Archive

BianLian GOs for PowerShell After TeamCity Exploitation

Drew Schmitt
Blog, Cybersecurity, GRIT Blog, Incident Response & Threat Intelligence, News, Threat Advisory

March 8, 2024 Contributors: Justin Timothy, Threat Intelligence Consultant, Gabe Renfro, DFIR Advisory Consultant, Keven Murphy, DFIR Principal Consultant Introduction Ever since Avast released a decr…

Tunnel Vision: CloudflareD AbuseD in the WilD

Nic Finn
Blog, Cybersecurity, GRIT Blog, Incident Response & Threat Intelligence, Network & Infrastructure Security

August 3, 2023 Introduction Across the cybersecurity community, defenders are constantly finding threat actors using novel and innovative techniques to further their exploitation efforts against targe…

GuidePoint Security researcher discovers vulnerability in the integrity of common HMI client-server protocol

Pascal Ackerman
Blog, Cybersecurity, Network & Infrastructure Security, News, Technical, Threat Advisory

December 1, 2022 What if you could no longer trust the critical process values displayed on your HMI screen? Executive Summary When operating an Industrial Control System (ICS), the operator relies on…

vSOC SPOT Report: Runc Docker Vulnerability

GuidePoint Security
News

Overview On February 11, 2019, security researchers Adam Iwaniuk and Borys Popławski responsibly disclosed a vulnerability in Runc, the standard utility for spawning and running containers in Docker,…

vSOC SPOT Report: IE – Scripting Engine Memory Corruption Vulnerability

GuidePoint Security
News

Overview On December 19th, 2018 Microsoft released a zero-day patch for a vulnerability that impacted multiple Internet Explorer versions within all platforms.

vSOC SPOT Report: Vulnerability in CISCO ASA SIP (CVE-2018-15454)

GuidePoint Security
News

Overview This SPOT Report contains information on the latest vulnerability found in the Cisco ASA firewall, Cisco switches, and Cisco routers alongside the coupling ASA virtual appliances and Cisco Fi…

vSOC SPOT Report: JET Engine

GuidePoint Security
News

Overview A zero-day flaw has been released by Trend Micro’s Zero Day Initiative (ZDI) team involving an out-of-bounds write in the Microsoft JET Database Engine.

vSOC SPOT Report: Exim Remote Code Execution Vulnerability

GuidePoint Security
News

Overview On March 6th, 2018, a security researcher by the name of Meh Chang of Devcore, a Taiwanese security consulting firm, published a remote code execution vulnerability that is present in the mai…

vSOC SPOT Report: Mozilla Firefox Arbitrary Code Execution Vulnerability

GuidePoint Security
News

Overview On January 29th, Mozilla developer Johann Hofmann reported that there was a major Arbitrary Code Execution vulnerability (CVE-2018-5124) within the browser’s user interface (UI) that allows…

vSOC SPOT Report: Cisco Adaptive Security Appliance RCE & Denial of Service Vulnerability

GuidePoint Security
News

Update (2018-01-31): SNORT Signatures After further research, vSOC has located Snort signatures published by the fox-srt team, which can detect exploitation of this vulnerability.

vSOC SPOT Report – Intel AMT Vulnerability

GuidePoint Security
News

Overview On Friday, January 12th, 2018 researchers at F-Secure disclosed a vulnerability involving Intel’s Active Management Technology (AMT) firmware.