| Website | https://www.cybercapacityunit.org |
I can finally reveal some research I've been involved with over the past year or so.
We (@redford, @mrtick and I) have reverse engineered the PLC code of NEWAG Impuls EMUs. These trains were locking up for arbitrary reasons after being serviced at third-party workshops. The manufacturer argued that this was because of malpractice by these workshops, and that they should be serviced by them instead of third parties.
1/4
Anyone I know on here heading to this next week:
https://www.sans.org/cyber-security-training-events/cyberthreat23/#agenda
UPDATE: Multiple Junos OS Vulnerabilities (CERT-EU Security Advisory 2023-059)
Juniper Networks has released fixes to address several vulnerabilities. These vulnerabilities could potentially be chained together to allow unauthorised remote code execution (RCE) on SRX and EX series devices. The combined CVSS score for these flaws is 9.8 (Critical) and a PoC exploit has been publicly released. Therefore, CERT-EU strongly advises users to promptly update their devices to the latest versions, or apply the provided workaround.
[Update] On September 18, a VulnCheck vulnerability researcher released another PoC exploit that only utilises one of the vulnerabilities, bypassing the need to upload files while still achieving remote code execution.
https://www.cert.europa.eu/static/SecurityAdvisories/2023/CERT-EU-SA2023-059.pdf
Today's quick #malware analysis with #SecurityOnion:
FORMBOOK from possible MODILOADER pcap from 2023-06-16
More screenshots:
https://blog.securityonion.net/2023/09/quick-malware-analysis-tfgp-and.html
#infosec
#infosecurity
#CyberSecurity
#ThreatHunting
#IncidentResponse
As some who is (somehow) 47, this seems somewhat patronising
q3k 
CERT-EU
Security Onion 🧅​
