isc.sans.edu
Open in
urlscan Pro
45.60.31.34
Public Scan
URL:
https://isc.sans.edu/
Submission: On April 12 via api from DE — Scanned from DE
Submission: On April 12 via api from DE — Scanned from DE
Form analysis 1 forms found in the DOM
Name: searchform — GET /search.html
<form id="headerSearch" name="searchform" action="/search.html" method="get">
<input type="text" name="q" placeholder="Search...(IP, Port..)">
<input type="hidden" id="token" name="token" value="">
<input class="btn btn-primary" type="submit" name="Search" value="Search">
</form>Text Content
INTERNET STORM CENTER Sign In Sign Up Handler on Duty: Xavier Mertens Threat Level: green Last Daily Podcast (Fri, Apr 12th): BatBadBut Vulnerability; FortiClient Linux RCE; Apple Notifications; GitHub Search Tricks; A recording of our xz-utils Webcast can be found here: https://www.youtube.com/watch?v=HTNKS3tw3xk. DIARIES VIEW ALL Published: 2024-04-12 by Xavier Mertens BUILDING A LIVE SIFT USB WITH PERSISTENCE The SIFT Workstation[1] is a well-known Linux distribution oriented to forensics and incident response tasks. It is used in many SANS training as the default platform. This is also my preferred solution for my day-to-day DFIR activities. The distribution is available as a virtual machine but you can install it on top of a classic Ubuntu system. Today, everything is virtualized and most DFIR activities can be performed remotely with the provided VM but... sometimes you still need a way to perform local investigations against a physical computer. That's why I always carry a USB stick with me. Before I was using Kali which provides a standard solution. But, how to build a live USB SIFT. The key requirement is to implement persistence. For two main reasons; * Keep your scripts and settings used to expand the default SIFT capabilities * To save the collected data Many computers have multiple USB ports, so you can boot a SIFT connected to one port and save your data/images/... on a storage device connected to another port. Except when the computer has only one port available! To build my live SIFT USB, I followed this process: Step 1: Install Ubuntu on a USB stick and enable persistence My best choice to perform this is to use Rufus[2]. The process is pretty straightforward and the most important setting is to define the size of the persistent storage: I'm using a 128GB storage and define my persistence partition to 110 GB. Note: an alternative way to create the disk is to use mkusb[3]. Step 2: Install SIFT Boot the freshly created USB stick and follow the process described on the SIFT website. Install Cast[4] and run: sudo cast install teamdfir/sift Grab some coffee, the installation might take some time depending on your hardware specifications (USB3 is a minimum) and you'll have a classic SIFT environment that you can boot now from any computer. Step 3: Customize Because we all have our preferred tools and pieces of scripts, install them on your SIFT as usual. Now, you can boot it on any computer, perform investigations, and save your pieces of evidence directly on the USB stick! [1] https://www.sans.org/tools/sift-workstation/ [2] https://rufus.ie/en/ [3] https://help.ubuntu.com/community/mkusb [4] https://github.com/ekristen/cast/releases/latest Xavier Mertens (@xme) Xameco Senior ISC Handler - Freelance Cyber Security Consultant PGP Key Xavier Mertens Published: 2024-04-11 by Yee Ching Tok EVOLUTION OF ARTIFICIAL INTELLIGENCE SYSTEMS AND ENSURING TRUSTWORTHINESS We live in a dynamic age, especially with the increasing awareness and popularity of Artificial Intelligence (AI) systems being explored by users and organizations alike. I was recently quizzed by a junior researcher on how AI systems came about and realized I could not answer that query immediately. I had a rough idea of what led to the current generative and large language models. Still, I had a very fuzzy understanding of what transpired before them, besides being confident that neural