Bra podcast
Sveriges mest populära poddar
- Affärsnyheter
- Alternativ hälsa
- Amerikansk fotboll
- Andlighet
- Animering och manga
- Astronomi
- Barn och familj
- Baseball
- Basket
- Berättelser för barn
- Böcker
- Brottning
- Buddhism
- Dagliga nyheter
- Dans och teater
- Design
- Djur
- Dokumentär
- Drama
- Efterprogram
- Entreprenörskap
- Fantasysporter
- Filmhistoria
- Filmintervjuer
- Filmrecensioner
- Filosofi
- Flyg
- Föräldraskap
- Fordon
- Fotboll
- Fritid
- Fysik
- Geovetenskap
- Golf
- Hälsa och motion
- Hantverk
- Hinduism
- Historia
- Hobbies
- Hockey
- Hus och trädgård
- Ideell
- Improvisering
- Investering
- Islam
- Judendom
- Karriär
- Kemi
- Komedi
- Komedifiktion
- Komediintervjuer
- Konst
- Kristendom
- Kurser
- Ledarskap
- Life Science
- Löpning
- Marknadsföring
- Mat
- Matematik
- Medicin
- Mental hälsa
- Mode och skönhet
- Motion
- Musik
- Musikhistoria
- Musikintervjuer
- Musikkommentarer
- Näringslära
- Näringsliv
- Natur
- Naturvetenskap
- Nyheter
- Nyhetskommentarer
- Personliga dagböcker
- Platser och resor
- Poddar
- Politik
- Relationer
- Religion
- Religion och spiritualitet
- Rugby
- Så gör man
- Sällskapsspel
- Samhälle och kultur
- Samhällsvetenskap
- Science fiction
- Sexualitet
- Simning
- Självhjälp
- Skönlitteratur
- Spel
- Sport
- Sportnyheter
- Språkkurs
- Stat och kommun
- Ståupp
- Tekniknyheter
- Teknologi
- Tennis
- TV och film
- TV-recensioner
- Underhållningsnyheter
- Utbildning
- Utbildning för barn
- Verkliga brott
- Vetenskap
- Vildmarken
- Visuell konst
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in cyber security.
2193 avsnitt • Längd: 5 min • Veckovis: Onsdag
Om podden
A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
The podcast SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) is created by Johannes B. Ullrich. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
Avsnitt
SANS Stormcast Friday, May 9th: SSH Exfil Tricks; magicINFO still vulnerable; SentinelOne Vulnerability; Commvault insufficient patch
9 maj 2025 |
5 min
No Internet Access: SSH to the Rescue
If faced with restrictive outbound network access policies, a single inbound SSH connection can quickly be turned into a tunnel or a full-blown VPN
https://isc.sans.edu/diary/No%20Internet%20Access%3F%20SSH%20to%20the%20Rescue!/31932
SAMSUNG magicINFO 9 Server Flaw Still exploitable
The SAMSUNG magicINFO 9 Server Vulnerability we found being exploited last week is apparently still not completely patched, and current versions are vulnerable to the exploit observed in the wild.
https://www.huntress.com/blog/rapid-response-samsung-magicinfo9-server-flaw
Bring Your Own Installer: Bypassing SentinelOne Through Agent Version Change Interruption
SentinelOne s installer is vulnerable to an exploit allowing attackers to shut down the end point protection software
https://www.aon.com/en/insights/cyber-labs/bring-your-own-installer-bypassing-sentinelone
Commvault Still Exploitable
A recent patch for Commvault is apparently ineffective and the PoC exploit published by watchTowr is still working against up to date patched systems
https://infosec.exchange/@wdormann/114458913006792356
SANS Stormcast Thursday, May 8th: Modular Malware; Sysaid Vuln; Cisco Wireless Controller Patch; Unifi Protect Camera Patch
8 maj 2025 |
6 min
Example of Modular Malware
Xavier analyzes modular malware that downloads DLLs from GitHub if specific features are required. In particular, the webcam module is inspected in detail.
https://isc.sans.edu/diary/Example%20of%20%22Modular%22%20Malware/31928
Sysaid XXE Vulnerabilities
IT Service Management Software Sysaid patched a number of XXE vulnerabilities. Without authentication, an attacker is able to obtain confidential data and completely compromise the system. watchTowr published a detailed analysis of the flaws including exploit code.
https://labs.watchtowr.com/sysowned-your-friendly-rce-support-ticket/
Cisco IOS XE Wireless Controller Software Arbitrary File Upload Vulnerability
Cisco Patched a vulnerability in its wireless controller software that may be used to not only upload files but also execute code as root without authentication.
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-file-uplpd-rHZG9UfC
Unifi Protect Camera Vulnerability
Ubiquity patched a vulnerability in its Protect camera firmware fixing a buffer overflow flaw.
https://community.ui.com/releases/Security-Advisory-Bulletin-047-047/cef86c37-7421-44fd-b251-84e76475a5bc
SANS Stormcast Wednesday, May 7th: Infostealer with Webserver; Android Update; CISA Warning
7 maj 2025 |
7 min
Python InfoStealer with Embedded Phishing Webserver
Didier found an interesting infostealer that, in addition to implementing typical infostealer functionality, includes a web server suitable to create local phishing sites.
https://isc.sans.edu/diary/Python%20InfoStealer%20with%20Embedded%20Phishing%20Webserver/31924
Android Update Fixes Freetype 0-Day
Google released its monthly Android update. As part of the update, it patched a vulnerability in Freetype that is already being exploited. Android is not alone in using Freetype. Freetype is a very commonly used library to parse fonts like Truetype fonts.
https://source.android.com/docs/security/bulletin/2025-05-01
CISA Warns of Unsophistacted Cyber Actors
CISA released an interesting title report warning operators of operational technology networks of ubiquitous attacks by unsophisticated actors. It emphasizes how important it is to not forget basic security measures to defend against these attacks.
https://www.cisa.gov/news-events/alerts/2025/05/06/unsophisticated-cyber-actors-targeting-operational-technology
SANS Stormcast Tuesday, May 6th: Mirai Exploiting Samsung magicInfo 9; Kali Signing Key Lost;
6 maj 2025 |
7 min
Mirai Now Exploits Samsung MagicINFO CMS CVE-2024-7399
The Mirai botnet added a new vulnerability to its arsenal. This vulnerability, a file upload and remote code execution vulnerability in Samsung s MagicInfo 9 CMS, was patched last August but attracted new attention last week after being mostly ignored so far.
https://isc.sans.edu/diary/Mirai+Now+Exploits+Samsung+MagicINFO+CMS+CVE20247399/31920
New Kali Linux Signing Key
The Kali Linux maintainers lost access to the secret key used to sign packages. Users must install a new key that will be used going forward.
https://www.kali.org/blog/new-kali-archive-signing-key/
The Risk of Default Configuration: How Out-of-the-Box Helm Charts Can Breach Your Cluster
Many out-of-the-box Helm charts for Kubernetes applications deploy vulnerable configurations with exposed ports and no authentication
https://techcommunity.microsoft.com/blog/microsoftdefendercloudblog/the-risk-of-default-configuration-how-out-of-the-box-helm-charts-can-breach-your/4409560
SANS Stormcast Monday, May 5th: Steganography Challenge; Microsoft Makes Passkeys Default and Moves Away from Authenticator as Password Manager; Magento Components Backdoored.
5 maj 2025 |
6 min
Steganography Challenge
Didier published a fun steganography challenge. A solution will be offered on Saturday.
https://isc.sans.edu/diary/Steganography+Challenge/31910
Microsoft Makes Passkeys Default Authentication Method
Microsoft is now encouraging new users to use Passkeys as the default and only login method, further moving away from passwords
https://www.microsoft.com/en-us/security/blog/2025/05/01/pushing-passkeys-forward-microsofts-latest-updates-for-simpler-safer-sign-ins/
Microsoft Authenticator Autofill Changes
Microsoft will no longer support the use of Microsoft authenticator as a password safe. Instead, it will move users to the password prefill feature built into Microsoft Edge. This change will start in June and should be completed in August at which point you must have moved your credentials out of Microsoft Authenticator
https://support.microsoft.com/en-gb/account-billing/changes-to-microsoft-authenticator-autofill-09fd75df-dc04-4477-9619-811510805ab6
Backdoor found in popular e-commerce components
SANSEC identified several backdoored Magento e-commerce components. These backdoors were installed as far back as 2019 but only recently activated, at which point they became known. Affected vendors dispute any compromise at this point.
https://sansec.io/research/license-backdoor
SANS Stormcast Friday, May 2nd: More Steganography; Malicious Python Packages GMail C2; BEC to Steal Rent Payments
2 maj 2025 |
7 min
Steganography Analysis With pngdump.py: Bitstreams
More details from Didiear as to how to extract binary content hidden inside images
https://isc.sans.edu/diary/Steganography%20Analysis%20With%20pngdump.py%3A%20Bitstreams/31904
Using Trusted Protocols Against You: Gmail as a C2 Mechanism
Attackers are using typosquatting to trick developers into installing malicious python packages. These python packages will use GMail as a command and control channel by sending email to hard coded GMail accounts
https://socket.dev/blog/using-trusted-protocols-against-you-gmail-as-a-c2-mechanism
Security Brief: French BEC Threat Actor Targets Property Payments
A French business email compromise threat actor is targeting property management firms to send emails to tenents tricking them into sending rent payments to fake bank accounts
https://www.proofpoint.com/us/blog/threat-insight/security-brief-french-bec-threat-actor-targets-property-payments
SANS.edu Research Journal
https://isc.sans.edu/j/research
SANS Stormcast Thursday, May 1st: Sonicwall Attacks; Cached Windows RDP Credentials
1 maj 2025 |
6 min
Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016
For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials.
https://isc.sans.edu/diary/Web%20Scanning%20Sonicwall%20for%20CVE-2021-20016/31906
The Wizards APT Group SLAAC Spoofing Adversary in the Middle Attacks
ESET published an article with details regarding an IPv6-linked attack they have observed. Attackers use router advertisements to inject fake recursive DNS servers that are used to inject IP addresses for hostnames used to update software. This leads to the victim downloading malware instead of legitimate updates.
https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/
Windows RDP Access is Possible with Old Credentials
Credential caching may lead to Windows allowing RDP logins with old credentials.
https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/?comments-page=1#comments
SANS Stormcast Wednesday, April 30th: SMS Attacks; Apple Airplay Vulnerabilities
30 april 2025 |
9 min
More Scans for SMS Gateways and APIs
Attackers are not just looking for SMS Gateways like the scans we reported on last week, but they are also actively scanning for other ways to use APIs and add on tools to send messages using other people s credentials.
https://isc.sans.edu/diary/More%20Scans%20for%20SMS%20Gateways%20and%20APIs/31902
AirBorne: AirPlay Vulnerabilities
Researchers at Oligo revealed over 20 weaknesses they found in Apple s implementation of the AirPlay protocol. These vulnerabilities can be abused to execute code or launch denial-of-service attacks against affected devices. Apple patched the vulnerabilities in recent updates.
https://www.oligo.security/blog/airborne
SANS Stormcast Tuesday, April 29th: SRUM-DUMP 3; Policy Puppetry; Choice Jacking; @sansinstitute at #RSAC
29 april 2025 |
8 min
SRUM-DUMP Version 3: Uncovering Malware Activity in Forensics
Mark Baggett released SRUM-DUMP Version 3. The tool simplifies data extraction from Widnows System Resource Usage Monitor (SRUM). This database logs how much resources software used for 30 days, and is invaluable to find out what software was executed when and if it sent or received network data.
https://isc.sans.edu/diary/SRUM-DUMP%20Version%203%3A%20Uncovering%20Malware%20Activity%20in%20Forensics/31896
Novel Universal Bypass For All Major LLMS
Hidden Layer discovered a new prompt injection technique that bypasses security constraints in large language models.
The technique uses an XML formatted prequel for a prompt, which appears to the LLM as a policy file. This Policy Puppetry can be used to rewrite some of the security policies configured for LLMs. Unlike other techniques, this technique works across multiple LLMs without changing the policy.
https://hiddenlayer.com/innovation-hub/novel-universal-bypass-for-all-major-llms/
CHOICEJACKING: Compromising Mobile Devices through Malicious Chargers like a Decade ago
The old Juice Jacking is back, at least if you do not run the latest version of Android or iOS. This issue may allow a malicious USB device, particularly a USB charger, to take control of a device connected to it.
https://pure.tugraz.at/ws/portalfiles/portal/89650227/Final_Paper_Usenix.pdf
SANS @RSA: https://www.sans.org/mlp/rsac/
SANS Stormcast Monday, April 28th: Image Steganography; SAP Netweaver Exploited
28 april 2025 |
8 min
Example of a Payload Delivered Through Steganography
Xavier and Didier published two diaries this weekend, building on each other. First, Xavier showed an example of an image being used to smuggle an executable past network defenses, and second, Didier showed how to use his tools to extract the binary.
https://isc.sans.edu/diary/Example%20of%20a%20Payload%20Delivered%20Through%20Steganography/31892
SAP Netweaver Exploited CVE-2025-31324
An arbitrary file upload vulnerability in SAP s Netweaver product is actively exploited to upload webshells. Reliaquest discovered the issue. Reliaquest reports that they saw it being abused to upload the Brute Ratel C2 framework. Users of Netweaver must turn off the developmentserver alias and disable visual composer, and the application was deprecated for about 10 years. SAP has released an emergency update for the issue.
https://reliaquest.com/blog/threat-spotlight-reliaquest-uncovers-vulnerability-behind-sap-netweaver-compromise/
https://onapsis.com/blog/active-exploitation-of-sap-vulnerability-cve-2025-31324/
Any.Run Reports False Positive Uploads
Due to false positives caused by MS Defender XDR flagging Adobe Acrobat Cloud links as malicious, many users of Any.Run s free tier uploaded confidential documents to Any.Run. Anyrun blocked these uploads for now but reminded users to be cautious about what documents are being uploaded.
https://x.com/anyrun_app/status/1915429758516560190
SANS Stormcast Friday, April 25th: SMS Gateway Scans; Comvault Exploit; Patch Window Shrinkage; More inetpub issues;
25 april 2025 |
7 min
Attacks against Teltonika Networks SMS Gateways
Attackers are actively scanning for SMS Gateways. These attacks take advantage of default passwords and other commonly used passwords.
https://isc.sans.edu/diary/Attacks%20against%20Teltonika%20Networks%20SMS%20Gateways/31888
Commvault Vulnerability CVE-2205-34028
Commvault, about a week ago, published an advisory and a fix for a vulnerability in its backup software. watchTowr now released a detailed writeup and exploit for the vulnerability
https://labs.watchtowr.com/fire-in-the-hole-were-breaching-the-vault-commvault-remote-code-execution-cve-2025-34028/
Exploitation Trends Q1 2025
Vulncheck published a summary of exploitation trends, pointing out that about a quarter of vulnerabilities are exploited a day after a patch is made available.
https://vulncheck.com/blog/exploitation-trends-q1-2025
inetpub directory issues
The inetpub directory introduced by Microsoft in its April patch may lead to a denial of service against applying patches on Windows if an attacker can create a junction for that location pointing to an existing system binary like Notepad.
https://doublepulsar.com/microsofts-patch-for-cve-2025-21204-symlink-vulnerability-introduces-another-symlink-vulnerability-9ea085537741
SANS Stormcast Thursday, April 24th: Honeypot iptables Maintenance; XRPL.js Compromise; Erlang/OTP SSH Vuln affecting Cisco
24 april 2025 |
6 min
Honeypot Iptables Maintenance and DShield-SIEM Logging
In this diary, Jesse is talking about some of the tasks to maintain a honeypot, like keeping filebeats up to date and adjusting configurations in case your dynamic IP address changes
https://isc.sans.edu/diary/Honeypot%20Iptables%20Maintenance%20and%20DShield-SIEM%20Logging/31876
XRPL.js Compromised
An unknown actor was able to push malicious updates of the XRPL.js library to NPM. The library is officially recommended for writing Riple (RPL) cryptocurrency code. The malicious library exfiltrated secret keys to the attacker
https://www.aikido.dev/blog/xrp-supplychain-attack-official-npm-package-infected-with-crypto-stealing-backdoor
https://github.com/XRPLF/xrpl.js/security/advisories/GHSA-33qr-m49q-rxfx
Cisco Equipment Affected by Erlang/OTP SSH Vulnerability
Cisco published an advisory explaining which of its products are affected by the critical Erlang/OTP SSH library vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-erlang-otp-ssh-xyZZy
SANS Stormcast Wednesday, April 23rd: More xorsearch Updates; DKIM Replay Attack; SSL.com Vulnerability Fixed
23 april 2025 |
6 min
xorsearch.py: Ad Hoc YARA Rules
Adhoc YARA rules allow for easy searches using command line arguments without having to write complete YARA rules for simple use cases like string and regex searches
https://isc.sans.edu/diary/xorsearch.py%3A%20%22Ad%20Hoc%20YARA%20Rules%22/31856
Google Spoofed via DKIM Replay Attack
DKIM replay attacks are a known issue where the attacker re-uses a prior DKIM signature. This will work as long as the headers signed by the signature are unchanged. Recently, this attack has been successful against Google.
https://easydmarc.com/blog/google-spoofed-via-dkim-replay-attack-a-technical-breakdown/
SSL.com E-Mail Validation Bug
SSL.com did not properly verify which domain a particular email address is authorized to receive certificates for. This could have been exploited against webmail providers.
https://bugzilla.mozilla.org/show_bug.cgi?id=1961406
SANS Stormcast Tuesday, April 22nd: Phishing via Google; ChatGPT Fingerprint; Asus AI Cloud Vuln; PyTorch RCE
22 april 2025 |
6 min
It's 2025, so why are malicious advertising URLs still going strong?
Phishing attacks continue to take advantage of Google s advertising services. Sadly, this is still the case for obviously malicious links, even after various anti-phishing services flag the URL.
https://isc.sans.edu/diary/It%27s%202025...%20so%20why%20are%20obviously%20malicious%20advertising%20URLs%20still%20going%20strong%3F/31880
ChatGPT Fingerprinting Documents via Unicode
ChatGPT apparently started leaving fingerprints in texts, which it creates by adding invisible Unicode characters like non-breaking spaces.
https://www.rumidocs.com/newsroom/new-chatgpt-models-seem-to-leave-watermarks-on-text
Asus AI Cloud Security Advisory
Asus warns of a remote code execution vulnerability in its routers. The vulnerability is related to the AI Cloud feature. If your router is EoL, disabling the feature will mitigate the vulnerability
https://www.asus.com/content/asus-product-security-advisory/
PyTorch Vulnerability
PyTorch fixed a remote code execution vulnerability exploitable if a malicious model was loaded. This issue was exploitable even with the weight_only=True" setting selected
https://github.com/pytorch/pytorch/security/advisories/GHSA-53q9-r3pm-6pq6
SANS Stormcast Monday, April 21st: MSFT Entra Lockouts; Erlang/OTP SSH Exploit; Sonicwall Exploit; bubble.io bug
21 april 2025 |
8 min
Microsoft Entra User Lockout
Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised.
https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/
https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability
Erlang/OTP SSH Exploit
An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution.
https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb
Sonicwall Exploited
An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials.
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022
Unpatched Vulnerability in Bubble.io
An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site.
https://github.com/demon-i386/pop_n_bubble
SANS Stormcast Friday, April 18th: Remnux Cloud Environment; Erlang/OTP SSH Vuln; Brickstorm Backdoor Analysis; GPT 4.1 Safety Controversy
18 april 2025 |
6 min
RedTail: Remnux and Malware Management
A description showing how to set up a malware analysis in the cloud with Remnux and Kasm. RedTail is a sample to illustrate how the environment can be used.
https://isc.sans.edu/diary/RedTail%2C%20Remnux%20and%20Malware%20Management%20%5BGuest%20Diary%5D/31868
Critical Erlang/OTP SSH Vulnerability
Researchers identified a critical vulnerability in the Erlang/OTP SSH library. Due to this vulnerability, SSH servers written in Erlang/OTP allow arbitrary remote code execution without prior authentication
https://www.openwall.com/lists/oss-security/2025/04/16/2
Brickstorm Analysis
An analysis of a recent instance of the Brickstorm backdoor. This backdoor used to be more known for infecting Linux systems, but now it also infects Windows.
https://www.nviso.eu/blog/nviso-analyzes-brickstorm-espionage-backdoor
https://blog.nviso.eu/wp-content/uploads/2025/04/NVISO-BRICKSTORM-Report.pdf
OpenAI GPT 4.1 Controversy
OpenAI released its latest model, GPT 4.1, without a safety report and guardrails to prevent malware creation.
https://opentools.ai/news/openai-stirs-controversy-with-gpt-41-release-lacking-safety-report
SANS Stormcast Thursday April 17th: Apple Updates; Oracle Updates; Google Chrome Updates; CVE News;
17 april 2025 |
6 min
Apple Updates
Apple released updates for iOS, iPadOS, macOS, and VisionOS. The updates fix two vulnerabilities which had already been exploited against iOS.
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/31866
Oracle Updates
Oracle released it quarterly critical patch update. The update addresses 378 security vulnerabilities. Many of the critical updates are already known vulnerabilities in open-source software like Apache and Nginx ingress.
https://www.oracle.com/security-alerts/cpuapr2025.html
Oracle Breach Guidance
CISA released guidance for users affected by the recent Oracle cloud breach. The guidance focuses on the likely loss of passwords.
https://www.cisa.gov/news-events/alerts/2025/04/16/cisa-releases-guidance-credential-risks-associated-potential-legacy-oracle-cloud-compromise
Google Chrome Update
A Google Chrome update released today fixes two security vulnerabilities. One of the vulnerabilities is rated as critical.
https://chromereleases.googleblog.com/2025/04/stable-channel-update-for-desktop_15.html
CVE Updates
CISA extended MITRE s funding to operate the CVE numbering scheme. However, a number of other organizations announced that they may start alternative vulnerability registers.
https://euvd.enisa.europa.eu/
https://gcve.eu/
https://www.thecvefoundation.org/
SANS Stormcast Wednesday Apr 16th: File Upload Service Abuse; OpenSSH 10.0 Released; Apache Roller Vuln; Possible CVE Changes
16 april 2025 |
6 min
Online Services Again Abused to Exfiltrate Data
Attackers like to abuse free online services that can be used to exfiltrate data. From the originals , like pastebin,
to past favorites like anonfiles.com. The latest example is gofile.io. As a defender, it is important to track these services to detect exfiltration early
https://isc.sans.edu/diary/Online%20Services%20Again%20Abused%20to%20Exfiltrate%20Data/31862
OpenSSH 10.0 Released
OpenSSH 10.0 was released. This release adds quantum-safe ciphers and the separation of authentication services into a separate binary to reduce the authentication attack surface.
https://www.openssh.com/releasenotes.html#10.0p1
Apache Roller Vulnerability
Apache Roller addressed a vulnerability. Its CVSS score of 10.0 appears inflated, but it is still a vulnerability you probably want to address.
https://lists.apache.org/thread/4j906k16v21kdx8hk87gl7663sw7lg7f
CVE Funding Changes
Mitre s government contract to operate the CVE system may run out tomorrow. This could lead to a temporary disruption of services, but the system is backed by a diverse board of directors representing many large companies. It is possible that non-government funding sources may keep the system afloat for now.
https://www.cve.org/
SANS Stormcast Tuesday April 15th: xorsearch Update; Short Lived Certificates; New USB Malware
15 april 2025 |
6 min
xorsearch Update
Diedier updated his "xorsearch" tool. It is now a python script, not a compiled binary, and supports Yara signatures. With Yara support also comes support for regular expressions.
https://isc.sans.edu/diary/xorsearch.py%3A%20Searching%20With%20Regexes/31854
Shorter Lived Certificates
The CA/Brower Forum passed an update to reduce the maximum livetime of
certificates. The reduction will be implemented over the next four years. EFF also released an update to certbot introducing profiles that can be used to request shorter lived certificates.
https://www.eff.org/deeplinks/2025/04/certbot-40-long-live-short-lived-certs
https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/bvWh5RN6tYI
New Malware Harvesting Data from USB drives and infecting them.
Kaspersky is reporting that they identified new malware that not only harvests data from USB drives, but also spread via USB drives by replacing existing documents with malicious files.
https://securelist.com/goffee-apt-new-attacks/116139/
SANS Stormcast Monday April 14th: Langlow AI Attacks; Fortinet Attack Cleanup; MSFT Inetpub;
14 april 2025 |
7 min
Exploit Attempts for Recent Langflow AI Vulnerability (CVE-2025-3248)
After spotting individaul attempts to exploit the recent Langflow vulnerability late last weeks, we now see more systematic internet wide scans attempting to verify the vulnerability.
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Recent+Langflow+AI+Vulnerability+CVE20253248/31850/
Fortinet Analysis of Threat Actor Activity
Fortinet oberved recent vulnerablities in its devices being used to add a symlink to ease future compromise. The symlink is not removed by prior patches, and Fortinet released additional updates to detect and remove this attack artifact.
https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
MSFT Inetpub
Microsoft clarrified that its April patches created the inetpub directory on purpose. Users should not remove it.
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21204#exploitability
SANSFIRE
https://isc.sans.edu/j/sansfire
SANS Stormcast Friday April 11th: Network Infraxploit; Windows Hello Broken; Dell Update; Langflow Exploit
11 april 2025 |
6 min
Network Infraxploit
Our undergraduate intern, Matthew Gorman, wrote up a walk through of
CVE-2018-0171, an older Cisco vulnerability, that is still actively being
exploited. For example, VOLT TYPHOON recently exploited this problem.
https://isc.sans.edu/diary/Network+Infraxploit+Guest+Diary/31844
Windows Update Issues / Windows 10 Update
Microsoft updated its "Release Health" notes with details regarding issues
users experiences with Windows Hello, Citrix, and Roblox. Microsoft also released an emergency update for Office 2016 which has stability problems after applying the most recent update.
https://support.microsoft.com/en-us/topic/april-8-2025-kb5055523-os-build-26100-3775-277a9d11-6ebf-410c-99f7-8c61957461eb
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3521
https://support.microsoft.com/en-us/topic/april-10-2025-update-for-office-2016-kb5002623-d60c1f31-bb7c-4426-b8f4-69186d7fc1e5
Dell Updates
Dell releases critical updates for it's Powerscale One FS product. In particular, it fixes a default password problem.
https://www.dell.com/support/kbdoc/en-us/000300860/dsa-2025-119-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities
Langflow Vulnerablity (possible exploit scans sighted) CVE-2025-3248
Langflow addressed a critical vulnerability end of March. This writeup by Horizon3 demonstrates how the issue is possibly exploited. We have so far seen one "hit" in our honeypot logs for the vulnerable API endpoint URL.
https://www.horizon3.ai/attack-research/disclosures/unsafe-at-any-speed-abusing-python-exec-for-unauth-rce-in-langflow-ai/
SANS Stormcast ThursdayApril 10th: Getting Past PyArmor; CenterStack RCE; Android 0-Day Patch; VMware Tanzu Patches; Odd Win11 Directory; WhatsApp File Confusion; SANS AI Guide;
10 april 2025 |
7 min
Getting Past PyArmor
PyArmor is a python obfuscation tool used for malicious and non-malicious software. Xavier is taking a look at a sample to show what can be learned from these obfuscated samples with not too much work.
https://isc.sans.edu/diary/Obfuscated%20Malicious%20Python%20Scripts%20with%20PyArmor/31840
CenterStack RCE CVE-2025-30406
Gladinet s CenterStack secure file-sharing software suffers from an inadequately protected machine key vulnerability that can be used to modify ViewState data. This vulnerability may lead to remote code execution, which is already exploited.
https://gladinetsupport.s3.us-east-1.amazonaws.com/gladinet/securityadvisory-cve-2005.pdf
Google Patches two zero-day vulnerabilities CVE-2024-53150 CVE-2024-53197
Google released its monthly patches for Android. Two of the patched vulnerabilities are already exploited. One of them was used by Serbian law enforcement.
https://www.malwarebytes.com/blog/news/2025/04/google-fixes-two-actively-exploited-zero-day-vulnerabilities-in-android
Broadcom VMWare Tenzu Updates
Broadcom released updates for VMWare Tenzu. Many vulnerabilities affect the backup component and allow for arbitrary command execution.
https://support.broadcom.com/web/ecx/security-advisory?
Windows 11 April Update ads inetpub directory
The April Windows 11 update appears to create a new /inetpub directory. It is unclear why, and removing it appears to have no bad effects.
https://www.bleepingcomputer.com/news/microsoft/windows-11-april-update-unexpectedly-creates-new-inetpub-folder/
WhatsApp File Type Confusion/Spoofing
WhatsApp patched a file type confusion vulnerability. A victim may be tricked into downloading n
https://www.whatsapp.com/security/advisories/2025/
SANS Critical AI Security Guidelines
https://www.sans.org/mlp/critical-ai-security-guidelines
SANS Stormcast Wednesday, April 10th: Microsoft Patch Tuesday; Adobe Patches; OpenSSL 3.5 with PQC; Fortinet
9 april 2025 |
7 min
Microsoft Patch Tuesday
Microsoft patched over 120 vulnerabilities this month. 11 of these were rated critical, and one vulnerability is already being exploited.
https://isc.sans.edu/diary/Microsoft%20April%202025%20Patch%20Tuesday/31838
Adobe Updates
Adobe released patches for 12 different products. In particular important are patches for Coldfusion addressing several remote code execution vulnerabilities. Adobe Commercse got patches as well, but none of the vulnerabilities are rated critical.
https://helpx.adobe.com/security/security-bulletin.html
OpenSSL 3.5 Released
OpenSSL 3.5 was released with support to post quantum ciphers. This is a long term support release.
https://groups.google.com/a/openssl.org/g/openssl-project/c/9ZYdIaExmIA
Fortiswitch Update
Fortinet released an update for Fortiswitch addressing a vulnerability that may be used to reset a password without verification.
https://fortiguard.fortinet.com/psirt/FG-IR-24-435
SANS Stormcast Tuesday, April 8th:
8 april 2025 |
6 min
XORsearch: Searching With Regexes
Didier explains a workaround to use his tool XORsearch to search for regular expressions instead of simple strings.
https://isc.sans.edu/diary/XORsearch%3A%20Searching%20With%20Regexes/31834
MCP Security Notification: Tool Poisoning Attacks
Invariant labs summarized a critical weakness in the Model Context Protocol (MCP) that allows for "Tool Poisoning Attacks." Many major providers such as Anthropic and OpenAI, workflow automation systems like Zapier, and MCP clients like Cursor are susceptible to this attack
https://invariantlabs.ai/blog/mcp-security-notification-tool-poisoning-attacks
Making :visited more private
Google Chrome changed how links are marked as visited . This new partitioning scheme was introduced to improve privacy. Instead of marking a link as visited on any page where it is displayed, it is only marked as visited if the user clicks on the link while visiting the particular site where the link is displayed.
https://developer.chrome.com/blog/visited-links
SANS Stormcast Monday April 7th 2025: New Username Report; Quickshell Vulnerability; Apache Traffic Director Request Smuggeling
7 april 2025 |
6 min
New SSH Username Report
A new ssh/telnet username reports makes it easier to identify new usernames attackers are using against our telnet and ssh honeypots
https://isc.sans.edu/diary/New%20SSH%20Username%20Report/31830
Quickshell Sharing is Caring: About an RCE Attack Chain on Quick Share
The Google Quick Share protocol is susceptible to several vulnerabilities that have not yet been fully patched, allowing for some file overwrite issues that could lead to the accidental execution of malicious code.
https://www.blackhat.com/asia-25/briefings/schedule/index.html#quickshell-sharing-is-caring-about-an-rce-attack-chain-on-quick-share-43874
Apache Traffic Director Request Smuggling Vulnerability
https://www.openwall.com/lists/oss-security/2025/04/02/4
SANS Stormcast Friday, Apr 4th: URL Frequency Analysis; Ivanti Flaw Exploited; WinRAR MotW Vuln; Tax filing scams; Oracle Breach Update
4 april 2025 |
6 min
Exploring Statistical Measures to Predict URLs as Legitimate or Intrusive
Using frequency analysis, and training the model with honeypot data as well as log data from legitimate websites allows for a fairly simple and reliable triage of web server logs to identify possible malicious activity.
https://isc.sans.edu/diary/Exploring%20Statistical%20Measures%20to%20Predict%20URLs%20as%20Legitimate%20or%20Intrusive%20%5BGuest%20Diary%5D/31822
Critical Unexploitable Ivanti Vulnerability Exploited CVE-2025-22457
In February, Ivanti patched CVE-2025-22457. At the time, the vulnerability was not considered to be exploitable. Mandiant now published a blog disclosing that the vulnerability was exploited as soon as mid-march
https://cloud.google.com/blog/topics/threat-intelligence/china-nexus-exploiting-critical-ivanti-vulnerability/
WinRAR MotW Vulnerability CVE-2025-31334
WinRAR patched a vulnerability that would not apply the Mark of the Web correctly if a compressed file included symlinks. This may make it easier to trick a victim into executing code downloaded from a website.
https://nvd.nist.gov/vuln/detail/CVE-2025-31334
Microsoft Warns of Tax-Related Scam
With the US personal income tax filing deadline only about a week out, Microsoft warns of commonly deployed scams that they are observing related to income tax filings
https://www.microsoft.com/en-us/security/blog/2025/04/03/threat-actors-leverage-tax-season-to-deploy-tax-themed-phishing-campaigns/
Oracle Breach Update
https://www.bloomberg.com/news/articles/2025-04-02/oracle-tells-clients-of-second-recent-hack-log-in-data-stolen
SANS Stormcast Thursday Apr 3rd: Juniper Password Scans; Hacking Call Records; End to End Encrypted GMail
3 april 2025 |
9 min
Surge in Scans for Juniper t128 Default User
Lasst week, we dedtect a significant surge in ssh scans for the username t128 . This user is used by Juniper s Session Smart Routing, a product they acquired from 128 Technologies which is the reason for the somewhat unusual username.
https://isc.sans.edu/diary/Surge%20in%20Scans%20for%20Juniper%20%22t128%22%20Default%20User/31824
Vulnerable Verizon API Allowed for Access to Call Logs
An API Verizon offered to users of its call filtering application suffered from an authentication bypass vulnerability allowing users to access any Verizon user s call history. While using a JWT to authenticate the user, the phone number used to retrieve the call history logs was passed in a not-authenticated header.
https://evanconnelly.github.io/post/hacking-call-records/
Google Offering End-to-End Encryption to G-Mail Business Users
Google will add an end-to-end encryption feature to commercial GMail users. However, for non GMail users to read the emails they first must click on a link and log in to Google.
https://workspace.google.com/blog/identity-and-security/gmail-easy-end-to-end-encryption-all-businesses
SANS Stormcast Wednesday Apr 2nd: Apple Updates Everything;
2 april 2025 |
7 min
Apple Patches Everything
Apple released updates for all of its operating systems. Most were released on Monday with WatchOS patches released today on Tuesday. Two already exploited vulnerabilities, which were already patched in the latest iOS and macOS versions, are now patched for older operating systems as well. A total of 145 vulnerabilities were patched.
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20March%2031st%202025%20Edition/31816
VMWare Workstation and Fusion update check broken
VMWare s automatic update check in its Workstation and Fusion products is currently broken due to a redirect added as part of the Broadcom transition
https://community.broadcom.com/vmware-cloud-foundation/question/certificate-error-is-occured-during-connecting-update-server
NIM Postgres Vulnerability
NIM Developers using prepared statements to send SQL queries to Postgres may expose themselves to a SQL injection vulnerability. NIM s Postgres library does not appear to use actual prepared statements; instead, it assembles the code and the user data as a string and passes them on to the database. This may lead to a SQL injection vulnerability
https://blog.nns.ee/2025/03/28/nim-postgres-vulnerability/
SANS Stormcast Tuesday Apr 1st: Apache Camel Exploits; New Cert Authorities Requirements; Possible Oracle Breach
1 april 2025 |
8 min
Apache Camel Exploit Attempt by Vulnerability Scans
A recently patched vulnerability in Apache Camel has been integrated into some vulnerability scanners, like for example OpenVAS. We do see some exploit attempts in our honeypots, but they appear to be part of internal vulnerablity scans
https://isc.sans.edu/diary/Apache%20Camel%20Exploit%20Attempt%20by%20Vulnerability%20Scan%20%28CVE-2025-27636%2C%20CVE-2025-29891%29/31814
New Security Requirements for Certificate Authorities
Starting in July, certificate authorities need to verify domain ownership data from multiple viewpoints around the internet. They will also have to use linters to verify certificate requests.
https://security.googleblog.com/2025/03/new-security-requirements-adopted-by.html
Possible Oracle Breach
Oracle still denies being the victim of a data berach as leaked data may show different.
https://doublepulsar.com/oracle-attempt-to-hide-serious-cybersecurity-incident-from-customers-in-oracle-saas-service-9231c8daff4a
https://www.theregister.com/2025/03/30/infosec_news_in_brief/
https://www.darkreading.com/cyberattacks-data-breaches/oracle-still-denies-breach-researchers-persist
SANS Stormcast Monday, March 31st: Comparing Phishing Sites; DOH and MX Abuse Phishing; opkssh
31 mars 2025 |
7 min
A Tale of Two Phishing Sties
Two phishing sites may use very different backends, even if the site itself appears to be visually very similar. Phishing kits are often copied and modified, leading to sites using similar visual tricks on the user facing site, but very different backends to host the sites and reporting data to the miscreant.
https://isc.sans.edu/diary/A%20Tale%20of%20Two%20Phishing%20Sites/31810
A Phihsing Tale of DOH and DNS MX Abuse
Infoblox discovered a new variant of the Meerkat phishing kit that uses DoH in Javascript to discover MX records, and generate better customized phishing pages.
https://blogs.infoblox.com/threat-intelligence/a-phishing-tale-of-doh-and-dns-mx-abuse/
Using OpenID Connect for SSH
Cloudflare opensourced it's OPKSSH too. It integrates SSO systems supporting OpenID connect with SSH.
https://github.com/openpubkey/opkssh/
SANS Stormcast Friday, March 28th: Sitecore Exploited; Blasting Past Webp; Splunk and Firefox Vulnerabilities
28 mars 2025 |
6 min
Sitecore "thumbnailsaccesstoken" Deserialization Scans (and some new reports) CVE-2025-27218
Our honeypots detected a deserialization attack against the CMS Sitecore using a thumnailaccesstoken header. The underlying vulnerability was patched in January, and security firm Searchlight Cyber revealed details about this vulnerability a couple of weeks ago.
https://isc.sans.edu/diary/Sitecore%20%22thumbnailsaccesstoken%22%20Deserialization%20Scans%20%28and%20some%20new%20reports%29%20CVE-2025-27218/31806
Blasting Past Webp
Google s Project Zero revealed details how the NSO BLASTPASS exploit took advantage of a Webp image parsing vulnerability in iOS. This zero-click attack was employed in targeted attack back in 2023 and Apple patched the underlying vulnerability in September 2023. But this is the first byte by byte description showing how the attack worked.
https://googleprojectzero.blogspot.com/2025/03/blasting-past-webp.html
Splunk Vulnerabilities
Splunk patched about a dozen of vulnerabilities. None of them are rated critical, but a vulnerability rated High allows authenticated users to execute arbitrary code.
https://advisory.splunk.com/
Firefox 0-day Patched
Mozilla patched a sandbox escape vulnerability that is already being exploited.
https://www.mozilla.org/en-US/security/advisories/mfsa2025-19/
SANS Stormcast Thursday Mar 27th: Classifying Malware with ML; Malicious NPM Packages; Google Chrome 0-day
27 mars 2025 |
5 min
Leveraging CNNs and Entropy-Based Feature Selection to Identify Potential Malware Artifacts of Interest
This diary explores a novel methodology for classifying malware by integrating entropy-driven feature selection with a specialized Convolutional Neural Network (CNN). Motivated by the increasing obfuscation tactics used by modern malware authors, we will focus on capturing high-entropy segments within files, regions most likely to harbor malicious functionality, and feeding these distinct byte patterns into our model.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Leveraging%20CNNs%20and%20Entropy-Based%20Feature%20Selection%20to%20Identify%20Potential%20Malware%20Artifacts%20of%20Interest/31790
Malware found on npm infecting local package with reverse shell
Researchers at Reversinglabs found two malicious NPM packages, ethers-provider2, and ethers-providerz that patch the well known (and not malicious) ethers package to add a reverse shell and downloader.
https://www.reversinglabs.com/blog/malicious-npm-patch-delivers-reverse-shell
Google Patched Google Chrome 0-day
Google patched a vulnerability in Chrome that was already exploited in attacks against media and educational organizations in Russia
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop_25.html
SANS Stormcast Wednesday Mar 26th: XWiki Exploit; File Converter Correction; VMWare Vulnerability; Draytek Router Reboots; MMC Exploit Details;
26 mars 2025 |
6 min
XWiki Search Vulnerablity Exploit Attempts (CVE-2024-3721)
Our honeypot detected an increase in exploit attempts for an XWiki command injection vulnerablity. The vulnerability was patched last April, but appears to be exploited more these last couple days. The vulnerability affects the search feature and allows the attacker to inject Groovy code templates.
https://isc.sans.edu/diary/X-Wiki%20Search%20Vulnerability%20exploit%20attempts%20%28CVE-2024-3721%29/31800
Correction: FBI Image Converter Warning
The FBI's Denver office warned of online file converters, not downloadable conversion tools
https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam
VMWare Vulnerability
Broadcom released a fix for a VMWare Tools vulnerability. The vulnerability allows users of a Windows virtual machine to escalate privileges within the machine.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25518
Draytek Reboots
Over the weekend, users started reporting Draytek routers rebooting and getting stuck in a reboot loop. Draytek now published advise as to how to fix the problem.
https://faq.draytek.com.au/docs/draytek-routers-rebooting-how-to-solve-this-issue/
Microsoft Managemnt Console Exploit CVE-2025-26633
TrendMicro released details showing how the MMC vulnerability Microsoft patched as part of its patch tuesday this month was exploited.
https://www.trendmicro.com/en_us/research/25/c/cve-2025-26633-water-gamayun.html
SANS Stormcast Tuesday Mar 25th: Privacy Awware Bots; Ingress Nightmare; Malicious File Converters; VSCode Extension Leads to Ransomware
25 mars 2025 |
6 min
Privacy Aware Bots
A botnet is using privacy as well as CSRF prevention headers to better blend in with normal browsers. However, in the process they may make it actually easier to spot them.
https://isc.sans.edu/diary/Privacy%20Aware%20Bots/31796
Critical Ingress Nightmare Vulnerability
ingress-nginx fixed four new vulnerabilities, one of which may lead to a Kubernetes cluster compromise. Note that at the time I am making this live, not all of the URLs below are available yet, but I hope they will be available shortly after publishing this podcast
https://www.darkreading.com/application-security/critical-ingressnightmare-vulns-kubernetes-environments
https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities
https://kubernetes.io/blog/
FBI Warns of File Converter Scams
File converters may include malicious ad ons. Be careful where you get your software from.
https://www.fbi.gov/contact-us/field-offices/denver/news/fbi-denver-warns-of-online-file-converter-scam
VSCode Extension Includes Ransomware
https://x.com/ReversingLabs/status/1902355043065500145
SANS Stormcast Monday Mar 24th: Critical Next.js Vulnerability; Microsoft Trust Signing Platform Abuse
24 mars 2025 |
7 min
Critical Next.js Vulnerability CVE-2025-29927
A critical vulnerability in how the x-middleware-subrequest header is verified may lead to bypassing authorization in Next.js applications.
https://zhero-web-sec.github.io/research-and-things/nextjs-and-the-corrupt-middleware
https://github.com/vercel/next.js/security/advisories/GHSA-f82v-jwr5-mffw
https://www.runzero.com/blog/next-js/
Microsoft Trust Signing Service Abused
Attackers abut the Microsoft Trust Signing Service, a service meant to help developers create signed software, to obtain short lived signatures for malware.
https://www.bleepingcomputer.com/news/security/microsoft-trust-signing-service-abused-to-code-sign-malware/
SANS Stormcast Friday Mar 21st: New Data Feeds; SEO Spam; Veeam Deserialization; IBM AIX RCE;
21 mars 2025 |
8 min
Some New Data Feeds and Little Incident
We started offering additional data feeds, and an SEO spamer attempted to make us change a link from an old podcast episode.
https://isc.sans.edu/diary/Some%20new%20Data%20Feeds%2C%20and%20a%20little%20%22incident%22./31786
Veeam Deserialization Vulnerability
Veeam released details regarding the latest vulnerablity in Veeam, pointing out the insufficient patch applied to a prior deserialization vulnerability.
https://labs.watchtowr.com/by-executive-order-we-are-banning-blacklists-domain-level-rce-in-veeam-backup-replication-cve-2025-23120/
IBM AIX Vulnerablity
The AIX NIM service is vulnerable to an unauthenticated remote code execution vulnerability
https://www.ibm.com/support/pages/node/7186621
thanks Chris Mosby for Spotify comment
SANS Stormcast Thursday Mar 20th: Cisco Smart Licensing Attacks; Vulnerable Drivers again; Synology Advisories Updated
20 mars 2025 |
7 min
Exploit Attempts for Cisco Smart Licensing Utility CVE-2024-20439 CVE-2024-20440
Attackers added last September's Cisco Smart Licensing Utility vulnerability to their toolset. These attacks orginate most likely from botnets and the same attackers are scanning for a wide range of additional vulnerabilities. The vulnerability is a static credential issue and trivial to exploit after the credentials were published last fall.
