DCERPC Services - Client 1004373* - Identified DLL Side Loading Attempt Over Network Share (ATT&CK T1073) 1010106* - Identified Downloading Of PowerShell Scripts Through SMB Share (ATT&CK T1086)
DNS Client 1010352 - Data Exfiltration Over DNS (Response) Protocol (ATT&CK T1048)
LDAP Client 1009112 - PHP LDAP 'ldap_get_dn' Denial Of Service Vulnerability (CVE-2018-10548)
SAP NetWeaver Java Application Server 1010409 - Identified SAP NetWeaver AS JAVA Authentication Attempt 1010413 - SAP NetWeaver AS JAVA Directory Traversal Vulnerability (CVE-2020-6286)
Web Application Common 1010344 - ThinkPHP Remote Code Exection Vulnerability (CVE-2019-9082)
Web Application PHP Based 1010375 - WordPress 10Web Photo Gallery Plugin SQL Injection Vulnerability
Web Application Ruby Based 1010411 - Ruby On Rails Remote Code Execution Vulnerability (CVE-2020-8163)
Web Server Apache 1010400 - Apache Httpd Mod Rewrite Open Redirects Vulnerability (CVE-2019-10098)
Web Server Common 1006540* - Enable X-Forwarded-For HTTP Header Logging 1010388* - F5 BIG-IP TMUI Remote Code Execution Vulnerability (CVE-2020-5902) 1000473* - Parameter Name Length Restriction
Windows Remote Management 1009894* - Powershell Remote Command Execution Via WinRM - HTTP (Request) (ATT&CK T1028) 1010048* - WinRM Service Detected & Powershell RCE Over HTTP (ATT&CK T1028)
ZeroMQ Message Transport Protocol (ZMTP) 1010265* - SaltStack Salt Authorization Weakness Vulnerability (CVE-2020-11651)
Integrity Monitoring Rules:
1008271* - Application - Docker
Log Inspection Rules:
1008852* - Auditd 1010390 - Microsoft Windows User Logon Events
What is the current state of SCADA vulnerabilities? Staying informed is essential in the fight against exploits and cyberattacks with real-world consequences.
Patch now: Two Chrome zero-days were reported, one of them actively exploited in a campaign. Meanwhile, BlueKeep was initially reported seen in the wild to install a malicious Monero miner.
Administrators of NGINX web servers running PHP-FPM are advised to patch a vulnerability (CVE-2019-11043) that can let threat actors execute remote code on vulnerable, NGINX-enabled web servers. Here’s what you need to know.