networks were involved. Unsatisfied with the lack of appreciation of how AI systems evolved, I decided to explore how AI systems were conceptualized and developed to the current state, sharing what I learnt in this diary. However, knowing only how to use them but being unable to ensure their trustworthiness (especially if organizations want to use these systems for increasingly critical business activities) could expose organizations to a much higher risk than what senior leadership could accept. As such, I will also suggest some approaches (technical, governance, and philosophical) to ensure the trustworthiness of these AI systems. AI systems were not built overnight, and the forebears of computer science and AI had thought at length about how to create a system almost similar to a human brain. Keeping in mind the usual considerations, such as the Turing test and cognitive and rational approaches, there were eight foundational disciplines that AI drew on [1]. This is illustrated in Figure 1 below: Figure 1: Foundational Disciplines Used in AI Systems The foundational disciplines also yielded their own set of considerations which would collectively be considered for an AI system. They are summarized in Table 1 below [1]: Table 1: Considerations for Foundational Disciplines in AI Systems (adapted from [1]) Foundational Discipline Considerations Philosophy - Where does knowledge come from? - Can formal rules be used to draw valid conclusions? - How does the mind arise from a physical brain? - How does knowledge lead to action? Mathematics - What can be computed? - How do we reason with uncertain information? - What are the formal rules to draw valid conclusions? Economics - How should we make decisions in accordance with our preferences? - How should we do this when others may not go along? - How should we do this when the payoff may be far in the future? Neuroscience - How do brains process information? Psychology - How do humans and animals think and act? Computer Engineering - How can an efficient computer be built? Control theory and cybernetics - How can artifacts operate under their own control? Linguistics - How does language relate to thought? For brevity’s sake, I will skip stating the overall historical details of the exact developments of AI. However, an acknowledgement to the first work of AI should be minimally mentioned, which was a research on artificial neurons by Warren McCulloch and Walter Pitts in 1943 [1]. As technological research on AI progressed, distinct iterations of AI systems emerged. These are listed in Table 2 below in chronological order, along with some salient pointers and the advantages/disadvantages (where applicable): Table 2: Evolution of Distinct AI Systems (adapted from [1]) Classification of AI Systems Details Problem-solving (Symbolic) Systems - 1950s to 1980s era - Symbolic and declarative knowledge representations - Logic-based reasoning (e.g. propositional/predicate/higher-order logic) - Rule-based (specifying how to derive new knowledge or perform certain tasks based on input data and the current state of the system) - Struggled with handling uncertainty and real-world complexities Knowledge, reasoning, planning (Expert) Systems - 1970s to 1980s era - Knowledge base (typically represented in a structured form, such as rules, facts, procedures, heuristics, or ontologies) - Inference engine (applies logical rules, inference mechanisms, and reasoning algorithms to derive conclusions, make inferences, and solve problems based on the available knowledge) - Rule-based reasoning [define conditions (antecedents) and actions (consequents), specifying how to make decisions or perform tasks based on input data and the current state of the system. The inference engine evaluates rules and triggers appropriate actions based on the conditions met.] - Limited by static knowledge representations Machine Learning (ML) Systems - 1980s to 2000s era - Feature extraction and engineering (data