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Cisco%20Smart%20Licensing%20Utility%20CVE-2024-20439%20and%20CVE-2024-20440/31782
Legacy Driver Exploitation Through Bypassing Certificate Verification
Ahnlab documented a new type of "bring your own vulnerable driver" vulnerability. In this case, an old driver used by an anit-malware and anti-rootkit system can be used to shut down arbitrary processeses, including security related processeses.
https://asec.ahnlab.com/en/86881/
Synology Vulnerability Updates
Synology updates some security advisories it release last year adding addition details and vulnerable systems.
https://www.synology.com/en-global/security/advisory/Synology_SA_24_20
https://www.synology.com/en-global/security/advisory/Synology_SA_24_24
SANS Stormcast Wednesday Mar 19th 2025: Python DLL Side Loading; Tomcast RCE Correction; SAML Roulette; Windows Shortcut 0-Day
19 mars 2025 |
7 min
Python Bot Delivered Through DLL Side-Loading
A "normal", but vulnerable to DLL side-loading PDF reader may be used to launch additional exploit code
https://isc.sans.edu/diary/Python%20Bot%20Delivered%20Through%20DLL%20Side-Loading/31778
Tomcat RCE Correction
To exploit the Tomcat RCE I mentioned yesterday, two non-default configuration options must be selected by the victim.
https://x.com/dkx02668274/status/1901893656316969308
SAML Roulette: The Hacker Always Wins
This Portswigger blog explains in detail how to exploit the ruby-saml vulnerablity against GitLab.
https://portswigger.net/research/saml-roulette-the-hacker-always-wins
Windows Shortcut Zero Day Exploit
Attackers are currently taking advantage of an unpatched vulnerability in how Windows displays Shortcut (.lnk file) details. Trendmicro explains how the attack works and provides PoC code. Microsoft is not planning to fix this issue
https://www.trendmicro.com/en_us/research/25/c/windows-shortcut-zero-day-exploit.html
SANS Stormcast Tuesday Mar 18th 2025: Analyzing GUID Encoded Shellcode; Node.js SAML Vuln; Tomcat RCE in the Wild; CSS e-mail obfuscation
18 mars 2025 |
7 min
Static Analysis of GUID Encoded Shellcode
Didier explains how to decode shell code embeded as GUIDs in malware, and how to feed the result to his tool 1768.py which will extract Cobal Strike configuration information from the code.
https://isc.sans.edu/diary/Static%20Analysis%20of%20GUID%20Encoded%20Shellcode/31774
SAMLStorm: Critical Authentication Bypass in xml-crypto and Node.js libraries
xml-crypto, a library use in Node.js applications to decode XML and support SAML, has found to parse comments incorrectly leading to several SAML vulnerabilities.
https://workos.com/blog/samlstorm
One PUT Request to Own Tomcat: CVE-2025-24813 RCE is in the Wild
A just made public deserialization vulnerablity in Tomcat is already being exploited. Contributing to the rapid exploit release is the similarity of this vulnerability to other Java deserializtion vulnerabilities.
https://lab.wallarm.com/one-put-request-to-own-tomcat-cve-2025-24813-rce-is-in-the-wild/ CVE-2025-24813
CSS Abuse for Evasion and Tracking
Attackers are using cascading stylesheets to evade detection and enable more stealthy tracking of users
https://blog.talosintelligence.com/css-abuse-for-evasion-and-tracking/
SANS Stormcast Monday March 17th: Mirai Makes Mistakes; Compromised Github Action; ruby-saml vulnerability; Fake GitHub Security Alert Phishing
17 mars 2025 |
7 min
Mirai Bot Now Incorporating Malformed DrayTek Vigor Router Exploits
One of the many versions of the Mirai botnet added some new exploit strings attempting to take advantage of an old DrayTek Vigor Router vulnerability, but they got the URL wrong.
https://isc.sans.edu/diary/Mirai%20Bot%20now%20incroporating%20%28malformed%3F%29%20DrayTek%20Vigor%20Router%20Exploits/31770
Compromised GitHub Action
The popular GitHub action tj-actions/changed-files was compromised and leaks credentials via the action logs
https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
ruby-saml authentication bypass
A confusion in how to parse SAML messages between two XML parsers used by Ruby leads to an authentication bypass in saml-ruby.
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
GitHub Fake Security Alerts
Fake GitHub security alerts are used to trick package maintainers into adding OAUTH privileges to malicious apps.
https://www.bleepingcomputer.com/news/security/fake-security-alert-issues-on-github-use-oauth-app-to-hijack-accounts/
SANS Stormcast: File Hashes in MSFT BI; Apache Camel Vuln; Juniper Fixes Exploited Vuln; AMI Patches 10.0 Redfish BMC Vuln
14 mars 2025 |
6 min
File Hashes Analysis with Power BI
Guy explains in this diary how to analyze Cowrie honeypot file hashes using Microsoft's BI tool and what you may be able to discover using this tool.
https://isc.sans.edu/diary/File%20Hashes%20Analysis%20with%20Power%20BI%20from%20Data%20Stored%20in%20DShield%20SIEM/31764
Apache Camel Vulnerability
Apache released two patches for Camel in close succession. Initially, the vulnerability was only addressed for headers, but as Akamai discovered, it can also be exploited via query parameters. This vulnerability is trivial to exploit and leads to arbitrary code execution.
https://www.akamai.com/blog/security-research/march-apache-camel-vulnerability-detections-and-mitigations
Juniper Patches Junos Vulnerability
Juniper patches an already exploited vulnerability in JunOS. However, to exploit the vulnerability, and attacker already needs privileged access. By exploiting the vulnerability, an attacker may completely compromised the device.
https://supportportal.juniper.net/s/article/2025-03-Out-of-Cycle-Security-Bulletin-Junos-OS-A-local-attacker-with-shell-access-can-execute-arbitrary-code-CVE-2025-21590?language=en_US
AMI Security Advisory
AMI patched three vulnerabilities. One of the, an authentication bypass in Redfish, allows for a complete system compromise without authentication and is rated with a CVSS score of 10.0.
https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf
SANS Stormcast Thursday Mar 13th: Exploiting Login Pages with Log4j; Patch Tuesday Fallout; Adobe Patches; Medusa Ransomware; Zoom and Font Library Updates;
13 mars 2025 |
6 min
Log4J Scans for VMWare Hyhbrid Cloud Extensions
An attacker is scanning various login pages, including the authentication feature in the VMWare HCX REST API for Log4j vulnerabilities. The attack submits the exploit string as username, hoping to trigger the vulnerability as Log4j logs the username
https://isc.sans.edu/diary/Scans%20for%20VMWare%20Hybrid%20Cloud%20Extension%20%28HCX%29%20API%20(Log4j%20-%20not%20brute%20forcing)/31762
Patch Tuesday Fallout
Yesterday's Apple patch may re-activate Apple Intelligence for users who earlier disabled it. Microsoft is offering support for users whos USB printers started printing giberish after a January patch was applies.
https://www.macrumors.com/2025/03/11/ios-18-3-2-apple-intelligence-auto-on/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22h2#usb-printers-might-print-random-text-with-the-january-2025-preview-update
Adobe Updates
Adobe updated seven different products, including Adobe Acrobat. The Acrobat vulnerability may lead to remote code execution and Adobe considers the vulnerablities critical.
https://helpx.adobe.com/security/security-bulletin.html
Medusa Ransomware
CISA and partner agencies released details about the Medusa Ransomware. The document includes many details useful to defenders.
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-071a
Zoom Update
Zoom released a critical update fixing a number of remote code execution vulnerabilities.
https://www.zoom.com/en/trust/security-bulletin/
FreeType Library Vulnerability
https://www.facebook.com/security/advisories/cve-2025-27363
SANS Stormcast Wednesday Mar 12th: Microsoft Patch Tuesday; Apple Patch; Espressif ESP32 Statement
12 mars 2025 |
8 min
Microsoft Patch Tuesday
Microsoft Patched six already exploited vulnerabilities today. In addition, the patches included a critical patch for Microsoft's DNS server and about 50 additional patches.
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20March%202025/31756
Apple Updates iOS/macOS
Apple released an update to address a single, already exploited, vulnerability in WebKit. This vulnerability affects iOS, macOS and VisionOS.
https://support.apple.com/en-us/100100
Expressif Response to ESP32 Debug Commands
Expressif released a statement commenting on the recent release of a paper alledging "Backdoors" in ESP32 chipsets. According to Expressif, these commands are debug commands and not reachable directly via Bluetooth.
https://www.espressif.com/en/news/Response_ESP32_Bluetooth
SANS Stormcast Tuesday Mar 11th: Shellcode as UUIDs; Moxe Switch Vuln Updates; Opentext Vuln; Livewire Volt Vuln;
11 mars 2025 |
5 min
Shellcode Encoded in UUIDs
Attackers are using UUIDs to encode Shellcode. The 128 Bit (or 16 Bytes) encoded in each UUID are converted to shell code to implement a cobalt strike beacon
https://isc.sans.edu/diary/Shellcode%20Encoded%20in%20UUIDs/31752
Moxa CVE-2024-12297 Expanded to PT Switches
Moxa in January first releast an update to address a fronted authorizaation logic disclosure vulnerability. It now updated the advisory and included the PT series switches as vulenrable.
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241408-cve-2024-12297-frontend-authorization-logic-disclosure-vulnerability-identified-in-pt-switches
Opentext Insufficently Protected Credentials
https://portal.microfocus.com/s/article/KM000037455?language=en_US
Livewire Volt API vulnerability
https://github.com/livewire/volt/security/advisories/GHSA-v69f-5jxm-hwvv
SANS Stormcast: Webshells; Undocumented ESP32 Commands; Camera Used For Ransomware Distribution
10 mars 2025 |
7 min
Commonly Probed Webshell URLs
Many attackers deploy web shells to gain a foothold on vulnerable web servers. These webshells can also be taken over by parasitic exploits.
https://isc.sans.edu/diary/Commonly%20Probed%20Webshell%20URLs/31748
Undocumented ESP32 Commands
A recent conference presentation by Tarlogic revealed several "backdoors" or undocumented features in the commonly used ESP32 Chipsets. Tarlogic also released a toolkit to make it easier to audit chipsets and find these hiddent commands.
https://www.tarlogic.com/news/backdoor-esp32-chip-infect-ot-devices/
Camera Off: Akira deploys ransomware via Webcam
The Akira ransomware group was recently observed infecting a network with Ransomware by taking advantage of a webcam.
https://www.s-rminform.com/latest-thinking/camera-off-akira-deploys-ransomware-via-webcam
SANS Stormcast Friday Mar 7th: Chrome vs Extensions; Kibana Update; PrePw0n3d Android TV Sticks; Identifying APTs (@sans_edu, Eric LeBlanc)
7 mars 2025 |
14 min
Latest Google Chrome Update Encourages UBlock Origin Removal
The latest update to Google Chrome not only disabled the UBlock Origin ad blocker, but also guides users to uninstall the extension instead of re-enabling it.
https://chromereleases.googleblog.com/2025/03/stable-channel-update-for-desktop.html
https://www.reddit.com/r/youtube/comments/1j2ec76/ublock_origin_is_gone/
Critical Kibana Update
Elastic published a critical Kibana update patching a prototype polution vulnerability that would allow arbitrary code execution for users with the "Viewer" role.
https://discuss.elastic.co/t/kibana-8-17-3-security-update-esa-2025-06/375441
Certified PrePw0n3d Android TV Sticks
Wired is reporting of over a million Android TV sticks that were found to be pre-infected with adware
https://www.wired.com/story/android-tv-streaming-boxes-china-backdoor/
SANS.edu Research Paper
Advanced Persistent Threats (APTs) are among the most challenging to detect in enterprise environments, often mimicking authorized privileged access prior to their actions on objectives.
https://www.sans.edu/cyber-research/identifying-advanced-persistent-threat-activity-through-threat-informed-detection-engineering-enhancing-alert-visibility-enterprises/
SANS Stormcast Thursday Mar 6th: DShield ELK Analysis; Jailbreaking AMD CPUs; VIM Vulnerability; Snail Mail Ransomware
6 mars 2025 |
7 min
DShield Traffic Analysis using ELK
The "DShield SIEM" includes an ELK dashboard as part of the Honeypot. Learn how to find traffic of interest with this tool.
https://isc.sans.edu/diary/DShield%20Traffic%20Analysis%20using%20ELK/31742
Zen and the Art of Microcode Hacking
Google released details, including a proof of concept exploit, showing how to take advantage of the recently patched AMD microcode vulnerability
https://bughunters.google.com/blog/5424842357473280/zen-and-the-art-of-microcode-hacking CVE-2024-56161
VIM Vulnerability
An attacker may execute arbitrary code by tricking a user to open a crafted tar file in VIM
https://github.com/vim/vim/security/advisories/GHSA-wfmf-8626-q3r3
Snil Mail Fake Ransom Note
A copy cat group is impersonating ransomware actors. The group sends snail mail to company executives claiming to have stolen company data and threatening to leak it unless a payment is made.
https://www.guidepointsecurity.com/blog/snail-mail-fail-fake-ransom-note-campaign-preys-on-fear/
SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix
5 mars 2025 |
6 min
Romanian Distillery Scanning for SMTP Credentials
A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files.
https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736
Tool Updates: mac-robber.py
This update of mac-robber.py fixes issues with symlinks.
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py/31738
CVE-2025-1723 Account takeover vulnerability in ADSelfService Plus
CVE-2025-1723 describes a vulnerability caused by session mishandling in ADSelfService Plus that could allow unauthorized access to user enrollment data when MFA was not enabled for ADSelfService Plus login.
https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html
Android March Update
Google released an update for Android addressing two already exploited vulnerabilities and several critical issues.
https://source.android.com/docs/security/bulletin/2025-03-01
PayPal's no-code-checkout Abuse
Attackers are using PayPal's no-code-checkout feature is being abused by scammers to host PayPal tech support scam pages right within the PayPal.com domain.
https://www.malwarebytes.com/blog/scams/2025/02/paypals-no-code-checkout-abused-by-scammers
Broadcom Fixes three VMWare VCenter Vulnerabilities
https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004
SANS Stormcast Tuesday Mar 4th: Mark of the Web Details; Sharepint and Click-Fix Phishing; Paragon Partionmanager BYOVD Exploit
4 mars 2025 |
6 min
Mark of the Web: Some Technical Details
Windows implements the "Mark of the Web" (MotW) as an alternate data stream that contains not just the "zoneid" of where the file came from, but may include other data like the exact URL and referrer.
https://isc.sans.edu/diary/Mark%20of%20the%20Web%3A%20Some%20Technical%20Details/31732
Havoc Sharepoint with Microsoft Graph API
A recent phishing attack observed by Fortinet uses a simple HTML email to trick a user into copy pasting powershell into their system to execute additional code. Most of the malware interaction uses a Sharepoint site via Microsoft's Graph API futher hiding the malicious traffic
https://www.fortinet.com/blog/threat-research/havoc-sharepoint-with-microsoft-graph-api-turns-into-fud-c2
Paragon Partition Manager Exploit
A vulnerable Paragon Partition Manager has been user recently to escalate privileges for ransomware deployment. Even if you to not have PAragon installed: An attacker may just "bring the vulnerable driver" to your system.
https://kb.cert.org/vuls/id/726882
SANS Stormcast Monday Mar 3rd: AI Training Data Leaks; MITRE Caldera Vuln; modsecurity bypass
3 mars 2025 |
7 min
Common Crawl includes Common Leaks
The "Common Crawl" dataset, a large dataset created by spidering website, contains as expected many API keys and other secrets. This data is often used to train large language models
https://trufflesecurity.com/blog/research-finds-12-000-live-api-keys-and-passwords-in-deepseek-s-training-data
Github Repositories Exposed by Copilot
As it is well known, Github's Copilot is using data from public GitHub repositories to train it's model. However, it appears that repositories who were briefly left open and later made private have been included as well, allowing Copilot users to retrieve files from these repositories.
https://www.lasso.security/blog/lasso-major-vulnerability-in-microsoft-copilot
MITRE Caldera Framework Allows Unauthenticated Code Execution
The MITRE Caldera adversary emulation framework allows for unauthenticted code execution by allowing attackers to specify compiler options
https://medium.com/@mitrecaldera/mitre-caldera-security-advisory-remote-code-execution-cve-2025-27364-5f679e2e2a0e
modsecurity Rule Bypass
Attackers may bypass the modsecurity web application firewall by prepending encoded characters with 0.
https://github.com/owasp-modsecurity/ModSecurity/security/advisories/GHSA-42w7-rmv5-4x2j
SANS Stormcast Friday Feb 28th: Njrat devtunnels.ms; Apple FindMe Abuse; XSS Exploited; @sans_edu Ben Powell EDR vs. Ransomware
28 februari 2025 |
14 min
Njrat Compaign Using Microsoft dev Tunnels:
A recent version of the Njrat remote admin tool is taking advantage of Microsoft's developer tunnels (devtunnels.ms) as a command and control channel.
https://isc.sans.edu/diary/Njrat%20Campaign%20Using%20Microsoft%20Dev%20Tunnels/31724
NrootTag Apple FindMy Abuse
Malware could use a weakness in the keys used for Apple FindMy to abuse it to track victims. Updates were released with iOS 18.2, but to solve the issue the vast majority of Apple users must update.
https://nroottag.github.io/
360XSS: Mass Website Exploitation via Virtual Tour Framework
The Krpano VR library which is often used to implement 3D virtual tours on real estate websites, is currently being abused to inject spam messages. The XSS vulnerabilty could allow attackers to inject even more malicious JavaScript.
https://olegzay.com/360xss/
SANS.edu Research: Proof is in the Pudding: EDR Configuration Versus Ransomware. Benjamin Powell
https://www.sans.edu/cyber-research/proof-pudding-edr-configuration-versus-ransomware/
SANS Stormcast Thursday Feb 27th: High Exfil Ports; Malicious VS Code Theme; Developer Workstation Safety; NAKIVO PoC; OpenH264 and rsync vuln;
27 februari 2025 |
7 min
Attacker of of Ephemeral Ports
Attackers often use ephermeral ports to reach out to download additional resources or exfiltrate data. This can be used, with care, to detect possible compromises.
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Malware%20Source%20Servers%3A%20The%20Threat%20of%20Attackers%20Using%20Ephemeral%20Ports%20as%20Service%20Ports%20to%20Upload%20Data/31710
Compromised Visal Studio Code Extension downloaded by Millions
Amit Assaraf identified a likely compromised Visual Studio Code theme that was installed by millions of potential victims. Amit did not disclose the exact malicious behaviour, but is asking for victims to contact them for details.
https://medium.com/@amitassaraf/a-wolf-in-dark-mode-the-malicious-vs-code-theme-that-fooled-millions-85ed92b4bd26
ByBit Theft Due to Compromised Developer Workstation
ByBit and Safe{Wallet} disclosed that the record breaking ethereum theft was due to a compromised Safe{Wallet} developer workstation. A replaced JavaScript file targeted ByBit and altered a transaction signed by ByBit.
https://x.com/benbybit/status/1894768736084885929
https://x.com/safe/status/1894768522720350673
PoC for NAKIVO Backup Replication Vulnerability
This vulnerability allows the compromise of NAKIVO backup systems. The vulnerability was patched silently in November, and never disclosed by NAKIVO. Instead, WatchTowr now disloses details including a proof of concept exploit.
https://labs.watchtowr.com/the-best-security-is-when-we-all-agree-to-keep-everything-secret-except-the-secrets-nakivo-backup-replication-cve-2024-48248/
OpenH264 Vulnerability
https://github.com/cisco/openh264/security/advisories/GHSA-m99q-5j7x-7m9x
rsync vulnerability exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
SANS Stormcast Wednesday Feb 26th: M365 Infostealer Botnet; Mixing OpenID Keys; Malicious Medical Image Apps
26 februari 2025 |
6 min
Massive Botnet Targets M365 with Password Spraying
A large botnet is targeting service accounts in M365 with credentials stolen by infostealer malware.
https://securityscorecard.com/wp-content/uploads/2025/02/MassiveBotnet-Report_022125_03.pdf
Mixing up Public and Private Keys in OpenID
The complex OpenID specificiation and the flexibility it supports enables careless administrators to publich private keys instead or in addition to public keys
https://blog.hboeck.de/archives/909-Mixing-up-Public-and-Private-Keys-in-OpenID-Connect-deployments.html
Healthcare Malware Hunt Part 1:
Medial images are often encoded in the DICOM format, an image format unique to medical imaging. Patients looking for viewers for DICOM images are tricked into downloading malware.
https://www.forescout.com/blog/healthcare-malware-hunt-part-1-silver-fox-apt-targets-philips-dicom-viewers/
SANS Stormcast Tuesday Feb 25th: Unfurl Updates; Google Ditches SMS; Paypal Phish; Exim, libXML, Parallels Vuln
25 februari 2025 |
6 min
Unfurl Update Released
Unfurl released an Update fixing a few bugs and adding support to decode BlueSky URLs.
https://isc.sans.edu/diary/Unfurl%20v2025.02%20released/31716
Google Confirms GMail To Ditch SMS Code Authentication
Google no longer considers SMS authentication save enough for GMail. Instead, it pushes users to use Passkeys, or QR code based app authentication
https://www.forbes.com/sites/daveywinder/2025/02/23/google-confirms-gmail-to-ditch-sms-code-authentication/
Beware of Paypal New Address Feature Abuse
Attackers are using "address change" e-mails to send links to phishing sites or trick users into calling fake tech support phone numbers. Attackers are just adding the malicious content as part of the address. The e-mail themselves are legitimate PayPal emails and will pass various spam and phishing filters.
https://www.bleepingcomputer.com/news/security/beware-paypal-new-address-feature-abused-to-send-phishing-emails/
Exim SQL Injection Vulnerability
Exim, with sqlite support and ETRN enabled, is vulnerable to a simple SQL injection exploit. A PoC has been released
https://www.exim.org/static/doc/security/CVE-2025-26794.txt
https://github.com/OscarBataille/CVE-2025-26794?
XMLlib patches
https://gitlab.gnome.org/GNOME/libxml2/-/issues/847
https://gitlab.gnome.org/GNOME/libxml2/-/issues/828
0-Day in Parallels
https://jhftss.github.io/Parallels-0-day/
SANS Stormcast Monday Feb 24th: sigs.py update; Google Introdusing Quantum Safe Sigs; MSFT Update Win 11 issues; LTE/5G Vulns;
24 februari 2025 |
5 min
Tool Update: Sigs.py
Jim updates sigs.py. The tool verifies hashes for files and automatically recognizes what hash is used.
https://isc.sans.edu/diary/Tool%20update%3A%20sigs.py%20-%20added%20check%20mode/31706
Google Announcing Quantum Safe Digital Signatures in Cloud KMS
Google announced the option to use quantum safe digital signatures for its
cloud key management system.
https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-digital-signatures-in-cloud-kms
Windows 11 Patch issues
The February Patch Tuesday appears to have caused issues with a number of Windows 11 systems. In particular the usability of the file manager appears to be affected.
https://www.windowslatest.com/2025/02/16/windows-11-kb5051987-breaks-file-explorer-install-fails-on-windows-11-24h2/
LTE/5G Vulnerabilities
Researchers at the university of Florida have identified a large number of vulnerabilities in 5G and LTE networks.
https://nathanielbennett.com/publications/ransacked.pdf
SANS Stormcast Friday Feb 21st: Kibana Queries; Mongoose Injection; U-Boot Flaws; Unifi Protect Camera Vulnerabilities; Protecting Network Devices as Endpoint (Austin Clark @sans_edu)
21 februari 2025 |
12 min
Using ES|QL In Kibana to Query DShield Honeypot Logs
Using the "Elastic Search Piped Query Language" to query DShield honeypot logs
https://isc.sans.edu/diary/Using%20ES%7CQL%20in%20Kibana%20to%20Queries%20DShield%20Honeypot%20Logs/31704
Mongoose Flaws Put MongoDB at risk
The Object Direct Mapping library Mongoose suffers from an injection vulnerability leading to the potenitial of remote code exeuction in MongoDB
https://www.theregister.com/2025/02/20/mongoose_flaws_mongodb/
U-Boot Vulnerabilities
The open source boot loader U-Boot does suffer from a number of issues allowing the bypass of its integrity checks. This may lead to the execution of malicious code on boot.
https://www.openwall.com/lists/oss-security/2025/02/17/2
Unifi Protect Camera Update
https://community.ui.com/releases/Security-Advisory-Bulletin-046-046/9649ea8f-93db-4713-a875-c3fd7614943f
SANS Stormcast Wednesday Feb 20th: XWorm Cocktail; Quantum Computing Breakthrough; Signal Phishing
20 februari 2025 |
7 min
XWorm Cocktail: A Mix of PE data with PowerShell Code
Quick analysis of an interesting XWrom sample with powershell code embedded inside an executable
https://isc.sans.edu/diary/XWorm+Cocktail+A+Mix+of+PE+data+with+PowerShell+Code/31700
Microsoft's Majorana 1 Chip Carves New Path for Quantum Computing
Microsoft announced a breack through in Quantum computing. Its new prototype Majorana 1 chip takes advantage of exotic majorana particles to implement a scalable low error rate solution to building quantum computers
https://news.microsoft.com/source/features/ai/microsofts-majorana-1-chip-carves-new-path-for-quantum-computing/
Russia Targeting Signal Messenger
Signal is well regarded as a secure end to end encrypted messaging platform. However, a user may be tricked into providing access to their account by scanning a QR code masquerading as a group channel invitation.
https://cloud.google.com/blog/topics/threat-intelligence/russia-targeting-signal-messenger/
SANS Stormcast Tuesday Feb 19th: ModelScan AI Model Security; OpenSSH Vuln; Juniper Patches; Dell BIOS Vulnerability
19 februari 2025 |
7 min
ModelScan: Protection Against Model Serialization Attacks
ModelScan is a tool to inspect AI models for deserialization attacks. The tool will detect suspect commands and warn the user.
https://isc.sans.edu/diary/ModelScan%20-%20Protection%20Against%20Model%20Serialization%20Attacks/31692
OpenSSH MitM and DoS Vulnerabilities
OpenSSH Patched two vulnerabilities discovered by Qualys. One may be used for MitM attack in specfic configurations of OpenSSH.
https://www.qualys.com/2025/02/18/openssh-mitm-dos.txt
Juniper Authentication Bypass
Juniper fixed an authentication bypass vulnerability that affects several prodcuts. The patch was released outside the normal patch schedule.
https://supportportal.juniper.net/s/article/2025-02-Out-of-Cycle-Security-Bulletin-Session-Smart-Router-Session-Smart-Conductor-WAN-Assurance-Router-API-Authentication-Bypass-Vulnerability-CVE-2025-21589?language=en_US
DELL BIOS Patches
DELL released BIOS updates fixing a privilege escalation issue. The update affects a large part of Dell's portfolio
https://www.dell.com/support/kbdoc/en-en/000258429/dsa-2025-021
SANS Stormcast: Securing the Edge; PostgreSQL Exploit; Ivanti Exploit; WinZip Vulnerablity; Xerox Patch
18 februari 2025 |
5 min
My Very Personal Guidance and Strategies to Protect Network Edge Devices
A quick summary to help you secure edge devices. This may be a bit opinionated, but these are the strategies that I find work and are actionable.
https://isc.sans.edu/diary/My%20Very%20Personal%20Guidance%20and%20Strategies%20to%20Protect%20Network%20Edge%20Devices/31660
PostgreSQL SQL Injection
A followup to yesterday's segment about the PostgreSQL vulnerability. Rapid7 released a Metasploit module to exploit the vulnerability.
https://github.com/rapid7/metasploit-framework/pull/19877
Ivanti Connect Secure Exploited
The Japanese CERT observed exploitation of January's Connect Secure vulnerability
https://blogs.jpcert.or.jp/ja/2025/02/spawnchimera.html
WinZip Vulnerability
WinZip patched a buffer overflow vulenrability that may be triggered by malicious 7Z files
https://www.zerodayinitiative.com/advisories/ZDI-25-047/
Xerox Printer Patch
Xerox patched two vulnerabililites in its enterprise multifunction printers that may be exploited for lateral movement.
https://securitydocs.business.xerox.com/wp-content/uploads/2025/02/Xerox-Security-Bulletin-XRX25-003-for-Xerox-VersaLinkPhaser-and-WorkCentre.pdf
SANS Stormcast Monday Feb 17th: Fake BSOD; Volatile IPs; Postgresql libpq SQL Injection; OAUTH Phishing
17 februari 2025 |
9 min
Fake BSOD Delivered by Malicious Python Script
Xavier found an odd malicious Python script that displays a blue screen of
death to users. The purpose isn't quite clear. It could be a teach support scam
tricking users into calling the 800 number displayed, or a simple
anti-reversing trick
https://isc.sans.edu/diary/Fake%20BSOD%20Delivered%20by%20Malicious%20Python%20Script/31686
The Danger of IP Volatility
Accounting for IP addresses is important, and if not done properly, may
lead to resources being exposed after IP addresses are released.
https://isc.sans.edu/diary/The%20Danger%20of%20IP%20Volatility/31688
PostgreSQL SQL Injection
Functions in PostgreSQL's libpq do not properly escape parameters which may
lead to SQL injection issues if the functions are used to create input for pqsql.
https://www.postgresql.org/support/security/CVE-2025-1094/
Multiple Russian Threat Actors Targeting Microsoft Device Code Auth
The OAUTH device code flow is used to attach devices with limited input capability to a user's account. However, this can be abused via phishing attacks.
https://www.volexity.com/blog/2025/02/13/multiple-russian-threat-actors-targeting-microsoft-device-code-authentication/
SANS Stormcast Feb 14th 2025: DShield Honeypot SIEM; PAN OS Auth Bypass; Salt Typhone vs. Cisco; Crowdstrike Patch
14 februari 2025 |
6 min
DShield SIEM Docker Updates
Interested in learning more about the attacks hitting your honeypot?
Guy assembled a neat SIEM to create dashboards summarizing the attacks.
https://isc.sans.edu/diary/DShield%20SIEM%20Docker%20Updates/31680
PANOS Path Confusion Auth Bypass
Palo Alto Networks fixed a path confusion vulnerability introduced by the
overly complex midle box chain in PANOS.
https://slcyber.io/blog/nginx-apache-path-confusion-to-auth-bypass-in-pan-os/
https://www.theregister.com/2025/02/13/palo_alto_firewall/
China's Volt Typhoon Continues to use Cisco Vulns
Recorded Future wrote up some recent attacks of the Red Mike / Volt Typhoon groups going after telecom providers by compromissing Cisco systems via an older vulnerabilty
https://www.wired.com/story/chinas-salt-typhoon-spies-are-still-hacking-telecoms-now-by-exploiting-cisco-routers/
Crowdstrike Patches Linux Client
https://www.crowdstrike.com/security-advisories/cve-2025-1146/
SANS Stormcast Feb 13th 2025: Smart City Threats; Advanced Social Engineering Attacks; Wazuh Vulnerability; PAM Vulnerability; Ivanti Patches
13 februari 2025 |
6 min
An Ontology for Threats: Cybercrime and Digital Forensic Investigation on Smart City Infrastructure
Smart cities is a big topic for many local governments. With building these complex systems, attacks will follow.
https://isc.sans.edu/diary/An%20ontology%20for%20threats%2C%20cybercrime%20and%20digital%20forensic%20investigation%20on%20Smart%20City%20Infrastructure/31676
North Korean state actor tricking admins into executing PowerShell
North Korean state actors are spending quite a bit of effort setting up relationships with South Korean system administrators, culminating in them getting tricked into executing malicious PowerShell scripts.
https://x.com/MsftSecIntel/status/1889407814604296490
Wazuh Vulnerability
A deserialization vulnerability in Wazuh may lead to an unauthenticated remote code execution vulnerability
https://github.com/wazuh/wazuh/security/advisories/GHSA-hcrc-79hj-m3qh
PAM PKCS11 Vulnerablity
Several vulnerabilities in the Linux PAM module processing smart card authentication can be used to bypass authentication
https://github.com/OpenSC/pam_pkcs11/releases/tag/pam_pkcs11-0.6.13
Ivanti Patches
Ivanti released its monhtly update, fixing a number of critical vulnerabilities in Connect Secure and other prodcuts
https://forums.ivanti.com/s/article/February-Security-Advisory-Ivanti-Connect-Secure-ICS-Ivanti-Policy-Secure-IPS-and-Ivanti-Secure-Access-Client-ISAC-Multiple-CVEs?language=en_US
SANS Stormcast Feb 12th 2025: MSFT Patch Tuesday; Adobe Patches; FortiNet Acknowledges Exploitation of FortiOS
12 februari 2025 |
6 min
Microsoft Patch Tuesday
Microsoft released patches for 55 vulnerabilities. Three of them are actagorized as critical, two are already exploited and another two have been publicly disclosed. The LDAP server vulnerability could become a huge deal, but it is not clear if an exploit will appear.
https://isc.sans.edu/diary/Microsoft%20February%202025%20Patch%20Tuesday/31674
Adobe Patches
Adobe released patches for seven products. Watch out in particular for the Adobe Commerce issues
https://helpx.adobe.com/security/security-bulletin.html
Fortinet Acknowledges Exploitation of Vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
SANS Stormcast Feb 11th 2025: 7zip and MoW; Apple 0-Day Fix; AMD Microcode Overwrite; Trimble CityWorks 0-Day; MageCart Update
11 februari 2025 |
7 min
Reminder: 7-Zip MoW
The MoW must be added to any files extracted from ZIP or other compound file formats. 7-Zip does not do so by default unless you alter the default configuration.
https://isc.sans.edu/diary/Reminder%3A%207-Zip%20%26%20MoW/31668
Apple Fixes 0-Day
Apple released updates to iOS and iPadOS fixing a bypass for USB Restricted Mode. The vulnerability is already being exploited.
https://support.apple.com/en-us/122174
AMD ZEN CPU Microcode Update
An attacker is able to replace microcode on some AMD CPUs. This may alter how the CPUs function and Google released a PoC showing how it can be used to manipulate the random number generator.
https://github.com/google/security-research/security/advisories/GHSA-4xq7-4mgh-gp6w
Trimble Cityworks Exploited
CISA added a recent Trimble Cityworks vulnerabliity to its list of exploited vulnerabilities.
https://learn.assetlifecycle.trimble.com/i/1532182-cityworks-customer-communication-2025-02-06-docx/0?
Google Tag Manager Skimmer Steals Credit Card Info
Sucuri released a blog post with updates to the mage cart campaign. The latest version is injecting malicious code as part of the google tag manager / analytics code.
https://blog.sucuri.net/2025/02/google-tag-manager-skimmer-steals-credit-card-info-from-magento-site.html
SANS Internet Stormcast Feb 10th 2025: Podcast Anniversary; SSL 2.0; Exposed Deepseek Installs; Crypto Scam costs
10 februari 2025 |
7 min
SSL 2.0 Turns 30 This Sunday
SSL was created in February 1995. However, back in 2005, only a year later, SSL 3.0 was released, and as of 2011, SSL 2.0 was deprecated, and support was removed from many crypto libraries. However, over 400k hosts are still exposed via SSL 2.0.
https://isc.sans.edu/diary/SSL%202.0%20turns%2030%20this%20Sunday...%20Perhaps%20the%20time%20has%20come%20to%20let%20it%20die%3F/31664
Deepseek News
Many articles cover various security shortcomings in the Chinese Deepseek AI model. Remember that some of these issues are not unique to Deepseek.
https://www.upguard.com/blog/deepseek-adoption
https://www.reversinglabs.com/blog/rl-identifies-malware-ml-model-hosted-on-hugging-face
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
https://www.nowsecure.com/blog/2025/02/06/nowsecure-uncovers-multiple-security-and-privacy-flaws-in-deepseek-ios-mobile-app/
Crypto Wallet Scam Not For Free
Didier looked closer at the recent dual signature crypto scams. These wallets are not free; attackers must spend money to set them up.
https://isc.sans.edu/diary/Crypto+Wallet+Scam+Not+For+Free/31666
SANS Internet Stormcast Feb 7th 2025: Unbreakable Anti-Debugging;
7 februari 2025 |
6 min
The Unbreakable Multi-Layer Anti-Debugging System
Xavier found a nice Python script that included what it calls the "Unbreakable Multi-Layer Anti-Debugging System". Leave it up to Xavier to tear it appart for you.
https://isc.sans.edu/diary/The%20Unbreakable%20Multi-Layer%20Anti-Debugging%20System/31658
Take my money: OCR crypto stealers in Google Play and App Store
Malware using OCR on screen shots was available not just via Google Play, but also the Apple App Store.
https://securelist.com/sparkcat-stealer-in-app-store-and-google-play-2/115385/
Threat Actors Still Leveraging Legit RMM Tool ScreenConnect
Unsurprisingly, threat actors still like to use legit remote admin tools, like ScreenConnect, as a command and control channel. Silent Push outlines the latest trends and IoCs they found
https://www.silentpush.com/blog/screenconnect/
Cisco Identity Services Engine Insecure Java Deserialization and Authorization Bypass Vulnerabilities
Java deserializing strikes again to allow arbitrary code execution. Cisco fixed this vulnerability and a authorization bypass issue in its Identity Services Engine
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-multivuls-FTW9AOXF
F5 Update
F5 fixes an interesting authentication bypass problem affecting TLS client certificates
https://my.f5.com/manage/s/article/K000149173
SANS Internet Stormcast Feb 6th 2025: com- prefix domain phishing; Win 10 ESU pricing; Firefox CT Policy; Veeam and Netgear patches
6 februari 2025 |
7 min
Phishing via com- prefix domains
Every day, attackers are registering a few hunder domain names starting with com-. These are used in phishing e-mails, like for example "toll fee scams", to create more convincing phishing links.
https://isc.sans.edu/diary/Phishing%20via%20%22com-%22%20prefix%20domains/31654
Microsoft Windows 10 Extended Security Updates
Microsoft released pricing and additional details for the Windows 10 extended security updates. For the first year after official free updates stopped, security updates will be available for $61 for the first year.
https://learn.microsoft.com/en-us/windows/whats-new/extended-security-updates
Mozilla Enforcing Certificate Transparency
Mozilla is following the lead from other browsers, and will require certificates to include a certificate signature timestamp as proof of compliance with certificate transparency requirements.
https://groups.google.com/a/mozilla.org/g/dev-security-policy/c/OagRKpVirsA/m/Q4c89XG-EAAJ
https://wiki.mozilla.org/SecurityEngineering/Certificate_Transparency#Enterprise_Policies
Veeam Update
Veeam's internal backup process may be used to execute arbitrary code by an attacker with a machine in the middle position.
https://www.veeam.com/kb4712
Netgear Unauthenticated RCE
https://kb.netgear.com/000066558/Security-Advisory-for-Unauthenticated-RCE-on-Some-WiFi-Routers-PSV-2023-0039
SANS Internet Stormcast Feb 5th 2025: Feed Updates and Rosti; Resurrecting Dead S3 Buckets; Let's Encrypt Changes; Edge Device Security
5 februari 2025 |
7 min
Some Updates to Our Data Feeds
We made some updates to the documentation for our data feeds, and added the neat Rosti Feed to our list as well as to our ipinfo page.
https://isc.sans.edu/diary/Some%20updates%20to%20our%20data%20feeds/31650
8 Million Request Later We Meade the Solarwindws Supply Chain Attack Look Amateur
While the title is a bit of watchTowr hyperbole, the problem of resurrecting dead S3 buckets back to live is real and needs to be addressed. Boring solutions will help not becoming an exciting headline.
https://labs.watchtowr.com/8-million-requests-later-we-made-the-solarwinds-supply-chain-attack-look-amateur/
Let's Encrypt Ending Expiration Emails
Let's Encrypt will no longer send emails for expiring certificates. They suggest other free services to send these emails for you
https://letsencrypt.org/2025/01/22/ending-expiration-emails/
Guidance and Strategies Protect Network Edge Edvices
CISA and other agencies created a guidance document outlining how to protect edge devices like firewalls, vpn concentrators and other similar devices.
https://www.cisa.gov/resources-tools/resources/guidance-and-strategies-protect-network-edge-devices
SANS ISC Stormcast Feb 4th 2025: Crypto Scam; Mediatek and D-Link Patches; Microsoft ends VPN Service
4 februari 2025 |
6 min
Crypto Wallet Scam
YouTube spam messages leak private keys to crypto wallets. However, these keys can not be used to withdraw funds. Victims are scammed into depositing "gas fees" which are then collected by the scammer.
https://isc.sans.edu/diary/Crypto%20Wallet%20Scam/31646
Mediatek Patches
Mediatek patched numerous vulnerabilities in its WLAN products. Some allow for unauthenticated arbitrary code execution
https://corp.mediatek.com/product-security-bulletin/February-2025
D-Link Vulnerability
D-Link disclosed a vulnerability in older routers that as of May no longer receive any updates. Your only option is to upgrade hardare.
