intern as part of the SANS.edu Bachelor’s...
Read MoreOne of the common infosec jokes is that sometimes, you do not need to “break” an application, but you have to log in. This is often the case for weak default passwords, which are common in IoT devices. However, an...
Read MoreOver the past few months, NIST has been revising and updating Foundational Activities for IoT Product Manufacturers (NIST IR 8259 Revision 1 Initial Public Draft), which describes recommended pre-market and post-market...
Read MoreFISSEA is celebrating 38 years of working together and shaping the future. We have adopted the annual theme of “Collaborative Cybersecurity: Building a Community of Awareness and Action.” Quarterly Forums are designed to provide...
Read More