features/attributes extracted and transformed/combined) - Model selection and evaluation (e.g. linear regression, decision trees, support vector machines, neural networks, and ensemble methods) - Generalization (Ability of a model to accurately perform on unseen data) - Hyperparameter tuning (Tuning parameters that control the learning process and model complexity. Techniques such as grid search, random search, and Bayesian optimization are commonly used for hyperparameter tuning) - Had performance issues due to compute power, but performance significantly improved in early 21st century due to advances in compute power Deep Learning Systems - 2000s to present - Subset of ML systems (uses neural networks with multiple layers) - Feature hierarchies and abstractions (Lower layers in the network learn low-level features such as edges and textures, while higher layers learn more abstract concepts and representations, such as object parts or semantic concepts) - Scalability (particularly well-suited for tasks such as image and speech recognition, natural language processing, and other applications with massive datasets) Generative Models [Variational Autoencoders (VAEs) and Generative Adversarial Networks (GANs)] - 2010s to present - Data generation (produce new data samples based on training data. Samples can be images, text, audio, or any other type of data that the model is trained on) - Probability distribution modelling (capture the statistical dependencies and correlations between different features or components of training data and generate new samples exhibiting similar properties to the training data) - Variability and diversity (multiple plausible samples for a given input or condition can be generated by sampling from the learned probability distribution) - Unsupervised learning (unlabelled or partially labelled training data for the model to capture inherent structure and patterns within the data) Transfer Learning / Large Language Models - 2010s to present - Reuse of pre-trained models (pre-trained models are fine-tuned or adapted to new tasks with limited labelled data) - Domain adaptation (e.g. pre-trained model trained on general text data can be fine-tuned for specific domains such as legal documents, medical texts, or social media post) - Fine-grained representations (encode information about word semantics, syntax, grammar, sentiment, and topic coherence, enabling them to capture diverse aspects of language) - Multi-task approach (enables the model to learn more generalized representations of text data, improving performance on downstream tasks) With reference to Table 2, we see that AI systems have evolved significantly to become plausible assistants in automating and augmenting work processes. One must be mindful of ensuring these new systems are trustworthy and remain so due to the potential complications that could occur. AI systems could be exposed to traditional cybersecurity issues such as unauthorized access, unsecured credentials, backdooring (e.g. supply-chain compromise) and data exfiltration. They also have their own domain-specific risks, such as poisoned training datasets, insufficient guardrails, erosion of model integrity and prompt engineering. While technical controls may mitigate some of these risks, governance and philosophical approaches could bolster the resiliency and trustworthiness of the incumbent AI systems. I will briefly discuss the technical, governance and philosophical approaches that AI users should be aware of. Firstly, from a technical perspective, it is always a good approach to model potential threats and perform a security assessment of the AI model to be deployed. An excellent guidance for such an approach would be the MITRE Adversarial Threat Landscape for Artificial-Intelligence Systems (ATLAS) matrix (with reference to Figure 2 below) [2]. Appropriate mitigations to the applicable techniques to an incumbent AI system could be derived by referencing the ATLAS matrix. At