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
Microsoft Discontinues VPN Service
Microsoft is shutting down the VPN service that was included as part of Microsoft Defender
https://support.microsoft.com/en-au/topic/end-of-support-privacy-protection-vpn-in-microsoft-defender-for-individuals-8b503da5-732a-4472-833a-e2ddca53036a
SANS ISC Stormcast Feb 3rd 2025: Automating Cyber Ranges; Deepseek Scams; PyPi Archived State; Medical Backdoors
3 februari 2025 |
6 min
To Simulate or Replicate: Crafting Cyber Ranges
Automating the creation of cyber ranges. This will be a multi part series and this part covers creating the DNS configuration in Windows
https://isc.sans.edu/diary/To%20Simulate%20or%20Replicate%3A%20Crafting%20Cyber%20Ranges/31642
Scammers Exploiting Deepseek Hype
Scammers are using the hype around Deepseek, and some of the confusion caused by it's site not being reachable, to scam users into installing malware. I am also including a link to a "jailbreak" of Deepseek (this part was not covered in the podcast).
https://www.welivesecurity.com/en/cybersecurity/scammers-exploiting-deepseek-hype/
https://lab.wallarm.com/jailbreaking-generative-ai/
PyPi Archived Status
PyPi introduced a new feature to mark repositories as archived. This implies that the author is no longer maintaining the particular package
https://blog.pypi.org/posts/2025-01-30-archival/
ICS Mecial Advisory: Comtec Patient Monitor Backdoor
And interested backdoor was found in a Comtech Patient Monitor.
https://www.cisa.gov/news-events/ics-medical-advisories/icsma-25-030-01
SANS ISC Stormcast Jan 31st 2025: Old Netgear Vuln in Depth; Lightning AI RCE; Canon Printer RCE; Deepseek Leak;
31 januari 2025 |
6 min
PCAPs or It Didn't Happen: Exposing an Old Netgear Vulnerability Still Active in 2025 [Guest Diary]
https://isc.sans.edu/diary/PCAPs%20or%20It%20Didn%27t%20Happen%3A%20Exposing%20an%20Old%20Netgear%20Vulnerability%20Still%20Active%20in%202025%20%5BGuest%20Diary%5D/31638
RCE Vulnerablity in AI Development Platform Lightning AI
Noma Security discovered a neat remote code execution vulnerability in Lightning AI. This vulnerability is exploitable by tricking a logged in user into clicking a simple link.
https://noma.security/noma-research-discovers-rce-vulnerability-in-ai-development-platform-lightning-ai/
Canon Laser Printers and Small Office Multifunctional Printer Vulnerabilities
Canon fixed three different vulnerablities affecting various laser and small office multifunctional printers. These vulnerabilities may lead to remote code execution, and there are some interesting exploit opportunities
https://www.usa.canon.com/support/canon-product-advisories/service-notice-regarding-vulnerability-measure-against-buffer-overflow-for-laser-printers-and-small-office-multifunctional-printers
Deepseek ClickHouse Database Leak
https://www.wiz.io/blog/wiz-research-uncovers-exposed-deepseek-database-leak
SANS ISC Stormcast, Jan 30th 2025: Python vs. Powershell; Fortinet Exploits and Patch Policy; Voyager PHP Framework Vuln; Zyxel Targeted; VMWare AVI Patch
30 januari 2025 |
6 min
From PowerShell to a Python Obfuscation Race!
This information stealer not only emulates a PDF document convincingly, but also includes its own Python environment for Windows
https://isc.sans.edu/diary/From%20PowerShell%20to%20a%20Python%20Obfuscation%20Race!/31634
Alleged Active Exploit Sale of CVE-2024-55591 on Fortinet Devices
An exploit for this week's Fortinet vulnerability is for sale on russian forums. Fortinet also requires patching of devices without cloud license within seven days of patch release
https://x.com/MonThreat/status/1884577840185643345
https://community.fortinet.com/t5/Support-Forum/Firmware-upgrade-policy/td-p/373376
The Tainted Voyage: Uncovering Voyager's Vulnerabilities
Sonarcube identified vulnerabilities in the popular PHP package Voyager. One of them allows arbitrary file uploads.
https://www.sonarsource.com/blog/the-tainted-voyage-uncovering-voyagers-vulnerabilities/
Hackers exploit critical unpatched flaw in Zyxel CPE devices
A currently unpatches vulnerablity in Zyxel devices is actively exploited.
https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-unpatched-flaw-in-zyxel-cpe-devices/
VMSA-2025-0002: VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability (CVE-2025-22217)
VMWare released a patch for the AVI Load Balancer addressing an unauthenticated blink SQL injection vulnerability.
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25346
SANS ISC Stormcast, Jan 29th 2025: Python Crypto Stealer; SimpleHelp Exploited; Apple Silicon Vuln; Teamviewer Vuln; Odd QR Code
29 januari 2025 |
6 min
Learn about fileless crypto stealers written in Python, the ongoing exploitation of recent SimpleHelp vulnerablities, new Apple Silicon Sidechannel attacks a Team Viewer Vulnerablity and an odd QR Code
Fileless Python InfoStealer Targeting Exodus
This Python script targets Exodus crypto wallet and password managers to steal crypto currencies. It does not save exfiltrated data in files, but keeps it in memory for exfiltration
https://isc.sans.edu/diary/Fileless%20Python%20InfoStealer%20Targeting%20Exodus/31630
Campaign Exploiting SimpleHelp Vulnerablity
Arcticwolf observed attacks exploiting SimpleHelp for initial access to networks. It has not been verified, but is assumed that vulnerabilities made public about a week ago are being exploited.
https://arcticwolf.com/resources/blog-uk/arctic-wolf-observes-campaign-exploiting-simplehelp-rmm-software-initial-access/
Two new Side Channel Vulnerabilities in Apple Silicon
SLAP (Data Speculation Attacks via Load Address Prediction): This attack exploits the Load Address Predictor in Apple CPUs starting with the M2/A15, allowing unauthorized access to sensitive data by mispredicting memory addresses. FLOP (Breaking the Apple M3 CPU via False Load Output Predictions): This attack targets the Load Value Predictor in Apple's M3/A17 CPUs, enabling attackers to execute arbitrary computations on incorrect data, potentially leaking sensitive information.
https://predictors.fail/
Teamviewer Security Bulletin
Teamviewer patched a privilege escalation vulnerability CVE-2025-0065
https://www.teamviewer.com/en-us/resources/trust-center/security-bulletins/tv-2025-1001/
Odd QR Code
A QR code may resolve to a different URL if looked at at an angle.
https://mstdn.social/@isziaui/113874436953157913
Limited Discount for SANS Baltimore
https://sans.org/u/1zQd
SANS ISC Stormcast, Jan 28th 2025: Z-Shy Phishing; Apple Patches 0-Day; Fortinet Exploit Details; Github and Apache Solr Patches
28 januari 2025 |
6 min
This episode shows how attackers are bypassing phishing filter by abusing the "shy" softhyphen HTML entitiy. We got an update from Apple fixing a 0-day vulnerability in addition to a number of other issues. watchTowr show how to exploit an interesting FortiOS vulnerability and we have patches for Github Desktop and Apache Solr
An unusal shy z-wasp phish
https://isc.sans.edu/diary/An%20unusual%20%22shy%20z-wasp%22%20phishing/31626
How the soft hyphen "shy" HTML entity can be abused to bypass e-mail filters
Apple Patches
https://support.apple.com/en-us/100100
Apple released patches for all of its operating systems, fixing a 0-day vulnerability among many others issues
Get Fortirekt I am the Super_admin now
https://labs.watchtowr.com/get-fortirekt-i-am-the-super_admin-now-fortios-authentication-bypass-cve-2024-55591/
Details about a recent FortiOS Vulnerability
GitHub Desktop Vulnerability
https://thehackernews.com/2025/01/github-desktop-vulnerability-risks.html
Apache Solr Vulnerability
https://solr.apache.org/security.html#cve-2024-52012-apache-solr-configset-upload-on-windows-allows-arbitrary-path-write-access
SANS ISC Stormcast, Jan 27, 2025: Access Brokers; Llama Stack Vuln; ESXi SSH Tunnels; Zyxel Boot Loops; Subary StarLeak
27 januari 2025 |
6 min
Guest Diary: How Access Brokers Maintain Persistence
Explore how cybercriminals utilize access brokers to persist within networks and the impact this has on organizational security.
https://isc.sans.edu/forums/diary/Guest+Diary+How+Access+Brokers+Maintain+Persistence/31600/
Critical Vulnerability in Meta's Llama Stack (CVE-2024-50050)
A deep dive into CVE-2024-50050, a critical vulnerability affecting Meta's Llama Stack, with exploitation details and mitigation strategies.
https://www.oligo.security/blog/cve-2024-50050-critical-vulnerability-in-meta-llama-llama-stack
ESXi Ransomware and SSH Tunneling Defense Strategies
Learn how to fortify your infrastructure against ransomware targeting ESXi environments, focusing on SSH tunneling and proactive measures.
https://www.sygnia.co/blog/esxi-ransomware-ssh-tunneling-defense-strategies/
Zyxel USG FLEX/ATP Series Application Signature Recovery Steps
Addressing issues with Zyxel s USG FLEX/ATP Series application signatures as of January 24, 2025, with a detailed recovery guide.
https://support.zyxel.eu/hc/en-us/articles/24159250192658-USG-FLEX-ATP-Series-Recovery-Steps-for-Application-Signature-Issue-on-January-24th-2025
Subaru Starlink Vulnerability Exposed Cars to Remote Hacking
Discussing how a vulnerability in Subaru s Starlink system left vehicles susceptible to remote exploitation and the steps taken to resolve it.
https://www.securityweek.com/subaru-starlink-vulnerability-exposed-cars-to-remote-hacking/
SANS ISC Stormcast, Jan 24, 2025: XSS in Email, SonicWall Exploited; Cisco Vulnerablities; AI and SOAR (@sans_edu research paper by Anthony Russo)
24 januari 2025 |
15 min
In today's episode, learn how an attacker attempted to exploit webmail XSS vulnerablities against us. Sonicwall released a critical patch fixing an already exploited vulnerability in its SMA 1000 appliance. Cisco fixed vulnerabilities in ClamAV and its Meeting Manager REST API. Learn from SANS.edu student Anthony Russo how to take advantage of AI for SOAR.
XSS Attempts via E-Mail
https://isc.sans.edu/diary/XSS%20Attempts%20via%20E-Mail/31620
An analysis of a recent surge in email-based XSS attack attempts targeting users and organizations. Learn the implications and mitigation techniques.
SonicWall PSIRT Advisory: CVE-2025-23006
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 CVE-2025-23006
Details of a critical vulnerability in SonicWall appliances (SNWLID-2025-0002) and what you need to do to secure your systems.
Cisco ClamAV Advisory: OLE2 Parsing Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA
A DoS vulnerability in the popular open source anti virus engine ClamAV
Cisco CMM Privilege Escalation Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc
A patch of a privilege escalation flaw in Cisco s CMM module.
SANS ISC Stormcast, Jan 23, 2025: PFSync Protocol; Oracle CPU; Korean VPN Supply Chain Attack; Ivanti Guidance
22 januari 2025 |
8 min
In today's episode, we start by talking about the PFSYNC protocol used to synchronize firewall states to support failover. Oracle released it's quarterly critical patch update. ESET is reporting about a critical VPN supply chain attack and CISA released guidance for victims of recent Ivanti related attacks.
Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.
Catching CARP: Fishing for Firewall States in PFSync Traffic
https://isc.sans.edu/diary/Catching%20CARP%3A%20Fishing%20for%20Firewall%20Stat%20es%20in%20PFSync%20Traffic/31616)**
Discover how attackers exploit PFSync traffic to manipulate firewall states. This deep dive explores vulnerabilities and mitigation strategies in network defense.
Oracle Critical Patch Update January 2025
https://www.oracle.com/security-alerts/cpujan2025.html)**
Oracle's January 2025 patch release addresses numerous critical vulnerabilities across their product suite. Learn about key updates and how to secure your systems.
PlushDaemon: Compromising the Supply Chain of a Korean VPN Service
https://www.welivesecurity.com/en/eset-research/plushdaemon-compromises-supply-chain-korean-vpn-service/
ESET Research uncovers PlushDaemon, a sophisticated supply chain attack targeting a Korean VPN provider. Understand the implications for supply chain security.
CISA Cybersecurity Advisory: AA25-022A
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-022a
The latest advisory highlights active threats and mitigation strategies for critical infrastructure. Stay ahead with CISA s guidance on emerging cyber risks.
SANS ISC Stormcast, Jan 22, 2025: Geolocation via Starlink and Cloudflare; AI Prompt Risks; Homebrew Phishing
22 januari 2025 |
9 min
This episodes covers how Starlink users can be geolocated and how Cloudflare may help deanonymize users. The increased use of AI helpers leads to leaking data via careless prompts.
Geolocation and Starlink
https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612
Discover the potential geolocation risks associated with Starlink and how they might be exploited. This diary entry dives into new concerns for satellite internet users.
Deanonymizing Users via Cloudflare
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Deanonymizing users by identifying which cloudflare server cashed particular content
Sage's AI Assistant and Customer Data Concerns
https://www.theregister.com/2025/01/20/sage_copilot_data_issue/
Examine how a Sage AI tool inadvertently exposed sensitive customer data, raising questions about AI governance and trust in business applications.
The Threat of Sensitive Data in Generative AI Prompts
https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
Analyze how employees careless prompts to generative AI tools can lead to sensitive data breaches and the importance of awareness training.
Homebrew Phishing
https://x.com/ryanchenkie/status/1880730173634699393
Geolocation and Starlink
https://isc.sans.edu/diary/Geolocation%20and%20Starlink/31612
Discover the potential geolocation risks associated with Starlink and how they might be exploited. This diary entry dives into new concerns for satellite internet users.
Deanonymizing Users via Cloudflare
https://gist.github.com/hackermondev/45a3cdfa52246f1d1201c1e8cdef6117
Deanonymizing users by identifying which cloudflare server cashed particular content
Sage's AI Assistant and Customer Data Concerns
https://www.theregister.com/2025/01/20/sage_copilot_data_issue/
Examine how a Sage AI tool inadvertently exposed sensitive customer data, raising questions about AI governance and trust in business applications.
The Threat of Sensitive Data in Generative AI Prompts
https://www.darkreading.com/threat-intelligence/employees-sensitive-data-genai-prompts
Analyze how employees careless prompts to generative AI tools can lead to sensitive data breaches and the importance of awareness training.
Homebrew Phishing
https://x.com/ryanchenkie/status/1880730173634699393
SANS ISC Stormcast, Jan 21, 2025: Downloading Partial ZIP files; Remote Tools Used in Attakcs; Azure DevOps SSRF
21 januari 2025 |
6 min
In this episode, we talk about downloading and analyzing partial ZIP files, how legitimate remote access tools are used in recent compromises and how a research found an SSRF vulnerability in Azure DevOps
Partial ZIP File Downloads
A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content.
https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608
Ukrainian CERT Advisory on AnyDesk Threat
The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access.
https://cert.gov.ua/article/6282069
Finding SSRFs in Azure DevOps
An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines.
https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops
Partial ZIP File Downloads
A closer look at how attackers are leveraging partial ZIP file downloads to bypass file verification systems and plant malicious content.
https://isc.sans.edu/diary/Partial%20ZIP%20File%20Downloads/31608
Ukrainian CERT Advisory on AnyDesk Threat
The Ukrainian CERT provides detailed guidance on identifying and mitigating recent cyber threats exploiting AnyDesk for unauthorized access.
https://cert.gov.ua/article/6282069
Finding SSRFs in Azure DevOps
An in-depth analysis of how server-side request forgery (SSRF) vulnerabilities are discovered and exploited in Azure DevOps pipelines.
https://binarysecurity.no/posts/2025/01/finding-ssrfs-in-devops
SANS ISC Stormcast, Jan 20, 2025: Honeypots for Offense; SimpleHelp and UEFI Secure Boot Vulnerabilities
20 januari 2025 |
3 min
In this episode, we cover how to use honeypot data to keep your offensive infrastructure alive longer, three critical vulnerabilities in SimpleHelp that must be patched now, and an interesting vulnerability affecting many systems allowing UEFI Secure Boot bypass.
Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests.
https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596
Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website.
https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions
Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk.
https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
Leveraging Honeypot Data for Offensive Security Operations [Guest Diary] A recent guest diary on the SANS Internet Storm Center discusses how offensive security professionals can utilize honeypot data to enhance their operations. The diary highlights the detection of scans from multiple IP addresses, emphasizing the importance of monitoring non-standard user-agent strings in web requests.
https://isc.sans.edu/diary/Leveraging%20Honeypot%20Data%20for%20Offensive%20Security%20Operations%20%5BGuest%20Diary%5D/31596
Security Vulnerabilities in SimpleHelp 5.5.7 and Earlier SimpleHelp has released version 5.5.8 to address critical security vulnerabilities present in versions 5.5.7 and earlier. Users are strongly advised to upgrade to the latest version to prevent potential exploits. Detailed information and upgrade instructions are available on SimpleHelp's official website.
https://simple-help.com/kb---security-vulnerabilities-01-2025#send-us-your-questions
Under the Cloak of UEFI Secure Boot: Introducing CVE-2024-7344 ESET researchers have identified a new vulnerability, CVE-2024-7344, that allows attackers to bypass UEFI Secure Boot on most UEFI-based systems. This flaw enables the execution of untrusted code during system boot, potentially leading to the deployment of malicious UEFI bootkits. Affected users should apply available patches to mitigate this risk.
https://www.welivesecurity.com/en/eset-research/under-cloak-uefi-secure-boot-introducing-cve-2024-7344/
SANS ISC Stormcast, Jan 17, 2025: Analyzing Complex Datasets, Citrix Update Issues, Ivanti's Security Advisory, and the Future of Passkeys (@sans_edu)
17 januari 2025 |
13 min
In this episode, we explore the efficient storage of honeypot logs in databases, issues with Citrix's Session Recording Agent and Windows Update. Ivanti is having another interesting security event and our SANS.edu graduate student Rich Green talks about his research on Passkeys.
Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights.
https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582
Citrix Session Recording Agent Update Issue: Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue.
https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US
Ivanti Endpoint Manager Security Advisory: Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions.
https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords: A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods.
https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/
Extracting Practical Observations from Impractical Datasets: A SANS Internet Storm Center diary entry discusses strategies for analyzing complex datasets to derive actionable insights.
https://isc.sans.edu/diary/Extracting%20Practical%20Observations%20from%20Impractical%20Datasets/31582
Citrix Session Recording Agent Update Issue: Citrix reports that Microsoft's January security update fails or reverts on machines with the 2411 Session Recording Agent installed, providing guidance on addressing this issue.
https://support.citrix.com/s/article/CTX692505-microsofts-january-security-update-failsreverts-on-a-machine-with-2411-session-recording-agent?language=en_US
Ivanti Endpoint Manager Security Advisory: Ivanti releases a security advisory for Endpoint Manager versions 2024 and 2022 SU6, detailing vulnerabilities and recommended actions.
https://forums.ivanti.com/s/article/Security-Advisory-EPM-January-2025-for-EPM-2024-and-EPM-2022-SU6?language=en_US
Revolutionizing Enterprise Security: The Exciting Future of Passkeys Beyond Passwords: A SANS.edu research paper explores the shift from traditional passwords to passkeys, highlighting the benefits and challenges of adopting passwordless authentication methods.
https://www.sans.edu/cyber-research/revolutionizing-enterprise-security-exciting-future-passkeys-beyond-passwords/
SANS ISC Stormcast, Jan 16, 2025: Critical Vulnerabilities and Cybersecurity Updates You Need to Know
16 januari 2025 |
9 min
Today's episode covers an odd 12 year old Netgear vulnerability that only received a proper CVE number last year. Learn about how to properly identify OpenID connect users and avoid domain name resue. Good old rsync turns out to be in need of patching and Fortinet: Not sure if it needs patching. Probably it does. Go ahead and patch it.
The Curious Case of a 12-Year-Old Netgear Router Vulnerability
Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware.
URL: https://isc.sans.edu/diary/The%20Curious%20Case%20of%20a%2012-Year-Old%20Netgear%20Router%20Vulnerability/31592
Millions at Risk Due to Google s OAuth Flaw
A flaw in Google s OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks.
URL: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw
Rsync 3.4.0 Security Release
The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes.
URL: https://download.samba.org/pub/rsync/NEWS#3.4.0
Fortinet PSIRT Advisories: Stay Secure
Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses.
URL: https://www.fortiguard.com/psirt
The Curious Case of a 12-Year-Old Netgear Router Vulnerability
Outdated Netgear routers remain a security risk, with attackers actively exploiting a 2013 vulnerability to deploy crypto miners. Learn how to protect your network by updating or replacing legacy hardware.
URL: https://isc.sans.edu/diary/The%20Curious%20Case%20of%20a%2012-Year-Old%20Netgear%20Router%20Vulnerability/31592
Millions at Risk Due to Google s OAuth Flaw
A flaw in Google s OAuth implementation enables attackers to exploit defunct domain accounts, exposing sensitive data. Tips on implementing MFA and domain monitoring to reduce risks.
URL: https://trufflesecurity.com/blog/millions-at-risk-due-to-google-s-oauth-flaw
Rsync 3.4.0 Security Release
The latest rsync update fixes critical vulnerabilities, including buffer overflows and symbolic link issues. Upgrade immediately to protect your file synchronization processes.
URL: https://download.samba.org/pub/rsync/NEWS#3.4.0
Fortinet PSIRT Advisories: Stay Secure
Fortinet's latest advisories address vulnerabilities in FortiOS, FortiProxy, and more. Review and apply patches promptly to secure your perimeter defenses.
URL: https://www.fortiguard.com/psirt
SANS ISC Stormcast, Jan 14 2025: Microsoft Patch Tuesday, FortiOS and FortiProxy Patches; Paessler PRTG Patches
15 januari 2025 |
8 min
Today, Microsoft Patch Tuesday headlines our news with Microsoft patching 209 vulnerabilities, some
of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication
bypass to be behind some recent exploits of FortiOS and FortiProxy devices.
Microsoft January 2025 Patch Tuesday
This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.
https://isc.sans.edu/diary/rss/31590
Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
PRTG Network Monitor Update:
Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833
https://www.paessler.com/prtg/history/stable
of which have already been exploited. Fortinet suspects a so far unpatched Node.js authentication
bypass to be behind some recent exploits of FortiOS and FortiProxy devices.
Microsoft January 2025 Patch Tuesday
This month's Microsoft patch update addresses a total of 209 vulnerabilities, including 12 classified as critical. Among these, 3 vulnerabilities have been actively exploited in the wild, and 5 have been disclosed prior to the patch release, marking them as zero-days.
https://isc.sans.edu/diary/rss/31590
Fortinet Security Advisory FG-IR-24-535 CVE-2024-55591
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS and FortiProxy may allow a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
https://fortiguard.fortinet.com/psirt/FG-IR-24-535
PRTG Network Monitor Update:
Update for an already exploited XSS vulnerability in Paesler PRTG Network Monitor CVE-2024-12833
https://www.paessler.com/prtg/history/stable
SANS ISC Stormcast, Jan 14, 2025: Brute-Forcing Hikvision Devices, macOS SIP Bypass, Linux Rootkits, Aviatrix Exploits, and AWS Ransomware Tactics
13 januari 2025 |
8 min
Episode Summary:
This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets.
Topics Covered:
Hikvision Password Reset Brute Forcing
URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586
Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes.
Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass
URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions.
Rootkit Malware Controls Linux Systems Remotely
URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control.
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.
This episode covers brute-force attacks on the password reset functionality of Hikvision devices, a macOS SIP bypass vulnerability, Linux rootkit malware, and a novel ransomware campaign targeting AWS S3 buckets.
Topics Covered:
Hikvision Password Reset Brute Forcing
URL: https://isc.sans.edu/diary/Hikvision%20Password%20Reset%20Brute%20Forcing/31586
Hikvision devices are being targeted using old brute-force attacks exploiting predictable password reset codes.
Analyzing CVE-2024-44243: A macOS System Integrity Protection Bypass
URL: https://www.microsoft.com/en-us/security/blog/2025/01/13/analyzing-cve-2024-44243-a-macos-system-integrity-protection-bypass-through-kernel-extensions/
Microsoft details a macOS vulnerability allowing attackers to bypass SIP using kernel extensions.
Rootkit Malware Controls Linux Systems Remotely
URL: https://cybersecuritynews.com/rootkit-malware-controls-linux-systems-remotely/
A sophisticated rootkit targeting Linux systems uses zero-day vulnerabilities for remote control.
Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C
URL: https://www.halcyon.ai/blog/abusing-aws-native-services-ransomware-encrypting-s3-buckets-with-sse-c
Attackers are using AWS s SSE-C encryption to lock S3 buckets during ransomware campaigns. We cover how the attack works and how to protect your AWS environment.
SANS ISC Stormcast, Jan 13, 2025: Defender Updates, Ivanti RCE, Apple USB-C Hack and more
13 januari 2025 |
7 min
In today's episode, we cover the latest updates in cybersecurity:
Windows Defender Enhances Chrome Extension Detection
Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security.
https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574
Multi-OLE Analysis in Malicious Documents
A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it.
https://isc.sans.edu/diary/Multi-OLE/31580
Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Details of a critical vulnerability affecting Ivanti products and the patching timelines.
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Apple USB-C Controller Compromised
Researchers hacked Apple s ACE3 USB-C controller, highlighting hardware security challenges.
https://cybersecuritynews.com/apples-new-usb-c-controller-hacked/
IRS Pushes for IP PIN Enrollment
Protect yourself from tax-related identity theft by securing your IP PIN for the 2025 tax season.
https://www.irs.gov/newsroom/irs-encourages-all-taxpayers-to-sign-up-for-an-ip-pin-for-the-2025-tax-season
Windows Defender Enhances Chrome Extension Detection
Microsoft's Defender now catalogs Chrome extensions to identify malicious ones. Learn how this improves enterprise security.
https://isc.sans.edu/diary/Windows%20Defender%20Chrome%20Extension%20Detection/31574
Multi-OLE Analysis in Malicious Documents
A look at how attackers embed OLE files in Office documents to evade detection and the tools to combat it.
https://isc.sans.edu/diary/Multi-OLE/31580
Ivanti Connect Secure RCE Vulnerability (CVE-2025-0282)
Details of a critical vulnerability affecting Ivanti products and the patching timelines.
https://labs.watchtowr.com/exploitation-walkthrough-and-techniques-ivanti-connect-secure-rce-cve-2025-0282/
Apple USB-C Controller Compromised
Researchers hacked Apple s ACE3 USB-C controller, highlighting hardware security challenges.
https://cybersecuritynews.com/apples-new-usb-c-controller-hacked/
IRS Pushes for IP PIN Enrollment
Protect yourself from tax-related identity theft by securing your IP PIN for the 2025 tax season.
https://www.irs.gov/newsroom/irs-encourages-all-taxpayers-to-sign-up-for-an-ip-pin-for-the-2025-tax-season
SANS ISC Stormcast: Cryptomining Malware, Fake PoC Exploit, Malicious Browser Extensions, and Palo Alto Vulnerabilities. Jan 9th 2024
10 januari 2025 |
7 min
In this episode, we explore the following stories:
"Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)
"Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics"
Overview of Redtail's multi-architecture cryptomining malware exploiting vulnerabilities and deploying persistence techniques.
URL: Examining Redtail: Analyzing a Sophisticated Cryptomining Malware and its Advanced Tactics
"Information Stealer Masquerades as LDAPNightmare PoC Exploit"
A malware disguised as a PoC exploit targets users seeking to test vulnerabilities like LDAPNightmare.
URL: Information Stealer Masquerades as LDAPNightmare PoC Exploit
"How Extensions Trick CWS Search"
Research reveals how malicious browser extensions manipulate Chrome Web Store search to appear legitimate.
URL: How Extensions Trick CWS Search
"Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)"
Multiple vulnerabilities in the deprecated Expedition tool can expose credentials and lead to unauthorized file and command execution.
URL: Palo Alto Networks' Expedition Vulnerabilities (PAN-SA-2025-0001)
SANS ISC Stormcast, Jan 9, 2025: Critical Vulnerabilities in Ivanti, Aviatrix, and Hijacked Backdoors in Compromised Systems
9 januari 2025 |
6 min
In this episode, we discuss critical vulnerabilities in Ivanti Connect Secure and Policy Secure, command injection risks in Aviatrix Network Controllers, and the risks posed by hijacked abandoned backdoors.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.
Episode Links and Topics:
More Governments Backdoors in Your Backdoors
https://labs.watchtowr.com/more-governments-backdoors-in-your-backdoors/
Researchers reveal how expired domains linked to abandoned backdoors can be hijacked, exposing systems to further compromise.
Security Update: Ivanti Connect Secure, Policy Secure, and Neurons for ZTA Gateways
https://www.ivanti.com/blog/security-update-ivanti-connect-secure-policy-secure-and-neurons-for-zta-gateways
Ivanti addresses critical vulnerabilities (CVE-2025-0282, CVE-2025-0283) in their secure gateway products, with active exploitation in the wild.
CVE-2024-50603: Aviatrix Network Controller Command Injection Vulnerability
https://www.securing.pl/en/cve-2024-50603-aviatrix-network-controller-command-injection-vulnerability/
A command injection vulnerability in Aviatrix Network Controllers allows unauthenticated code execution, posing severe risks to network environments.
SANS ISC Stormcast, Jan 8, 2025: Critical Vulnerabilities in SonicWall, Moxa, and Windows BitLocker – Plus, Malware Targets PHP Servers and the Launch of U.S. Cyber Trust Mark
8 januari 2025 |
7 min
In this episode, we dive into active exploitation of a zero-day in SonicWall SSL-VPN, privilege escalation vulnerabilities in Moxa devices, and a BitLocker bypass in Windows 11. We also cover cryptocurrency mining malware hitting PHP servers and the White House's launch of the U.S. Cyber Trust Mark to secure connected devices.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.
Episode Links and Topics:
PacketCrypt Classic Cryptocurrency Miner on PHP Servers
https://isc.sans.edu/diary/PacketCrypt%20Classic%20Cryptocurrency%20Miner%20on%20PHP%20Servers/31564
Malware exploiting PHP servers to mine PacketCrypt Classic cryptocurrency.
SonicOS Affected By Multiple Vulnerabilities
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0003
A zero-day vulnerability in SonicWall SSL-VPN devices is under active attack.
Privilege Escalation and OS Command Injection Vulnerabilities in Moxa Devices
https://www.moxa.com/en/support/product-support/security-advisory/mpsa-241155-privilege-escalation-and-os-command-injection-vulnerabilities-in-cellular-routers,-secure-routers,-and-netwo
Critical vulnerabilities in Moxa routers and security appliances allow privilege escalation and OS command injection.
White House Launches U.S. Cyber Trust Mark
https://www.whitehouse.gov/briefing-room/statements-releases/2025/01/07/white-house-launches-u-s-cyber-trust-mark-providing-american-consumers-an-easy-label-to-see-if-connected-devices-are-cybersecure/
A new cybersecurity labeling program for connected devices aims to help consumers choose secure products.
Windows BitLocker: Screwed without a Screwdriver
https://media.ccc.de/v/38c3-windows-bitlocker-screwed-without-a-screwdriver#t=761
(video in English)
A two-year-old vulnerability in Windows 11 allows bypassing BitLocker encryption.
ISC StormCast for Tuesday, January 7th, 2025
7 januari 2025 |
5 min
In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting researchers. Tune in for insights on patching, mitigation strategies, and staying ahead of emerging threats.
Topics Covered:
Make Malware Happy
https://isc.sans.edu/diary/Make%20Malware%20Happy/31560
A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis.
Nuclei Signature Verification Bypass (CVE-2024-43405)
https://www.wiz.io/blog/nuclei-signature-verification-bypass
A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution.
Critical Vulnerability in BeyondTrust (CVE-2024-12356)
https://censys.com/cve-2024-12356/
A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems.
RegreSSHion Code Execution Vulnerability (CVE-2024-6387)
https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.
Topics Covered:
Make Malware Happy
https://isc.sans.edu/diary/Make%20Malware%20Happy/31560
A look at how malware adapts and detects analysis environments, and why replicating operational settings is critical during malware analysis.
Nuclei Signature Verification Bypass (CVE-2024-43405)
https://www.wiz.io/blog/nuclei-signature-verification-bypass
A critical vulnerability in Nuclei allows malicious templates to bypass signature verification, risking arbitrary code execution.
Critical Vulnerability in BeyondTrust (CVE-2024-12356)
https://censys.com/cve-2024-12356/
A high-risk flaw in BeyondTrust products allows unauthenticated OS command execution, posing a significant threat to privileged access systems.
RegreSSHion Code Execution Vulnerability (CVE-2024-6387)
https://cybersecuritynews.com/regresshion-code-execution-vulnerability/
OpenSSH vulnerability "RegreSSHion" enables remote code execution, and fake exploits targeting security researchers are in circulation.
ISC StormCast for Monday, January 6th, 2025
6 januari 2025 |
8 min
In this episode of the SANS Internet Storm Center's Stormcast, we cover the latest cybersecurity threats and defenses, including Python-delivered malware, goodware hash sets, SSL/TLS protocol updates, and critical vulnerabilities in ASUS routers and Paessler PRTG. Stay informed and secure your systems!
