CISA flags data-theft bug in NSA-built OT networking tool
ATT&CK techniques detected
T1048.003Exfiltration Over Unencrypted Non-C2 Protocol
62%
“##er. additionally, many types of input would cause errors which would impede the exfil process. to bypass this, the content would be converted to base64 and then sent across multiple message chunks. " in a separate post on linkedin, quinn noted that the bug won ' t pose too much…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1059.001PowerShell
54%
“- 6807 ( 5. 5 ), but confirmed that successful exploits could lead to sensitive information being disclosed. however, in an advisory published on tuesday, it said : " the flaw stems from insufficient hardening of the xml parsing process. " these types of attacks ( cwe - 611 ) aff…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1190Exploit Public-Facing Application
47%
“exploit and posted it to github. - governments on high alert after cisa snuffs out firestarter backdoor on fed network - anthropic ' s magic code - sniffer : more swiss cheese than cheddar, for now - cisa tells feds to patch 13 - year - old apache activemq bug under active attack…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
GrassMarlin leaks sensitive information, provided your targeting phishing skills are sharp enough
The Cybersecurity and Infrastructure Security Agency (CISA) is warning anyone who uses GrassMarlin, a tool developed by the National Security Agency (NSA), about a new vulnerability that attackers can use to snoop on sensitive information.…