the same time, assessors could rely on a globally accepted framework to guide their security assessments. Figure 2: MITRE Adversarial Threat Landscape for Artificial-intelligence Systems (ATLAS) From a governance perspective, the Control Objectives for Information Technologies (COBIT) (2019) could offer guidance when users are faced with a requirement for auditing AI systems. There are risks when deploying AI systems, such as a lack of alignment between IT and business needs, improper translation of IT tactical plans from IT strategic plans and ineffective governance structures to ensure accountability and responsibilities associated with the AI function [3]. For example, COBIT’s DSS06 Manage Business Process Control includes management practice DSS06.05 Ensure traceability and accountability. DSS06.05 could be utilized to ensure AI activity audit trails provide sufficient information to understand the rationale of AI decisions made within the organization [3]. Finally, there is the philosophical perspective for AI systems. As various organizations and users adopt AI, an AI ecosystem will inevitably form (for better or for worse). Since the modern AI ecosystem is in its infancy, governance of AI systems requires global consensus. A notable example was the mapping and interoperability of national AI governance frameworks between Singapore and United States through the Infocomm Media Development Authority (IMDA) and US National Institute of Science and Technology (NIST) crosswalk [4]. Additionally, the AI Verify Foundation and IMDA further proposed a model AI governance framework for Generative AI to address the apprehension and concerns towards AI [5]. Users and organizations looking into implementing AI should consider the nine dimensions raised in the proposed framework. These are also summarized in Table 3 below [5]: Table 3: Nine Dimensions for Fostering a Trusted AI Ecosystem (adapted from [5]) Dimensions Details Accountability Putting in place the right incentive structure for different players in the AI system development life cycle to be responsible to end-users Data Ensuring data quality and addressing potentially contentious training data in a pragmatic way, as data is core to model development Trusted Development and Deployment Enhancing transparency around baseline safety and hygiene measures based on industry best practices, in development, evaluation and disclosure Incident Reporting Implementing an incident management system for timely notification, remediation, and continuous improvements, as no AI system is foolproof Testing and Assurance Providing external validation and added trust through third-party testing, and developing common AI testing standards for consistency Security Addressing new threat vectors that arise through generative AI models Content Provenance Transparency about where content comes from as useful signals for end-users Safety and Alignment R&D Accelerating R&D through global cooperation among AI Safety Institutes to improve model alignment with human intention and values AI for Public Good Responsible AI includes harnessing AI to benefit the public by democratizing access, improving public sector adoption, upskilling workers and developing AI systems sustainably I hope this primer on AI helped to get everyone up to speed on how AI systems evolved over the years and appreciate the vast potential these systems bring. However, we live in turbulent times where AI systems could be abused and compromised. I also suggested potential avenues (technical, governance, and philosophical) for AI systems to become more trustworthy despite adversarial tactics and techniques. We live in an exciting age, and seeing how far we can evolve by adopting AI systems will be a rewarding experience. References: 1. Stuart Russell and Peter Norvig. 2020. Artificial Intelligence: A Modern Approach (4th. ed.). Pearson, USA. 2. https://atlas.mitre.org/matrices/ATLAS 3. ISACA. 