Full details and links to all stories:
SwaetRAT via Python: https://isc.sans.edu/diary/SwaetRAT%20Delivery%20Through%20Python/31554
Goodware Hash Sets: https://isc.sans.edu/diary/Goodware%20Hash%20Sets/31556
SSL/TLS Updates: https://isc.sans.edu/diary/Changes%20in%20SSL%20and%20TLS%20support%20in%202024/31550
Cyberhaven Extension Compromise: https://secureannex.com/blog/cyberhaven-extension-compromise/
PRTG Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-24-1736/
ASUS Router Vulnerabilities: https://cybersecuritynews.com/asus-router-vulnerabilities/
Full details and links to all stories:
SwaetRAT via Python: https://isc.sans.edu/diary/SwaetRAT%20Delivery%20Through%20Python/31554
Goodware Hash Sets: https://isc.sans.edu/diary/Goodware%20Hash%20Sets/31556
SSL/TLS Updates: https://isc.sans.edu/diary/Changes%20in%20SSL%20and%20TLS%20support%20in%202024/31550
Cyberhaven Extension Compromise: https://secureannex.com/blog/cyberhaven-extension-compromise/
PRTG Vulnerability: https://www.zerodayinitiative.com/advisories/ZDI-24-1736/
ASUS Router Vulnerabilities: https://cybersecuritynews.com/asus-router-vulnerabilities/
ISC StormCast for Friday, December 20th, 2024
20 december 2024 |
6 min
PHPUnit and Androxgh0st
https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528
Mirai Attacks Session Smart Routers
https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US
FortiWLM Unauthenticated limited file read vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-23-144
https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/
Beyond Trust Security Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
BadBox Update
https://www.bitsight.com/blog/badbox-botnet-back
https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528
Mirai Attacks Session Smart Routers
https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US
FortiWLM Unauthenticated limited file read vulnerability
https://fortiguard.fortinet.com/psirt/FG-IR-23-144
https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/
Beyond Trust Security Advisory
https://www.beyondtrust.com/trust-center/security-advisories/bt24-10
BadBox Update
https://www.bitsight.com/blog/badbox-botnet-back
ISC StormCast for Thursday, December 19th, 2024
19 december 2024 |
7 min
A Deep Dive into TeamTNT and Spinning YARN
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20A%20Deep%20Dive%20into%20TeamTNT%20and%20Spinning%20YARN/31530
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html
Okta Social Engineering Impersonation Report
https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation
US considers banning TP-Link routers over cybersecurity risks
https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/
CISA Releases Best Practice Guidance for Mobile Communications
https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20A%20Deep%20Dive%20into%20TeamTNT%20and%20Spinning%20YARN/31530
Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks
https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html
Okta Social Engineering Impersonation Report
https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation
US considers banning TP-Link routers over cybersecurity risks
https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/
CISA Releases Best Practice Guidance for Mobile Communications
https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications
ISC StormCast for Wednesday, December 18th, 2024
18 december 2024 |
5 min
Python Delivering AnyDesk Client as RAT
https://isc.sans.edu/diary/Python+Delivering+AnyDesk+Client+as+RAT/31524/
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html
SS7 Attacks
https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716/
CrushFTP Vulnerability
https://crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://isc.sans.edu/diary/Python+Delivering+AnyDesk+Client+as+RAT/31524/
Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion
https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html
SS7 Attacks
https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716/
CrushFTP Vulnerability
https://crushftp.com/crush11wiki/Wiki.jsp?page=Update
ISC StormCast for Tuesday, December 17th, 2024
17 december 2024 |
6 min
MUT-1244 Targeting Offensive Actors
https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
Golang Crypto Vulnerability
https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
https://www.cadosecurity.com/blog/meeten-malware-threat
https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/
Golang Crypto Vulnerability
https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909
Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows
https://www.cadosecurity.com/blog/meeten-malware-threat
ISC StormCast for Monday, December 16th, 2024
16 december 2024 |
5 min
Exploit Attempts Inspired by Recent Struts 2 File Upload Vulnerability
https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520
Citrix Netscaler Password Spraying Mitigation
https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/
Let's Encrypt Six Day Certifiates
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
Devices in Germany Arrived Pre-Pw0n3d
https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/
https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520
Citrix Netscaler Password Spraying Mitigation
https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/
Let's Encrypt Six Day Certifiates
https://letsencrypt.org/2024/12/11/eoy-letter-2024/
Devices in Germany Arrived Pre-Pw0n3d
https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/
ISC StormCast for Friday, December 13th, 2024
13 december 2024 |
6 min
Windows 11 and TPM
https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066
https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/
Microsoft Azure MFA Bypass
https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
Struts 2 Arbitrary File Upload CVE-2024-53677
https://cwiki.apache.org/confluence/display/WW/S2-067
Russian actor Secret Blizzard using tools of other groups to attack Ukraine
https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066
https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/
Microsoft Azure MFA Bypass
https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass
Struts 2 Arbitrary File Upload CVE-2024-53677
https://cwiki.apache.org/confluence/display/WW/S2-067
Russian actor Secret Blizzard using tools of other groups to attack Ukraine
https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/
ISC StormCast for Thursday, December 12th, 2024
12 december 2024 |
6 min
Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813
https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://labs.watchtowr.com/cleo-cve-2024-50623/
https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510
Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS)
https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/
Widespread exploitation of Cleo file transfer software (CVE-2024-50623)
https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild
https://labs.watchtowr.com/cleo-cve-2024-50623/
ISC StormCast for Wednesday, December 11th, 2024
11 december 2024 |
5 min
Microsoft Patch Tuesday December 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508
Ivanty Security Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US
Visual Studio Code Tunnels
https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/
Mitigating NTLM Relay Attacks
https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508
Ivanty Security Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US
Visual Studio Code Tunnels
https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/
Mitigating NTLM Relay Attacks
https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/
ISC StormCast for Tuesday, December 10th, 2024
10 december 2024 |
6 min
CURLing for Crypto on Honeypots
https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Android Monthly Update
https://source.android.com/docs/security/bulletin/pixel/2024-12-01
RCS Not Always Encrypted
https://daringfireball.net/linked/2024/12/04/shame-on-google-messages
https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502
Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection
https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/
Android Monthly Update
https://source.android.com/docs/security/bulletin/pixel/2024-12-01
RCS Not Always Encrypted
https://daringfireball.net/linked/2024/12/04/shame-on-google-messages
ISC StormCast for Monday, December 9th, 2024
9 december 2024 |
6 min
Bypassing WAFs with the Phantom Version Cookie
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
URL File NTLM Hash Disclosure
https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html
Ultralytics Library Infected with Miner
https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169
DaMAgeCard attack targets memory directly thru SD card reader
https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/
https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie
URL File NTLM Hash Disclosure
https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html
Ultralytics Library Infected with Miner
https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169
DaMAgeCard attack targets memory directly thru SD card reader
https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/
ISC StormCast for Friday, December 6th, 2024
6 december 2024 |
5 min
Business E-Mail Compromise
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474
Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
Lorex 2K Indoor Wi-Fi Security Camera
https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf
https://www.lorex.com/products/2k-indoor-wi-fi-security-camera
HPE Aruba Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US
Alan Paller Inducted into the Cybersecurity Hall of Fame
https://cybersecurityhalloffame.org/
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474
Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day
https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029
Lorex 2K Indoor Wi-Fi Security Camera
https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf
https://www.lorex.com/products/2k-indoor-wi-fi-security-camera
HPE Aruba Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US
Alan Paller Inducted into the Cybersecurity Hall of Fame
https://cybersecurityhalloffame.org/
ISC StormCast for Thursday, December 5th, 2024
5 december 2024 |
5 min
Data Analysis: The Unsung Hero of Cybersecurity Expertise
https://isc.sans.edu/diary/Data%20Analysis%3A%20The%20Unsung%20Hero%20of%20Cybersecurity%20Expertise%20%5BGuest%20Diary%5D/31494
FBI Warns iPhone and Android Users Stop Sending Texts
https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/
IdentityIQ Improper Access Control Vulnerability CVE-2024-10905
https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Solana web3.js Backdoor
https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
https://isc.sans.edu/diary/Data%20Analysis%3A%20The%20Unsung%20Hero%20of%20Cybersecurity%20Expertise%20%5BGuest%20Diary%5D/31494
FBI Warns iPhone and Android Users Stop Sending Texts
https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/
IdentityIQ Improper Access Control Vulnerability CVE-2024-10905
https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905
Solana web3.js Backdoor
https://socket.dev/blog/supply-chain-attack-solana-web3-js-library
ISC StormCast for Wednesday, December 4th, 2024
4 december 2024 |
5 min
Extracting Files Embedded Inside Word Documents
https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486
Korea arrests CEO for adding DDoS feature to satellite receivers
https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/
Veeam Vulnerabilities
https://www.veeam.com/kb4679
WPTaskScheduler Presistence and CVE-2024-49039 PoC
https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039
https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486
Korea arrests CEO for adding DDoS feature to satellite receivers
https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/
Veeam Vulnerabilities
https://www.veeam.com/kb4679
WPTaskScheduler Presistence and CVE-2024-49039 PoC
https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039
ISC StormCast for Tuesday, December 3rd, 2024
3 december 2024 |
6 min
Credential Guard and Kerberos delegation
https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488
The Day We Unveiled the Secret Rotation Illusion
https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion
Corrupt Word Documents used in Phshing
https://x.com/anyrun_app/status/1861024182210900357
IBM Security Verify Access Appliance Vulnerabilities
https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806
https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488
The Day We Unveiled the Secret Rotation Illusion
https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion
Corrupt Word Documents used in Phshing
https://x.com/anyrun_app/status/1861024182210900357
IBM Security Verify Access Appliance Vulnerabilities
https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806
ISC StormCast for Monday, December 2nd, 2024
2 december 2024 |
6 min
AWS DShield Sensor + DShield SIEM
https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480
From a Regular Infostealer to its Obfuscated Version
https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484
Credit Card Skimmer Malware Targeting Magento Checkout Pages
https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
Stickers:
https://isc.sans.edu/stickers.html (code PODCAST)
https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480
From a Regular Infostealer to its Obfuscated Version
https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484
Credit Card Skimmer Malware Targeting Magento Checkout Pages
https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html
LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux
https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux
Stickers:
https://isc.sans.edu/stickers.html (code PODCAST)
ISC StormCast for Wednesday, November 27th, 2024
27 november 2024 |
6 min
Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Using%20Zeek%2C%20Snort%2C%20and%20Grafana%20to%20Detect%20Crypto%20Mining%20Malware/31472
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
Introducing NachoVPN: One VPN Server to Pwn Them All
https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/
Keycloak Patches
https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
Palo Alto Networks Global Protect App
https://security.paloaltonetworks.com/CVE-2024-5921
PHP Updates
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Using%20Zeek%2C%20Snort%2C%20and%20Grafana%20to%20Detect%20Crypto%20Mining%20Malware/31472
The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access
https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/
Introducing NachoVPN: One VPN Server to Pwn Them All
https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/
Keycloak Patches
https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3
Palo Alto Networks Global Protect App
https://security.paloaltonetworks.com/CVE-2024-5921
PHP Updates
https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff
ISC StormCast for Tuesday, November 26th, 2024
26 november 2024 |
4 min
Quick & Dirty Obfuscated JavaScript Analysis
https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468
Decrypting a PDF With a User Password
https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466
The strange case of disappearing Russian servers
https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476
QNAP Buggy Firmware Update
https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254
7-ZIP Zstandard Decompression Integer Underflow
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
https://7-zip.org/download.html
https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468
Decrypting a PDF With a User Password
https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466
The strange case of disappearing Russian servers
https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476
QNAP Buggy Firmware Update
https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254
7-ZIP Zstandard Decompression Integer Underflow
https://www.zerodayinitiative.com/advisories/ZDI-24-1532/
https://7-zip.org/download.html
ISC StormCast for Friday, November 22nd, 2024
22 november 2024 |
6 min
Increase In Phishing SVG Attachments
https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456
Logging blind spot revealed in FortiClient VPN
https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/
Needrestart Vulnerability
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456
Logging blind spot revealed in FortiClient VPN
https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/
Needrestart Vulnerability
https://www.qualys.com/2024/11/19/needrestart/needrestart.txt
ISC StormCast for Thursday, November 21st, 2024
21 november 2024 |
5 min
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452
Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
OFBiz Patches CVE-2024-47208 CVE-2024-48962
https://nvd.nist.gov/vuln/detail/CVE-2024-47208
https://seclists.org/oss-sec/2024/q4/95
D-Link Warns of Vulnerability in EOL Devices
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452
Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287
https://www.oracle.com/security-alerts/alert-cve-2024-21287.html
OFBiz Patches CVE-2024-47208 CVE-2024-48962
https://nvd.nist.gov/vuln/detail/CVE-2024-47208
https://seclists.org/oss-sec/2024/q4/95
D-Link Warns of Vulnerability in EOL Devices
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415
ISC StormCast for Wednesday, November 20th, 2024
20 november 2024 |
6 min
Detecting the Presence of a Debugger in Linux
https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450
Palo Alto Patches
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
VMware vCenter Server Attacks
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e
Veritas Enterprise Vault Vulnerability
https://www.veritas.com/support/en_US/security/VTS24-014
https://isc.sans.edu/diary/Detecting%20the%20Presence%20of%20a%20Debugger%20in%20Linux/31450
Palo Alto Patches
https://security.paloaltonetworks.com/CVE-2024-0012
https://security.paloaltonetworks.com/CVE-2024-9474
VMware vCenter Server Attacks
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968e
Veritas Enterprise Vault Vulnerability
https://www.veritas.com/support/en_US/security/VTS24-014
ISC StormCast for Tuesday, November 19th, 2024
19 november 2024 |
5 min
Exploit attempts for unpatched Citrix vulnerability CVE-2024-8068/CVE-2024-8069
https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Microsoft Power Pages: Data Exposure Reviewed
https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/
Zohocorp ManageEngine ADAudit Plus Vulnerable To SQL Injection Attacks CVE-2024-49574
https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html
https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446
https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US
Microsoft Power Pages: Data Exposure Reviewed
https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/
Zohocorp ManageEngine ADAudit Plus Vulnerable To SQL Injection Attacks CVE-2024-49574
https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html
ISC StormCast for Monday, November 18th, 2024
18 november 2024 |
6 min
Ancient TP-Link Backdoor Discovered by Attackers
https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442
GitHub Projects Targeted with Malicious Commits To Frame Researchers
https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
PaloAlto and Fortinet Vulnerabilities
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
https://security.paloaltonetworks.com/PAN-SA-2024-0015
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442
GitHub Projects Targeted with Malicious Commits To Frame Researchers
https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
PaloAlto and Fortinet Vulnerabilities
https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/
https://security.paloaltonetworks.com/PAN-SA-2024-0015
https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/
ISC StormCast for Wednesday, November 13th, 2024
13 november 2024 |
6 min
Microsoft November 2024 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438
CISA Top Routinely Exploited Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
APT Actors Embed Malware within macOS Flutter Applications
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438
CISA Top Routinely Exploited Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a
APT Actors Embed Malware within macOS Flutter Applications
https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/
ISC StormCast for Tuesday, November 12th, 2024
12 november 2024 |
6 min
PDF Object Streams
https://isc.sans.edu/diary/PDF%20Object%20Streams/31430
Mazda Infotainment Vulnerabilities
https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight
https://workos.com/blog/ruby-saml-cve-2024-45409
Veeam Backup Enterprise Manager Vulnerability
https://www.veeam.com/kb4682
Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities
Easy Access to Information for Conducting Fraudulent
Emergency Data Requests Impacts US-Based Companies
and Law Enforcement Agencies
https://www.ic3.gov/CSA/2024/241104.pdf
https://isc.sans.edu/diary/PDF%20Object%20Streams/31430
Mazda Infotainment Vulnerabilities
https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system
Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight
https://workos.com/blog/ruby-saml-cve-2024-45409
Veeam Backup Enterprise Manager Vulnerability
https://www.veeam.com/kb4682
Security Update for Dell Enterprise SONiC Distribution Vulnerabilities
https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities
Easy Access to Information for Conducting Fraudulent
Emergency Data Requests Impacts US-Based Companies
and Law Enforcement Agencies
https://www.ic3.gov/CSA/2024/241104.pdf
ISC StormCast for Monday, November 11th, 2024
11 november 2024 |
5 min
zipdump and pkzip records
https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428
Am I Isolated
https://github.com/edera-dev/am-i-isolated
Locked iPhones Reboot
https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/
https://x.com/naehrdine/status/1854896392797360484
Palo Alto Networks Bulletin
https://security.paloaltonetworks.com/PAN-SA-2024-0015
D-Link Vulnerability
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428
Am I Isolated
https://github.com/edera-dev/am-i-isolated
Locked iPhones Reboot
https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/
https://x.com/naehrdine/status/1854896392797360484
Palo Alto Networks Bulletin
https://security.paloaltonetworks.com/PAN-SA-2024-0015
D-Link Vulnerability
https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07
ISC StormCast for Friday, November 8th, 2024
8 november 2024 |
6 min
Steam Account Checker Poisoned with Infostealer
https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420
Cisco Ultra Reliable Wireless Backhaul Vulnerability
https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html
Breaking Down Multipart Parsers: File upload validation bypass
https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Evasive ZIP Concatenation: Trojan Targets Windows Users
https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/
Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715)
https://www.veeam.com/kb4682
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2024
https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420
Cisco Ultra Reliable Wireless Backhaul Vulnerability
https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html
Breaking Down Multipart Parsers: File upload validation bypass
https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/
Evasive ZIP Concatenation: Trojan Targets Windows Users
https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/
Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715)
https://www.veeam.com/kb4682
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2024
ISC StormCast for Thursday, November 7th, 2024
7 november 2024 |
5 min
Insights from August Web Traffic Surge
https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/
Talkative Air Fryer
https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c
Pygmy Goat Malware Report
https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports
Apple CVE-2024-44258 PoC Exploit
https://github.com/ifpdz/CVE-2024-44258
HPE Arruba vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/
Talkative Air Fryer
https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c
Pygmy Goat Malware Report
https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports
Apple CVE-2024-44258 PoC Exploit
https://github.com/ifpdz/CVE-2024-44258
HPE Arruba vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US
ISC StormCast for Wednesday, November 6th, 2024
6 november 2024 |
5 min
Python RAT with a Nice Screensharing Feature
https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414
Android Security Bulletin November 2024
https://source.android.com/docs/security/bulletin/2024-11-01
Malware Delivered as Virtual Machine
https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/
Fake Docusign Invoices
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414
Android Security Bulletin November 2024
https://source.android.com/docs/security/bulletin/2024-11-01
Malware Delivered as Virtual Machine
https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/
Fake Docusign Invoices
https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/
ISC StormCast for Tuesday, November 5th, 2024
5 november 2024 |
5 min
Analyzing an Encrypted Phishing PDF
https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404
Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191
https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/
QNAP QuRouter Vulnerability and Patch
https://www.qnap.com/en/security-advisory/qsa-24-45
From Naptime to Big Sleep
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404
Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191
https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/
QNAP QuRouter Vulnerability and Patch
https://www.qnap.com/en/security-advisory/qsa-24-45
From Naptime to Big Sleep
https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html
Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878
https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html
ISC StormCast for Monday, November 4th, 2024
4 november 2024 |
6 min
October Activity with Username chenzilong
https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400
qpdf Extracting PDF Streams
https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406
Okta bcrypt issue
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/
https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5
Synology Vulnerabilities
https://www.synology.com/de-de/security/advisory/Synology_SA_24_19
https://www.synology.com/de-de/security/advisory/Synology_SA_24_18
Lastpass Fake Reviews
https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data
https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400
qpdf Extracting PDF Streams
https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406
Okta bcrypt issue
https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/
https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5
Synology Vulnerabilities
https://www.synology.com/de-de/security/advisory/Synology_SA_24_19
https://www.synology.com/de-de/security/advisory/Synology_SA_24_18
Lastpass Fake Reviews
https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data
ISC StormCast for Thursday, October 31st, 2024
31 oktober 2024 |
6 min
Scans for RDP Gateways
https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398
CyberPanel Exploited
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
Windows Themes Files Spoofing CVE-2024-38030
https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html
QNAP Patches CVE-2024-50388, CVE-2024-50387
https://www.qnap.com/en/security-advisory/qsa-24-41
Facebook Malvertising
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398
CyberPanel Exploited
https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/
Windows Themes Files Spoofing CVE-2024-38030
https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html
QNAP Patches CVE-2024-50388, CVE-2024-50387
https://www.qnap.com/en/security-advisory/qsa-24-41
Facebook Malvertising
https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/
ISC StormCast for Wednesday, October 30th, 2024
30 oktober 2024 |
6 min
Critical RCE Vulnerabilty in Cyberpanel
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Spring WebFlux Vulnerability
https://access.redhat.com/security/cve/cve-2024-38821
https://spring.io/security/cve-2024-38821
Inbound SMTP DANE with DNSSEC for Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations
https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce
Spring WebFlux Vulnerability
https://access.redhat.com/security/cve/cve-2024-38821
https://spring.io/security/cve-2024-38821
Inbound SMTP DANE with DNSSEC for Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292
HeptaX: Unauthorized RDP Connections for Cyberespionage Operations
https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/
ISC StormCast for Tuesday, October 29th, 2024
29 oktober 2024 |
5 min
Apple Update Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390
Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials
https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390
Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials
https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/
ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits
ISC StormCast for Monday, October 28th, 2024
28 oktober 2024 |
6 min
Two currently (old) exploited Ivanti vulnerabilities
https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384
Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992
https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/
Okta iOS App Vulnerability CVE-2024-10327
https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/
Threat Alert TeamTNT's docker gatling gun campaign
https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/
https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384
Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992
https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/
Okta iOS App Vulnerability CVE-2024-10327
https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/
Threat Alert TeamTNT's docker gatling gun campaign
https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/
ISC StormCast for Friday, October 25th, 2024
25 oktober 2024 |
5 min
Development Features Enabled in Production
https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7
Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps
https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380
Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials
https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/
Cisco Secure Firewall Management Center Software Command Injection Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7
Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps
https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps
ISC StormCast for Thursday, October 24th, 2024
24 oktober 2024 |
7 min
Everybody Loves Bash Scripts Including Attackers
https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376
Fortimanager Exploited Vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-423
Sharepoint Exploit
https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
OpenSSL Vulnerability
https://openssl-library.org/news/secadv/20241016.txt
Reduced Certificate Lifetime
https://github.com/cabforum/servercert/pull/553
https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376
Fortimanager Exploited Vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-423
Sharepoint Exploit
https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC
OpenSSL Vulnerability
https://openssl-library.org/news/secadv/20241016.txt
Reduced Certificate Lifetime
https://github.com/cabforum/servercert/pull/553
ISC StormCast for Wednesday, October 23rd, 2024
23 oktober 2024 |
5 min
How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?
https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
ISC StormCast for Tuesday, October 22nd, 2024
22 oktober 2024 |
6 min
A Network Nerd's Take on Emergency Preparedness
https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356
HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Fortinet releases patches for undisclosed critical FortiManager vulnerability
https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
ScienceLogic Vulnerability
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356
HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Fortinet releases patches for undisclosed critical FortiManager vulnerability
https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
ScienceLogic Vulnerability
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
ISC StormCast for Monday, October 21st, 2024
21 oktober 2024 |
6 min
Microsoft 365: Partially incomplete log data due to monitoring agent issue
https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem
https://brokencloudstorage.info/paper.pdf
ESET Branded Malware
https://x.com/ESETresearch/status/1847192384448172387
Synology Update
https://www.synology.com/en-us/security/advisory/Synology_SA_24_17
Spring Framework Update CVe-2024-38819 CVE-2024-38820
https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published
Grafana Security Release CVE-2024-9264
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem
https://brokencloudstorage.info/paper.pdf
ESET Branded Malware
https://x.com/ESETresearch/status/1847192384448172387
Synology Update
https://www.synology.com/en-us/security/advisory/Synology_SA_24_17
Spring Framework Update CVe-2024-38819 CVE-2024-38820
https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published
Grafana Security Release CVE-2024-9264
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
ISC StormCast for Friday, October 18th, 2024
18 oktober 2024 |
6 min
Scanning Activity from Subnet 15.184.0.0/16.
https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362
Gatekeeper Bypass
/unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2024.html
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
SAP Vulnerability
https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/
Dept. of Commerce Sites Advertising Medication
https://x.com/tliston/status/1833542884047654984
https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362
Gatekeeper Bypass
/unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2024.html
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
SAP Vulnerability
https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/
Dept. of Commerce Sites Advertising Medication
https://x.com/tliston/status/1833542884047654984
ISC StormCast for Thursday, October 17th, 2024
17 oktober 2024 |
6 min
The Top 10 Not So Common SSH Usernames and Passwords
https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360
CISA Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
Solarwinds Hardcoded Password Exploited CVE-2024-28987
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
Workshop Website:
https://www.sansapi.com/
https://www.sansapi.com/docs
https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360
CISA Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
Solarwinds Hardcoded Password Exploited CVE-2024-28987
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
Workshop Website:
https://www.sansapi.com/
https://www.sansapi.com/docs
ISC StormCast for Wednesday, October 16th, 2024
16 oktober 2024 |
7 min
Angular-base64-upload Demo Script Exploited
https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354
Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage
http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
EDRSilencer
https://github.com/netero1010/EDRSilencer
Synchronizing Passkeys
https://fidoalliance.org/specifications-credential-exchange-specifications/
https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354
Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage
http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
EDRSilencer
https://github.com/netero1010/EDRSilencer
Synchronizing Passkeys
https://fidoalliance.org/specifications-credential-exchange-specifications/
ISC StormCast for Tuesday, October 15th, 2024
15 oktober 2024 |
6 min
Phishing Page Delivered Through a Blob URL
https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350
Fortinet Fortigate CVE 2024-23113 deep dive
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350
Fortinet Fortigate CVE 2024-23113 deep dive
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
ISC StormCast for Monday, October 14th, 2024
14 oktober 2024 |
6 min
Windows PPTP and L2TP Deprecation
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956
BIG-IP LTM Systems Unencrypted Cookie Exploitation
https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956
BIG-IP LTM Systems Unencrypted Cookie Exploitation
https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
ISC StormCast for Friday, October 11th, 2024
11 oktober 2024 |
5 min
Palo Alto Expedition: From N-Day to Full Compromise
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
Firefox 0-Day
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
GitLab Vulnerabilities Patched
https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
Firefox 0-Day
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
GitLab Vulnerabilities Patched
https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/
ISC StormCast for Thursday, October 10th, 2024
10 oktober 2024 |
6 min
From Perfctl to InfoStealer
https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334
Wazuh Abused by Miner Campaign
https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
USB Sticks Still Bridge Airgaps
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
Fortigate Vulnerability now being exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334
Wazuh Abused by Miner Campaign
https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
USB Sticks Still Bridge Airgaps
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
Fortigate Vulnerability now being exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
ISC StormCast for Wednesday, October 9th, 2024
9 oktober 2024 |
7 min
Microsoft Patch Tuesday - October 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
The Disappearance of an Internet Domain
https://every.to/p/the-disappearance-of-an-internet-domain
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
The Disappearance of an Internet Domain
https://every.to/p/the-disappearance-of-an-internet-domain
ISC StormCast for Tuesday, October 8th, 2024
8 oktober 2024 |
6 min
macOS Sequoia: System/Network Admins, Hold On!
https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Apple iTunes PoC
https://github.com/mbog14/CVE-2024-44193
Attackers used ISP's Wiretap System to Spy on Users
https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Apple iTunes PoC
https://github.com/mbog14/CVE-2024-44193
Attackers used ISP's Wiretap System to Spy on Users
https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
ISC StormCast for Monday, October 7th, 2024
7 oktober 2024 |
6 min
Survey of CUPS exploit URLs
https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326
Exposed LDAP Servers
https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit
Exploiting Visual Studio via Dump Files
https://ynwarcs.github.io/exploiting-vs-dump-files
Apple Security Updates
https://support.apple.com/en-us/100100
Free API Security Workshop
https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/
https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326
Exposed LDAP Servers
https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit
Exploiting Visual Studio via Dump Files
https://ynwarcs.github.io/exploiting-vs-dump-files
Apple Security Updates
https://support.apple.com/en-us/100100
Free API Security Workshop
https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/
ISC StormCast for Friday, October 4th, 2024
4 oktober 2024 |
6 min
Kickstart Your DShield Honeypot
https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320
CreanaKeeper Use of Cloud Services
https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/
Pixel Addressing Vulnerabilities in Cellular Modems
https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Optigo Spectra Vulnerabilities
https://claroty.com/team82/disclosure-dashboard/cve-2024-41925
https://claroty.com/team82/disclosure-dashboard/cve-2024-45367
https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320
CreanaKeeper Use of Cloud Services
https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/
Pixel Addressing Vulnerabilities in Cellular Modems
https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Optigo Spectra Vulnerabilities
https://claroty.com/team82/disclosure-dashboard/cve-2024-41925
https://claroty.com/team82/disclosure-dashboard/cve-2024-45367
ISC StormCast for Thursday, October 3rd, 2024
3 oktober 2024 |
7 min
Security Related Docker Containers
https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318
CUPS DDoS Attack
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
Draytek Vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
SANS Munich (free Community Night Tuesday October 15th)
https://www.sans.org/cyber-security-training-events/munich-october-2024/
https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318
CUPS DDoS Attack
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
Draytek Vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
SANS Munich (free Community Night Tuesday October 15th)
https://www.sans.org/cyber-security-training-events/munich-october-2024/
ISC StormCast for Wednesday, October 2nd, 2024
2 oktober 2024 |
6 min
Hurricane Helene Aftermath - Cyber Security Awareness Month
https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Enhancing the security of Microsoft Edge extensions with the new Publish API
https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/
CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw
https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw
https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Enhancing the security of Microsoft Edge extensions with the new Publish API
https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/
CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw
https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw
ISC StormCast for Tuesday, October 1st, 2024
1 oktober 2024 |
6 min
Tool Update: mac-robber.py, le-hex-to-ip.py
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310
Ransomware Attacks Expanding to Hybrid Cloud Environments
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Update on Recall Security and Privacy Architecture
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Detecting Ransomware in Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html
Progress WhatsUp Gold Update
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview
Singapore Class
https://jbu.me/singapore
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310
Ransomware Attacks Expanding to Hybrid Cloud Environments
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Update on Recall Security and Privacy Architecture
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Detecting Ransomware in Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html
Progress WhatsUp Gold Update
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview
Singapore Class
https://jbu.me/singapore
ISC StormCast for Monday, September 30th, 2024
30 september 2024 |
7 min
CUPS Vulnerability
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
ISC StormCast for Friday, September 27th, 2024
27 september 2024 |
7 min
Patch for Critical CUPS vulnerability: Don't Panic
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
ISC StormCast for Thursday, September 26th, 2024
26 september 2024 |
7 min
DNS Reflection Update and Corrupted DNS Requests
https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
ISC StormCast for Wednesday, September 25th, 2024
25 september 2024 |
5 min
Exploitation of RAISECOM Gateway Devices CVE-2024-7120
https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
ISC StormCast for Tuesday, September 24th, 2024
24 september 2024 |
6 min
Phishing Links With @ Sign
https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043
https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043
ISC StormCast for Monday, September 23rd, 2024
23 september 2024 |
5 min
Windows Server Update Services Deprecation
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
ISC StormCast for Friday, September 20th, 2024
20 september 2024 |
8 min
Fake GitHub Site Targeting Developers
https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
ISC StormCast for Thursday, September 19th, 2024
19 september 2024 |
4 min
Python Infostealer Patching Windows Exodus App
https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
ISC StormCast for Wednesday, September 18th, 2024
18 september 2024 |
5 min
23:59, Time to Exfiltrate!
https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
ISC StormCast for Tuesday, September 17th, 2024
17 september 2024 |
5 min
Managing PE Files with Overlays
https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
ISC StormCast for Monday, September 16th, 2024
16 september 2024 |
6 min
Finding Honeypot Clusters Using DBSCAN
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342
ISC StormCast for Friday, September 13th, 2024
13 september 2024 |
5 min
Compromise of old hostname .mobi whois server
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
ISC StormCast for Wednesday, September 11th, 2024
11 september 2024 |
6 min
ISC StormCast for Tuesday, September 10th, 2024
10 september 2024 |
4 min
Critical Loadmaster Security Vulnerability
https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
HA Proxy Patch
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts
https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
Kibana Deserializatio Vulnerability
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119
Stately Taurus Abuses VSCode
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591
HA Proxy Patch
https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html
Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts
https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/
Kibana Deserializatio Vulnerability
https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119
Stately Taurus Abuses VSCode
https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/
ISC StormCast for Monday, September 9th, 2024
9 september 2024 |
6 min
Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
ISC StormCast for Friday, September 6th, 2024
6 september 2024 |
6 min
Enrichment Data: Keeping it Fresh
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
ISC StormCast for Thursday, September 5th, 2024
5 september 2024 |
7 min
Scans for Moodle Learning Platform Following Recent Update
https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230
PyPi Rivival HiJack
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Android Updates
https://source.android.com/docs/security/bulletin/2024-09-01
Mediatec WAPPD PoC Exploit
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up
https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230
PyPi Rivival HiJack
https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/
Android Updates
https://source.android.com/docs/security/bulletin/2024-09-01
Mediatec WAPPD PoC Exploit
https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up
ISC StormCast for Wednesday, September 4th, 2024
4 september 2024 |
7 min
Protected OOXML Text Documents
https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078
Sextortion E-Mails with Photos
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Zyxel OS Command Injection Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link DIR-846W Unpatched RCE Vulnerabilities
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
VMWare Priviledge Escalation Vulnerability CVe-2024-38811
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
YubiKey Sidechannel Attack
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://www.yubico.com/support/security-advisories/ysa-2024-03/
https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078
Sextortion E-Mails with Photos
https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/
Zyxel OS Command Injection Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024
D-Link DIR-846W Unpatched RCE Vulnerabilities
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411
VMWare Priviledge Escalation Vulnerability CVe-2024-38811
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939
YubiKey Sidechannel Attack
https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf
https://www.yubico.com/support/security-advisories/ysa-2024-03/
ISC StormCast for Tuesday, September 3rd, 2024
3 september 2024 |
6 min
Wireshark 4.4: Converting Display Filters to BPF Capture Filters
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
ISC StormCast for Friday, August 30th, 2024
30 augusti 2024 |
14 min
Live Patching DLLs with Python
https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
ISC StormCast for Thursday, August 29th, 2024
29 augusti 2024 |
6 min
Vega-Lite With Kibana To Parse and Display IP Activity Over Time
https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011
https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011
ISC StormCast for Wednesday, August 28th, 2024
28 augusti 2024 |
6 min
Why is Python so Popular to Infect Windows Hosts
https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347
https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347
ISC StormCast for Tuesday, August 27th, 2024
27 augusti 2024 |
6 min
From Highly Obfuscated Batch File to XWorm and Redline
https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992
https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992
ISC StormCast for Monday, August 26th, 2024
26 augusti 2024 |
6 min
Pandas Erros: What encoding are my logs in?
https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
ISC StormCast for Friday, August 23rd, 2024
23 augusti 2024 |
15 min
OpenAI Scans Honeypots
https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
ISC StormCast for Thursday, August 22nd, 2024
22 augusti 2024 |
7 min
Mapping Threats wiht DNSTwist and the Internet Storm Center
https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
ISC StormCast for Wednesday, August 21st, 2024
21 augusti 2024 |
5 min
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108
https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108
ISC StormCast for Tuesday, August 20th, 2024
20 augusti 2024 |
7 min
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python
https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ
https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ
ISC StormCast for Monday, August 19th, 2024
19 augusti 2024 |
6 min
Summarizing Web Honeypot Logs
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf
ISC StormCast for Friday, August 16th, 2024
16 augusti 2024 |
17 min
Wireshark 4.4.0 rc 1 Custom Columns
https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/
https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/
ISC StormCast for Thursday, August 15th, 2024
15 augusti 2024 |
7 min
MSI Malware
https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168
Microsoft IPv6 Vulnerablity CVE-2024-38063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
https://x.com/XiaoWei___/status/1823532146679799993/photo/1
Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/diary/Multiple%20Malware%20Dropped%20Through%20MSI%20Package/31168
Microsoft IPv6 Vulnerablity CVE-2024-38063
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38063
https://x.com/XiaoWei___/status/1823532146679799993/photo/1
Critical Ivanti Virtual Traffic Manager Patch CVE-2024-7593
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Virtual-Traffic-Manager-vTM-CVE-2024-7593?language=en_US
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Wednesday, August 14th, 2024
14 augusti 2024 |
6 min
Microsoft August 2024 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164
NIST Finalizes Post Quantum Encryption Standards
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Zabbix Network Monitoring Updates
https://support.zabbix.com/browse/ZBX-25016
https://support.zabbix.com/browse/ZBX-25013
(and others)
https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164
NIST Finalizes Post Quantum Encryption Standards
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Zabbix Network Monitoring Updates
https://support.zabbix.com/browse/ZBX-25016
https://support.zabbix.com/browse/ZBX-25013
(and others)
ISC StormCast for Tuesday, August 13th, 2024
13 augusti 2024 |
6 min
QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share
https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
Chrome, Edge users beset by malicious extensions that can t be easily removed
https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/
AMD Guest Memory Vulnerabilities
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
Chrome, Edge users beset by malicious extensions that can t be easily removed
https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/
AMD Guest Memory Vulnerabilities
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
ISC StormCast for Monday, August 12th, 2024
12 augusti 2024 |
6 min
CORS/SameOrigin Video
https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html
GL-Inet Patches
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/
Microsoft Office Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html
GL-Inet Patches
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/
Microsoft Office Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
ISC StormCast for Friday, August 9th, 2024
9 augusti 2024 |
6 min
Exploring Anti-Phishing Measures in Microsoft 365
https://certitude.consulting/blog/en/o365-anti-phishing-measures/
SSHamble Security Testing Tool
https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/
macOS Sequoia Weekly Permission Prompts
https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/
.internal domain
https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024
https://certitude.consulting/blog/en/o365-anti-phishing-measures/
SSHamble Security Testing Tool
https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/
macOS Sequoia Weekly Permission Prompts
https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/
.internal domain
https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024
ISC StormCast for Thursday, August 8th, 2024
8 augusti 2024 |
6 min
0.0.0.0 Day Exploiting Localhost APIs from the Browser
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Apple Hardens Gatekeeper
https://developer.apple.com/news/?id=saqachfa
Downgrade Attacks Using Windows Updates
https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Apple Hardens Gatekeeper
https://developer.apple.com/news/?id=saqachfa
Downgrade Attacks Using Windows Updates
https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
ISC StormCast for Wednesday, August 7th, 2024
7 augusti 2024 |
6 min
A Survey of Scans For GeoServer Vulnerabilities
https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148
Crowdstrike Root Cause Analysis
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Kibana Vulnerability
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Android August 2024 Bulletin
https://source.android.com/docs/security/bulletin/2024-08-01
Ubiquity Amplication Attack Vulnerability Update
https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148
Crowdstrike Root Cause Analysis
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Kibana Vulnerability
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Android August 2024 Bulletin
https://source.android.com/docs/security/bulletin/2024-08-01
Ubiquity Amplication Attack Vulnerability Update
https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
ISC StormCast for Tuesday, August 6th, 2024
6 augusti 2024 |
6 min
Script Obfuscation Using Multiple Instances of the Same Function
https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144
Disclosure of key technical details of CrowdStrike's large-scale blue screen
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
New OFBiz Vulnerability
https://issues.apache.org/jira/browse/OFBIZ-13128
https://www.youtube.com/watch?v=J_IxCBjd4Pw
Roundcube XSS Vulnerabilities
https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144
Disclosure of key technical details of CrowdStrike's large-scale blue screen
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
New OFBiz Vulnerability
https://issues.apache.org/jira/browse/OFBIZ-13128
https://www.youtube.com/watch?v=J_IxCBjd4Pw
Roundcube XSS Vulnerabilities
https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
ISC StormCast for Monday, August 5th, 2024
5 augusti 2024 |
6 min
Current Secure Boot Certifiate Authority Expires in 2026
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a
ISC StormCast for Friday, August 2nd, 2024
2 augusti 2024 |
6 min
Tracking Proxy Scans with IPv4.Games
https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
Threat Actor Impersonates Google via Fake Ad For Authenticator
https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
Who Knew? Domain Hijacking is so easy
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
Threat Actor Impersonates Google via Fake Ad For Authenticator
https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
Who Knew? Domain Hijacking is so easy
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
ISC StormCast for Thursday, August 1st, 2024
1 augusti 2024 |
7 min
Increased Activity Against Apache OFBiz CVS-2024-32113
https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132
Digicert Certificate Revocation Incident
https://www.digicert.com/support/certificate-revocation-incident
Microsoft Azure Outage
https://azure.status.microsoft/en-us/status/history/
Improving Security of Chrome Cookies
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132
Digicert Certificate Revocation Incident
https://www.digicert.com/support/certificate-revocation-incident
Microsoft Azure Outage
https://azure.status.microsoft/en-us/status/history/
Improving Security of Chrome Cookies
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
ISC StormCast for Wednesday, July 31st, 2024
31 juli 2024 |
5 min
Apple Updates Everything: July 2024 Edition
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128
VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Weak VoWiFi Encryption CVE-2024-22064
https://idw-online.de/en/news837652
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128
VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Weak VoWiFi Encryption CVE-2024-22064
https://idw-online.de/en/news837652
ISC StormCast for Tuesday, July 30th, 2024
30 juli 2024 |
6 min
CrowdStrike Outage Themed Maldoc
https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116
HotJar XSS Puts OAuth at Risk
https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss
Proofpoint Echospoofing
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116
HotJar XSS Puts OAuth at Risk
https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss
Proofpoint Echospoofing
https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6
ISC StormCast for Monday, July 29th, 2024
29 juli 2024 |
6 min
ExelaStealer Delivered "From Russia With Love"
https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
ISC StormCast for Friday, July 26th, 2024
26 juli 2024 |
6 min
X-Worm Hidden With Process Hollowing
https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112
Anyone Can Access Deleted and Private Repo Data on GitHub
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Google Chrome Scanning Encrypted Files
https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112
Anyone Can Access Deleted and Private Repo Data on GitHub
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Google Chrome Scanning Encrypted Files
https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
ISC StormCast for Thursday, July 25th, 2024
25 juli 2024 |
6 min
"Mouse Logger" Malicious Python Script
https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106
Crowdstrike Preliminary Post Incident Review
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106
Crowdstrike Preliminary Post Incident Review
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
ISC StormCast for Wednesday, July 24th, 2024
24 juli 2024 |
6 min
New Exploit Variation Against D-Link NAS Devices
https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102
APKs Masquerading as Videos on Telegram
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Goodbye Attackers can Bypass Windows Hello Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
Let's Encrypt Intends to End OCSP Service
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
Google Third-Party Cookies are hanging around
https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102
APKs Masquerading as Videos on Telegram
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Goodbye Attackers can Bypass Windows Hello Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
Let's Encrypt Intends to End OCSP Service
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
Google Third-Party Cookies are hanging around
https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
ISC StormCast for Tuesday, July 23rd, 2024
23 juli 2024 |
5 min
CrowdStrike Update
https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098
https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
Keynote Recording
https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/
https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098
https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/
Keynote Recording
https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/
ISC StormCast for Monday, July 22nd, 2024
22 juli 2024 |
9 min
Widespread Windows Crashes Due to Crowdstrike Updates
https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
ISC StormCast for Friday, July 19th, 2024
19 juli 2024 |
6 min
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2024.html
Exchange Online Implementing Inbound SMTP DANE with DNSSEC
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257
VPN Port Shadowing Vulnerability
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
https://www.oracle.com/security-alerts/cpujul2024.html
Exchange Online Implementing Inbound SMTP DANE with DNSSEC
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257
VPN Port Shadowing Vulnerability
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
ISC StormCast for Thursday, July 18th, 2024
18 juli 2024 |
6 min
Who You Gonna Call: Androx Gh0st Busters!
