Apple released iOS, iPadOS, macOS, tvOS, and Safari updates today. The iOS/macOS updates go back two "generations". This is particularly important for iOS 15, which now receives a patch for CVE-2023-32434, a vulnerability already exploited against earlier versions of iOS. This is also the only issue addressed for these earlier iOS versions.
Tag Archives: SANS
How an AppleTV may take down your (#IPv6) network, (Mon, Oct 23rd)
I recently ran into an odd issue with IPv6 connectivity in my home network. During a lengthy outage, I decided to redo some of my network configurations. As part of this change, I also reorganized my IPv6 setup, relying more on DHCPv6 and less on router advertisements to configure IPv6 addresses. Overall, this worked well. My Macs had no issues connecting to IPv6. However, the Linux host I use to alert me of network connectivity issues could not "ping" the test host via IPv6.
VMware Releases Security Patches for Fusion, Workstation and Aria Operations for Logs, (Fri, Oct 20th)
Hiding in Hex, (Wed, Oct 18th)
There are a variety of attacks seen from DShield honeypots [1]. Most of the time these commands are human readable. but every now and again they are obfuscated using base64 or hex encoding. A quick look for commands containing the "/x" delimiter give a lot of results encoded in hexadecimal.
Changes to SMS Delivery and How it Effects MFA and Phishing, (Tue, Oct 17th)
Domain Name Used as Password Captured by DShield Sensor, (Sun, Oct 15th)
While reviewing my DShield honeypot logs, I noticed for the first time something strange in my list of Top Username & Password where several domain name were use as password. Initially, I was under the impression this might be a parsing error by Logstash and decided to review the raw logs to make sure it was parsed correctly to confirm data integrity. Since username and passwords isn't something submitted to DShield, I reviewed my own raw logs to confirm the data was accurate and reviewed the capture rate of username/password combination for the past few weeks:
What's Normal: MAC Addresses, (Fri, Oct 13th)
In this installment of "What's Normal", I want to discuss MAC addresses. MAC addresses are used to identify devices on ethernet networks. They are six bytes in length and typically expressed in hexadecimal, separated by a colon or a dash. MAC addresses identify network interfaces on the local network. They must be locally unique and are, to some extent globally unique.
CVE-2023-38545: curl SOCKS5 oversized hostname vulnerability. How bad is it?, (Wed, Oct 11th)
Last week, Daniel Stenberg announced that he would release a new version of the curl library and command line tool today, fixing a significant vulnerability. Curl is the de-facto standard library to create HTTP requests unless you still use Perl (good old LWP..). A significant vulnerability in curl will affect pretty much anything connecting to a web server. With everything becoming an HTTP-based API, code using curl is probably written faster than ever, and Daniel's work is more important than ever.
Wireshark releases 2 updates in one day. Mac users especially will want the latest., (Sat, Oct 7th)
New tool: le-hex-to-ip.py, (Thu, Oct 5th)
So, this week it is my privilege to be TA-ing for Taz Wake for the beta run of his new class FOR577: Linux Incident Response and Threat Hunting. We were looking in the linux /proc filesystem and were noticing in the /proc/<pid>/net/{tcp/udp/icmp/…} that the IP addresses were listed in hex, but little-endian.