2018. Auditing Artificial Intelligence. ISACA, USA. 4. https://www.imda.gov.sg/resources/press-releases-factsheets-and-speeches/press-releases/2024/public-consult-model-ai-governance-framework-genai 5. https://aiverifyfoundation.sg/downloads/Proposed_MGF_Gen_AI_2024.pdf ----------- Yee Ching Tok, Ph.D., ISC Handler Personal Site Mastodon Twitter Yee Ching Tok Published: 2024-04-09 by Johannes Ullrich APRIL 2024 MICROSOFT PATCH TUESDAY SUMMARY This update covers a total of 157 vulnerabilities. Seven of these vulnerabilities are Chromium vulnerabilities affecting Microsoft's Edge browser. However, only three of these vulnerabilities are considered critical. One of the vulnerabilities had already been disclosed and exploited. Vulnerabilities of Interest: CVE-2024-26234: This proxy driver spoofing vulnerability has already been exploited and made public before today. CVE-2024-21322, CVE-2024-21323, CVE-2024-29053: These critical vulnerabilities allow remote code execution in Microsoft Defender for IoT. The update patches about 40 (sorry, lost exact count) remote code execution vulnerabilities in Microsoft OLE Driver for SQL Server. These vulnerabilities are rated only "important", not "critical". The vulnerability affects clients connecting to malicious SQL servers. The client would be the target, not the server. The seven important remote code execution vulnerabilities in the DNS Server Service look interesting. To achieve remote code execution, "perfect timing" is required according to Microsoft. Description CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG) Mariner: Openwsman Path Traversal and process_connection() DoS vulnerability. CVE-2019-3816 No No - - - 7.5 7.5 CVE-2019-3833 No No - - - 7.5 7.5 .NET, .NET Framework, and Visual Studio Remote Code Execution Vulnerability CVE-2024-21409 No No - - Important 7.3 6.4 Azure AI Search Information Disclosure Vulnerability CVE-2024-29063 No No - - Important 7.3 6.6 Azure Arc-enabled Kubernetes Extension Cluster-Scope Elevation of Privilege Vulnerability CVE-2024-28917 No No - - Important 6.2 5.4 Azure Compute Gallery Elevation of Privilege Vulnerability CVE-2024-21424 No No - - Important 6.5 5.7 Azure CycleCloud Elevation of Privilege Vulnerability CVE-2024-29993 No No - - Important 8.8 7.7 Azure Identity Library for .NET Information Disclosure Vulnerability CVE-2024-29992 No No - - Moderate 5.5 5.3 Azure Migrate Remote Code Execution Vulnerability CVE-2024-26193 No No - - Important 6.4 5.9 Azure Monitor Agent Elevation of Privilege Vulnerability CVE-2024-29989 No No - - Important 8.4 7.3 Azure Private 5G Core Denial of Service Vulnerability CVE-2024-20685 No No - - Moderate 5.9 5.2 BitLocker Security Feature Bypass Vulnerability CVE-2024-20665 No No - - Important 6.1 5.3 Chromium: CVE-2024-3156 Inappropriate implementation in V8 CVE-2024-3156 No No - - - Chromium: CVE-2024-3158 Use after free in Bookmarks CVE-2024-3158 No No - - - Chromium: CVE-2024-3159 Out of bounds memory access in V8 CVE-2024-3159 No No - - - DHCP Server Service Denial of Service Vulnerability CVE-2024-26212 No No - - Important 7.5 6.5 CVE-2024-26215 No No - - Important 7.5 7.2 DHCP Server Service Remote Code Execution Vulnerability CVE-2024-26195 No No - - Important 7.2 6.3 CVE-2024-26202 No No - - Important 7.2 6.3 HTTP.sys Denial of Service Vulnerability CVE-2024-26219 No No - - Important 7.5 6.5 Intel: CVE-2024-2201 Branch History Injection CVE-2024-2201 No No - - Important 4.7 4.1 Lenovo: CVE-2024-23593 Zero Out Boot Manager and drop to UEFI Shell CVE-2024-23593 No No - - Important 7.8 6.8 Lenovo: CVE-2024-23594 Stack Buffer Overflow in LenovoBT.efi CVE-2024-23594 No No - - Important 6.4 5.6 Microsoft Azure Kubernetes Service Confidential Container Elevation of Privilege Vulnerability CVE-2024-29990 No No - - Important 9.0 8.1 Microsoft Brokering File System Elevation of Privilege Vulnerability CVE-2024-28905 No No - - Important 7.8 6.8 CVE-2024-26213 No No - - Important 7.0 6.1 CVE-2024-28904 No No - - Important 7.8 6.8 