Online Services Again Abused to Exfiltrate Data

Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin,

to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early

https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862

OpenSSH 10.0 Released

OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface.

https://www.openssh.com/releasenotes.html#10.0p1

Apache Roller Vulnerability

Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address.

https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f

CVE Funding Changes

Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now.

https://www.cve.org/

Rss Apple Podcaster
Podden och tillhörande omslagsbild på den här sidan tillhör Johannes B. Ullrich. Innehållet i podden är skapat av Johannes B. Ullrich och inte av, eller tillsammans med, Poddtoppen.

Senast besökta

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes

00:00