INTERNET STORM CENTER SPOTLIGHT
ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with Internet Service Providers to fight back against the most malicious attackers. https://isc.sans.edu/about.html
Configuration Scanners Adding Java Specific Configuration Files
Published: 2024-06-24
Last Updated: 2024-06-24 08:37:24 UTC
by Johannes Ullrich (Version: 1)
Hunting for configuration files is one of the favorite tricks we typically see used against our honeypots. Traditionally, standard and more generic configuration files like ".env" or ".config" are the target, with some cloud-specific configuration files sprinkled in.
Today, I noticed in our "First Seen URL" list a new variation that appears to target Java Spring configuration files. For example, the following files are now being hunted ...
https://isc.sans.edu/diary/Configuration+Scanners+Adding+Java+Specific+Configuration+Files/31032/
No Excuses, Free Tools to Help Secure Authentication in Ubuntu Linux [Guest Diary]
Published: 2024-06-20
Last Updated: 2024-06-20 01:19:16 UTC
by Guy Bruneau (Version: 1)
[This is a Guest Diary by Owen Slubowski, an ISC intern as part of the SANS.edu BACS program]
Over the past 20 weeks I have had the privilege to take part in the SANS Internet Storm Center Internship. This has been an awesome chance to deploy and monitor a honeypot to explore what must be the fate of so many unsecured devices on the internet. Over the tenure here the one thing that was so shocking to me was not only the amount of devices that are conducting password attacks, but also the damage they could have done if their malware had been successful. Over the 20 weeks of this internship, I had more than 16,790 unique devices attempt to gain unauthorized access to my honeypot over SSH and Telnet from 49 different countries!
With the amount of threat actors out there it almost seems like a strong password policy isn’t enough on its own. And over the multitude of attack reports I wrote it always listed the same control that could have protected the system: MFA and filtering to protect the system. In my mind these solutions always imply a greater cost that is often outside of our reach as hobbyist and small organizations … Or are they? Over the course of the next few pages, I look to discuss different technical controls I was first introduced to during the internship that can be applied to Ubuntu Linux at no cost and how they can help protect against these attempts to login by various threat actors.
Read the full entry:
https://isc.sans.edu/diary/No+Excuses+Free+Tools+to+Help+Secure+Authentication+in+Ubuntu+Linux+Guest+Diary/31024/