CVE-2024-28907 No No - - Important 7.8 6.8 Microsoft Defender for IoT Elevation of Privilege Vulnerability CVE-2024-21324 No No - - Important 7.2 6.3 CVE-2024-29055 No No - - Important 7.2 6.3 CVE-2024-29054 No No - - Important 7.2 6.3 Microsoft Defender for IoT Remote Code Execution Vulnerability CVE-2024-21322 No No - - Critical 7.2 6.3 CVE-2024-21323 No No - - Critical 8.8 7.7 CVE-2024-29053 No No - - Critical 8.8 7.7 Microsoft Edge (Chromium-based) Spoofing Vulnerability CVE-2024-29981 No No Less Likely Less Likely Low 4.3 3.9 Microsoft Edge (Chromium-based) Webview2 Spoofing Vulnerability CVE-2024-29049 No No Less Likely Less Likely Moderate 4.1 3.6 Microsoft Excel Remote Code Execution Vulnerability CVE-2024-26257 No No - - Important 7.8 7.5 Microsoft Install Service Elevation of Privilege Vulnerability CVE-2024-26158 No No - - Important 7.8 6.8 Microsoft Local Security Authority Subsystem Service Information Disclosure Vulnerability CVE-2024-26209 No No - - Important 5.5 4.8 Microsoft Message Queuing (MSMQ) Remote Code Execution Vulnerability CVE-2024-26232 No No - - Important 7.3 6.4 CVE-2024-26208 No No - - Important 7.2 6.3 Microsoft ODBC Driver for SQL Server Remote Code Execution Vulnerability CVE-2024-28929 No No - - Important 8.8 7.7 CVE-2024-28931 No No - - Important 8.8 7.7 CVE-2024-28932 No No - - Important 8.8 7.7 CVE-2024-28936 No No - - Important 8.8 7.7 CVE-2024-29043 No No - - Important 8.8 7.7 CVE-2024-28930 No No - - Important 8.8 7.7 CVE-2024-28933 No No - - Important 8.8 7.7 CVE-2024-28934 No No - - Important 8.8 7.7 CVE-2024-28935 No No - - Important 8.8 7.7 CVE-2024-28937 No No - - Important 8.8 7.7 CVE-2024-28938 No No - - Important 8.8 7.7 CVE-2024-28941 No No - - Important 8.8 7.7 CVE-2024-28943 No No - - Important 8.8 7.7 Microsoft OLE DB Driver for SQL Server Remote Code Execution Vulnerability CVE-2024-28906 No No - - Important 8.8 7.7 CVE-2024-28908 No No - - Important 8.8 7.7 CVE-2024-28909 No No - - Important 8.8 7.7 CVE-2024-28910 No No - - Important 8.8 7.7 CVE-2024-28911 No No - - Important 8.8 7.7 CVE-2024-28912 No No - - Important 8.8 7.7 CVE-2024-28913 No No - - Important 8.8 7.7 CVE-2024-28914 No No - - Important 8.8 7.7 CVE-2024-28915 No No - - Important 8.8 7.7 CVE-2024-28939 No No - - Important 8.8 7.7 CVE-2024-28942 No No - - Important 8.8 7.7 CVE-2024-28945 No No - - Important 8.8 7.7 CVE-2024-29045 No No - - Important 7.5 6.5 CVE-2024-29047 No No - - Important 8.8 7.7 CVE-2024-28926 No No - - Important 8.8 7.7 CVE-2024-28927 No No - - Important 8.8 7.7 CVE-2024-28940 No No - - Important 8.8 7.7 CVE-2024-28944 No No - - Important 8.8 7.7 CVE-2024-29044 No No - - Important 8.8 7.7 CVE-2024-29046 No No - - Important 8.8 7.7 CVE-2024-29048 No No - - Important 8.8 7.7 CVE-2024-29982 No No - - Important 8.8 7.7 CVE-2024-29983 No No - - Important 8.8 7.7 CVE-2024-29984 No No - - Important 8.8 7.7 CVE-2024-29985 No No - - Important 8.8 7.7 Microsoft SharePoint Server Spoofing Vulnerability CVE-2024-26251 No No - - Important 6.8 6.5 Microsoft Virtual Machine Bus (VMBus) Denial of Service Vulnerability CVE-2024-26254 No No - - Important 7.5 6.5 Microsoft WDAC OLE DB Provider for SQL Server Remote Code Execution Vulnerability CVE-2024-26210 No No - - Important 8.8 7.7 CVE-2024-26244 No No - - Important 8.8 7.7 Microsoft WDAC SQL Server ODBC Driver Remote Code Execution Vulnerability CVE-2024-26214 No No - - Important 8.8 7.7 Outlook for Windows Spoofing Vulnerability CVE-2024-20670 No No - - Important 8.1 7.1 Proxy Driver Spoofing Vulnerability CVE-2024-26234 Yes Yes - - Important 6.7 5.8 Remote Procedure Call Runtime Remote Code Execution Vulnerability CVE-2024-20678 No No - - Important 8.8 7.7 Secure Boot Security Feature Bypass Vulnerability CVE-2024-20669 No No - - Important 6.7 5.8 CVE-2024-20688 No No - - Important 7.1 6.2 CVE-2024-20689 No No - - Important 7.1 6.2 CVE-2024-26250 No No - - Important 6.7 5.8 CVE-2024-28920 No No - - Important 7.8 6.8 CVE-2024-28922 No No - - Important 4.1 3.6 CVE-2024-28921 No No - - Important 6.7 5.8 CVE-2024-28919 No No - - Important 6.7 5.8 CVE-2024-28923 No No - - Important 6.4 5.6 CVE-2024-28896 No No - - Important 7.5 6.5 CVE-2024-28898 No No - - Important 6.3 5.5 CVE-2024-28903 No No - - Important 6.7 5.8 CVE-2024-26168 No No - - Important 6.8 5.9 CVE-2024-26171 No No - - Important 6.7 5.8 CVE-2024-26175 No No - - Important 7.8 6.8 CVE-2024-26180 No No - - Important 8.0 7.0 CVE-2024-26189 No No - - Important 8.0 7.0 CVE-2024-26194 No No - - Important 7.4 6.4 CVE-2024-26240 No No - - Important 8.0 7.0 CVE-2024-28924 No No - - Important 6.7 5.8 CVE-2024-28925 No No - - Important 8.0 7.0 CVE-2024-28897 No No - - Important 6.8 5.9 CVE-2024-29061 No No - - Important 7.8 6.8 CVE-2024-29062 No No - - Important 7.1 6.2 SmartScreen Prompt Security Feature Bypass Vulnerability CVE-2024-29988 No No - - Important 8.8 8.2 Win32k Elevation of Privilege Vulnerability CVE-2024-26241 No No - - Important 7.8 6.8 Windows Authentication Elevation of Privilege Vulnerability CVE-2024-21447 No No - - Important 7.8 6.8 CVE-2024-29056 No No - - Important 4.3 3.8 Windows CSC Service Elevation of Privilege Vulnerability CVE-2024-26229 No No - - Important 7.8 6.8 Windows Cryptographic Services Remote Code Execution Vulnerability CVE-2024-29050 No No - - Important 8.4 7.3 Windows Cryptographic Services Security Feature Bypass Vulnerability CVE-2024-26228 No No - - Important 7.8 6.8 Windows DNS Server Remote Code Execution Vulnerability CVE-2024-26221 No No - - Important 7.2 6.3 CVE-2024-26222 No No - - Important 7.2 6.3 CVE-2024-26223 No No - - Important 7.2 6.3 CVE-2024-26224 No No - - Important 7.2 6.3 CVE-2024-26227 No No - - Important 7.2 6.3 CVE-2024-26231 No No - - Important 7.2 6.3 CVE-2024-26233 No No - - Important 7.2 6.3 Windows DWM Core Library Information Disclosure Vulnerability CVE-2024-26172 No No - - Important 5.5 4.8 Windows Defender Credential Guard Elevation of Privilege Vulnerability CVE-2024-26237 No No - - Important 7.8 6.8 Windows Distributed File System (DFS) Information Disclosure Vulnerability CVE-2024-26226 No No - - Important 6.5 5.7 Windows Distributed File System (DFS) Remote Code Execution Vulnerability CVE-2024-29066 No No - - Important 7.2 6.3 Windows File Server Resource Management Service Elevation of Privilege Vulnerability CVE-2024-26216 No No - - Important 7.3 6.4 Windows Hyper-V Denial of Service Vulnerability CVE-2024-29064 No No - - Important 6.2 5.4 Windows Kerberos Denial of Service Vulnerability CVE-2024-26183 No No - - Important 6.5 5.7 Windows Kerberos Elevation of Privilege Vulnerability CVE-2024-26248 No No - - Important 7.5 6.5 Windows Kernel Elevation of Privilege Vulnerability CVE-2024-20693 No No - - Important 7.8 6.8 CVE-2024-26218 No No - - Important 7.8 6.8 Windows Mobile Hotspot Information Disclosure Vulnerability CVE-2024-26220 No No - - Important 5.0 4.4 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability CVE-2024-26211 No No - - Important 7.8 6.8 Windows Remote Access Connection Manager Information Disclosure Vulnerability CVE-2024-26255 No No - - Important 5.5 4.8 CVE-2024-28901 No No - - Important 5.5 4.8 CVE-2024-28902 No No - - Important 5.5 4.8 CVE-2024-26207 No No - - Important 5.5 4.8 CVE-2024-26217 No No - - Important 5.5 4.8 CVE-2024-28900 No No - - Important 5.5 4.8 Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability CVE-2024-26179 No No - - Important 8.8 7.7 CVE-2024-26200 No No - - Important 8.8 7.7 CVE-2024-26205 No No - - Important 8.8 7.7 Windows SMB Elevation of Privilege Vulnerability CVE-2024-26245 No No - - Important 7.8 6.8 Windows Storage Elevation of Privilege Vulnerability CVE-2024-29052 No No - - Important 7.8 6.8 Windows Telephony Server Elevation of Privilege Vulnerability CVE-2024-26242 No No - - Important 7.0 6.1 CVE-2024-26230 No No - - Important 7.8 6.8 CVE-2024-26239 No No - - Important 7.8 6.8 Windows USB Print Driver Elevation of Privilege Vulnerability CVE-2024-26243 