https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086
Cisco Smart Software Manager Vulnerability CVE-2024-20419
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Microsoft Introducing Checkpoint Updates
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552
GeoServer Patches
https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086
Cisco Smart Software Manager Vulnerability CVE-2024-20419
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Microsoft Introducing Checkpoint Updates
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552
GeoServer Patches
https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
ISC StormCast for Wednesday, July 17th, 2024
17 juli 2024 |
6 min
Reply Chain Phishing With a Twist
https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084
Claroty TP-Link and Synology IP Camera Exploits
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
Cosmic Sting Hits Adobe Commerce Stores
https://sansec.io/research/cosmicsting-hitting-major-stores
https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084
Claroty TP-Link and Synology IP Camera Exploits
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
Cosmic Sting Hits Adobe Commerce Stores
https://sansec.io/research/cosmicsting-hitting-major-stores
ISC StormCast for Tuesday, July 16th, 2024
16 juli 2024 |
6 min
Protected OOXML Spreadsheets
https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070
Leaked PyPi Secret Token Revealed in Binary
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
Microsoft 365 Defender Affected by June Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070
Leaked PyPi Secret Token Revealed in Binary
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
Microsoft 365 Defender Affected by June Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
ISC StormCast for Monday, July 15th, 2024
15 juli 2024 |
7 min
16-Bit Hash Collisions in XLS Spreadsheets
https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
ISC StormCast for Friday, July 12th, 2024
12 juli 2024 |
8 min
Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots
https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064
Patch or Peril: A Veeam Vulnerability Incident
https://www.group-ib.com/blog/estate-ransomware/
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories]
VMWare Aria Automation SQL Injection Vuln;
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598
Leaked SMS Messages
https://www.ccc.de/de/updates/2024/2fa-sms
https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064
Patch or Peril: A Veeam Vulnerability Incident
https://www.group-ib.com/blog/estate-ransomware/
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories]
VMWare Aria Automation SQL Injection Vuln;
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598
Leaked SMS Messages
https://www.ccc.de/de/updates/2024/2fa-sms
ISC StormCast for Thursday, July 11th, 2024
11 juli 2024 |
6 min
Finding Honeypot Data Clusters Using DBSCAN Part 1
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050
Second RegreSSHion Like OpenSSH Vulnerability
https://lwn.net/ml/all/[email protected]/
Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py
Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236
OpenVPN Updates
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050
Second RegreSSHion Like OpenSSH Vulnerability
https://lwn.net/ml/all/[email protected]/
Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py
Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236
OpenVPN Updates
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
ISC StormCast for Wednesday, July 10th, 2024
10 juli 2024 |
6 min
Microsoft Patch Tuesday July 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
RADIUS protocol susceptible to forgery attacks
https://kb.cert.org/vuls/id/456537
https://www.inkbridgenetworks.com/blastradius/faq
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
RADIUS protocol susceptible to forgery attacks
https://kb.cert.org/vuls/id/456537
https://www.inkbridgenetworks.com/blastradius/faq
ISC StormCast for Tuesday, July 9th, 2024
9 juli 2024 |
6 min
Kunai: Keep an Eye on your Linux Hosts Activity
https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054
Decryptor for DoNex Ransomware
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve)
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Exim Bypass Attachment Inspection
https://bugs.exim.org/show_bug.cgi?id=3099#c4
Toshiba/Sharp Printer vulnerabilities
https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054
Decryptor for DoNex Ransomware
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve)
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Exim Bypass Attachment Inspection
https://bugs.exim.org/show_bug.cgi?id=3099#c4
Toshiba/Sharp Printer vulnerabilities
https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
ISC StormCast for Monday, July 8th, 2024
8 juli 2024 |
9 min
OpenSSH RegreSSHion Vulnerability
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046
Overlooked Domain Name Resliency Issues: Registrar Communications
https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048
Cloudflare 1.1.1.1 incident on Juine 27th 2024
https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024
https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt
https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046
Overlooked Domain Name Resliency Issues: Registrar Communications
https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048
Cloudflare 1.1.1.1 incident on Juine 27th 2024
https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024
ISC StormCast for Friday, June 28th, 2024
28 juni 2024 |
7 min
What Setting Live Traps For Cybercriminals Taught Me About Security
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
ISC StormCast for Thursday, June 27th, 2024
27 juni 2024 |
6 min
Critical Progress MOVEit Authentication Bypass Vulnerability
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
Polyfill.io Supply Chain Attack
https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack
Apple AirPods Firmware Update
https://support.apple.com/en-us/HT214111
https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/
https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806
Polyfill.io Supply Chain Attack
https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack
Apple AirPods Firmware Update
https://support.apple.com/en-us/HT214111
ISC StormCast for Wednesday, June 26th, 2024
26 juni 2024 |
6 min
TCP Latency Sidechannel
https://www.snailload.com/snailload.pdf
Microsoft Management Console for Intial Access and Evasion
https://www.elastic.co/security-labs/grimresource
Wyze Camera Vulnerabilities
https://forums.wyze.com/t/security-advisory/289256
https://www.snailload.com/snailload.pdf
Microsoft Management Console for Intial Access and Evasion
https://www.elastic.co/security-labs/grimresource
Wyze Camera Vulnerabilities
https://forums.wyze.com/t/security-advisory/289256
ISC StormCast for Tuesday, June 25th, 2024
25 juni 2024 |
5 min
Configuration Scans Expand
https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032
SQL Server Emergency Fix
https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1
Juniper Security Analytics Update
https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US
MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815
https://jprx.io/cve-2024-27815/
https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032
SQL Server Emergency Fix
https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1
Juniper Security Analytics Update
https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US
MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815
https://jprx.io/cve-2024-27815/
ISC StormCast for Monday, June 24th, 2024
24 juni 2024 |
7 min
Sysinternals Process Monitor Version 4 Released
https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
ISC StormCast for Friday, June 21st, 2024
21 juni 2024 |
5 min
No Excuses: Free Tools to Help Secure Authentication in Ubuntu
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
ISC StormCast for Tuesday, June 18th, 2024
18 juni 2024 |
5 min
New NetSupport Campaign Deleivered Through MSIX Packages
https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
ISC StormCast for Monday, June 17th, 2024
17 juni 2024 |
5 min
Overview of My Tools That Handle JSON Data
https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
ISC StormCast for Friday, June 14th, 2024
14 juni 2024 |
6 min
The Art of JQ and Command-Line Fu
https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
ISC StormCast for Thursday, June 13th, 2024
13 juni 2024 |
5 min
MSMQ Packets
https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
ISC StormCast for Wednesday, June 12th, 2024
12 juni 2024 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
ISC StormCast for Tuesday, June 11th, 2024
11 juni 2024 |
6 min
Veeam Exploit CVE-2024-29849
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ
ISC StormCast for Monday, June 10th, 2024
10 juni 2024 |
8 min
PHP Unicode Remote Code Execution Exploit
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
PyTorch Distributed RPC Framework Remote Code Execution
https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3
https://www.cve.org/CVERecord?id=CVE-2024-5480
Malicious VSCode Extensions Used by Researchers
https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/
https://blog.orange.tw/2024/06/cve-2024-4577-yet-another-php-rce.html
https://labs.watchtowr.com/no-way-php-strikes-again-cve-2024-4577/
PyTorch Distributed RPC Framework Remote Code Execution
https://huntr.com/bounties/39811836-c5b3-4999-831e-46fee8fcade3
https://www.cve.org/CVERecord?id=CVE-2024-5480
Malicious VSCode Extensions Used by Researchers
https://www.bleepingcomputer.com/news/security/malicious-visual-studio-code-extensions-with-millions-of-installs-discovered/
ISC StormCast for Friday, June 7th, 2024
7 juni 2024 |
6 min
Malicious Python Script with a "Best Before" Date
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
ISC StormCast for Thursday, June 6th, 2024
6 juni 2024 |
6 min
WatchGuard VPN Brutefording
https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
ISC StormCast for Wednesday, June 5th, 2024
5 juni 2024 |
6 min
No Defender Yes Defender
https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980
Fake Job Ads Lead to Stolen Crypto Currency
https://www.ic3.gov/Media/Y2024/PSA240604
Zyxel NAS Vulnerabilities
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980
Fake Job Ads Lead to Stolen Crypto Currency
https://www.ic3.gov/Media/Y2024/PSA240604
Zyxel NAS Vulnerabilities
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
ISC StormCast for Tuesday, June 4th, 2024
4 juni 2024 |
6 min
A Wireshark Lua Dissector for Fixed Field Length Protocols
https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
ISC StormCast for Monday, June 3rd, 2024
3 juni 2024 |
6 min
K1w1 Infostealer Uses gofile.io for Exfiltration
https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure
https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure
ISC StormCast for Friday, May 31st, 2024
31 maj 2024 |
15 min
Feeding MISP with OSSEC
https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
ISC StormCast for Thursday, May 30th, 2024
30 maj 2024 |
6 min
Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs
https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg
https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg
ISC StormCast for Wednesday, May 29th, 2024
29 maj 2024 |
5 min
Preventing SQL Injection with Python
https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei
https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei
ISC StormCast for Tuesday, May 28th, 2024
28 maj 2024 |
6 min
Files with TGZ Extension used as malspam attachements
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522
ISC StormCast for Friday, May 24th, 2024
24 maj 2024 |
7 min
Analysis of 'redtail' file uploads to ISC Honeypot
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
ISC StormCast for Thursday, May 23rd, 2024
23 maj 2024 |
9 min
NMAP Scanning Without Scanning - The ipinfo API
https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
ISC StormCast for Wednesday, May 22nd, 2024
22 maj 2024 |
7 min
Scanning without Scanning with nmap
https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944
iTerm2 Vulnerablities
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
GitHub Enterprise Vulnerablity CVE-2024-4985
https://nvd.nist.gov/vuln/detail/CVE-2024-4985
BitBucket Pipelines Leaking Secrets
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
Microsoft Recall Privacy
https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944
iTerm2 Vulnerablities
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
GitHub Enterprise Vulnerablity CVE-2024-4985
https://nvd.nist.gov/vuln/detail/CVE-2024-4985
BitBucket Pipelines Leaking Secrets
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
Microsoft Recall Privacy
https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
ISC StormCast for Tuesday, May 21st, 2024
21 maj 2024 |
6 min
Analyzing MSG Files
https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940
Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Git Vulnerability CVE-2024-32002 PoC
https://amalmurali.me/posts/git-rce/
Google Chrome CVE-2024-4947 PoC
https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940
Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Git Vulnerability CVE-2024-32002 PoC
https://amalmurali.me/posts/git-rce/
Google Chrome CVE-2024-4947 PoC
https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
ISC StormCast for Monday, May 20th, 2024
20 maj 2024 |
6 min
Another PDF Streams Example: Extracting JPEGs
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc
Dlink Vulnerabilities Exploited
https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog
Ivanti PoC Exploit CVE 2024-22026
https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc
Dlink Vulnerabilities Exploited
https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog
Ivanti PoC Exploit CVE 2024-22026
https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
ISC StormCast for Friday, May 17th, 2024
17 maj 2024 |
5 min
Why yq? Adventurs in XML
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Android Theft Protection Improvement
https://blog.google/products/android/android-theft-protection/
Critical Git Update
https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Android Theft Protection Improvement
https://blog.google/products/android/android-theft-protection/
Critical Git Update
https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
ISC StormCast for Thursday, May 16th, 2024
16 maj 2024 |
6 min
Got MFA? If not, now is the time!
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
ISC StormCast for Wednesday, May 15th, 2024
15 maj 2024 |
8 min
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
Revoking Vulnerability Windows Boot Managers
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
Revoking Vulnerability Windows Boot Managers
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
ISC StormCast for Tuesday, May 14th, 2024
14 maj 2024 |
6 min
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
ISC StormCast for Monday, May 13th, 2024
13 maj 2024 |
6 min
DNS Suffixes on Windows
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Solarwinds ARM Vulnerablities
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Solarwinds ARM Vulnerablities
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
ISC StormCast for Friday, May 10th, 2024
10 maj 2024 |
6 min
Analyzing PDF Streams
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
ISC StormCast for Thursday, May 9th, 2024
9 maj 2024 |
6 min
Analzying Synology Disks
https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904
RSA Panel
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
ISC StormCast for Wednesday, May 8th, 2024
8 maj 2024 |
8 min
Detecting XFinity/Comcast DNS Spoofing
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533
ISC StormCast for Tuesday, May 7th, 2024
7 maj 2024 |
6 min
DHCP Based VPN Routing Leaks
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
ISC StormCast for Monday, May 6th, 2024
6 maj 2024 |
6 min
DNS Debugging with nslookup
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/
ISC StormCast for Friday, May 3rd, 2024
3 maj 2024 |
6 min
https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
ISC StormCast for Thursday, May 2nd, 2024
2 maj 2024 |
7 min
Linux Trojan - Xorddos with Filename eyshcjdmzg
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912
ISC StormCast for Wednesday, May 1st, 2024
1 maj 2024 |
7 min
Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
ISC StormCast for Tuesday, April 30th, 2024
30 april 2024 |
7 min
DLink NAS Exploit Variation
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316
ISC StormCast for Monday, April 29th, 2024
29 april 2024 |
7 min
Okta warns of increase in credential stuffing
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
ISC StormCast for Friday, April 26th, 2024
26 april 2024 |
20 min
Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
ISC StormCast for Thursday, April 25th, 2024
25 april 2024 |
6 min
API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/
ISC StormCast for Wednesday, April 24th, 2024
24 april 2024 |
6 min
Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
ISC StormCast for Tuesday, April 23rd, 2024
23 april 2024 |
6 min
Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
ISC StormCast for Monday, April 22nd, 2024
22 april 2024 |
6 min
The CVE's They are A-Changing
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400
ISC StormCast for Friday, April 19th, 2024
19 april 2024 |
5 min
Delinea Secret Server Authn Authz Bypass
https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
Ivanti Avalanche Poc/Details
https://www.tenable.com/security/research/tra-2024-10
Advanced Phishing Campaign
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Hashicorp go-getter update CVE-2024-3817
https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040
OfflRouter Virus
https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/
https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3
Ivanti Avalanche Poc/Details
https://www.tenable.com/security/research/tra-2024-10
Advanced Phishing Campaign
https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit
Hashicorp go-getter update CVE-2024-3817
https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040
OfflRouter Virus
https://blog.talosintelligence.com/offlrouter-virus-causes-upload-confidential-documents-to-virustotal/
ISC StormCast for Thursday, April 18th, 2024
18 april 2024 |
5 min
Malicious PDF File As Delivery Mechanism
https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848
Updated Palo Alto Networks GlobalProtect Guidance
https://security.paloaltonetworks.com/CVE-2024-3400
Coordinated Social Engineering Takeovers of Open Source Projects;
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
OpenMetaData Attacks
https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848
Updated Palo Alto Networks GlobalProtect Guidance
https://security.paloaltonetworks.com/CVE-2024-3400
Coordinated Social Engineering Takeovers of Open Source Projects;
https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/
OpenMetaData Attacks
https://www.microsoft.com/en-us/security/blog/2024/04/17/attackers-exploiting-new-critical-openmetadata-vulnerabilities-on-kubernetes-clusters/
ISC StormCast for Wednesday, April 17th, 2024
17 april 2024 |
6 min
Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400
https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/
Putty Private Key Recovery
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuapr2024.html
Ivanti Avalanche MDM Patches
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US
https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/
Putty Private Key Recovery
https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuapr2024.html
Ivanti Avalanche MDM Patches
https://forums.ivanti.com/s/article/Avalanche-6-4-3-Security-Hardening-and-CVEs-addressed?language=en_US
ISC StormCast for Tuesday, April 16th, 2024
16 april 2024 |
6 min
Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400
https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/oss-sec/2024/q2/113
Duo SMS and VoiP Logs Leaked
https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
Lastpass Stops Deepfake Attack
https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
https://isc.sans.edu/diary/30838
Delinea patches critical vulnerability in secret manager
https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3
Lancom Windows Setup Assistant May Reset Password
https://www.lancom-systems.com/service-support/general-security-information
PHP Patches
https://seclists.org/oss-sec/2024/q2/113
Duo SMS and VoiP Logs Leaked
https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs&elq=bd1c1886a59e40c09915b029a74be94e
Lastpass Stops Deepfake Attack
https://blog.lastpass.com/posts/2024/04/attempted-audio-deepfake-call-targets-lastpass-employee
ISC StormCast for Sunday, April 14th, 2024
13 april 2024 |
6 min
ISC StormCast for Friday, April 12th, 2024
12 april 2024 |
6 min
BatBadBut: You can't securely execute commands on Windows
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
ISC StormCast for Thursday, April 11th, 2024
11 april 2024 |
6 min
Rust Command API code execution vulnerability CVE-2024-24576
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
ISC StormCast for Wednesday, April 10th, 2024
10 april 2024 |
7 min
Microsoft Patches
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
ISC StormCast for Tuesday, April 9th, 2024
9 april 2024 |
6 min
A Use Case for Adding Threat Hunting to Your Security Operations Team.
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
ISC StormCast for Monday, April 8th, 2024
8 april 2024 |
5 min
Heartbleed 10th Anniversary
https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215
SANS London April Evening Talk
https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215
SANS London April Evening Talk
https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
ISC StormCast for Friday, April 5th, 2024
5 april 2024 |
15 min
Slicing up DoNex with Binary Ninja
https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazzella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazzella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
ISC StormCast for Thursday, April 4th, 2024
4 april 2024 |
6 min
Playing with xzbot: Some things you can learn from SSH traffic
https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Google Pixel Zero Day
https://source.android.com/docs/security/bulletin/pixel/2024-04-01
https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Google Pixel Zero Day
https://source.android.com/docs/security/bulletin/pixel/2024-04-01
ISC StormCast for Wednesday, April 3rd, 2024
3 april 2024 |
6 min
Chrome Incognito Mode Settlement
https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Apache Pulsar Vulnerability
https://pulsar.apache.org/security/CVE-2024-29834/
Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST
https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Apache Pulsar Vulnerability
https://pulsar.apache.org/security/CVE-2024-29834/
Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST
https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
ISC StormCast for Tuesday, April 2nd, 2024
2 april 2024 |
7 min
The amazingly scary xz sshd backdoor
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
ISC StormCast for Monday, April 1st, 2024
1 april 2024 |
8 min
xz-utils Backdoor CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engineering Attempts to Include Backdoor in Distros
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
https://news.ycombinator.com/item?id=39866275
Github Repo (now disabled)
https://github.com/tukaani-project/xz
Statements from Distributions
https://www.kali.org/blog/about-the-xz-backdoor/
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://access.redhat.com/security/cve/CVE-2024-3094
https://bugs.gentoo.org/928134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engineering Attempts to Include Backdoor in Distros
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
https://news.ycombinator.com/item?id=39866275
Github Repo (now disabled)
https://github.com/tukaani-project/xz
Statements from Distributions
https://www.kali.org/blog/about-the-xz-backdoor/
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://access.redhat.com/security/cve/CVE-2024-3094
https://bugs.gentoo.org/928134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
ISC StormCast for Friday, March 29th, 2024
29 mars 2024 |
6 min
From JavaScript to AsyncRAT
https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788
TeamCity Patches
https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980
https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/
Google Zero Day Report
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788
TeamCity Patches
https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980
https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/
Google Zero Day Report
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
ISC StormCast for Thursday, March 28th, 2024
28 mars 2024 |
5 min
Scans for Apache OfBiz
https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent "MFA Bombing" Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent "MFA Bombing" Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
ISC StormCast for Wednesday, March 27th, 2024
27 mars 2024 |
6 min
New tool: linux-pkgs.sh
https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
ISC StormCast for Tuesday, March 26th, 2024
26 mars 2024 |
6 min
Tool updates: le-hex-to-ip.py and sigs.py
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/
ISC StormCast for Monday, March 25th, 2024
25 mars 2024 |
6 min
1768.py's Experimental Mode
https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
ISC StormCast for Friday, March 22nd, 2024
22 mars 2024 |
6 min
Geofeed
https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
ISC StormCast for Thursday, March 21st, 2024
21 mars 2024 |
6 min
Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability
https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
ISC StormCast for Wednesday, March 20th, 2024
20 mars 2024 |
5 min
Attacker Hunting Firewalls
https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
ISC StormCast for Tuesday, March 19th, 2024
19 mars 2024 |
5 min
Microsoft announced deprecation of 1024 bit RSA Keys
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
ISC StormCast for Monday, March 18th, 2024
18 mars 2024 |
7 min
5GHoul Revisted: Thress Months Later
https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746
Obfuscated Hexadecimal Payload
https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750
ChatGPT Related OAUTH Issues
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit
RedCanary Threat Detection Report
https://redcanary.com/threat-detection-report/
CRL/OCSP Changes
https://github.com/cabforum/servercert/blob/main/docs/BR.md
https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746
Obfuscated Hexadecimal Payload
https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750
ChatGPT Related OAUTH Issues
https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit
RedCanary Threat Detection Report
https://redcanary.com/threat-detection-report/
CRL/OCSP Changes
https://github.com/cabforum/servercert/blob/main/docs/BR.md
ISC StormCast for Friday, March 15th, 2024
15 mars 2024 |
21 min
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744
Fortinet New Vulnerabilities
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Fortinet Updates
https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/
Arcserve UDP Vulnerability and PoC
https://www.tenable.com/security/research/tra-2024-07
Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744
Fortinet New Vulnerabilities
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Fortinet Updates
https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/
Arcserve UDP Vulnerability and PoC
https://www.tenable.com/security/research/tra-2024-07
Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
ISC StormCast for Thursday, March 14th, 2024
14 mars 2024 |
5 min
Using ChatGPT to Deofuscate Malicious Scripts
https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740
Critical Fortinet Vulnerabilities
https://fortiguard.fortinet.com/psirt
Adobe Security Bulletins
https://helpx.adobe.com/security/security-bulletin.html
Kubernetes Local Volumes Command Injection Vulnerability
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740
Critical Fortinet Vulnerabilities
https://fortiguard.fortinet.com/psirt
Adobe Security Bulletins
https://helpx.adobe.com/security/security-bulletin.html
Kubernetes Local Volumes Command Injection Vulnerability
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
ISC StormCast for Wednesday, March 13th, 2024
13 mars 2024 |
6 min
Microsoft Patch Tuesday March 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736
Death Knell of NVD
https://resilientcyber.substack.com/p/death-knell-of-the-nvd
Unrestricted file upload vulnerability in ManageEngine Desktop Central
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central
Siemens Fire Protection System Updates
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736
Death Knell of NVD
https://resilientcyber.substack.com/p/death-knell-of-the-nvd
Unrestricted file upload vulnerability in ManageEngine Desktop Central
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central
Siemens Fire Protection System Updates
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
ISC StormCast for Tuesday, March 12th, 2024
12 mars 2024 |
6 min
What happens when you accidentially leak your AWS API Keys
https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730
How Crypto Imposters are using Calendly to infect Macs with Malware
https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/
https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Misconfiguration Manager: Overlooked and Overprivileged
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730
How Crypto Imposters are using Calendly to infect Macs with Malware
https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/
https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Misconfiguration Manager: Overlooked and Overprivileged
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
ISC StormCast for Monday, March 11th, 2024
11 mars 2024 |
7 min
Attack Wrangles Thousands of Web Users into a Password Cracking Botnet
https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet
Cisco VPN Client Vuln
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Fortinet Vulnerability Exploited
https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls
pgAdmin Path Traversal
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
Font Vulnerabilities
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
QNAP Flaws
https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet
Cisco VPN Client Vuln
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Fortinet Vulnerability Exploited
https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls
pgAdmin Path Traversal
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
Font Vulnerabilities
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
QNAP Flaws
https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
ISC StormCast for Friday, March 8th, 2024
8 mars 2024 |
5 min
AWS Deploymnet Risks - Configuration and Credential File Targeting
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722
Apple Updates
https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726
NSA/CISA Secure Cloud Guides
https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF
https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF
https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722
Apple Updates
https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726
NSA/CISA Secure Cloud Guides
https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407858/-1/-1/0/CSI-CloudTop10-Key-Management.PDF
https://media.defense.gov/2024/Mar/07/2003407859/-1/-1/0/CSI-CloudTop10-Managed-Service-Providers.PDF
https://media.defense.gov/2024/Mar/07/2003407862/-1/-1/0/CSI-CloudTop10-Secure-Data.PDF
https://media.defense.gov/2024/Mar/07/2003407861/-1/-1/0/CSI-CloudTop10-Network-Segmentation.PDF
ISC StormCast for Thursday, March 7th, 2024
7 mars 2024 |
6 min
Scanning and Abusing the QUIC Protocol
https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720
Google Chrome Update
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Spinning YARN
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
Teamcity Exploited
https://twitter.com/leak_ix/status/1765460190621581347
https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720
Google Chrome Update
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Spinning YARN
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
Teamcity Exploited
https://twitter.com/leak_ix/status/1765460190621581347
ISC StormCast for Wednesday, March 6th, 2024
6 mars 2024 |
7 min
iOS/iPadOS Updates with Zero Day Fixes
https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
ISC StormCast for Tuesday, March 5th, 2024
5 mars 2024 |
6 min
Capturing DShield Packets with a LAN Tap
https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708
Additional Critical Security Issues Affecting Teamcity
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
GitHub Push Protection Now On By Default
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Android Updates
https://source.android.com/docs/security/bulletin/2024-03-01
Linksys E-2000 Vulnerablity
https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708
Additional Critical Security Issues Affecting Teamcity
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
GitHub Push Protection Now On By Default
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Android Updates
https://source.android.com/docs/security/bulletin/2024-03-01
Linksys E-2000 Vulnerablity
https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
ISC StormCast for Monday, March 4th, 2024
4 mars 2024 |
5 min
Scanning for Confluence CVE-2022-26134
https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
Silver SAML: Golden SAML in the Cloud
https://www.semperis.com/blog/meet-silver-saml/
https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
Silver SAML: Golden SAML in the Cloud
https://www.semperis.com/blog/meet-silver-saml/
ISC StormCast for Friday, March 1st, 2024
1 mars 2024 |
6 min
Dissecting DarkGate: Module Malware Delivery and Persistence as a Service
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700
Ivanti Incident Response Update
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Github Flooded with Infected Repos
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack
Security Flaws in NoName Doorbell Cameras
https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700
Ivanti Incident Response Update
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Github Flooded with Infected Repos
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack
Security Flaws in NoName Doorbell Cameras
https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
ISC StormCast for Thursday, February 29th, 2024
29 februari 2024 |
6 min
Exploit Attempts for Unknown Password Reset Vulnerability
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698
StopRansomware: Updated ALPHV Blackcat Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
GlobalBlock Service To Prevent Trademark abuse
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698
StopRansomware: Updated ALPHV Blackcat Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
GlobalBlock Service To Prevent Trademark abuse
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
ISC StormCast for Wednesday, February 28th, 2024
28 februari 2024 |
6 min
Take Downs and the Rest of Us: Do they matter?
https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694
Joint Cybersecurity Advisory
https://www.ic3.gov/Media/News/2024/240227.pdf
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694
Joint Cybersecurity Advisory
https://www.ic3.gov/Media/News/2024/240227.pdf
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
ISC StormCast for Tuesday, February 27th, 2024
27 februari 2024 |
6 min
Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot
https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688
New WiFi Authentication Vulnerabilities Discovered
https://www.top10vpn.com/research/wifi-vulnerabilities/
Subdomain Takeover Spam
https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688
New WiFi Authentication Vulnerabilities Discovered
https://www.top10vpn.com/research/wifi-vulnerabilities/
Subdomain Takeover Spam
https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
ISC StormCast for Monday, February 26th, 2024
26 februari 2024 |
6 min
Update MGLNDD * Scans
https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
ISC StormCast for Friday, February 23rd, 2024
23 februari 2024 |
6 min
Friend, Foe or Something In Between
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake
ISC StormCast for Thursday, February 22nd, 2024
22 februari 2024 |
7 min
Phishing Pages Hosted on Archive.org
https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/
ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
iMessage with PQ3
https://security.apple.com/blog/imessage-pq3/
https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/
ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
iMessage with PQ3
https://security.apple.com/blog/imessage-pq3/
ISC StormCast for Wednesday, February 21st, 2024
21 februari 2024 |
6 min
Python InfoStealer Wtih Dynamic Sandbox Detection
https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668
Connectwise Screenconnect Vulnerabilities
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250
https://kb.vmware.com/s/article/96442
Voltage Noise to Manipulate Wireless Chargers
https://arxiv.org/pdf/2402.11423.pdf
https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668
Connectwise Screenconnect Vulnerabilities
https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250
https://kb.vmware.com/s/article/96442
Voltage Noise to Manipulate Wireless Chargers
https://arxiv.org/pdf/2402.11423.pdf
ISC StormCast for Tuesday, February 20th, 2024
20 februari 2024 |
6 min
Old Mirai New Exploits
https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
ISC StormCast for Monday, February 19th, 2024
19 februari 2024 |
8 min
SolarWinds Security Advisories
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm
Google Chrome Adds Private Network Checks
https://chromestatus.com/feature/4869685172764672
Gold Factory iOS Trojan
https://www.group-ib.com/blog/goldfactory-ios-trojan/
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm
Google Chrome Adds Private Network Checks
https://chromestatus.com/feature/4869685172764672
Gold Factory iOS Trojan
https://www.group-ib.com/blog/goldfactory-ios-trojan/
ISC StormCast for Friday, February 16th, 2024
16 februari 2024 |
13 min
USPS Anchors Snowballing Smishing Campaigns
https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/
Linux Issuing CVEs
http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
Analyzing Pulse Secure Firmware and Bypassing Integrity Checking
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques
https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/
Linux Issuing CVEs
http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
Analyzing Pulse Secure Firmware and Bypassing Integrity Checking
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques
https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
ISC StormCast for Thursday, February 15th, 2024
15 februari 2024 |
6 min
Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648
Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
The Risks of the Monikerlink Bug in Microsoft Outlook
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
AMD Patches
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648
Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
The Risks of the Monikerlink Bug in Microsoft Outlook
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
AMD Patches
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
ISC StormCast for Wednesday, February 14th, 2024
14 februari 2024 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646
DNSSEC DoS Vulnerability CVE-2023-50387
https://www.presseportal.de/pm/173495/5713546
Zoom Desktop Client Vuln
https://www.zoom.com/en/trust/security-bulletin
QNAP Vulnerablity
https://www.qnap.com/de-de/security-advisory/qsa-23-57
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646
DNSSEC DoS Vulnerability CVE-2023-50387
https://www.presseportal.de/pm/173495/5713546
Zoom Desktop Client Vuln
https://www.zoom.com/en/trust/security-bulletin
QNAP Vulnerablity
https://www.qnap.com/de-de/security-advisory/qsa-23-57
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
ISC StormCast for Tuesday, February 13th, 2024
13 februari 2024 |
6 min
Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai
https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642
Senior Executives Targeted in Ongoing Azure Account Takeover
https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
CISA Parners With OpenSSF To Secure Software Repositories
https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package
PostgreSQL Vulnerability
https://www.postgresql.org/support/security/CVE-2024-0985/
Microsoft Defender Bypass via Comma
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642
Senior Executives Targeted in Ongoing Azure Account Takeover
https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
CISA Parners With OpenSSF To Secure Software Repositories
https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package
PostgreSQL Vulnerability
https://www.postgresql.org/support/security/CVE-2024-0985/
Microsoft Defender Bypass via Comma
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
ISC StormCast for Monday, February 12th, 2024
12 februari 2024 |
6 min
MSIX With Heaviliy Obfuscated PowerShell Script
https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636
Too Many Honeypots
https://vulncheck.com/blog/too-many-honeypots
ClamAV Command Injection Vulnerability CVE-2024-20328
https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/
ExpressVPN DNS Leaks
https://www.expressvpn.com/blog/windows-app-dns-requests/
https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636
Too Many Honeypots
https://vulncheck.com/blog/too-many-honeypots
ClamAV Command Injection Vulnerability CVE-2024-20328
https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/
ExpressVPN DNS Leaks
https://www.expressvpn.com/blog/windows-app-dns-requests/
ISC StormCast for Friday, February 9th, 2024
9 februari 2024 |
6 min
A Python MP3 Player With Builtin Keylogger Capability
https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632
Fake LastPass App in Apple App Store
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Ivanti XXE Vulnerability
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
FortiOS sslvpnd vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-015
https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632
Fake LastPass App in Apple App Store
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Ivanti XXE Vulnerability
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
FortiOS sslvpnd vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-015
ISC StormCast for Thursday, February 8th, 2024
8 februari 2024 |
5 min
Anybody knows what this URL is about? Maybe Balena API request?
https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/
Critical shim vulnerability and patch
https://github.com/rhboot/shim/releases/tag/15.8
Volt Typhoon Lessons Learned
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/
Critical shim vulnerability and patch
https://github.com/rhboot/shim/releases/tag/15.8
Volt Typhoon Lessons Learned
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
ISC StormCast for Wednesday, February 7th, 2024
7 februari 2024 |
7 min
Computer viruses are celebrating their 40th birthday (well, 54th, really)
https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
Resume Looters
https://www.group-ib.com/blog/resumelooters/
Facebook Advertising Spreads Novel Malware Variant
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
Resume Looters
https://www.group-ib.com/blog/resumelooters/
Facebook Advertising Spreads Novel Malware Variant
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
ISC StormCast for Tuesday, February 6th, 2024
6 februari 2024 |
6 min
Public Information and Email Spam
https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/
Anydesk Update
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf
Ivanti POC For CVE-2024-21893
https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
Deepfake Exploits
https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage
https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/
Anydesk Update
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf
Ivanti POC For CVE-2024-21893
https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
Deepfake Exploits
https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage
https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
ISC StormCast for Monday, February 5th, 2024
5 februari 2024 |
6 min
DShield Sensor Log Collection with Elasticsearch
https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/
Anydesk Breach
https://anydesk.com/en/public-statement
Leaky Vessels
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/
Anydesk Breach
https://anydesk.com/en/public-statement
Leaky Vessels
https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
ISC StormCast for Friday, February 2nd, 2024
2 februari 2024 |
7 min
What is a Top Level Domain
https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/
Updated CISA Ivanti Policy
https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
Cloudflare Publishes Breach Details
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Vision Pro Update
https://support.apple.com/en-us/HT214070
https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/
Updated CISA Ivanti Policy
https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
Cloudflare Publishes Breach Details
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Vision Pro Update
https://support.apple.com/en-us/HT214070
ISC StormCast for Thursday, February 1st, 2024
1 februari 2024 |
6 min
The Fun and Dangers of Top Level Domains (TLDs)
https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608
Ivanti Releases Patches and New Vulnerabilities
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
glibc syslog() vulnerablity
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
modsecurity WAF bypass
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608
Ivanti Releases Patches and New Vulnerabilities
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
glibc syslog() vulnerablity
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
modsecurity WAF bypass
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
ISC StormCast for Wednesday, January 31st, 2024
31 januari 2024 |
7 min
What did I say to make you stop talking to me
https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604
Identification of a top-level domain for private use
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Juniper Patches Patching
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/
Chat GPT Leaking Conversations Again
https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604
Identification of a top-level domain for private use
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Juniper Patches Patching
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/
Chat GPT Leaking Conversations Again
https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
ISC StormCast for Tuesday, January 30th, 2024
30 januari 2024 |
6 min
Exploit Flare Up Against Older Atlassian Confluence Vulnerability
https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600
Malicious Python Packages install Infostealer
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Linux ICMPv6 Router Adv. RCE
https://access.redhat.com/security/cve/cve-2023-6200
https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600
Malicious Python Packages install Infostealer
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Linux ICMPv6 Router Adv. RCE
https://access.redhat.com/security/cve/cve-2023-6200
ISC StormCast for Monday, January 29th, 2024
29 januari 2024 |
7 min
A Batch File With Multiple Payloads
https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592
fritz.box domain used to advertise NFTs
https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html
Jenkins CVE-2024-23897 PoC
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263
Malicious Google Ads Target Chinese Users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592
fritz.box domain used to advertise NFTs
https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html
Jenkins CVE-2024-23897 PoC
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263
Malicious Google Ads Target Chinese Users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
ISC StormCast for Friday, January 26th, 2024
26 januari 2024 |
6 min
Fecebook AdsManager Targeted by a Python Infostealer
https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590
Privacy Concerns about Apple Push Notifications
https://twitter.com/mysk_co/status/1750502700112916504
https://www.youtube.com/watch?v=4ZPTjGG9t7s
Inside a Global Phone Spy Tool Monitoring Billions
https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590
Privacy Concerns about Apple Push Notifications
https://twitter.com/mysk_co/status/1750502700112916504
https://www.youtube.com/watch?v=4ZPTjGG9t7s
Inside a Global Phone Spy Tool Monitoring Billions
https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
ISC StormCast for Thursday, January 25th, 2024
25 januari 2024 |
5 min
How Bad User Interfaces Make Security Tools Harmful
https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586
Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Automotive Pwn2Own
https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule
Android Keystroke Injection Vulnerability Exploit
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
CVE-2024-0769 D-Link DIR-859
https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/
SANS.edu Dean's List
https://www.sans.edu/students/awards
https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586
Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Automotive Pwn2Own
https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule
Android Keystroke Injection Vulnerability Exploit
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
CVE-2024-0769 D-Link DIR-859
https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/
SANS.edu Dean's List
https://www.sans.edu/students/awards
ISC StormCast for Wednesday, January 24th, 2024
24 januari 2024 |
6 min
Update on Atlassian Exploit Activity
https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/
POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Baracuda Web Application Firewall
https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/
GitGot: GitHub leveraged by cybercriminals to store stolen data
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/
POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Baracuda Web Application Firewall
https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/
GitGot: GitHub leveraged by cybercriminals to store stolen data
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
ISC StormCast for Tuesday, January 23rd, 2024
23 januari 2024 |
7 min
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/
Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527
https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/
Updated Ivanti Mitigation Advise
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Czech Republic Sets IPv4 Shutdown date
https://konecipv4.cz/en/
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/
Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527
https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/
Updated Ivanti Mitigation Advise
https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Czech Republic Sets IPv4 Shutdown date
https://konecipv4.cz/en/
ISC StormCast for Monday, January 22nd, 2024
22 januari 2024 |
7 min
macOS Python Script Replacing Walling Applications with Rogue Apps
https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572
Microsoft Breach
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Juniper Vulnerabilities
https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/
Brave Removing Strict Fingerprint Mode
https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572
Microsoft Breach
https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/
Juniper Vulnerabilities
https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/
Brave Removing Strict Fingerprint Mode
https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/
ISC StormCast for Friday, January 19th, 2024
19 januari 2024 |
7 min
More Scans for Ivanti Connect "Secure" VPN. Exploits Public
https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568
Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attacks against Exposed Databases
https://twitter.com/fasterthanlime/status/1741935393413402739
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568
Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attacks against Exposed Databases
https://twitter.com/fasterthanlime/status/1741935393413402739
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
ISC StormCast for Thursday, January 18th, 2024
18 januari 2024 |
7 min
Number Usage in Passwords
https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540
A Lightweight Method to Detect Potential iOS Malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540
A Lightweight Method to Detect Potential iOS Malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
ISC StormCast for Wednesday, January 17th, 2024
17 januari 2024 |
6 min
Ivanti Vulnerability Widespread Scanning
https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562
https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/
Citrix Patches Already Exploited Vulnerability
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Atlassian Confluence Remote Code Execution Vulnerability
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
macOS Infostealers
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
Google Chrome 0-day
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
GitHub Key Rotation
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562
https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/
Citrix Patches Already Exploited Vulnerability
https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549
Atlassian Confluence Remote Code Execution Vulnerability
https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html
macOS Infostealers
https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/
Google Chrome 0-day
https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html
GitHub Key Rotation
https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/
ISC StormCast for Tuesday, January 16th, 2024
16 januari 2024 |
6 min
One File, Two Payloads
https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558
Ivanti Vulnerability Updates
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
NVidia DGX H100 and A100 Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
GitLab Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558
Ivanti Vulnerability Updates
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
NVidia DGX H100 and A100 Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
GitLab Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
ISC StormCast for Friday, January 12th, 2024
12 januari 2024 |
6 min
Timeline to Remove DSA Support in OpenSSH
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
ManageEngine ADSelfService Plus Patch CVE-2024-0252
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
Atomic Stealer for Mac Update
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
ManageEngine ADSelfService Plus Patch CVE-2024-0252
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
Atomic Stealer for Mac Update
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
ISC StormCast for Thursday, January 11th, 2024
11 januari 2024 |
5 min
Jenkins Brute Force Scans
https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546
Ivanti Connect Security VPN Vulnerability Exploited
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
Zoom Privilege Escalation Vulnerability
https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/
Apache Applictions Targeted by Stealthy Attacker
https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker
Infosec Toolshed
https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M
https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546
Ivanti Connect Security VPN Vulnerability Exploited
https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/
Zoom Privilege Escalation Vulnerability
https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/
Apache Applictions Targeted by Stealthy Attacker
https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker
Infosec Toolshed
https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M
ISC StormCast for Wednesday, January 10th, 2024
10 januari 2024 |
6 min
Microsoft January 2024 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/
Adobe Vulnerabilities
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html
CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/
Network Connected Wrenches Used in Factories can be hacked
https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/
Adobe Vulnerabilities
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html
CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/
Network Connected Wrenches Used in Factories can be hacked
https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
ISC StormCast for Tuesday, January 9th, 2024
9 januari 2024 |
6 min
What is That User Agent
https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536
KyberSlash Vulnerability
https://kyberslash.cr.yp.to/faq.html
Netfilter DoS Vulnerability CVE-2024-0193
https://access.redhat.com/security/cve/CVE-2024-0193
Cacti Vulnerability
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536
KyberSlash Vulnerability
https://kyberslash.cr.yp.to/faq.html
Netfilter DoS Vulnerability CVE-2024-0193
https://access.redhat.com/security/cve/CVE-2024-0193
Cacti Vulnerability
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
ISC StormCast for Monday, January 8th, 2024
8 januari 2024 |
5 min
Netstat But Better and in PowerShell
https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
ISC StormCast for Friday, January 5th, 2024
5 januari 2024 |
5 min
Wireshark Updates
https://isc.sans.edu/diary/Wireshark%20updates/30528
Android Updates
https://source.android.com/docs/security/bulletin/2024-01-01
Ivanti Critical Vulnerability
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices
Everything npm package
https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
https://isc.sans.edu/diary/Wireshark%20updates/30528
Android Updates
https://source.android.com/docs/security/bulletin/2024-01-01
Ivanti Critical Vulnerability
https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices
Everything npm package
https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/
ISC StormCast for Thursday, January 4th, 2024
4 januari 2024 |
6 min
Interesting large and small malspam attachments from 2023
https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524
Orange Spain RIPE Account Compromise
https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/
Bitwarden Heist
https://blog.redteam-pentesting.de/2024/bitwarden-heist/
Apple iOS PoC Exploits
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524
Orange Spain RIPE Account Compromise
https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/
Bitwarden Heist
https://blog.redteam-pentesting.de/2024/bitwarden-heist/
Apple iOS PoC Exploits
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
ISC StormCast for Wednesday, January 3rd, 2024
3 januari 2024 |
9 min
Fingerprinting SSH Identification Strings
https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520
Google OAUTH2 Exploited by Malware
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
TsuKing DNS Amplification
https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520
Google OAUTH2 Exploited by Malware
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
TsuKing DNS Amplification
https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
ISC StormCast for Tuesday, January 2nd, 2024
2 januari 2024 |
6 min
Shall We Play a Game
https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
ISC StormCast for Friday, December 22nd, 2023
22 december 2023 |
5 min
Securing Web Servers
https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504
Chrome 0-Day (last one for the year?)
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Note that there will be no daily stormcast for the rest of the year. Returning January 2nd
SANS Cloud Defender 2024
https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504
Chrome 0-Day (last one for the year?)
