Just a quick reminder: We are continuing to see small numbers of exploit attempts against CVE-2020-3452. Cisco patched this directory traversal vulnerability in its Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) software. The exploit is rather simple and currently used to find vulnerable systems by reading benign LUA source code files. 

Example attempts:

GET /+CSCOE+/translation-table?=mst&textdomain=/%bCSCOE%2b/[email protected]&lang=../ HTTP/1.1
GET /+CSCOE+/translation-table?=mst&textdomain=/+CSCOE+/[email protected]&lang=../
GET /translation-table?=mst&textdomain=

Out honeypot isn't emulating this vulnerability well right now, so we are not seeing followup attacks.

---
Johannes B. Ullrich, Ph.D. , Dean of Research, SANS Technology Institute
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 

Posted by InfoSec News on Aug 03

https://www.theregister.com/2020/08/03/leaky_s3_buckets/

By Shaun Nichols in San Francisco
The Register
3 Aug 2020

The massive amounts of exposed data on misconfigured AWS S3 storage
buckets is a catastrophic network breach just waiting to happen, say
experts.

The team at Truffle Security says its automated search tools were able to
stumble across some 4,000 open Amazon S3 buckets that included data
companies would not want public, things...
 

Posted by InfoSec News on Aug 03

https://www.cyberscoop.com/taidoor-malware-report-china-cisa-dod-fbi/

By Shannon Vavra
CYBERSCOOP
August 3, 2020

The U.S. government publicly put forth information Monday that exposed
malware used in Chinese government hacking efforts for more than a decade.

The Chinese government has been using malware, referred to as Taidoor, to
target government agencies, entities in the private sector, and think
tanks since 2008, according to a joint...
 

Posted by InfoSec News on Aug 03

https://siliconangle.com/2020/08/02/travel-management-company-cwt-hands-4-5m-following-ransomware-attack/

By Duncan Riley
SiliconAngle.com
08/02/2020

Business travel management company CWT Global B.V. is the latest company
to pay a ransom demand following a ransomware attack.

According to report Friday by Reuters, the company paid $4.5 million to
those behind the ransomware after the attack knocked some 30,000 of the
company’s computers...
 

Posted by InfoSec News on Aug 03

https://www.c4isrnet.com/cyber/2020/08/03/new-england-guardsmen-test-their-skills-in-cyber-yankee-2020/

By Mark Pomerleau
C4ISRNET.com
08/03/2020

Members of the National Guard from New England states concluded a two-week
cyber exercise that sought to test the cyber skills of guardsmen and
critical infrastructure operators.

Cyber Yankee 2020, which took place July 21-31 in New Hampshire, involved
more than 200 National Guard members and...
 

Posted by InfoSec News on Aug 03

https://thehill.com/policy/cybersecurity/510362-house-republicans-introduce-legislation-to-give-states-400-million-for

By Maggie Miller
The Hill
08/03/2020

A group of House Republicans on Monday introduced legislation that would
appropriate $400 million to states to address election challenges stemming
from the COVID-19 pandemic.

The Emergency Assistance for Safe Elections (EASE) Act would designate
$200 million to assist with sanitizing...
 
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
 
Internet Storm Center Infocon Status