No No - - Important 7.0 6.1 Windows Update Stack Elevation of Privilege Vulnerability CVE-2024-26235 No No - - Important 7.8 6.8 CVE-2024-26236 No No - - Important 7.0 6.1 Windows rndismp6.sys Remote Code Execution Vulnerability CVE-2024-26252 No No - - Important 6.8 5.9 CVE-2024-26253 No No - - Important 6.8 5.9 libarchive Remote Code Execution Vulnerability CVE-2024-26256 No No - - Important 7.8 6.8 --- Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu Twitter| Johannes Ullrich PODCASTS VIEW ALL ISC STORMCAST FOR FRIDAY, APRIL 12TH, 2024 Released: 2024-04-12 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR THURSDAY, APRIL 11TH, 2024 Released: 2024-04-11 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR WEDNESDAY, APRIL 10TH, 2024 Released: 2024-04-10 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR TUESDAY, APRIL 9TH, 2024 Released: 2024-04-09 02:00:01 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR MONDAY, APRIL 8TH, 2024 Released: 2024-04-08 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR FRIDAY, APRIL 5TH, 2024 Released: 2024-04-05 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now ISC STORMCAST FOR THURSDAY, APRIL 4TH, 2024 Released: 2024-04-04 02:00:02 A daily summary of cyber security news from the SANS Internet Stormcenter Listen Now JOBS VIEW ALL American Electric Power • US, REMOTE SECURITY SPECIALIST GREM, GMON, GCED, GPEN, GCIH, GCIA, GNFA, GCFA View Details Apply Now MetLife • Cary, NC INFRASTRUCTURE VULNERABILITY ASSESSMENT CONSULTANT GISF, GSEC, GCED, GPEN, GXPN, GCIH, GPYC, GCLD, GCPN, or other GIAC View Details Apply Now Capital One • McLean, VA ACTIVE DEFENSE ANALYST, CYBER DEFENSE GSEC, GCIH View Details Apply Now Wurth IT USA • Chicago, IL / Northern Suburbs SOC - CYBER SECURITY ANALYST GSOC View Details Apply Now City of New York / NYC Cyber Command • Brooklyn, NY SOC THREAT ANALYST GSOC, GCIH, GCIA, GCFA, GNFA View Details Apply Now CACI • Washington, DC CLOUD ARCHITECTS AND ENGINEERS GCIH, GPEN View Details Apply Now WIN Technology • Eau Claire, Wisconsin (USA) INFORMATION SECURITY ENGINEER GCIH, GPEN, GWAPT, GAWN, GDAT, GMON, GCED, GSIP, GCFA, GCCC, and other GIAC View Details Apply Now Microsoft Federal • Washington, DC SECURITY CLOUD SOLUTION ARCHITECT - CTJ (JUNIOR/MID-LEVEL) GPCS, GCLD, GCFE, GCFA View Details Apply Now Microsoft Federal • Reston, VA SECURITY CLOUD SOLUTION ARCHITECT - CTJ (SENIOR LEVEL) GCED, GCFA, GCIH, GICSP, OR GCIP, GPEN, GRID, GWAPT View Details Apply Now Liberty Utilities • US or Canada (Remote) ANALYST III, SECURITY OPERATIONS GSEC View Details Apply Now Raymond James • Canada LEAD CYBER THREAT INTELLIGENCE GPEN, GCFA, GDAT, GCTI View Details Apply Now ADP • Roseland NJ / Hybrid - remote possible LEAD INCIDENT RESPONSE SECURITY ANALYST GCIH GCIA GCFA GSEC GREM GCFE View Details Apply Now The Hershey Company • Hershey, PA or Remote STAFF SECURITY ENGINEER GCSA, GPCS, GDSA, GSP, GPEN, GSE, View Details Apply Now The Hershey Company • Hershey, PA or Remote SENIOR SECURITY ENGINEER GSEC, GCIH, GCIA, GCDA, GMON View Details Apply Now Liberty Utilities • US or Canada (Remote) ARCHITECT, CYBERSECURITY GSEC View Details Apply Now Liberty Utilities • US or Canada (Remote) ENGINEER, CYBERSECURITY ENGINEERING (OT) GSEC View Details Apply Now Liberty Utilities • US or Canada (Remote) ANALYST II, SECURITY OPERATIONS GSEC View Details Apply Now * Homepage * Diaries * Podcasts * Jobs * Data * TCP/UDP Port Activity * Port Trends * SSH/Telnet Scanning Activity * Weblogs * Threat Feeds Activity * Threat Feeds Map * Useful InfoSec Links * Presentations & Papers * Research Papers * API * Tools * DShield Sensor * DNS Looking Glass * Honeypot (RPi/AWS) * InfoSec Glossary * Contact Us * Contact Us * About Us * Handlers * About Us Slack Channel Mastodon Bluesky X Subscribe to the daily podcast via RSS or iTunes © 2024 SANS™ Internet Storm Center Developers: We have an API for you! * Link To Us * About Us * Handlers * Privacy Policy * * * * *