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Note that there will be no daily stormcast for the rest of the year. Returning January 2nd
SANS Cloud Defender 2024
https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
ISC StormCast for Thursday, December 21st, 2023
21 december 2023 |
7 min
Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518)
https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502
Fake F5 BigIP Update
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Google OAUTH Problems
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Remembering Adrien de Beaupre
https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502
Fake F5 BigIP Update
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Google OAUTH Problems
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Remembering Adrien de Beaupre
https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
ISC StormCast for Wednesday, December 20th, 2023
20 december 2023 |
6 min
What are they looking for? Scans for OpenID Connect Configuration
https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498
Terrapin Attack Against SSH
https://terrapin-attack.com/TerrapinAttack.pdf
ALPHV/Blackcat Ransomware Disrupted and Decryptor Available
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498
Terrapin Attack Against SSH
https://terrapin-attack.com/TerrapinAttack.pdf
ALPHV/Blackcat Ransomware Disrupted and Decryptor Available
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
ISC StormCast for Tuesday, December 19th, 2023
19 december 2023 |
6 min
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Ledger Supply Chain Attack
https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
December Windows 11 Patch Breacks Wi-Fi Connectivity
https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Ledger Supply Chain Attack
https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
December Windows 11 Patch Breacks Wi-Fi Connectivity
https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
ISC StormCast for Monday, December 18th, 2023
18 december 2023 |
10 min
An Example of a RocketMQ Exploit Scanner
https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack
https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack
ISC StormCast for Friday, December 15th, 2023
15 december 2023 |
5 min
T-shooting Terraform for DShield Honeypot in Azure
https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484
Ubiquity Unifi Cameras Visible in Wrong Account
https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7
Zoom Vulnerabilities and VISS
https://viss.zoom.com/specifications
https://www.zoom.com/en/trust/security-bulletin/
Squid Denial of Service Vulnerability
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484
Ubiquity Unifi Cameras Visible in Wrong Account
https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7
Zoom Vulnerabilities and VISS
https://viss.zoom.com/specifications
https://www.zoom.com/en/trust/security-bulletin/
Squid Denial of Service Vulnerability
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
ISC StormCast for Thursday, December 14th, 2023
14 december 2023 |
5 min
Malicious Python Script with a TCL/TK GUI
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
TeamCity Exploited
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Sophos Firewall Exploit for EOL Devices CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
TeamCity Exploited
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Sophos Firewall Exploit for EOL Devices CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
ISC StormCast for Wednesday, December 13th, 2023
13 december 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480
Microsoft Warns of Malicious OAUTH Applications
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Apache Struts2 Exploit CVE-2023-50164
https://xz.aliyun.com/t/13172
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480
Microsoft Warns of Malicious OAUTH Applications
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Apache Struts2 Exploit CVE-2023-50164
https://xz.aliyun.com/t/13172
ISC StormCast for Tuesday, December 12th, 2023
12 december 2023 |
6 min
What is Sitemap.xml and Why a Pentester Should Care
https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
ISC StormCast for Monday, December 11th, 2023
11 december 2023 |
6 min
IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
ISC StormCast for Friday, December 8th, 2023
8 december 2023 |
6 min
5G Vulnerabilities
https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
ISC StormCast for Thursday, December 7th, 2023
7 december 2023 |
6 min
Whose packet is is anyway: a new RFC for attribution of internet probes
https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/
MLFlow Vulnerability
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://mlflow.org/category/news/index.html
Abusing STS Tokens
https://redcanary.com/blog/aws-sts/
Atlasian Vulnerabilities
https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html
Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/
MLFlow Vulnerability
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://mlflow.org/category/news/index.html
Abusing STS Tokens
https://redcanary.com/blog/aws-sts/
Atlasian Vulnerabilities
https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html
Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
ISC StormCast for Wednesday, December 6th, 2023
6 december 2023 |
6 min
Cobalt Strike's "Runtime Configuration"
https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426
Adobe ColdFusion Exploit Abused
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Atos Unify OpenScape Vulnerability
https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/
ExtremeXOS Vulnerabilities
https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426
Adobe ColdFusion Exploit Abused
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a
Atos Unify OpenScape Vulnerability
https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/
ExtremeXOS Vulnerabilities
https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/
ISC StormCast for Tuesday, December 5th, 2023
5 december 2023 |
6 min
Zarya Hacktivists: More than just Sharepoint
https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450
ICANN Registration Data Request Service (RDRS)
https://rdrs.icann.org/
Android Updates
https://source.android.com/docs/security/bulletin/2023-12-01
GitLab Patches
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450
ICANN Registration Data Request Service (RDRS)
https://rdrs.icann.org/
Android Updates
https://source.android.com/docs/security/bulletin/2023-12-01
GitLab Patches
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
ISC StormCast for Monday, December 4th, 2023
4 december 2023 |
6 min
UEFI Exploit via Boot Image
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html
Fake Phishing Scan Tricks Users into Installing Backdoor Plugin
https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/
Qlik Sense Exploited by Cactus Ransomware
https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
https://www.praetorian.com/blog/qlik-sense-technical-exploit/
VMWare Vulnerability Patched
https://www.vmware.com/security/advisories/VMSA-2023-0026.html
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html
Fake Phishing Scan Tricks Users into Installing Backdoor Plugin
https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/
Qlik Sense Exploited by Cactus Ransomware
https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
https://www.praetorian.com/blog/qlik-sense-technical-exploit/
VMWare Vulnerability Patched
https://www.vmware.com/security/advisories/VMSA-2023-0026.html
ISC StormCast for Friday, December 1st, 2023
1 december 2023 |
6 min
Apple Updates
https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/
https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/
ISC StormCast for Thursday, November 30th, 2023
30 november 2023 |
6 min
Decoding the Patterns: Analzying DShield Honeypot Activity
https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428
Arcserve Unified Data Protection Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2023-37
Hikvision Vulnerabilities
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Assessing Prompt Injection Risks in 200+ Custom GPTs
https://arxiv.org/pdf/2311.11538.pdf
https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428
Arcserve Unified Data Protection Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2023-37
Hikvision Vulnerabilities
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Assessing Prompt Injection Risks in 200+ Custom GPTs
https://arxiv.org/pdf/2311.11538.pdf
ISC StormCast for Wednesday, November 29th, 2023
29 november 2023 |
6 min
Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357
https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436
Microsoft Deprecates Microsoft Defender Application Guard for Office
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
Synology Vulnerability
https://www.synology.com/en-global/security/advisory/Synology_SA_23_16
Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436
Microsoft Deprecates Microsoft Defender Application Guard for Office
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
Synology Vulnerability
https://www.synology.com/en-global/security/advisory/Synology_SA_23_16
Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
ISC StormCast for Tuesday, November 28th, 2023
28 november 2023 |
7 min
Scans for ownCloud Vulnerability (CVE-2023-49103)
https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432
Windows Hello Fingerprint Reader Weakness
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432
Windows Hello Fingerprint Reader Weakness
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
ISC StormCast for Monday, November 27th, 2023
27 november 2023 |
6 min
DShield Birthday
https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
ISC StormCast for Friday, November 17th, 2023
17 november 2023 |
15 min
Beyond -n: Optimizign tcpdump performance
https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
ISC StormCast for Thursday, November 16th, 2023
16 november 2023 |
6 min
Redline Dropped Through MSIX Package
https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404
ChatGPT Code Interpreter Security Hole
https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole
Directory Traversal in Reactor Netty CVE-2023-34062
https://spring.io/security/cve-2023-34062
Aruba Networking Product Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt
HARArmor
https://harmor.dev/
https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404
ChatGPT Code Interpreter Security Hole
https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole
Directory Traversal in Reactor Netty CVE-2023-34062
https://spring.io/security/cve-2023-34062
Aruba Networking Product Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt
HARArmor
https://harmor.dev/
ISC StormCast for Wednesday, November 15th, 2023
15 november 2023 |
7 min
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
ISC StormCast for Tuesday, November 14th, 2023
14 november 2023 |
5 min
Noticing command control channels by reviewing DNS protocols
https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
ISC StormCast for Monday, November 13th, 2023
13 november 2023 |
6 min
Routers Targeted for Gafgyt Botnet
https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
ISC StormCast for Friday, November 10th, 2023
10 november 2023 |
5 min
Visual Examples of Code Injection
https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
ISC StormCast for Thursday, November 9th, 2023
9 november 2023 |
5 min
Example of a Phishing Campaing Project File
https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384
Cryptomining with Microsoft Azure Automation Services
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
Windows 11 Insider Changing Firewall Behaviour
https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/
CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384
Cryptomining with Microsoft Azure Automation Services
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
Windows 11 Insider Changing Firewall Behaviour
https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/
CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
ISC StormCast for Wednesday, November 8th, 2023
8 november 2023 |
6 min
What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380
BlueNoroff macOS Malware
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380
BlueNoroff macOS Malware
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
ISC StormCast for Tuesday, November 7th, 2023
7 november 2023 |
6 min
Confluence CVe-2023-22518 Exploited
https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376
Google Threat Horizons Report
https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf
https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/
Veeam Update
https://www.veeam.com/kb4508
QNAP Update
https://www.qnap.com/de-de/security-advisory/qsa-23-35
https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376
Google Threat Horizons Report
https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf
https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/
Veeam Update
https://www.veeam.com/kb4508
QNAP Update
https://www.qnap.com/de-de/security-advisory/qsa-23-35
ISC StormCast for Monday, November 6th, 2023
6 november 2023 |
7 min
New Microsoft Exchange Zero Days
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
StripedFly: Perennially Flying under the Radar
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Send My: Sending Data over Apple's Find My Network
https://github.com/positive-security/send-my
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
StripedFly: Perennially Flying under the Radar
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Send My: Sending Data over Apple's Find My Network
https://github.com/positive-security/send-my
ISC StormCast for Friday, November 3rd, 2023
3 november 2023 |
5 min
Quick Tip for Artificially Inflated PE Files
https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370
Apache ActiveMQ Flaw Exploited
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
Critical Firepower Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370
Apache ActiveMQ Flaw Exploited
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
Critical Firepower Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
ISC StormCast for Thursday, November 2nd, 2023
2 november 2023 |
6 min
Malware Dropped Through a ZPAQ Archive
https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/
CVSS 4.0 Now Official
https://www.first.org/cvss/v4-0/index.html
MOZI Botnet Killswitch
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
URL Shorteners in .us
https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/
Impersonating Slack Users
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/
CVSS 4.0 Now Official
https://www.first.org/cvss/v4-0/index.html
MOZI Botnet Killswitch
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
URL Shorteners in .us
https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/
Impersonating Slack Users
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
ISC StormCast for Wednesday, November 1st, 2023
1 november 2023 |
4 min
Multiple Layers of Anti-Sandboxing Techniques
https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362
CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Malvertisement Promotes Malicious PyCharm Version
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362
CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Malvertisement Promotes Malicious PyCharm Version
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
ISC StormCast for Tuesday, October 31st, 2023
31 oktober 2023 |
6 min
Flying under the Radar: The Privacy Impact of Mulicast DNS
https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/
Kubernetes ingress-nginx vulnerability
https://github.com/kubernetes/ingress-nginx/issues/10571
Google Chrome HTTPS Upgrade
https://github.com/dadrian/https-upgrade/blob/main/explainer.md
Wordpad POC CVE-2023-36563
https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/
Kubernetes ingress-nginx vulnerability
https://github.com/kubernetes/ingress-nginx/issues/10571
Google Chrome HTTPS Upgrade
https://github.com/dadrian/https-upgrade/blob/main/explainer.md
Wordpad POC CVE-2023-36563
https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
ISC StormCast for Monday, October 30th, 2023
30 oktober 2023 |
6 min
Size Matters for Many Security Controls
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
ISC StormCast for Friday, October 27th, 2023
27 oktober 2023 |
6 min
Adventures in Validating IPv4 Addresses
https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/
BIG-IP Configuration Utility Unauthenticated Remote Code Execution
https://my.f5.com/manage/s/article/K000137353
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
iLeakage Vulnerability
https://ileakage.com/
https://isc.sans.edu/forums/diary/Adventures%20in%20Validating%20IPv4%20Addresses/30348/
BIG-IP Configuration Utility Unauthenticated Remote Code Execution
https://my.f5.com/manage/s/article/K000137353
https://www.praetorian.com/blog/refresh-compromising-f5-big-ip-with-request-smuggling-cve-2023-46747/
iLeakage Vulnerability
https://ileakage.com/
ISC StormCast for Thursday, October 26th, 2023
26 oktober 2023 |
6 min
Apple Updates
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
ISC StormCast for Wednesday, October 25th, 2023
25 oktober 2023 |
6 min
Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google
https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
ISC StormCast for Tuesday, October 24th, 2023
24 oktober 2023 |
6 min
Apple TV IPv6 DoS
https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
ISC StormCast for Monday, October 23rd, 2023
23 oktober 2023 |
7 min
base64dump.py Handles More Encodings Than Just BASE64
https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
ISC StormCast for Friday, October 20th, 2023
20 oktober 2023 |
7 min
Honeypot Update
https://github.com/DShield-ISC/dshield/blob/main/README.md
Malicious Keepass Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
Malicious JavaScript in Smart Contracts
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
https://github.com/DShield-ISC/dshield/blob/main/README.md
Malicious Keepass Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/clever-malvertising-attack-uses-punycode-to-look-like-legitimate-website
Malicious JavaScript in Smart Contracts
https://labs.guard.io/etherhiding-hiding-web2-malicious-code-in-web3-smart-contracts-65ea78efad16
ISC StormCast for Thursday, October 19th, 2023
19 oktober 2023 |
6 min
Hiding in Hex
https://isc.sans.edu/diary/Hiding%20in%20Hex/30322
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2023.html
Citrix Vulnerability Exploited CVE-2023-4966
https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966
Exposed Jupyter Notebooks Exploited
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
https://isc.sans.edu/diary/Hiding%20in%20Hex/30322
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2023.html
Citrix Vulnerability Exploited CVE-2023-4966
https://www.mandiant.com/resources/blog/remediation-netscaler-adc-gateway-cve-2023-4966
Exposed Jupyter Notebooks Exploited
https://www.cadosecurity.com/qubitstrike-an-emerging-malware-campaign-targeting-jupyter-notebooks/
ISC StormCast for Wednesday, October 18th, 2023
18 oktober 2023 |
7 min
Changes to SMS Delivery and How it Effects MFA and Phishing
https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320
Fake Traffic Tickets with QR Code
https://twitter.com/polizeiberlin/status/1713867011837567411
Synology NAS DSM Account Takeover: Not Random Randomnumbers
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Milesight Routers CVe-2023-43261
https://github.com/win3zz/CVE-2023-43261
https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320
Fake Traffic Tickets with QR Code
https://twitter.com/polizeiberlin/status/1713867011837567411
Synology NAS DSM Account Takeover: Not Random Randomnumbers
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Milesight Routers CVe-2023-43261
https://github.com/win3zz/CVE-2023-43261
ISC StormCast for Tuesday, October 17th, 2023
17 oktober 2023 |
5 min
Are Typos Still relevant As An Indicator of Phishing
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
ISC StormCast for Monday, October 16th, 2023
16 oktober 2023 |
5 min
What's Normal: Odd Mac Addresses
https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/
Domain Name Used as Password Captured by DShield Sensor
https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/
PoC Exploit for CVE-2023-41993
https://github.com/po6ix/POC-for-CVE-2023-41993
AvosLocker Ransomware Details
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
DarkGate Spreading via Skype and Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/
Domain Name Used as Password Captured by DShield Sensor
https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/
PoC Exploit for CVE-2023-41993
https://github.com/po6ix/POC-for-CVE-2023-41993
AvosLocker Ransomware Details
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
DarkGate Spreading via Skype and Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
ISC StormCast for Friday, October 13th, 2023
13 oktober 2023 |
6 min
SeroXen RAT in Typosquatted NuGet Packages
https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/
Hexadecimal IP Addresses
https://asec.ahnlab.com/en/57635/
Juniper Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
Unpatched Squid Vulnerabilities
https://joshua.hu/squid-security-audit-35-0days-45-exploits
BSIDES Jacksonville
https://bsidesjax.org
https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/
Hexadecimal IP Addresses
https://asec.ahnlab.com/en/57635/
Juniper Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
Unpatched Squid Vulnerabilities
https://joshua.hu/squid-security-audit-35-0days-45-exploits
BSIDES Jacksonville
https://bsidesjax.org
ISC StormCast for Thursday, October 12th, 2023
12 oktober 2023 |
5 min
CVE-2023-22515 Activately Exploited
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
curl SOCKS5 oversized hostname vulnerability CVe-2023-38545
https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304
Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608
https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog
Google Makes Passkey the Default
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
VBScript Deprecated from Windows
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
curl SOCKS5 oversized hostname vulnerability CVe-2023-38545
https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304
Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608
https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog
Google Makes Passkey the Default
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
VBScript Deprecated from Windows
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
ISC StormCast for Wednesday, October 11th, 2023
11 oktober 2023 |
8 min
http2 rapid reset
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
microsoft patch tuesday
https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
microsoft patch tuesday
https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
ISC StormCast for Tuesday, October 10th, 2023
10 oktober 2023 |
5 min
ZIP's DOSTIME and DOSDATE Formats
https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296
New Magecart Campaign Abusing 404 Pages
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Sophos Effected by Exim Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln
Turn OFF This WatchGuard Feature: GuardLapse
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296
New Magecart Campaign Abusing 404 Pages
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Sophos Effected by Exim Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln
Turn OFF This WatchGuard Feature: GuardLapse
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
ISC StormCast for Monday, October 9th, 2023
9 oktober 2023 |
6 min
Binary IPv6 Address Conversion
https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290
Wireshark Updates
https://www.wireshark.org/
Improved GitHub Secret Scanning
https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/
Prerooted Android Devices
https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/
curl update
https://github.com/curl/curl/discussions/12026
https://isc.sans.edu/diary/Binary%20IPv6%20Addresses/30290
Wireshark Updates
https://www.wireshark.org/
Improved GitHub Secret Scanning
https://github.blog/2023-10-04-introducing-secret-scanning-validity-checks-for-major-cloud-services/
Prerooted Android Devices
https://arstechnica.com/security/2023/10/thousands-of-android-devices-come-with-unkillable-backdoor-preinstalled/
curl update
https://github.com/curl/curl/discussions/12026
ISC StormCast for Friday, October 6th, 2023
6 oktober 2023 |
5 min
New tool: le-hex-to-ip.py
https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284
Cisco Emergency Responder Static Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
Loony Tunables PoC CVE-2023-4911
https://haxx.in/files/gnu-acme.py
Malicious Python Packages
https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/
Supermicro BMC Vulnerability
https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
https://isc.sans.edu/diary/New%20tool%3A%20le-hex-to-ip.py/30284
Cisco Emergency Responder Static Credentials Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cer-priv-esc-B9t3hqk9
Loony Tunables PoC CVE-2023-4911
https://haxx.in/files/gnu-acme.py
Malicious Python Packages
https://checkmarx.com/blog/the-evolutionary-tale-of-a-persistent-python-threat/
Supermicro BMC Vulnerability
https://binarly.io/posts/Binarly_REsearch_Uncovers_Major_Vulnerabilities_in_Supermicro_BMCs/index.html
ISC StormCast for Thursday, October 5th, 2023
5 oktober 2023 |
6 min
Normal Connections
https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Apple Patches
https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280
Looney Tunables Linux Privilege Escalation
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
Atlasian Confluence Server Vulnerability
https://jira.atlassian.com/browse/CONFSERVER-92475
https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Apple Patches
https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280
Looney Tunables Linux Privilege Escalation
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
Atlasian Confluence Server Vulnerability
https://jira.atlassian.com/browse/CONFSERVER-92475
ISC StormCast for Wednesday, October 4th, 2023
4 oktober 2023 |
6 min
Are Local LLMs Useful in Incident Response?
https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274
Pytorch Vulnerability
https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
BING Reads Captchas
https://twitter.com/literallydenis/status/1708283962399846459
Evilproxy vs. Microsoft 365
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274
Pytorch Vulnerability
https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
BING Reads Captchas
https://twitter.com/literallydenis/status/1708283962399846459
Evilproxy vs. Microsoft 365
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
ISC StormCast for Tuesday, October 3rd, 2023
3 oktober 2023 |
6 min
Friendly Reminder: ZIP Metadata is Not Encrypted
https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268
EXIM New Version Released
https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Bing AI Serves Malicous Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Google Announces Robots.txt Ad-Restrictions
https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268
EXIM New Version Released
https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Bing AI Serves Malicous Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Google Announces Robots.txt Ad-Restrictions
https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
ISC StormCast for Monday, October 2nd, 2023
2 oktober 2023 |
5 min
Analyzing MIME Files: a Quick Tip
https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
ISC StormCast for Friday, September 29th, 2023
29 september 2023 |
5 min
IPv4 Addresses in Little Endian Decimal Format
https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256
Chrome Update fixes 0-day Vulnerability
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Unpatched EXIM Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
WS_FTP Vulnerabilities
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256
Chrome Update fixes 0-day Vulnerability
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Unpatched EXIM Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
WS_FTP Vulnerabilities
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
ISC StormCast for Thursday, September 28th, 2023
28 september 2023 |
7 min
GPU Sidechannel Attack
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Router Firmware Compromised for Persistent Access
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
More libwebp vulnerability confusion
https://www.cve.org/CVERecord?id=CVE-2023-5129
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/
Fake Dependabot Commits
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
https://www.hertzbleed.com/gpu.zip/GPU-zip.pdf
Router Firmware Compromised for Persistent Access
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csa-cyber-report-sept-2023
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-270a
More libwebp vulnerability confusion
https://www.cve.org/CVERecord?id=CVE-2023-5129
https://arstechnica.com/security/2023/09/google-quietly-corrects-previously-submitted-disclosure-for-critical-webp-0-day/
Fake Dependabot Commits
https://checkmarx.com/blog/surprise-when-dependabot-contributes-malicious-code/
ISC StormCast for Wednesday, September 27th, 2023
27 september 2023 |
7 min
A new spint on the ZeroFont phishing technique
https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248
macOS Sonoma Updates
https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248
macOS Sonoma Updates
https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
ISC StormCast for Tuesday, September 26th, 2023
26 september 2023 |
5 min
LuaJIT Malware
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
NPM systeminformation flaw
https://systeminformation.io/security.html
Team City Authentication Bypass
https://twitter.com/ptswarm/status/1706223917008834748
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
NPM systeminformation flaw
https://systeminformation.io/security.html
Team City Authentication Bypass
https://twitter.com/ptswarm/status/1706223917008834748
ISC StormCast for Monday, September 25th, 2023
25 september 2023 |
7 min
Scanning for Laravel - a PHP Framework for Web Artisants
https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
BSides JAX October 14th
https://www.bsidesjax.org/
tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
BSides JAX October 14th
https://www.bsidesjax.org/
tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
ISC StormCast for Friday, September 22nd, 2023
22 september 2023 |
6 min
Apple Patches Three 0-Days
https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
ISC StormCast for Thursday, September 21st, 2023
21 september 2023 |
6 min
What's Normal: DNS TTL Values
https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/
CISA Highlights Snatch Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
npm packages caught exfiltrating Kubernetes config, SSH keys
https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
Nagios XI Vulnerabilities
https://outpost24.com/blog/nagios-xi-vulnerabilities/
https://isc.sans.edu/forums/diary/What's%20Normal%3F%20DNS%20TTL%20Values/30234/
CISA Highlights Snatch Ransomware
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-263a
npm packages caught exfiltrating Kubernetes config, SSH keys
https://blog.sonatype.com/npm-packages-caught-exfiltrating-kubernetes-config-ssh-keys
Nagios XI Vulnerabilities
https://outpost24.com/blog/nagios-xi-vulnerabilities/
ISC StormCast for Wednesday, September 20th, 2023
20 september 2023 |
5 min
Obfuscated Scans For Older Adobe Experience Manager Vulnerabilities
https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230
Trend Micro Apex One 0-day
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
SprySOCKS Backdoor
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
GitLab Patches
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
https://isc.sans.edu/diary/Obfuscated%20Scans%20for%20Older%20Adobe%20Experience%20Manager%20Vulnerabilities/30230
Trend Micro Apex One 0-day
https://success.trendmicro.com/dcx/s/solution/000294994?language=en_US
SprySOCKS Backdoor
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
GitLab Patches
https://about.gitlab.com/releases/2023/09/18/security-release-gitlab-16-3-4-released/
ISC StormCast for Tuesday, September 19th, 2023
19 september 2023 |
5 min
Internet Wide Multi VPN Search from Single /24 Network
https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
ISC StormCast for Monday, September 18th, 2023
18 september 2023 |
6 min
When MFA isn't actually MFA
https://retool.com/blog/mfa-isnt-mfa/
QNAP Patches
https://www.qnap.com/en/security-advisories?ref=security_advisory_details
Chrome able to use Apple Keychain Passkeys
https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/
Fortinet XSS
https://fortiguard.fortinet.com/psirt/FG-IR-23-106
vBulletin XSS
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
https://retool.com/blog/mfa-isnt-mfa/
QNAP Patches
https://www.qnap.com/en/security-advisories?ref=security_advisory_details
Chrome able to use Apple Keychain Passkeys
https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/
Fortinet XSS
https://fortiguard.fortinet.com/psirt/FG-IR-23-106
vBulletin XSS
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
ISC StormCast for Friday, September 15th, 2023
15 september 2023 |
6 min
DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G
https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216
Uncursing the ncurses memory corruption vulnerabilities
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
Arbitrary code execution via Windows Themes (CVE-2023-38146)
https://exploits.forsale/themebleed/
3AM Ransomware used if LockBit Fails
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216
Uncursing the ncurses memory corruption vulnerabilities
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
Arbitrary code execution via Windows Themes (CVE-2023-38146)
https://exploits.forsale/themebleed/
3AM Ransomware used if LockBit Fails
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
ISC StormCast for Thursday, September 14th, 2023
14 september 2023 |
6 min
Backdoored Free DownloadManager
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
ISC StormCast for Wednesday, September 13th, 2023
13 september 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Tuesday, September 12th, 2023
12 september 2023 |
6 min
Apple Patches Older Operating Systems
https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
ISC StormCast for Monday, September 11th, 2023
11 september 2023 |
7 min
Augmenting Honeypot Logs
https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
ISC StormCast for Friday, September 8th, 2023
8 september 2023 |
5 min
Apple Patches 0-Days
https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
ISC StormCast for Thursday, September 7th, 2023
7 september 2023 |
6 min
Security Related DNS Records
https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194
Microsoft Reveleas Details about Key Loss
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
September Android Updates
https://source.android.com/docs/security/bulletin/2023-09-01
Google Chrome Update
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Atlas VPN Tunnel Termination Vulnerability
https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194
Microsoft Reveleas Details about Key Loss
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
September Android Updates
https://source.android.com/docs/security/bulletin/2023-09-01
Google Chrome Update
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Atlas VPN Tunnel Termination Vulnerability
https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
ISC StormCast for Wednesday, September 6th, 2023
6 september 2023 |
6 min
Common Usernames Submitted to Honeypots
https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188
TPM LUKS Bypass
https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Cross Tenant Impersonation Prevention and Detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188
TPM LUKS Bypass
https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Cross Tenant Impersonation Prevention and Detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
ISC StormCast for Tuesday, September 5th, 2023
5 september 2023 |
6 min
What is the Origin of Passwords Submitted to Honeypots
https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186
VMware Aria Operations for Networks Hardcoded Keys 2023-34039
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
https://github.com/sinsinology/CVE-2023-34039/
Windows will Disable TLS 1.0/1.1
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186
VMware Aria Operations for Networks Hardcoded Keys 2023-34039
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
https://github.com/sinsinology/CVE-2023-34039/
Windows will Disable TLS 1.0/1.1
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
ISC StormCast for Friday, September 1st, 2023
1 september 2023 |
6 min
The low, low cost of (committing) cybercrime
https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/
Unpinnable Github Actions
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Exploitation of Cisco ASA SSL VPNs
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
Splunk Vulnerabilities
https://advisory.splunk.com/advisories
Top Level Domain Issues
https://blog.talosintelligence.com/whats-in-a-name/
https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/
Unpinnable Github Actions
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Exploitation of Cisco ASA SSL VPNs
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
Splunk Vulnerabilities
https://advisory.splunk.com/advisories
Top Level Domain Issues
https://blog.talosintelligence.com/whats-in-a-name/
ISC StormCast for Thursday, August 31st, 2023
31 augusti 2023 |
6 min
Home Office/Small Business Hurricane Prep
https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166
Notepad++ Vulnerabilities
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
7-Zip Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
BGP Error Handling Issues
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166
Notepad++ Vulnerabilities
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
7-Zip Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
BGP Error Handling Issues
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
ISC StormCast for Wednesday, August 30th, 2023
30 augusti 2023 |
6 min
Survival Time for Web Sites
https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170
PDF/ActiveMime Polyglot Maldocs
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/
RocketMQ Vulnerability Exploited
https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability
ManageEngine Vulnerabilty
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170
PDF/ActiveMime Polyglot Maldocs
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/
RocketMQ Vulnerability Exploited
https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability
ManageEngine Vulnerabilty
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
ISC StormCast for Tuesday, August 29th, 2023
29 augusti 2023 |
7 min
Analysis of RAR Exploit Files (CVE-2023-38831)
https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164
Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847
https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Microsoft Will Enabled Extended Protection for Exchange Server by Default
https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849
Rust Malware Stages on Crates.io
https://blog.phylum.io/rust-malware-staged-on-crates-io/
SANS Community Night London Signup
https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164
Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847
https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Microsoft Will Enabled Extended Protection for Exchange Server by Default
https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849
Rust Malware Stages on Crates.io
https://blog.phylum.io/rust-malware-staged-on-crates-io/
SANS Community Night London Signup
https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
ISC StormCast for Monday, August 28th, 2023
28 augusti 2023 |
7 min
Python Malware Using Postgresql for C2 Communications
https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158
macOS: Who is Behind This Network Connection?
https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160
CVE-2020-19909 Is Everything that is Wrong with CVEs
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Windows Certificate Confusion
https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/
NPM E-Mail Validator Package Malware
https://blog.phylum.io/npm-emails-validator-package-malware/
https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158
macOS: Who is Behind This Network Connection?
https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160
CVE-2020-19909 Is Everything that is Wrong with CVEs
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Windows Certificate Confusion
https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/
NPM E-Mail Validator Package Malware
https://blog.phylum.io/npm-emails-validator-package-malware/
ISC StormCast for Friday, August 25th, 2023
25 augusti 2023 |
6 min
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT
https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152
FBI Warns of Persistent Barracuda Backdoors
https://www.ic3.gov/Media/News/2023/230823.pdf
Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035
https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware
https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152
FBI Warns of Persistent Barracuda Backdoors
https://www.ic3.gov/Media/News/2023/230823.pdf
Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035
https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware
https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
ISC StormCast for Thursday, August 24th, 2023
24 augusti 2023 |
5 min
More Exotic Excel Files Dropping AgentTesla
https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150
CVE-2023-38831 WinRAR Vulnerability Exploited
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150
CVE-2023-38831 WinRAR Vulnerability Exploited
https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt
ISC StormCast for Wednesday, August 23rd, 2023
23 augusti 2023 |
6 min
Fernet Encryption in Malware
https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/
Malware Triage With Inotify Tools
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Adobe Coldfusion Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Openfire Admin Console Vulnerability Exploited
https://vulncheck.com/blog/openfire-cve-2023-32315
XLoader Mac Malware Updates
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/
Malware Triage With Inotify Tools
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Adobe Coldfusion Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Openfire Admin Console Vulnerability Exploited
https://vulncheck.com/blog/openfire-cve-2023-32315
XLoader Mac Malware Updates
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
ISC StormCast for Tuesday, August 22nd, 2023
22 augusti 2023 |
6 min
SystemBC Scans and ProxyNation
https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Exchange Server Security Update Re-Release
https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025
Ivanti Sentry Vulnerability Exploited
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
DUO Security Outage
https://status.duo.com/incidents/rw7g0q7ztj8f
mTLS Vulnerabilities
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Exchange Server Security Update Re-Release
https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025
Ivanti Sentry Vulnerability Exploited
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
DUO Security Outage
https://status.duo.com/incidents/rw7g0q7ztj8f
mTLS Vulnerabilities
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
ISC StormCast for Monday, August 21st, 2023
21 augusti 2023 |
6 min
From a Zalando Phish to a RAT
https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136
RARLAB WinRAR Recovery Volume Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Hotmail SPF Record Error Leads to spam false positives
https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
Google Chrome to Warn Users of Malicious Extensions
https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136
RARLAB WinRAR Recovery Volume Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Hotmail SPF Record Error Leads to spam false positives
https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
Google Chrome to Warn Users of Malicious Extensions
https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
ISC StormCast for Friday, August 18th, 2023
18 augusti 2023 |
6 min
Command Line Parsing - Are These Really Unique Strings?
https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126
iOS 16 Fake Airplane Mode
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
LinkedIn Attacks
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Robot Vacuum Privacy Issues
https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf
https://dontvacuum.me/
https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126
iOS 16 Fake Airplane Mode
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
LinkedIn Attacks
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Robot Vacuum Privacy Issues
https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf
https://dontvacuum.me/
ISC StormCast for Thursday, August 17th, 2023
17 augusti 2023 |
7 min
PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks
https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
Windows Random Time Issues
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Energy Company Targeted in QR Code Campaign
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
New Citrix Scanner from Mandiant
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
Windows Random Time Issues
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Energy Company Targeted in QR Code Campaign
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
New Citrix Scanner from Mandiant
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
ISC StormCast for Wednesday, August 16th, 2023
16 augusti 2023 |
6 min
macOS Background Task Manager Bypass
https://www.wired.com/story/apple-mac-background-task-management-flaw/
Ivanti Avalanche Vulnerability
https://www.tenable.com/security/research/tra-2023-27
Exploiting Synology NAS Cloud Connectivity
https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition
Fake Crypto Currency Apps Offered as "Beta" versions
https://www.ic3.gov/Media/Y2023/PSA230814
https://www.wired.com/story/apple-mac-background-task-management-flaw/
Ivanti Avalanche Vulnerability
https://www.tenable.com/security/research/tra-2023-27
Exploiting Synology NAS Cloud Connectivity
https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition
Fake Crypto Currency Apps Offered as "Beta" versions
https://www.ic3.gov/Media/Y2023/PSA230814
ISC StormCast for Tuesday, August 15th, 2023
15 augusti 2023 |
6 min
PDFiD False Positives Revisited
https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122
CVE-2023-32019 Fix Enabled by Default;
https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
CyberPower and Dataprobe Vulnerabilities
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Ford WiFi Driver Vulnerability
https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122
CVE-2023-32019 Fix Enabled by Default;
https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
CyberPower and Dataprobe Vulnerabilities
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Ford WiFi Driver Vulnerability
https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
ISC StormCast for Monday, August 14th, 2023
14 augusti 2023 |
6 min
Show Me All Your Windows
https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116
Zero Touch Pwn
https://blog.syss.com/posts/zero-touch-pwn/
Maginot DNS Spoofing Attack
https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116
Zero Touch Pwn
https://blog.syss.com/posts/zero-touch-pwn/
Maginot DNS Spoofing Attack
https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
ISC StormCast for Friday, August 11th, 2023
11 augusti 2023 |
6 min
Some things never change, such as SQL Authentication "Encryption"
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
ISC StormCast for Thursday, August 10th, 2023
10 augusti 2023 |
6 min
Tunnelcrack VPN Vulnerability
https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Mozilla VPN Vulnerablity
https://www.openwall.com/lists/oss-security/2023/08/03/1
Non English Exchange Server Patch Issues
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true
VSCode Token Security
https://cycode.com/blog/exposing-vscode-secrets/
Weekly Updates for Google Chrome
https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Mozilla VPN Vulnerablity
https://www.openwall.com/lists/oss-security/2023/08/03/1
Non English Exchange Server Patch Issues
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true
VSCode Token Security
https://cycode.com/blog/exposing-vscode-secrets/
Weekly Updates for Google Chrome
https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
ISC StormCast for Wednesday, August 9th, 2023
9 augusti 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Tuesday, August 8th, 2023
8 augusti 2023 |
6 min
Update: Researchers Scanning the Internet
https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102
Malicious OpenBullet Configuration Files
https://www.kasada.io/threat-intel-openbullet-malware/
Abusing Cloudflare Tunnels
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102
Malicious OpenBullet Configuration Files
https://www.kasada.io/threat-intel-openbullet-malware/
Abusing Cloudflare Tunnels
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
ISC StormCast for Monday, August 7th, 2023
7 augusti 2023 |
5 min
Are Leaked Credential Dumps Used by Attackers?
https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098
New PaperCut RCE Vulnerability
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/
Microsoft Publishes Token theft Playbook
https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098
New PaperCut RCE Vulnerability
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/
Microsoft Publishes Token theft Playbook
https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
ISC StormCast for Friday, August 4th, 2023
4 augusti 2023 |
6 min
From small LNK to large malicious BAT file with zero VT score
https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094
Social Engineering via Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
Automating the Search for LOLBAS
https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/
Sneaky Versioning Used to Bypass Scanners
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt
Mitel Patches
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094
Social Engineering via Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
Automating the Search for LOLBAS
https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/
Sneaky Versioning Used to Bypass Scanners
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt
Mitel Patches
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
ISC StormCast for Thursday, August 3rd, 2023
3 augusti 2023 |
6 min
Zeek and Defender Endpoint
https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088
New Ivanti MobileIron Core Vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Salesforce Phishing
https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088
New Ivanti MobileIron Core Vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Salesforce Phishing
https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
ISC StormCast for Wednesday, August 2nd, 2023
2 augusti 2023 |
5 min
DNS Over HTTPS Summary
https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084
Malware Infects Airgapped Networks
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
Google Deleting Inactive Accounts
https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1
Google AMP Service Used for Phishing
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084
Malware Infects Airgapped Networks
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
Google Deleting Inactive Accounts
https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1
Google AMP Service Used for Phishing
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
ISC StormCast for Tuesday, August 1st, 2023
1 augusti 2023 |
6 min
Ivanti End Point Manager 2nd Zero Day
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
New Redis Malware Uses Unknown Initial Access Vector
https://www.cadosecurity.com/redis-p2pinfect/
https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Google Android 0-Day Summary
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
Wiping Sensitive Data from Printers
https://psirt.canon/advisory-information/cp2023-003/
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
New Redis Malware Uses Unknown Initial Access Vector
https://www.cadosecurity.com/redis-p2pinfect/
https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Google Android 0-Day Summary
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
Wiping Sensitive Data from Printers
https://psirt.canon/advisory-information/cp2023-003/
ISC StormCast for Monday, July 31st, 2023
31 juli 2023 |
5 min
USPS Phishing Scam Targeting iOS Users
https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
ISC StormCast for Friday, July 28th, 2023
28 juli 2023 |
6 min
Ubuntu OverlayFS Vulnerability
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
CISA Warns of Insecure Direct Option Reference Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Sophos UTM Patch
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
CISA Warns of Insecure Direct Option Reference Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Sophos UTM Patch
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
ISC StormCast for Thursday, July 27th, 2023
27 juli 2023 |
6 min
Suspicious IP Addresses Avoided By Malware Samples
https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068
Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
PySecDB: Security Commit Dataset in Python
https://github.com/SunLab-GMU/PySecDB
MacOS Infostealer
https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068
Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
PySecDB: Security Commit Dataset in Python
https://github.com/SunLab-GMU/PySecDB
MacOS Infostealer
https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
ISC StormCast for Wednesday, July 26th, 2023
26 juli 2023 |
5 min
Ivanti Patches Endpoint Manager Mobile
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Atlassian Patches
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
AMD Zen-2 Vulnerability
https://lock.cmpxchg8b.com/zenbleed.html
VMWare CVE-2023-20891
https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/
https://forums.ivanti.com/s/article/CVE-2023-35078-Remote-unauthenticated-API-access-vulnerability?language=en_US
Atlassian Patches
https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
AMD Zen-2 Vulnerability
https://lock.cmpxchg8b.com/zenbleed.html
VMWare CVE-2023-20891
https://socradar.io/vmwares-response-to-the-critical-cve-2023-20891-vulnerability-exposing-cf-api-admin-credentials/
ISC StormCast for Tuesday, July 25th, 2023
25 juli 2023 |
6 min
Apple Updates
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/
https://support.apple.com/en-us/HT201222
Parsing Data with jq
https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060
TETRA Radio Backdoor
https://www.wired.com/story/tetra-radio-encryption-backdoor/
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/
https://support.apple.com/en-us/HT201222
Parsing Data with jq
https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060
TETRA Radio Backdoor
https://www.wired.com/story/tetra-radio-encryption-backdoor/
ISC StormCast for Monday, July 24th, 2023
24 juli 2023 |
6 min
Shodan's API for the (Recon) Win!
https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050
Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
https://www.theregister.com/2023/07/21/microsoft_key_skeleton/
Okta Logs Decoded
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
Threat Actors Exploiting Citrix CVE-2023-3519
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
https://github.com/securekomodo/citrixInspector
https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050
Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
https://www.theregister.com/2023/07/21/microsoft_key_skeleton/
Okta Logs Decoded
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
Threat Actors Exploiting Citrix CVE-2023-3519
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
https://github.com/securekomodo/citrixInspector
ISC StormCast for Friday, July 21st, 2023
21 juli 2023 |
4 min
Deobfuscation of Malware Delivered Through a .bat File
https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048
Citrix CVE-2023-3519 Indicators of Compromise
https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/
ssh-agent vulnerability
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern
https://spring.io/security/cve-2023-34034
American Megatrends (AMI) MegaRAC BMC Vulnerabilities
https://eclypsium.com/research/bmcc-lights-out-forever/
https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048
Citrix CVE-2023-3519 Indicators of Compromise
https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/
ssh-agent vulnerability
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern
https://spring.io/security/cve-2023-34034
American Megatrends (AMI) MegaRAC BMC Vulnerabilities
https://eclypsium.com/research/bmcc-lights-out-forever/
ISC StormCast for Thursday, July 20th, 2023
20 juli 2023 |
3 min
Citrix ADC Vulneraiblity CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/
HAM Radio Enigma Machine Challenge
https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2023.html
Microsoft Expanding Cloud Logging
https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/
HAM Radio Enigma Machine Challenge
https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2023.html
Microsoft Expanding Cloud Logging
https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
ISC StormCast for Wednesday, July 19th, 2023
19 juli 2023 |
6 min
Exploit Attempts for "Stagil navigation for Jira Menus & Themes"
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038
Citrix Vulnerabilities
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Google Cloud Build Service Vulnerability
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038
Citrix Vulnerabilities
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Google Cloud Build Service Vulnerability
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
ISC StormCast for Tuesday, July 18th, 2023
18 juli 2023 |
5 min
Zimbra Vulnerability Exploited
https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15
Woocommerce Vulnerability Actively Being Exploited
https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
Adobe Coldfusion Flaws exploited
https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-rce-bug-exploited-in-attacks/
CISA Cloud Security Fact Sheet: Free Tools for Cloud Environments
https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf
JumpCloud Breach
https://arstechnica.com/security/2023/07/jumpcloud-says-nation-state-hacker-breach-targeted-some-of-its-customers/
https://blog.zimbra.com/2023/07/security-update-for-zimbra-collaboration-suite-version-8-8-15
Woocommerce Vulnerability Actively Being Exploited
https://www.rcesecurity.com/2023/07/patch-diffing-cve-2023-28121-to-compromise-a-woocommerce/
Adobe Coldfusion Flaws exploited
https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-rce-bug-exploited-in-attacks/
CISA Cloud Security Fact Sheet: Free Tools for Cloud Environments
https://www.cisa.gov/sites/default/files/2023-07/Free%20Tools%20for%20Cloud%20Environments_508c.pdf
JumpCloud Breach
https://arstechnica.com/security/2023/07/jumpcloud-says-nation-state-hacker-breach-targeted-some-of-its-customers/
ISC StormCast for Monday, July 17th, 2023
17 juli 2023 |
7 min
Microsoft Driver Certs Details
https://blog.talosintelligence.com/old-certificate-new-signature/
Threads App Lures
https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/
First Releases CVSS 4.0 Preview
https://www.first.org/cvss/
https://blog.talosintelligence.com/old-certificate-new-signature/
Threads App Lures
https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/
First Releases CVSS 4.0 Preview
https://www.first.org/cvss/
ISC StormCast for Friday, July 14th, 2023
14 juli 2023 |
6 min
DShield Honeypot Maintenance and Data Retention
https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
PoC Exploit: Fake Proof of Concept with Backdoor Malware
https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
GhostScript CVE-2023-36664 PoC Exploit
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
PoC Exploit: Fake Proof of Concept with Backdoor Malware
https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
GhostScript CVE-2023-36664 PoC Exploit
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
ISC StormCast for Thursday, July 13th, 2023
13 juli 2023 |
6 min
Apple Re-Releases Rapid Security Update for iOS/MacOS
https://support.apple.com/HT201224
Loader Activity For Formbook "QM18"
https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020
Adobe Patches
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
FortiOS/FortiProxy Stack Based Overflow
https://www.fortiguard.com/psirt/FG-IR-23-183
Citrix Secure Access Client for Ubuntu
https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
Sonicwall Updates
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
https://support.apple.com/HT201224
Loader Activity For Formbook "QM18"
https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020
Adobe Patches
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
FortiOS/FortiProxy Stack Based Overflow
https://www.fortiguard.com/psirt/FG-IR-23-183
Citrix Secure Access Client for Ubuntu
https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
Sonicwall Updates
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
ISC StormCast for Wednesday, July 12th, 2023
12 juli 2023 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/
https://blog.talosintelligence.com/old-certificate-new-signature/
Apple Withdraws Rapid Security Response Update
https://support.apple.com/en-us/HT213827
https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/
https://blog.talosintelligence.com/old-certificate-new-signature/
Apple Withdraws Rapid Security Response Update
https://support.apple.com/en-us/HT213827
ISC StormCast for Tuesday, July 11th, 2023
11 juli 2023 |
6 min
Apple Rapid Security Update Patches Three Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012
Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/
Mozilla Restricting Extensions on Quarantined Domains
https://support.mozilla.org/en-US/kb/quarantined-domains
https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
https://lapcatsoftware.com/articles/2023/7/1.html
https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012
Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/
Mozilla Restricting Extensions on Quarantined Domains
https://support.mozilla.org/en-US/kb/quarantined-domains
https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
https://lapcatsoftware.com/articles/2023/7/1.html
ISC StormCast for Monday, July 10th, 2023
10 juli 2023 |
4 min
DSSuite Didier Toolbox Cokcer Image Update
https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
ISC StormCast for Friday, July 7th, 2023
7 juli 2023 |
6 min
IDS Comparisons with DShield Honeypot Data
https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002
Truebot Exploits Netwrix Auditor
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Stackrot Linux Priviledge Escalation Vulnerability
https://www.openwall.com/lists/oss-security/2023/07/05/1
TeamsPhisher Exploit
https://github.com/Octoberfest7/TeamsPhisher
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2023-0015.html
https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002
Truebot Exploits Netwrix Auditor
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Stackrot Linux Priviledge Escalation Vulnerability
https://www.openwall.com/lists/oss-security/2023/07/05/1
TeamsPhisher Exploit
https://github.com/Octoberfest7/TeamsPhisher
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2023-0015.html
ISC StormCast for Thursday, July 6th, 2023
6 juli 2023 |
7 min
DShield pfSense Client Update
https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
ISC StormCast for Friday, June 30th, 2023
30 juni 2023 |
7 min
GuLoader or BatLoader/Modiloader infection fro Remcos RAT
https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990
CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
Sysmon Update
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36
Drone Security and Fault Injection Attacks
https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990
CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
Sysmon Update
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36
Drone Security and Fault Injection Attacks
https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
ISC StormCast for Thursday, June 29th, 2023
29 juni 2023 |
6 min
Kazkhastan: The world's last SSLv2 Super Power
https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988
npm manifest issues
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988
npm manifest issues
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
ISC StormCast for Wednesday, June 28th, 2023
28 juni 2023 |
5 min
The Importance of Malware Triage
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://dl.acm.org/doi/abs/10.1145/3579371.3589063
Dell BIOS Updates
https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability
Google Chrome Update
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://dl.acm.org/doi/abs/10.1145/3579371.3589063
Dell BIOS Updates
https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability
Google Chrome Update
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
ISC StormCast for Tuesday, June 27th, 2023
27 juni 2023 |
5 min
BlackLotus Mitigation Guide
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
Camaro Dragon Infects USB Drives as well as Network Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Grafana Security Release
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
Camaro Dragon Infects USB Drives as well as Network Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Grafana Security Release
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
ISC StormCast for Monday, June 26th, 2023
26 juni 2023 |
7 min
Email Spam With Modiloader Attached
https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978
Word Document with an Online Attached Template
https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976
Quakbot Activity Obama271 Distrubution Tag
https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968
Microsoft Teams External Tenant Confusion
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Free Smart Watches
https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978
Word Document with an Online Attached Template
https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976
Quakbot Activity Obama271 Distrubution Tag
https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968
Microsoft Teams External Tenant Confusion
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Free Smart Watches
https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
ISC StormCast for Friday, June 23rd, 2023
23 juni 2023 |
5 min
Apple Updates Already Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972
Heap Buffer Overflow in VMWare VCenter
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
GitHub RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972
Heap Buffer Overflow in VMWare VCenter
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
GitHub RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
ISC StormCast for Thursday, June 22nd, 2023
22 juni 2023 |
6 min
Analyzing a YouTube Sponsorship Phishing E-Mail
https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966
Malicious Code Can Be Anywhere
https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964
Zyxel Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
Huawei Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en
Asus Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
VMWare Aria Vuln Exploited
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966
Malicious Code Can Be Anywhere
https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964
Zyxel Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
Huawei Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en
Asus Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
VMWare Aria Vuln Exploited
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
ISC StormCast for Tuesday, June 20th, 2023
20 juni 2023 |
6 min
Formbook From Possible ModiLoaeder (DBatLoader)
https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958
Brute-Force ZIP Password Cracking with zipdump.py
https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948
Malware Delivered Through .inf File
https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960
FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958
Brute-Force ZIP Password Cracking with zipdump.py
https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948
Malware Delivered Through .inf File
https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960
FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
ISC StormCast for Friday, June 16th, 2023
16 juni 2023 |
6 min
Supervision and Verfication in Vulnerability Management
https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952
More MOVEit issues
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
Critical Citrix Sharefile Storagezones Controller
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Chromeloader Malware Update
https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/
Bignum NPM Package Compromise
https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952
More MOVEit issues
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
Critical Citrix Sharefile Storagezones Controller
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Chromeloader Malware Update
https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/
Bignum NPM Package Compromise
https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
ISC StormCast for Thursday, June 15th, 2023
15 juni 2023 |
6 min
Deobfuscating a VBS Script With Custom Encoding
https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940
Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann
How to Manage the Vulnerailbity Associated with CVE-2023-32019
https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
Fake Security Research GitHub Repos
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Fortigate Vuln Details
https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940
Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann
How to Manage the Vulnerailbity Associated with CVE-2023-32019
https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
Fake Security Research GitHub Repos
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Fortigate Vuln Details
https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
ISC StormCast for Wednesday, June 14th, 2023
14 juni 2023 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/
VMWare 0-Day
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/
VMWare 0-Day
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
ISC StormCast for Tuesday, June 13th, 2023
13 juni 2023 |
6 min
Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps
https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936
Fortinet Update CVE-2023-27997
https://www.fortiguard.com/psirt/FG-IR-23-097
Bitwarden Key Accessible By Low Privileged User
https://hackerone.com/reports/1874155
Western Digital SMART Flag Abuse
https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936
Fortinet Update CVE-2023-27997
https://www.fortiguard.com/psirt/FG-IR-23-097
Bitwarden Key Accessible By Low Privileged User
https://hackerone.com/reports/1874155
Western Digital SMART Flag Abuse
https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
ISC StormCast for Monday, June 12th, 2023
12 juni 2023 |
6 min
Undetected PowerShell Backdoor Disduigsed as a Profiled File
https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930
DShield Honeypot Activity for May 2023
https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932
Second MOVEit Vulnerability
https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Fortinet Patches CVE-2023-27997
https://twitter.com/cfreal_/status/1667852157536616451
https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930
DShield Honeypot Activity for May 2023
https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932
Second MOVEit Vulnerability
https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Fortinet Patches CVE-2023-27997
https://twitter.com/cfreal_/status/1667852157536616451
ISC StormCast for Friday, June 9th, 2023
9 juni 2023 |
5 min
Geoserver Scans
https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926
Barracuda Recommends Replacing Compromised Devices
https://www.barracuda.com/company/legal/esg-vulnerability
Google improves Chrome Password Manager
https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf
Minecraft Mods Include Malicious Code
https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/
Trend Micro Service Pack
https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926
Barracuda Recommends Replacing Compromised Devices
https://www.barracuda.com/company/legal/esg-vulnerability
Google improves Chrome Password Manager
https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf
Minecraft Mods Include Malicious Code
https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/
Trend Micro Service Pack
https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
ISC StormCast for Thursday, June 8th, 2023
8 juni 2023 |
6 min
DMARC in .co TLD
https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922
Three Vulnerabilities in VMWare Aria Operations for Networks
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
SpinOK Spyware SDK found in Android Apps
https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en
https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk
Cisco Anyconnect Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
RSA Webcast
https://www.rsaconference.com/library/webcast/149-sans-followup-2023
https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922
Three Vulnerabilities in VMWare Aria Operations for Networks
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
SpinOK Spyware SDK found in Android Apps
https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en
https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk
Cisco Anyconnect Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
RSA Webcast
https://www.rsaconference.com/library/webcast/149-sans-followup-2023
ISC StormCast for Wednesday, June 7th, 2023
7 juni 2023 |
6 min
Github Copilot vs Google: Which Code is More Secure
https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/
Android Update
https://source.android.com/docs/security/bulletin/2023-06-01
Chrome Updates
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
FBI Warns of Manipulated Photos and Videos For Sextortion
https://www.ic3.gov/Media/Y2023/PSA230605
https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/
Android Update
https://source.android.com/docs/security/bulletin/2023-06-01
Chrome Updates
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
FBI Warns of Manipulated Photos and Videos For Sextortion
https://www.ic3.gov/Media/Y2023/PSA230605
ISC StormCast for Tuesday, June 6th, 2023
6 juni 2023 |
5 min
Brute Forcing Simple Archive Passwords
https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914
KeePass 2.54 Released
https://keepass.info/news/n230603_2.54.html
Splunk Advisories
https://advisory.splunk.com/advisories
Malicious Google Chrome Extensions
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Symantec Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914
KeePass 2.54 Released
https://keepass.info/news/n230603_2.54.html
Splunk Advisories
https://advisory.splunk.com/advisories
Malicious Google Chrome Extensions
https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/
Symantec Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217
ISC StormCast for Monday, June 5th, 2023
5 juni 2023 |
6 min
Critical Vulnerability in MoveIT Transfer Actively Exploited
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Atomic Wallet Compromise
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
Magecart Update
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Atomic Wallet Compromise
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
Magecart Update
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
ISC StormCast for Friday, June 2nd, 2023
2 juni 2023 |
17 min
After 28 Years, SSLv2 is Still Not Gone
https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
ISC StormCast for Thursday, June 1st, 2023
1 juni 2023 |
7 min
Apache NiFi Attacks
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
ISC StormCast for Wednesday, May 31st, 2023
31 maj 2023 |
6 min
Malspam Pushes ModiLoader Infection for Remocs Rat
https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
ISC StormCast for Tuesday, May 30th, 2023
30 maj 2023 |
6 min
Analyzing Office Documents Embedded Inside PowerPoint Files
https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
ISC StormCast for Friday, May 26th, 2023
26 maj 2023 |
5 min
IR Case/Alert Management
https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880
Exploit for CVE-2023-2825 GitLab Vulnerability
https://github.com/Occamsec/CVE-2023-2825
Expo Framework OAUTH Vulnerability CVE-2023-28131
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004
D-Link Vulnerabilities
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880
Exploit for CVE-2023-2825 GitLab Vulnerability
https://github.com/Occamsec/CVE-2023-2825
Expo Framework OAUTH Vulnerability CVE-2023-28131
https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services
Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004
D-Link Vulnerabilities
https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332
ISC StormCast for Thursday, May 25th, 2023
25 maj 2023 |
6 min
More Data Enrichment for Cowrie Logs
https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
ISC StormCast for Wednesday, May 24th, 2023
24 maj 2023 |
6 min
Apache Nifi Scans
https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
ISC StormCast for Tuesday, May 23rd, 2023
23 maj 2023 |
5 min
Probes for recent ABUS Security Camera Vulnerability
https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870
.ZIP Domains Confuse Virustotal
https://twitter.com/imohanasundaram/status/1660678184977805316
Synology DSM 6.2 Patch
https://www.synology.com/en-global/security/advisory/Synology_SA_22_25
Jenkins Fixes Multiple Plugin Vulnerabilities
https://www.jenkins.io/security/advisory/2023-05-16/
PyPi Suspension Lifted
https://status.python.org/incidents/qy2t9mjjcc7g
Nissan Sylphy Classic Key Vulnerability
https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870
.ZIP Domains Confuse Virustotal
https://twitter.com/imohanasundaram/status/1660678184977805316
Synology DSM 6.2 Patch
https://www.synology.com/en-global/security/advisory/Synology_SA_22_25
Jenkins Fixes Multiple Plugin Vulnerabilities
https://www.jenkins.io/security/advisory/2023-05-16/
PyPi Suspension Lifted
https://status.python.org/incidents/qy2t9mjjcc7g
Nissan Sylphy Classic Key Vulnerability
https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281
ISC StormCast for Monday, May 22nd, 2023
22 maj 2023 |
6 min
Another Malicious HTA File Analysis - Part 3
https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
ISC StormCast for Friday, May 19th, 2023
19 maj 2023 |
7 min
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
ISC StormCast for Thursday, May 18th, 2023
18 maj 2023 |
6 min
Increase in Malicious RAR SFX Files
https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
ISC StormCast for Wednesday, May 17th, 2023
17 maj 2023 |
6 min
Signals Defense With Faraday Bags
https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
ISC StormCast for Tuesday, May 16th, 2023
16 maj 2023 |
5 min
Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links
https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
ISC StormCast for Monday, May 15th, 2023
15 maj 2023 |
7 min
The .zip gTLD: Risks and Opportunities
https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/
Brave Forgetful Browsing
https://brave.com/privacy-updates/25-forgetful-browsing/
Intel Mystery Microcode Patch
https://www.phoronix.com/news/Intel-12-May-2023-Microcode
Netgear Updates
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_23_04
https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/
Brave Forgetful Browsing
https://brave.com/privacy-updates/25-forgetful-browsing/
Intel Mystery Microcode Patch
https://www.phoronix.com/news/Intel-12-May-2023-Microcode
Netgear Updates
https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_23_04
https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022
ISC StormCast for Friday, May 12th, 2023
12 maj 2023 |
6 min
Geolocating IPs is Harder Than You Think
https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
ISC StormCast for Thursday, May 11th, 2023
11 maj 2023 |
6 min
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2
https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828
Microsoft Patched Outlook (actually Windows) vulnerability again
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Law Enforcement and Intelligence Agencies Disable "Snake" Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Fake System Update Drop Malware
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828
Microsoft Patched Outlook (actually Windows) vulnerability again
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Law Enforcement and Intelligence Agencies Disable "Snake" Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Fake System Update Drop Malware
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
ISC StormCast for Wednesday, May 10th, 2023
10 maj 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826
GitHub "Push Protection" now out of Beta
https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826
GitHub "Push Protection" now out of Beta
https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
ISC StormCast for Tuesday, May 9th, 2023
9 maj 2023 |
6 min
QR Codes Used in Fake Parking Tickets and Surveys
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
Microsoft Edge Update
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
Facebook Sees More Fake ChatGPT
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/
CyberGhost VPN Vulnerability
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
Microsoft Edge Update
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
Facebook Sees More Fake ChatGPT
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/
CyberGhost VPN Vulnerability
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
ISC StormCast for Monday, May 8th, 2023
8 maj 2023 |
6 min
Quickly Finding Encoded Payloads in Office Documents
https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1
https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/
Guildma is now Abusing Colorcpl.exe LOLBIN
https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/
Leaked MSI Keys
https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md
https://twitter.com/matrosov/status/1654560343295934464
PHP Packages Compromised
https://blog.packagist.com/packagist-org-maintainer-account-takeover/
https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1
https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/
Guildma is now Abusing Colorcpl.exe LOLBIN
https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/
Leaked MSI Keys
https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md
https://twitter.com/matrosov/status/1654560343295934464
PHP Packages Compromised
https://blog.packagist.com/packagist-org-maintainer-account-takeover/
ISC StormCast for Friday, May 5th, 2023
5 maj 2023 |
6 min
Infostealer Embedded in a Word Document
https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810
Cisco SPA-112 Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
Fortinet May Updates
https://www.fortiguard.com/psirt?date=05-2023
PaperCut exploitation - A Different Path to Code Execution
https://vulncheck.com/blog/papercut-rce
https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810
Cisco SPA-112 Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
Fortinet May Updates
https://www.fortiguard.com/psirt?date=05-2023
PaperCut exploitation - A Different Path to Code Execution
https://vulncheck.com/blog/papercut-rce
ISC StormCast for Thursday, May 4th, 2023
4 maj 2023 |
8 min
Increased Number of Configuration File Scans
https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806
Google Enabling Passkeys
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Chrome to Drop Lock Icon from HTTPS
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Attack Against AMD TPM Implementation
https://arxiv.org/abs/2304.14717
https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806
Google Enabling Passkeys
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Chrome to Drop Lock Icon from HTTPS
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Attack Against AMD TPM Implementation
https://arxiv.org/abs/2304.14717
ISC StormCast for Wednesday, May 3rd, 2023
3 maj 2023 |
6 min
VBA Project References
https://isc.sans.edu/diary/VBA%20Project%20References/29800
BGP Message Parsing Vulnerabilities in FRRouting
https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/
JWT ECDSA Algorithm Confusion
https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f
https://isc.sans.edu/diary/VBA%20Project%20References/29800
BGP Message Parsing Vulnerabilities in FRRouting
https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/
JWT ECDSA Algorithm Confusion
https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f
ISC StormCast for Tuesday, May 2nd, 2023
2 maj 2023 |
6 min
Passive Analysis of a Phishing Attachment
https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798
Apple Rapid Security Response
https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/
Grafana Security Release
https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/
Illumina Vulnerability
https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798
Apple Rapid Security Response
https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/
Grafana Security Release
https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/
Illumina Vulnerability
https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
ISC StormCast for Monday, May 1st, 2023
1 maj 2023 |
5 min
Quick IOC Scan With Docker
https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788
Dobfuscation Scripts When Encodings Help
https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792
Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram
https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/
Zyxel Firewall Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788
Dobfuscation Scripts When Encodings Help
https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792
Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram
https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/
Zyxel Firewall Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
ISC StormCast for Friday, April 28th, 2023
28 april 2023 |
6 min
Ransomware Gang Exploiting Unpatches Veeam Backup Products
https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products
Google Authenticator Sync Encryption
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Keycloak Vulnerability
https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products
Google Authenticator Sync Encryption
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Keycloak Vulnerability
https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
ISC StormCast for Thursday, April 27th, 2023
27 april 2023 |
6 min
Strolling Through Cyberspace and Hunting for Phishing Sites
https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780
RSA Panel: Five most dangerous new attack techniques
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780
RSA Panel: Five most dangerous new attack techniques
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
ISC StormCast for Wednesday, April 26th, 2023
26 april 2023 |
6 min
Calculating CVSS Scores with ChatGPT
https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774
Amplifying SLP Traffic
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
Insecure Default Configuration in Apache Superset
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE;
PoC Exploit for Sophos Web Appliciance
https://github.com/W01fh4cker/CVE-2023-1671-POC
https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774
Amplifying SLP Traffic
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
Insecure Default Configuration in Apache Superset
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE;
PoC Exploit for Sophos Web Appliciance
https://github.com/W01fh4cker/CVE-2023-1671-POC
ISC StormCast for Tuesday, April 25th, 2023
25 april 2023 |
6 min
Aukill EDR Killer Malware Abuses Process Explorer Driver
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
Papercut Vulnerability Deep Dive
https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm
Schneider Electric Update
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf
Virustotal Code Insight
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
Papercut Vulnerability Deep Dive
https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm
Schneider Electric Update
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf
Virustotal Code Insight
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
ISC StormCast for Monday, April 24th, 2023
24 april 2023 |
6 min
Management of DMARC control for email impersonation fo domains in the .co TLD
https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/
X_Trader Supply Chain Attack Fallout
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Car Hacking with Old Nokia Phones
https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless
Dog Hunt Finding Decoy Dog Toolkit
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/
X_Trader Supply Chain Attack Fallout
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Car Hacking with Old Nokia Phones
https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless
Dog Hunt Finding Decoy Dog Toolkit
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
ISC StormCast for Friday, April 21st, 2023
21 april 2023 |
7 min
Taking a Bite Out of Password Expiry Helpdesk Calls
https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758
3CX Software Supply Chain Compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Ghost Tokens
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
PyPi Trusted Publishers
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758
3CX Software Supply Chain Compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Ghost Tokens
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
PyPi Trusted Publishers
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
ISC StormCast for Thursday, April 20th, 2023
20 april 2023 |
5 min
Yet Another Google Chrome 0-Day
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Oracle Critical Patch Update April 2023
https://www.oracle.com/security-alerts/cpuapr2023.html
Github Provenance Action for npm Packages
https://www.theregister.com/2023/04/19/github_actions_npm_origins/
Microsoft Revises Threat Actor Naming
https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Oracle Critical Patch Update April 2023
https://www.oracle.com/security-alerts/cpuapr2023.html
Github Provenance Action for npm Packages
https://www.theregister.com/2023/04/19/github_actions_npm_origins/
Microsoft Revises Threat Actor Naming
https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
ISC StormCast for Wednesday, April 19th, 2023
19 april 2023 |
5 min
UDDIs Are Back: Attackers Rediscovering Old Exploits.
https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer;
UDDIExplorer;
Russian Attacks against Routers
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Information Leakage on Discarded Routers
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer;
UDDIExplorer;
Russian Attacks against Routers
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Information Leakage on Discarded Routers
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
ISC StormCast for Tuesday, April 18th, 2023
18 april 2023 |
5 min
The strange case of the Great Honeypot of China
https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750
The LockBit ransomware (kinda) comes for macOS
https://objective-see.org/blog/blog_0x75.html
Google Cloud Used as C&C
https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750
The LockBit ransomware (kinda) comes for macOS
https://objective-see.org/blog/blog_0x75.html
Google Cloud Used as C&C
https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
ISC StormCast for Monday, April 17th, 2023
17 april 2023 |
5 min
Attack Campaing Tht Uses Fake Google Chrome Errors
https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
Chromium Publishes Emergency Update
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
LAPS Update Errors
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Manage Engine Vulnerability
https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com
Chromium Publishes Emergency Update
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html
LAPS Update Errors
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Manage Engine Vulnerability
https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-ManageEngine-ADManager-plus/
ISC StormCast for Friday, April 14th, 2023
14 april 2023 |
6 min
HTTP: What's Left of it and the OCSP Problem
https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744
NTP Vulnerability Update
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
SecurePoint UTM Vulnerability CVE-2023-22897
https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/
Google Cloud Assured Open Source Software Services
https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744
NTP Vulnerability Update
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
SecurePoint UTM Vulnerability CVE-2023-22897
https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/
Google Cloud Assured Open Source Software Services
https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
ISC StormCast for Thursday, April 13th, 2023
13 april 2023 |
6 min
Recent IcedID (Bokbot) activity
https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/
Microsoft Message Queue Vulnerabilities Details
https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/
NTP Vulnerabilities
https://github.com/spwpun/ntp-4.2.8p15-cves
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/
Microsoft Message Queue Vulnerabilities Details
https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/
NTP Vulnerabilities
https://github.com/spwpun/ntp-4.2.8p15-cves
https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938
ISC StormCast for Wednesday, April 12th, 2023
12 april 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736
Windows LAPS Available as part of Windows
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736
Windows LAPS Available as part of Windows
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Tuesday, April 11th, 2023
11 april 2023 |
6 min
Another Malicious HTA File Analysis - Part 2
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676
Apple Updates for Older Operating Systems
https://support.apple.com/en-us/HT201222
MSI Attack May Affect BIOS Updates
https://www.msi.com/news/detail/MSI-Statement-141688
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676
Apple Updates for Older Operating Systems
https://support.apple.com/en-us/HT201222
MSI Attack May Affect BIOS Updates
https://www.msi.com/news/detail/MSI-Statement-141688
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
ISC StormCast for Monday, April 10th, 2023
10 april 2023 |
7 min
Detecting Suspicious API Usage with YARA Rules
https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726
VM2 Sandbox Escape
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726
VM2 Sandbox Escape
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
ISC StormCast for Friday, April 7th, 2023
7 april 2023 |
7 min
Self Extracting Archives
https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
loldrivers
https://www.loldrivers.io
Trellix Privilege Escalation
https://kcm.trellix.com/corporate/index?page=content&id=SB10396
HP LaserJet Vuln.
https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/
loldrivers
https://www.loldrivers.io
Trellix Privilege Escalation
https://kcm.trellix.com/corporate/index?page=content&id=SB10396
HP LaserJet Vuln.
https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838
ISC StormCast for Thursday, April 6th, 2023
6 april 2023 |
7 min
Exploration of DShield Cowrie Data with jq
https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714
NEXX Garage Door Vulnerability
https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc
OneNote Changes
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
MSFT Changes to Auto-Update
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060
NPM Spam DDoS Attacks
https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714
NEXX Garage Door Vulnerability
https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc
OneNote Changes
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
MSFT Changes to Auto-Update
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060
NPM Spam DDoS Attacks
https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
ISC StormCast for Wednesday, April 5th, 2023
5 april 2023 |
6 min
Analyzing the efile.com Malware
https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712
ALPHV Ransomware Targets Backup Installations
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Sophos Web Appliance Vulnerability (and EoL)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
Zimbra Exploited in Targeted Attacks
https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712
ALPHV Ransomware Targets Backup Installations
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Sophos Web Appliance Vulnerability (and EoL)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
Zimbra Exploited in Targeted Attacks
https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
ISC StormCast for Tuesday, April 4th, 2023
4 april 2023 |
8 min
efile.com compromise
https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/
Western Digital MyCloud Breach
https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/
3CX Compromise Affected Cryptocoin Exchanges
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/
Western Digital MyCloud Breach
https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/
3CX Compromise Affected Cryptocoin Exchanges
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
ISC StormCast for Monday, April 3rd, 2023
3 april 2023 |
6 min
Use of X-Frame-Options and CSP frame-ancestors security headers
https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698
oledump supporting MSI Files
https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/
3CX Update
https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
PinDuoDuo App shows anomalous behaviour
https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698
oledump supporting MSI Files
https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/
3CX Update
https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
PinDuoDuo App shows anomalous behaviour
https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
ISC StormCast for Friday, March 31st, 2023
31 mars 2023 |
6 min
Malicious 3CX Dekstop App Update
Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY
3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/
SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html
Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Bypassing PowerShell Strong Obfuscation
https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY
3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/
SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html
Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Bypassing PowerShell Strong Obfuscation
https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
ISC StormCast for Thursday, March 30th, 2023
30 mars 2023 |
5 min
Extracting Multiple Streams From OLE Files
https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688
3CXDesktop App Compromise
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Microsoft Defender False Positives
https://twitter.com/MSFT365Status/status/1641048649525260289
https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login)
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
QNAP Patch for sudo vulnerablity
https://www.qnap.com/en/security-advisory/qsa-23-11
https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688
3CXDesktop App Compromise
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Microsoft Defender False Positives
https://twitter.com/MSFT365Status/status/1641048649525260289
https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login)
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
QNAP Patch for sudo vulnerablity
https://www.qnap.com/en/security-advisory/qsa-23-11
ISC StormCast for Wednesday, March 29th, 2023
29 mars 2023 |
5 min
Network Data Collector Placement Makes a Difference
https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
ISC StormCast for Tuesday, March 28th, 2023
28 mars 2023 |
5 min
Another Malicious HTA File Analysis Part 1
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682
MacStealer Malware Exfiltrates Mac Secrets
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682
MacStealer Malware Exfiltrates Mac Secrets
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
ISC StormCast for Monday, March 27th, 2023
27 mars 2023 |
5 min
Update for Windows Snipping Tool
https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670
GitHub Rotates SSH Keys
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
redis-py vulnerability leads to mixed up sessions, affects ChatGPT
https://openai.com/blog/march-20-chatgpt-outage
Linux Tech Tips YouTube Hack
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
CyberChef Update
https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670
GitHub Rotates SSH Keys
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
redis-py vulnerability leads to mixed up sessions, affects ChatGPT
https://openai.com/blog/march-20-chatgpt-outage
Linux Tech Tips YouTube Hack
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
CyberChef Update
https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
ISC StormCast for Friday, March 24th, 2023
24 mars 2023 |
6 min
Cropping and Redacting Images Safely
https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666
Untitled Goose Tool
https://github.com/cisagov/untitledgoosetool
Veeam Vulnerability Details
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Unicode Support in Python used to Evade Detection
https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666
Untitled Goose Tool
https://github.com/cisagov/untitledgoosetool
Veeam Vulnerability Details
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Unicode Support in Python used to Evade Detection
https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
ISC StormCast for Thursday, March 23rd, 2023
23 mars 2023 |
6 min
Windows Snipping Tool Privacy Bug: Inspecting PNG Files
https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660
Acropalypse Detection and Sanitization Tools
https://github.com/infobyte/CVE-2023-21036
WooCommerce Skimmer Reveals Tampered Gateway Plugin
https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html
Netgear Orbi Router Vulnerable
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660
Acropalypse Detection and Sanitization Tools
https://github.com/infobyte/CVE-2023-21036
WooCommerce Skimmer Reveals Tampered Gateway Plugin
https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html
Netgear Orbi Router Vulnerable
https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/
ISC StormCast for Wednesday, March 22nd, 2023
22 mars 2023 |
6 min
String Obfuscation: Character Pair Reversal
https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654
Windows 11 Snipping Tool Privacy Bug
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/
Malicious .Net Packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
Spring Framework Vulnerability
https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861
Snappy Vulnerability
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654
Windows 11 Snipping Tool Privacy Bug
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/
Malicious .Net Packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
Spring Framework Vulnerability
https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861
Snappy Vulnerability
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
ISC StormCast for Tuesday, March 21st, 2023
21 mars 2023 |
5 min
From Phishing Kit to Telegram ... or Not
https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650
Emotet uses OneNote
https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
WSUS Update
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations
DOTRUNPEX .Net Injector
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650
Emotet uses OneNote
https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
WSUS Update
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations
DOTRUNPEX .Net Injector
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
ISC StormCast for Monday, March 20th, 2023
20 mars 2023 |
7 min
Old Backdoor, New Obfuscation
https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646
Samsung Exynos Chip Vulnerability
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Android Image Cropping Problem
https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1
https://acropalypse.app/
Bitwarden Pins
https://ambiso.github.io/bitwarden-pin/
https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646
Samsung Exynos Chip Vulnerability
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Android Image Cropping Problem
https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1
https://acropalypse.app/
Bitwarden Pins
https://ambiso.github.io/bitwarden-pin/
ISC StormCast for Friday, March 17th, 2023
17 mars 2023 |
7 min
Simple Shellcode Dissection
https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642
Threat Actors Exploit Progress Telerik Vulnerablity
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Abusing Adobe Acrobat Sign to Distribute Malware
https://blog.avast.com/adobe-acrobat-sign-malware
Zoom Patches
https://explore.zoom.us/en/trust/security/security-bulletin/
Array Networks Advisory
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
Aruba Patches
https://www.arubanetworks.com/support-services/security-bulletins/
https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642
Threat Actors Exploit Progress Telerik Vulnerablity
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a
Abusing Adobe Acrobat Sign to Distribute Malware
https://blog.avast.com/adobe-acrobat-sign-malware
Zoom Patches
https://explore.zoom.us/en/trust/security/security-bulletin/
Array Networks Advisory
https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf
Aruba Patches
https://www.arubanetworks.com/support-services/security-bulletins/
ISC StormCast for Thursday, March 16th, 2023
16 mars 2023 |
7 min
IPFS Phishing and the need for correctly set HTTP security headers
https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
CVE-2023-23415 ICMP RCE
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Chromium Certificate Proposals
https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
CVE-2023-23415 ICMP RCE
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Chromium Certificate Proposals
https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
ISC StormCast for Wednesday, March 15th, 2023
15 mars 2023 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634
Adobe Cold Fusion and Magento (Adobe Commerce) patches
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634
Adobe Cold Fusion and Magento (Adobe Commerce) patches
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
ISC StormCast for Tuesday, March 14th, 2023
14 mars 2023 |
5 min
SVB Scams and New Domain Registrations
https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630
CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/
FortiOS Vulnerability Exploited
https://www.fortiguard.com/psirt/FG-IR-22-369
https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630
CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/
FortiOS Vulnerability Exploited
https://www.fortiguard.com/psirt/FG-IR-22-369
ISC StormCast for Monday, March 13th, 2023
13 mars 2023 |
6 min
AsynRAT Trojan - Bill Payment (Pago de la factura)
https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626
Mirai Payload Generator
https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624
Multi-Technology Script Leading to Browser Hijacking
https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620
OneNote will warn users of embeded content
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277
Google Removing Chrome Cleanup Tool
https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626
Mirai Payload Generator
https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624
Multi-Technology Script Leading to Browser Hijacking
https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620
OneNote will warn users of embeded content
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277
Google Removing Chrome Cleanup Tool
https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
ISC StormCast for Friday, March 10th, 2023
10 mars 2023 |
6 min
Suspected Chinese Campaign to Persist on SonicWall Devices
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
Old Cyber Gang Uses New Crypted - ScrubCrypt
https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Home Assistant Supervisor Security Vulnerability
https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/
Fake ChatGPT Chrome Extensions
https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/
Criminals Steal Crytocurrency through Play-to-Earn Games
https://www.ic3.gov/Media/Y2023/PSA230309
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
Old Cyber Gang Uses New Crypted - ScrubCrypt
https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Home Assistant Supervisor Security Vulnerability
https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/
Fake ChatGPT Chrome Extensions
https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/
Criminals Steal Crytocurrency through Play-to-Earn Games
https://www.ic3.gov/Media/Y2023/PSA230309
ISC StormCast for Thursday, March 9th, 2023
9 mars 2023 |
6 min
Increase in exploits against Joomla (CVE-2023-23752)
https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614
Jenkins RCE Vulnerability
https://blog.aquasec.com/jenkins-server-vulnerabilities
Bitwarden: The Curious Use-Case of Password Pilfering
https://flashpoint.io/blog/bitwarden-password-pilfering/
FortiOS Vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-23-001
Veeam Backup Vulnerabilities
https://www.veeam.com/kb4245
https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614
Jenkins RCE Vulnerability
https://blog.aquasec.com/jenkins-server-vulnerabilities
Bitwarden: The Curious Use-Case of Password Pilfering
https://flashpoint.io/blog/bitwarden-password-pilfering/
FortiOS Vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-23-001
Veeam Backup Vulnerabilities
https://www.veeam.com/kb4245
ISC StormCast for Wednesday, March 8th, 2023
8 mars 2023 |
6 min
Hackers Love This VSCode Extension: What You Can Do to Stay Safe
https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610
Protecting Android Clipboard Content from Unintended Exposure
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
SYS01 Stealer Targeting Facebook Accounts
https://blog.morphisec.com/sys01stealer-facebook-info-stealer
https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610
Protecting Android Clipboard Content from Unintended Exposure
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
SYS01 Stealer Targeting Facebook Accounts
https://blog.morphisec.com/sys01stealer-facebook-info-stealer
ISC StormCast for Tuesday, March 7th, 2023
7 mars 2023 |
5 min
Scanning s3 Buckets
https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606
HiatusRAT Router Malware
https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
Windows Word RCE Proof-of-Concept
https://twitter.com/jduck/status/1632471544935923712
https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
DBatLoader and Remcos RAT
https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606
HiatusRAT Router Malware
https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
Windows Word RCE Proof-of-Concept
https://twitter.com/jduck/status/1632471544935923712
https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
DBatLoader and Remcos RAT
https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
ISC StormCast for Monday, March 6th, 2023
6 mars 2023 |
5 min
SANS.edu Commencement
https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/
SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Preventing Malicious OneNote Files
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/
Redis Miner Leverages Command Line File Hosting Service
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/
SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Preventing Malicious OneNote Files
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/
Redis Miner Leverages Command Line File Hosting Service
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
ISC StormCast for Friday, March 3rd, 2023
3 mars 2023 |
14 min
YARA: Detect the Unexpected
https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598
Drone Security and the Mysterious Case of DJI's DroneID
https://github.com/RUB-SysSec/DroneSecurity
Booking.com OAuth Flaw
https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline
https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598
Drone Security and the Mysterious Case of DJI's DroneID
https://github.com/RUB-SysSec/DroneSecurity
Booking.com OAuth Flaw
https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline
https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
ISC StormCast for Thursday, March 2nd, 2023
2 mars 2023 |
6 min
Python Infostealer Targeting Gamers
https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596
DNS Abuse Techniques Matrix
https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf
BlackLotus UEFI Bootkit
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
TCG TPM2.0 implementations vulnerable to memory corruption
https://kb.cert.org/vuls/id/782720
Aruba Vulnerability
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt
Cisco VoIP Phone WebUI RCE
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596
DNS Abuse Techniques Matrix
https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf
BlackLotus UEFI Bootkit
https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/
TCG TPM2.0 implementations vulnerable to memory corruption
https://kb.cert.org/vuls/id/782720
Aruba Vulnerability
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt
Cisco VoIP Phone WebUI RCE
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP
ISC StormCast for Wednesday, March 1st, 2023
1 mars 2023 |
6 min
BB11 Distribution Qakbot (Qbot) activity
https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592
LastPass Incident Details
https://support.lastpass.com/help/incident-1-additional-details-of-the-attack
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
CISA Red Team Shares Key Findings
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Jailbreak Chat
https://www.jailbreakchat.com
https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592
LastPass Incident Details
https://support.lastpass.com/help/incident-1-additional-details-of-the-attack
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
CISA Red Team Shares Key Findings
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Jailbreak Chat
https://www.jailbreakchat.com
ISC StormCast for Tuesday, February 28th, 2023
28 februari 2023 |
5 min
Phishing Again and Again
https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588
Unlocked Phone Stealing
https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a
More Fake Authenticator Apps
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/
Zoneminder Vulnerability
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
WebLogic Exploit (not verified) CVE-2023-21839
https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588
Unlocked Phone Stealing
https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a
More Fake Authenticator Apps
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/
Zoneminder Vulnerability
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
WebLogic Exploit (not verified) CVE-2023-21839
https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
ISC StormCast for Monday, February 27th, 2023
27 februari 2023 |
6 min
URL Files and WebDav used for IcedId Bockbot Infection
https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578
oledump msi file plugin
https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584
Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578
oledump msi file plugin
https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584
Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
ISC StormCast for Friday, February 24th, 2023
24 februari 2023 |
5 min
Updated Exchange AV Guidance
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Best Practices for Securing Your Home Network
https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Attacks on Data Center Organizations
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
NPM Package Phishing
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Best Practices for Securing Your Home Network
https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Attacks on Data Center Organizations
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
NPM Package Phishing
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
ISC StormCast for Thursday, February 23rd, 2023
23 februari 2023 |
6 min
Internet Wide Scan Fingerprinting Confluence Servers
https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574
Apple Updates Advisories
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Questionable two-factor Apps
https://twitter.com/mysk_co/status/1627097291063435264
VMWare Carbon Black App Control Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574
Apple Updates Advisories
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Questionable two-factor Apps
https://twitter.com/mysk_co/status/1627097291063435264
VMWare Carbon Black App Control Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
ISC StormCast for Wednesday, February 22nd, 2023
22 februari 2023 |
5 min
Phishing Page Branded with Your Corporate Website
https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Apache Commons FileUpload Vulnerability
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
VMWare Windows Server 2022 Fix
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Apache Commons FileUpload Vulnerability
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
VMWare Windows Server 2022 Fix
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
ISC StormCast for Tuesday, February 21st, 2023
21 februari 2023 |
6 min
OneNote Suricata Rules
https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564
New IIS Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Outlook Spam
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Godaddy Breach and Website Redirects
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564
New IIS Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Outlook Spam
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Godaddy Breach and Website Redirects
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
ISC StormCast for Monday, February 20th, 2023
20 februari 2023 |
6 min
Phishing Emails to out Handlers Inbox
https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560
Twitter Alters 2FA
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
Fortinet Updates
https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories
https://twitter.com/Horizon3Attack/status/1626692778062237713
Cisco ClamAV Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560
Twitter Alters 2FA
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
Fortinet Updates
https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories
https://twitter.com/Horizon3Attack/status/1626692778062237713
Cisco ClamAV Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
ISC StormCast for Friday, February 17th, 2023
17 februari 2023 |
5 min
HTML Phishing Attachment with Browser-in-the-Browser Technique
https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556
Windows Server 2022 Might Not Start Up After Updates
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up
New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods
https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods
PHP Updates
https://www.php.net
ClamAV Patches
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556
Windows Server 2022 Might Not Start Up After Updates
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up
New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods
https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods
PHP Updates
https://www.php.net
ClamAV Patches
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
ISC StormCast for Thursday, February 16th, 2023
16 februari 2023 |
6 min
DNS Recon Redux
https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552
GitHub Copilot Update
https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Hyundai Software Update
https://www.hyundaiantitheft.com
Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
HA Proxy Patch CVE-2023-25725
https://www.mail-archive.com/[email protected]/msg43229.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552
GitHub Copilot Update
https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Hyundai Software Update
https://www.hyundaiantitheft.com
Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
HA Proxy Patch CVE-2023-25725
https://www.mail-archive.com/[email protected]/msg43229.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
ISC StormCast for Wednesday, February 15th, 2023
15 februari 2023 |
6 min
Microsoft February 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel OpenBMC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel OpenBMC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
ISC StormCast for Tuesday, February 14th, 2023
14 februari 2023 |
6 min
Apple Patches Exploited Vulnerablity
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544
Venmo Phishing Abusing LinkedIn "slink"
https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/
Malicious PyPi Packages Install Browser Extensions
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544
Venmo Phishing Abusing LinkedIn "slink"
https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/
Malicious PyPi Packages Install Browser Extensions
https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack
ISC StormCast for Monday, February 13th, 2023
13 februari 2023 |
5 min
Obfuscated Deactivation of Script Block Logging
https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538
PCAP Data Analysis with Zeek
https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530
Bing Chat Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
More Malicious Python Packages
https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538
PCAP Data Analysis with Zeek
https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530
Bing Chat Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
More Malicious Python Packages
https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
ISC StormCast for Friday, February 10th, 2023
10 februari 2023 |
5 min
A Backdoor with Smart Screenshot Capability
https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534
KeePass Patches Issue Allowing Password Export
https://keepass.info/news/n230109_2.53.html
AWS Phishing via Google Ads
https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/
Apache Kafka Vulnerability
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534
KeePass Patches Issue Allowing Password Export
https://keepass.info/news/n230109_2.53.html
AWS Phishing via Google Ads
https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/
Apache Kafka Vulnerability
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
ISC StormCast for Thursday, February 9th, 2023
9 februari 2023 |
6 min
Simple HTML Phishing via Telegram Bot
https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/
Recovering from ESXiArgs Ransomware
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
NIST Standardizes Lightweight Cryptography
https://csrc.nist.gov/Projects/lightweight-cryptography
Sonicwall Web Content Filtering on Windows 11 22H2
https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/
Google Chrome Release Changes
https://developer.chrome.com/blog/early-stable/
https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/
Recovering from ESXiArgs Ransomware
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
NIST Standardizes Lightweight Cryptography
https://csrc.nist.gov/Projects/lightweight-cryptography
Sonicwall Web Content Filtering on Windows 11 22H2
https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/
Google Chrome Release Changes
https://developer.chrome.com/blog/early-stable/
ISC StormCast for Wednesday, February 8th, 2023
8 februari 2023 |
7 min
A Survey of Bluetooth Vulnerabilities Trends
https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522
OpenSSL Vulnerabilities / Patches
https://www.openssl.org/news/secadv/20230207.txt
Packet Tuesday: Most Frequent DNS Query ID / DNS Notify
https://www.youtube.com/watch?v=QgCuE_zKyMY
GoAnywhere MFT Patch Available (and PoC)
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://my.goanywhere.com/webclient/Dashboard.xhtml
Qakbot Mechanizes Distribution of Malicous OneNote Notebooks
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522
OpenSSL Vulnerabilities / Patches
https://www.openssl.org/news/secadv/20230207.txt
Packet Tuesday: Most Frequent DNS Query ID / DNS Notify
https://www.youtube.com/watch?v=QgCuE_zKyMY
GoAnywhere MFT Patch Available (and PoC)
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://my.goanywhere.com/webclient/Dashboard.xhtml
Qakbot Mechanizes Distribution of Malicous OneNote Notebooks
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
ISC StormCast for Tuesday, February 7th, 2023
7 februari 2023 |
7 min
Earthquake Scams
https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518
APIs Used By Bots to Detect Public IP Addresses
https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/
OpenSSH Vulnerablity Details CVE 2023-25136
https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1
A Novel State-of-the-Art Redis Malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518
APIs Used By Bots to Detect Public IP Addresses
https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/
OpenSSH Vulnerablity Details CVE 2023-25136
https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1
A Novel State-of-the-Art Redis Malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
ISC StormCast for Monday, February 6th, 2023
6 februari 2023 |
5 min
Assemblyline as a Malware Analysis Sandbox
https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510
GoAnywhere MFT zero-day Exploited
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Ransomware targeting VMware ESXi
https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/
Jira Service Managment Server and Data Center Advisory CVE-2023-22501
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html
OpenSSH Update
https://www.openssh.com/releasenotes.html
F5 BigIP Vulnerability CVE-2023-22374
https://my.f5.com/manage/s/article/K000130415
https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510
GoAnywhere MFT zero-day Exploited
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Ransomware targeting VMware ESXi
https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/
Jira Service Managment Server and Data Center Advisory CVE-2023-22501
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html
OpenSSH Update
https://www.openssh.com/releasenotes.html
F5 BigIP Vulnerability CVE-2023-22374
https://my.f5.com/manage/s/article/K000130415
ISC StormCast for Friday, February 3rd, 2023
3 februari 2023 |
5 min
Rotating Packet Captures with pfSense
https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500
BEC Group Incorporates Secondary Impersonated Personas
https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks
MalVirt .Net Virtualization Thrives in Malvertising Attacks
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Cisco Remote Code Execution with Persistence
https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500
BEC Group Incorporates Secondary Impersonated Personas
https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks
MalVirt .Net Virtualization Thrives in Malvertising Attacks
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Cisco Remote Code Execution with Persistence
https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
ISC StormCast for Thursday, February 2nd, 2023
2 februari 2023 |
6 min
Detecting Malicious OneNote Files
https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494
Microsoft Defender Device Isolation for Linux
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400
SH1MMER Exploit for Chromebooks
https://sh1mmer.me
DOMPDF SVG Parsing Vulnerability
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494
Microsoft Defender Device Isolation for Linux
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400
SH1MMER Exploit for Chromebooks
https://sh1mmer.me
DOMPDF SVG Parsing Vulnerability
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
ISC StormCast for Wednesday, February 1st, 2023
1 februari 2023 |
8 min
DShield Honeypot Setup with pfSense
https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft's "Verified Publisher" Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft's "Verified Publisher" Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
ISC StormCast for Tuesday, January 31st, 2023
31 januari 2023 |
7 min
Decoding DNS over HTTP(s) Requests
https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
ISC StormCast for Monday, January 30th, 2023
30 januari 2023 |
6 min
Microsoft Tips to Patch Your Exchange Servers
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
ISC StormCast for Friday, January 27th, 2023
27 januari 2023 |
6 min
Live Linux IR with UAC
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
ISC StormCast for Thursday, January 26th, 2023
26 januari 2023 |
6 min
First Malicious OneNote Document
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
ISC StormCast for Wednesday, January 25th, 2023
25 januari 2023 |
7 min
Apple Patch Summary
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
ISC StormCast for Tuesday, January 24th, 2023
24 januari 2023 |
6 min
Who's Resolving This Domain
https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
ISC StormCast for Monday, January 23rd, 2023
23 januari 2023 |
6 min
Imortance of Signing in Windows Environments
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
ISC StormCast for Friday, January 20th, 2023
20 januari 2023 |
6 min
SPF and DMARC use on 100k most popular domains
https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
ISC StormCast for Thursday, January 19th, 2023
19 januari 2023 |
6 min
Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer
https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
ISC StormCast for Wednesday, January 18th, 2023
18 januari 2023 |
6 min
Finding that one GPO setting in a pool of hundreds of GPOs
https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
ISC StormCast for Tuesday, January 17th, 2023
17 januari 2023 |
6 min
PSA: Why you must run an ad blocker when using Google
https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
ISC StormCast for Monday, January 16th, 2023
16 januari 2023 |
5 min
Elon Musk Themed Crypto Scams Flooding YouTube Today
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
ISC StormCast for Friday, January 13th, 2023
13 januari 2023 |
7 min
Prowler v3: AWS & Azure security assessments
https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
ISC StormCast for Thursday, January 12th, 2023
12 januari 2023 |
6 min
Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities
https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426
Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication
https://seclists.org/oss-sec/2023/q1/4
Cisco RV Series Vulnerabilities CVE-2023-20025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
Gootkit Abusing VLC
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426
Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication
https://seclists.org/oss-sec/2023/q1/4
Cisco RV Series Vulnerabilities CVE-2023-20025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
Gootkit Abusing VLC
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
ISC StormCast for Wednesday, January 11th, 2023
11 januari 2023 |
6 min
Microsoft January 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420
Cacti Unauthenticated Remote Code Execution
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
On the Security Vulnerabilities of Text-to-SQL Models
https://arxiv.org/pdf/2211.15363.pdf
https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420
Cacti Unauthenticated Remote Code Execution
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
On the Security Vulnerabilities of Text-to-SQL Models
https://arxiv.org/pdf/2211.15363.pdf
ISC StormCast for Tuesday, January 10th, 2023
10 januari 2023 |
6 min
New Year Old Tricks: Hunting for CircleCI Configuration Files
https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416
Amazon S3 Encrypts New Objects By Default
https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/
MatrixSSL Buffer Overflow
https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Auth0 JsonWebToken Vulnerability CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416
Amazon S3 Encrypts New Objects By Default
https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/
MatrixSSL Buffer Overflow
https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Auth0 JsonWebToken Vulnerability CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
ISC StormCast for Monday, January 9th, 2023
9 januari 2023 |
6 min
Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
Can You Trust Your VSCode Extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
A Deep Dive Into Powerat
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
Can You Trust Your VSCode Extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
A Deep Dive Into Powerat
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
ISC StormCast for Friday, January 6th, 2023
6 januari 2023 |
6 min
More Brazil Malspam Pushing Astaroth (Guildma) in January 2023
https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/
CircleCI Breach
https://circleci.com/blog/january-4-2023-security-alert/
Twitter Leak
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Slack Source Code Leak
https://slack.com/blog/news/slack-security-update
Control Web Panel Patch CVE-2022-44877
https://github.com/numanturle/CVE-2022-44877
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/
CircleCI Breach
https://circleci.com/blog/january-4-2023-security-alert/
Twitter Leak
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Slack Source Code Leak
https://slack.com/blog/news/slack-security-update
Control Web Panel Patch CVE-2022-44877
https://github.com/numanturle/CVE-2022-44877
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
ISC StormCast for Thursday, January 5th, 2023
5 januari 2023 |
7 min
Update to RTRBK - Diff and File Dates in PowerShell
https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400
Google Chrome Sunsetting Legacy Windows Support
https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en
SHC used to compile cryptominer malware
https://asec.ahnlab.com/en/45182/
ManageEngine Password Manager Pro SQL Injection
https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability
ForiADC Command Injection in Web Interface
https://www.fortiguard.com/psirt/FG-IR-22-061
Raspberry Robin Developments
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400
Google Chrome Sunsetting Legacy Windows Support
https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en
SHC used to compile cryptominer malware
https://asec.ahnlab.com/en/45182/
ManageEngine Password Manager Pro SQL Injection
https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability
ForiADC Command Injection in Web Interface
https://www.fortiguard.com/psirt/FG-IR-22-061
Raspberry Robin Developments
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
ISC StormCast for Wednesday, January 4th, 2023
4 januari 2023 |
7 min
NTP Fingerprinting
https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394
Misc Car Vulnerabilities
https://samcurry.net/web-hackers-vs-the-auto-industry/
Flipper Zero Phishing
https://twitter.com/AlvieriD/status/1609945425871609858
Trend Micro Patch
https://helpcenter.trendmicro.com/en-us/article/TMKA-11252
Packet Tuesday: IP Options
https://www.youtube.com/watch?v=HldNL3SLLwM
https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394
Misc Car Vulnerabilities
https://samcurry.net/web-hackers-vs-the-auto-industry/
Flipper Zero Phishing
https://twitter.com/AlvieriD/status/1609945425871609858
Trend Micro Patch
https://helpcenter.trendmicro.com/en-us/article/TMKA-11252
Packet Tuesday: IP Options
https://www.youtube.com/watch?v=HldNL3SLLwM
ISC StormCast for Tuesday, January 3rd, 2023
3 januari 2023 |
6 min
Kyverno's container image signature verification bypass
https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/
Google Smart Spaeker Vulnerability
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Verizon Decomissions 3G CDMA Network
https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service
EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations
https://arxiv.org/pdf/2212.12151.pdf
https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/
Google Smart Spaeker Vulnerability
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Verizon Decomissions 3G CDMA Network
https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service
EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations
https://arxiv.org/pdf/2212.12151.pdf
ISC StormCast for Monday, January 2nd, 2023
2 januari 2023 |
6 min
SPF and DMARC use on GOV domains in different ccTLDs
https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/
CVE-2022-47939 ksmbd Vulnerability
https://ubuntu.com/security/CVE-2022-47939
Netgear Vulnerabilities
https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208
PyTorch Malicious Dependency
https://pytorch.org/blog/compromised-nightly-dependency/
https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/
CVE-2022-47939 ksmbd Vulnerability
https://ubuntu.com/security/CVE-2022-47939
Netgear Vulnerabilities
https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208
PyTorch Malicious Dependency
https://pytorch.org/blog/compromised-nightly-dependency/
ISC StormCast for Friday, December 23rd, 2022
23 december 2022 |
7 min
Exchange OWASSRF Exploited for Remote Code Execution
https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/
ksmbd Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
LastPass Incident Update
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/
ksmbd Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-22-1690/
LastPass Incident Update
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
ISC StormCast for Thursday, December 22nd, 2022
22 december 2022 |
6 min
Quick NTP Measurement
https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368
FBI Favors Ad Blockers
https://www.ic3.gov/Media/Y2022/PSA221221
Hidden Costs of Parental Control Apps
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/
ProxyNotShell Mitigtation Bypass
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368
FBI Favors Ad Blockers
https://www.ic3.gov/Media/Y2022/PSA221221
Hidden Costs of Parental Control Apps
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/
ProxyNotShell Mitigtation Bypass
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
ISC StormCast for Wednesday, December 21st, 2022
21 december 2022 |
7 min
Linux File System Monitoring and Actions
https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362
Feed of NTP Server IP Addresses
https://isc.sans.edu/api/threatlist/ntpservers?json
Feed of Mastodon Server IP Addresses
https://isc.sans.edu/api/threatlist/mastodon?json
Packet Tuesday TLS Server Hello
https://www.youtube.com/watch?v=2HymU4dxWEQ
Android Preparing Support for Updatable Root Certificates
https://blog.esper.io/android-14-updatable-certificates/
Elastic IP Hijacking
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Microsoft Fixes HyperV issues With Latest Patch
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362
Feed of NTP Server IP Addresses
https://isc.sans.edu/api/threatlist/ntpservers?json
Feed of Mastodon Server IP Addresses
https://isc.sans.edu/api/threatlist/mastodon?json
Packet Tuesday TLS Server Hello
https://www.youtube.com/watch?v=2HymU4dxWEQ
Android Preparing Support for Updatable Root Certificates
https://blog.esper.io/android-14-updatable-certificates/
Elastic IP Hijacking
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Microsoft Fixes HyperV issues With Latest Patch
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
ISC StormCast for Tuesday, December 20th, 2022
20 december 2022 |
6 min
Hunting for Mastodon Servers
https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358
KB5021233 Blue Screen
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc
Edge Update will disable Internet Explorer in February
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Gatekeeper's Achilles heel: Unearthin a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Corsair Bug not causing keystroke logging
https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/
SentinelSneak: Malicious PyPi module poses as security software development kit
https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358
KB5021233 Blue Screen
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc
Edge Update will disable Internet Explorer in February
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Gatekeeper's Achilles heel: Unearthin a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Corsair Bug not causing keystroke logging
https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/
SentinelSneak: Malicious PyPi module poses as security software development kit
ISC StormCast for Monday, December 19th, 2022
19 december 2022 |
6 min
Infostealer Malware with Double Extension
https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354
Client Side Encryption For GMail
https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html
Google Releases OSV Scanner
https://github.com/google/osv-scanner/releases/tag/v1.0.1
Samba Security Patches
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Zyxel Router Buffer Overflow
https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354
Client Side Encryption For GMail
https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html
Google Releases OSV Scanner
https://github.com/google/osv-scanner/releases/tag/v1.0.1
Samba Security Patches
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Zyxel Router Buffer Overflow
https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
ISC StormCast for Friday, December 16th, 2022
16 december 2022 |
6 min
Google ads lead to fake software pages pushing IcedID (Bokbot)
https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344
HTML smugglers turn to SVG images
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
GitHub Improvements
https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/
NIST Retires SHA-1
https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344
HTML smugglers turn to SVG images
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
GitHub Improvements
https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/
NIST Retires SHA-1
https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
ISC StormCast for Thursday, December 15th, 2022
15 december 2022 |
6 min
Microsoft Patch Issues:
https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318
Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
VMWare EHCI Controller Vulnerability CVE-2022-31705
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Veem Vulnerability now Exploited
https://www.veeam.com/kb4288
nuget / npm / pypi used to host phishing pages
https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318
Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
VMWare EHCI Controller Vulnerability CVE-2022-31705
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Veem Vulnerability now Exploited
https://www.veeam.com/kb4288
nuget / npm / pypi used to host phishing pages
https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
ISC StormCast for Wednesday, December 14th, 2022
14 december 2022 |
6 min
ISC StormCast for Tuesday, December 13th, 2022
13 december 2022 |
6 min
Quickie: CyberChef Sorting By String Length
https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328
FortiOS Buffer Overlow
https://www.fortiguard.com/psirt/FG-IR-22-398
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Fuzzing Ping
https://tlakh.xyz/fuzzing-ping.html
https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328
FortiOS Buffer Overlow
https://www.fortiguard.com/psirt/FG-IR-22-398
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Fuzzing Ping
https://tlakh.xyz/fuzzing-ping.html
ISC StormCast for Monday, December 12th, 2022
12 december 2022 |
7 min
Fast Port Scanning in Powershell
https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
Bypassing WAFs with JSON
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/
PCI Secre Software Standard V 1.2
https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf
VMWare/VCenter Patches
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
Bypassing WAFs with JSON
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/
PCI Secre Software Standard V 1.2
https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf
VMWare/VCenter Patches
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
ISC StormCast for Friday, December 9th, 2022
9 december 2022 |
6 min
Finding Gaps in Syslog
https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Document
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermac
https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
daloRADIUS Vulnerablity CVE-2022-23475
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Document
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermac
https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
daloRADIUS Vulnerablity CVE-2022-23475
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
ISC StormCast for Thursday, December 8th, 2022
8 december 2022 |
5 min
ZeroBot / WSZero IoT Botnet
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
https://blog.netlab.360.com/new-ddos-botnet-wszeor/
Cacti Vulnerability CVE-2022-46169
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Wireshark Updates
https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html
Apple iCloud Security Improvements
https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities
https://blog.netlab.360.com/new-ddos-botnet-wszeor/
Cacti Vulnerability CVE-2022-46169
https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf
Wireshark Updates
https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html
Apple iCloud Security Improvements
https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/
ISC StormCast for Wednesday, December 7th, 2022
7 december 2022 |
6 min
Mirai Botnet and Gafgyt DDoS Team Up
https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday;
Packet Tuesday Episode 4: TLS Client Hello
https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL
Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
Fake D-Link Vulnerability used by Moobot
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
Android Patches CVE-2022-20411
https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday;
Packet Tuesday Episode 4: TLS Client Hello
https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL
Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
Fake D-Link Vulnerability used by Moobot
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
Android Patches CVE-2022-20411
https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
ISC StormCast for Tuesday, December 6th, 2022
6 december 2022 |
6 min
VLCs Check For Updates No Updates
https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300
AMI MegaRAC Baseboard Managment Controller Vulnerabilities
https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Netgear IPv6 Firewall Misconfiguration
https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6
Veritas NetBackup Patch
https://www.veritas.com/content/support/en_US/security/VTS22-019
https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300
AMI MegaRAC Baseboard Managment Controller Vulnerabilities
https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Netgear IPv6 Firewall Misconfiguration
https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6
Veritas NetBackup Patch
https://www.veritas.com/content/support/en_US/security/VTS22-019
ISC StormCast for Monday, December 5th, 2022
5 december 2022 |
9 min
QBot Update
https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/
Living of the Land: Unix tools in Windows
https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296
https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/
CVE-2022-44721 Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
Android Platform Key Leak
https://twitter.com/MishaalRahman/status/1598426974594433025
GitHub Pipeline Vulnerability
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/
Living of the Land: Unix tools in Windows
https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296
https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/
CVE-2022-44721 Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
Android Platform Key Leak
https://twitter.com/MishaalRahman/status/1598426974594433025
GitHub Pipeline Vulnerability
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
ISC StormCast for Friday, December 2nd, 2022
2 december 2022 |
6 min
Quarkus Java Framework Vulnerability CVE-2022-4116
https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security
https://access.redhat.com/security/cve/CVE-2022-4116
FreeBSD Ping RCE CVE-2022-23093
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
NVidia GPU Display Driver Vulnerablities CVE-2022-34669
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
TrustCor CA Revoked
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/
Android Platform Certificates Used to Sign Malware
https://bugs.chromium.org/p/apvi/issues/detail?id=100
https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security
https://access.redhat.com/security/cve/CVE-2022-4116
FreeBSD Ping RCE CVE-2022-23093
https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc
NVidia GPU Display Driver Vulnerablities CVE-2022-34669
https://nvidia.custhelp.com/app/answers/detail/a_id/5415
TrustCor CA Revoked
https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/
Android Platform Certificates Used to Sign Malware
https://bugs.chromium.org/p/apvi/issues/detail?id=100
ISC StormCast for Thursday, December 1st, 2022
1 december 2022 |
6 min
What is the deal wtih these router vulnerabilities
https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/
Apple Updates
https://support.apple.com/en-us/HT201222
VLC Media Player Updates CVE-2022-41325
https://www.videolan.org/security/sb-vlc3018.html
VIN used to authenticate to Sirius XM Connected Vehicle Services
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/
Apple Updates
https://support.apple.com/en-us/HT201222
VLC Media Player Updates CVE-2022-41325
https://www.videolan.org/security/sb-vlc3018.html
VIN used to authenticate to Sirius XM Connected Vehicle Services
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
ISC StormCast for Wednesday, November 30th, 2022
30 november 2022 |
7 min
LinkedIn Bots
https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282
Oracle Fusion Middle Ware Exploited CVE-2021-35587
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Windows IKE Flaw Exploited CVE-2022-34721
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/
Anker Eufy Cameras Sending Images to Cloud even if asked not to
https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
Packet Tuesday
https://packettuesday.com
SANS Holiday Hack Challenge Sign Up
https://www.sans.org/mlp/holiday-hack-challenge/
https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282
Oracle Fusion Middle Ware Exploited CVE-2021-35587
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Windows IKE Flaw Exploited CVE-2022-34721
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/
Anker Eufy Cameras Sending Images to Cloud even if asked not to
https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
Packet Tuesday
https://packettuesday.com
SANS Holiday Hack Challenge Sign Up
https://www.sans.org/mlp/holiday-hack-challenge/
ISC StormCast for Tuesday, November 29th, 2022
29 november 2022 |
7 min
Ukraine Themed Twitter Spam Pushing iOS Scareware
https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276
Google Maps Privacy Issues
https://garrit.xyz/posts/2022-11-24-smart-move-google
ACER UEFI BIOS Vulnerabilities
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings
OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276
Google Maps Privacy Issues
https://garrit.xyz/posts/2022-11-24-smart-move-google
ACER UEFI BIOS Vulnerabilities
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings
OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
ISC StormCast for Monday, November 28th, 2022
28 november 2022 |
7 min
Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines
https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266
Attackers Keep Phishing Victms Under Stress
https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270
Vulnerable SDK components lead to supply chian risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Google Chrome Patches 0-Day
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266
Attackers Keep Phishing Victms Under Stress
https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270
Vulnerable SDK components lead to supply chian risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Google Chrome Patches 0-Day
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
ISC StormCast for Friday, November 18th, 2022
18 november 2022 |
14 min
Lessons Learned from Automatic Failover
https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260
Bitbucket Server and Data Center Vulnerability
https://jira.atlassian.com/browse/BSERV-13522
Amazon RDS Snapshot Leaks
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
Adobe Commerce merchants to be hit with TrojanOrders this season
https://sansec.io/research/trojanorder-magento
SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza
https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260
Bitbucket Server and Data Center Vulnerability
https://jira.atlassian.com/browse/BSERV-13522
Amazon RDS Snapshot Leaks
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
Adobe Commerce merchants to be hit with TrojanOrders this season
https://sansec.io/research/trojanorder-magento
SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza
https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
ISC StormCast for Thursday, November 17th, 2022
17 november 2022 |
7 min
Evil Maid Attacks - Remediation for the Cheap
https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256
F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details
https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899
https://github.com/0x36/weightBufs/
Disneyland Malware Team: It's a Puny World After All
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256
F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details
https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899
https://github.com/0x36/weightBufs/
Disneyland Malware Team: It's a Puny World After All
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
ISC StormCast for Wednesday, November 16th, 2022
16 november 2022 |
5 min
Packet Tuesday
https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
ISC StormCast for Tuesday, November 15th, 2022
15 november 2022 |
5 min
Extracting "HTTP CONNECT" Requests with Python
https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246
Windows Kerberos Authentication Breaks After November Updates
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc
Cookies for MFA Bypass Gain Traction Among Cyberattackers
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246
Windows Kerberos Authentication Breaks After November Updates
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc
Cookies for MFA Bypass Gain Traction Among Cyberattackers
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
ISC StormCast for Monday, November 14th, 2022
14 november 2022 |
6 min
Extracting Information From "logfmt" Files with CyberChef
https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244
Soccer Worldcup Risks
https://www.theregister.com/2022/11/11/world_cup_security/
https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/
Mysterious Company With Government Ties Plays Key Internet Role
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Extortion Scams Hit Website Owners
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244
Soccer Worldcup Risks
https://www.theregister.com/2022/11/11/world_cup_security/
https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/
Mysterious Company With Government Ties Plays Key Internet Role
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Extortion Scams Hit Website Owners
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
ISC StormCast for Friday, November 11th, 2022
11 november 2022 |
7 min
Do you collect "Observables" or "IOCs"
https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238
Android Update fixes Lock Screen Bypass
https://source.android.com/docs/security/bulletin/2022-11-01
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
libxml Vulnerability Details
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
CVE-2022-45063: xterm remote code execution vulnerability
https://www.openwall.com/lists/oss-security/2022/11/10/1
https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238
Android Update fixes Lock Screen Bypass
https://source.android.com/docs/security/bulletin/2022-11-01
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
libxml Vulnerability Details
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
CVE-2022-45063: xterm remote code execution vulnerability
https://www.openwall.com/lists/oss-security/2022/11/10/1
ISC StormCast for Thursday, November 10th, 2022
10 november 2022 |
5 min
Another Script-Based Ransomware
https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234
Apple Security Updates
https://support.apple.com/en-us/HT201222
Lenovo UEFI Patch
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
FoxIT Update
https://www.foxit.com/support/security-bulletins.html
SAP Update
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234
Apple Security Updates
https://support.apple.com/en-us/HT201222
Lenovo UEFI Patch
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
FoxIT Update
https://www.foxit.com/support/security-bulletins.html
SAP Update
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
ISC StormCast for Wednesday, November 9th, 2022
9 november 2022 |
7 min
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230
VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688
https://www.vmware.com/security/advisories/VMSA-2022-0028.html
Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Microsoft Exchange Updates
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230
VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688
https://www.vmware.com/security/advisories/VMSA-2022-0028.html
Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Microsoft Exchange Updates
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
ISC StormCast for Tuesday, November 8th, 2022
8 november 2022 |
6 min
IPv4 Address Representations
https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224
Azure AD Certificate-based Authentication (CBA) on Mobile
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672
Twitter Scams
https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/
Facebook Personal Information Removal
https://www.facebook.com/contacts/removal
RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic
https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224
Azure AD Certificate-based Authentication (CBA) on Mobile
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672
Twitter Scams
https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/
Facebook Personal Information Removal
https://www.facebook.com/contacts/removal
RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic
https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
ISC StormCast for Monday, November 7th, 2022
7 november 2022 |
6 min
Remcos Downloader With Unicode Obfuscation
https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220
Windows Malware With VHD Extension
https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222
PyPi Packages Attempting to Deliver w4sp Stealer
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220
Windows Malware With VHD Extension
https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222
PyPi Packages Attempting to Deliver w4sp Stealer
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
ISC StormCast for Friday, November 4th, 2022
4 november 2022 |
7 min
Breakpoints in Burp
https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/
TA569 Supply Chain Attack Injects JavaScript
https://twitter.com/threatinsight/status/1587865920130752515
https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites
Link to old story similar to the above JavaScript injection
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Hitachi Infrastructure Analytics Advisor
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html
FortiNet Patches
https://fortiguard.fortinet.com/psirt?date=11-2022
Nessus Patches
https://www.tenable.com/security/tns-2022-24
https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/
TA569 Supply Chain Attack Injects JavaScript
https://twitter.com/threatinsight/status/1587865920130752515
https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites
Link to old story similar to the above JavaScript injection
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Hitachi Infrastructure Analytics Advisor
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html
FortiNet Patches
https://fortiguard.fortinet.com/psirt?date=11-2022
Nessus Patches
https://www.tenable.com/security/tns-2022-24
ISC StormCast for Thursday, November 3rd, 2022
3 november 2022 |
6 min
Who Put the "Dark" in DarkVNC?
https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210
sigstore General Availability
https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/
https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/
URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data
https://positive.security/blog/urlscan-data-leaks
Checkmk: Remote Code Execution by Chaining Multiple Bugs
https://blog.sonarsource.com/checkmk-rce-chain-1/
https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210
sigstore General Availability
https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/
https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/
URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data
https://positive.security/blog/urlscan-data-leaks
Checkmk: Remote Code Execution by Chaining Multiple Bugs
https://blog.sonarsource.com/checkmk-rce-chain-1/
ISC StormCast for Wednesday, November 2nd, 2022
2 november 2022 |
8 min
ISC StormCast for Tuesday, November 1st, 2022
1 november 2022 |
6 min
NMAP without NMAP - Port Testing and Scanning with PowerShell
https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202
ConnectWise Recover and R1Soft Server Backup Critical Vulnerability
https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
LODEINFO 2022 Abusing Security Software
https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/
Spring Security Vulnerability
https://tanzu.vmware.com/security/cve-2022-31692
https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202
ConnectWise Recover and R1Soft Server Backup Critical Vulnerability
https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
LODEINFO 2022 Abusing Security Software
https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/
Spring Security Vulnerability
https://tanzu.vmware.com/security/cve-2022-31692
ISC StormCast for Monday, October 31st, 2022
31 oktober 2022 |
6 min
Supersizing you DUO and 365 Integration
https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/
TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis
https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Juniper SSLVON / JunOS RCE Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
Raspberry Robin Update
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/
TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis
https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Juniper SSLVON / JunOS RCE Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
Raspberry Robin Update
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
ISC StormCast for Friday, October 28th, 2022
28 oktober 2022 |
6 min
Upcoming Critical OpenSSL Vulnerability: What will be Affected?
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
ISC StormCast for Thursday, October 27th, 2022
27 oktober 2022 |
6 min
Why is My Cat Using Baidu And Other IoT DNS Oddities
https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
ISC StormCast for Wednesday, October 26th, 2022
26 oktober 2022 |
6 min
Massing Cryptomining Operation via Github Actions
https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
ISC StormCast for Tuesday, October 25th, 2022
25 oktober 2022 |
6 min
C2 Communications Through Outlook.com
https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
ISC StormCast for Monday, October 24th, 2022
24 oktober 2022 |
7 min
Sczriptzzbn Inject Pushes Malware for NetSupport RAT
https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
ISC StormCast for Friday, October 21st, 2022
21 oktober 2022 |
6 min
Forensic Value of Prefetch
https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
ISC StormCast for Thursday, October 20th, 2022
20 oktober 2022 |
6 min
Are Internet Scanning Services Good or Bad for You?
https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
ISC StormCast for Wednesday, October 19th, 2022
19 oktober 2022 |
5 min
Python Obfuscation for Dummies
https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/
Oracle October 2022 Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2022.html
Weak Encryption in Microsoft Office 365
https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
Tesla 3 Hack
https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/
Oracle October 2022 Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2022.html
Weak Encryption in Microsoft Office 365
https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
Tesla 3 Hack
https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
ISC StormCast for Tuesday, October 18th, 2022
18 oktober 2022 |
6 min
Fileless Powershell Dropper
https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/
Apache Commons Text Vulnerablity
https://www.openwall.com/lists/oss-security/2022/10/13/4
How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/
Apache Commons Text Vulnerablity
https://www.openwall.com/lists/oss-security/2022/10/13/4
How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
ISC StormCast for Monday, October 17th, 2022
17 oktober 2022 |
6 min
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
More Exchange Vulnerability Workaround Bypasses
https://twitter.com/wdormann/status/1576922677675102208
Analysis of a Malicious HTML File and QBot
https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146
End of Life VMWare ESXi Versions
https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
More Exchange Vulnerability Workaround Bypasses
https://twitter.com/wdormann/status/1576922677675102208
Analysis of a Malicious HTML File and QBot
https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146
End of Life VMWare ESXi Versions
https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
ISC StormCast for Friday, October 14th, 2022
14 oktober 2022 |
6 min
Alchimist Offensive Framework
https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more
VM2 Sandbox Vulnerability
https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067
private npm package disclosure
https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
Zimbra Updates
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more
VM2 Sandbox Vulnerability
https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067
private npm package disclosure
https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm
Zimbra Updates
https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
ISC StormCast for Thursday, October 13th, 2022
13 oktober 2022 |
5 min
Adobe October Patch Tuesday
https://helpx.adobe.com/sa_en/security/security-bulletin.html
Fortinet Guidance
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142
Android VPN Issues
https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/
iOS VPN Issues
https://9to5mac.com/2022/10/12/ios-vpn-apps-2/
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
https://helpx.adobe.com/sa_en/security/security-bulletin.html
Fortinet Guidance
https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/
https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142
Android VPN Issues
https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/
iOS VPN Issues
https://9to5mac.com/2022/10/12/ios-vpn-apps-2/
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt
ISC StormCast for Wednesday, October 12th, 2022
12 oktober 2022 |
6 min
Microsoft October 2022 Patches
https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/
SAP Patchday
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/
SAP Patchday
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
ISC StormCast for Tuesday, October 11th, 2022
11 oktober 2022 |
6 min
Wireshark Display Filter Update
https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130
Fortinet Vulnerablity Update
https://twitter.com/Horizon3Attack/status/1579285863108087810
BazarCall Social Engineering Tactics
https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html
RPKI Rate Limiting
https://www.usenix.org/system/files/sec22-hlavacek.pdf
https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130
Fortinet Vulnerablity Update
https://twitter.com/Horizon3Attack/status/1579285863108087810
BazarCall Social Engineering Tactics
https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html
RPKI Rate Limiting
https://www.usenix.org/system/files/sec22-hlavacek.pdf
ISC StormCast for Monday, October 10th, 2022
10 oktober 2022 |
6 min
Fortinet Update
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
ISC StormCast for Friday, October 7th, 2022
7 oktober 2022 |
6 min
Infosec Calendar
https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
ISC StormCast for Wednesday, October 5th, 2022
5 oktober 2022 |
5 min
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
ISC StormCast for Tuesday, October 4th, 2022
4 oktober 2022 |
5 min
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
ISC StormCast for Monday, October 3rd, 2022
3 oktober 2022 |
5 min
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
ISC StormCast for Friday, September 30th, 2022
30 september 2022 |
6 min
PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
ISC StormCast for Thursday, September 29th, 2022
29 september 2022 |
7 min
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
ISC StormCast for Wednesday, September 28th, 2022
28 september 2022 |
7 min
DNS Option 15 and Debugging DNSSEC Errors
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
ISC StormCast for Tuesday, September 27th, 2022
27 september 2022 |
6 min
Easy Python Sandbox Detection
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for "Mouseover" Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090
Hackers use PowerPoint Files for "Mouseover" Malware Delivery
https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/
Redis 7.0 XAUTOCLAIM Heap Overflow
https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9
Scoreboard Hacking
https://maxwelldulin.com/BlogPost?post=7118102528
ISC StormCast for Monday, September 26th, 2022
26 september 2022 |
6 min
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
ISC StormCast for Friday, September 23rd, 2022
23 september 2022 |
5 min
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
ISC StormCast for Thursday, September 22nd, 2022
22 september 2022 |
7 min
Phishing Campaigns Use Free Only Resources
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
ISC StormCast for Wednesday, September 21st, 2022
21 september 2022 |
6 min
Chainsaw: Hunt, search and extract event log records
https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
ISC StormCast for Tuesday, September 20th, 2022
20 september 2022 |
6 min
Preventing ISO Malware
https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062
State of Emotet
https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022
Undermining Microsoft Teams Security by Mining Tokens
https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
ISC StormCast for Monday, September 19th, 2022
19 september 2022 |
6 min
Word Maldoc With CustomXML and Renamed VBAProject.bin
https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
ISC StormCast for Friday, September 16th, 2022
16 september 2022 |
7 min
Malicous Word Document With a Frameset
https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
ISC StormCast for Thursday, September 15th, 2022
15 september 2022 |
6 min
Easy Process Injection within Python
https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
ISC StormCast for Wednesday, September 14th, 2022
14 september 2022 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Magento Vendor Fishpig Hacked, Backdoors Added
https://sansec.io/research/rekoobe-fishpig-magento
https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Magento Vendor Fishpig Hacked, Backdoors Added
https://sansec.io/research/rekoobe-fishpig-magento
ISC StormCast for Tuesday, September 13th, 2022
13 september 2022 |
8 min
VirusTotal Result Comparisons for Honeypot Malware
https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040
Apple Patches
https://support.apple.com/en-us/HT201222
Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040
Apple Patches
https://support.apple.com/en-us/HT201222
Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
ISC StormCast for Monday, September 12th, 2022
12 september 2022 |
9 min
Malware Abusing File Exchange Site
https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034
Bypassing GitHub Required Reviewers to Submit Malicious Code
https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code
Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption
https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/
Lets Encrypt Reviving Certificate Revocation Lists
https://letsencrypt.org/2022/09/07/new-life-for-crls.html
https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034
Bypassing GitHub Required Reviewers to Submit Malicious Code
https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code
Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption
https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/
Lets Encrypt Reviving Certificate Revocation Lists
https://letsencrypt.org/2022/09/07/new-life-for-crls.html
ISC StormCast for Friday, September 9th, 2022
9 september 2022 |
7 min
Analyzing Obfuscated VBS with CyberChef
https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902
pfBlockerNG Unauthenticated RCE
https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
GifShell attack creates reverse shell using microsoft teams gifs
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902
pfBlockerNG Unauthenticated RCE
https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
GifShell attack creates reverse shell using microsoft teams gifs
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
ISC StormCast for Thursday, September 8th, 2022
8 september 2022 |
6 min
PHP Deserialization Exploit Attempt
https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024
TA505 Group's TeslaGun In-Depth Analysis
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Cisco publishes unpatched Small Business Router Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
Shikitega - New stealthy malware targeting Linux
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024
TA505 Group's TeslaGun In-Depth Analysis
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Cisco publishes unpatched Small Business Router Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
Shikitega - New stealthy malware targeting Linux
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
ISC StormCast for Wednesday, September 7th, 2022
7 september 2022 |
6 min
Analysis of an Encoded Cobalt Strike Beacon
https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014
EvilProxy Phishing-As-A-Service with MFA Bypass
https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
Zyxel Patches RCE Vulnerability
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml
Moobot Going after D-Link Devices
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014
EvilProxy Phishing-As-A-Service with MFA Bypass
https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
Zyxel Patches RCE Vulnerability
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml
Moobot Going after D-Link Devices
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
ISC StormCast for Tuesday, September 6th, 2022
6 september 2022 |
6 min
James Webb JPEG With Malware
https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010
Windows Defender False Positive
https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/
Google Chrome 0-Day
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Sharkbot Android Infostealer in Google Play Store
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Nmap 7.93 - 25th Anniversary Release
https://seclists.org/nmap-announce/2022/1
https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010
Windows Defender False Positive
https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/
Google Chrome 0-Day
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Sharkbot Android Infostealer in Google Play Store
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Nmap 7.93 - 25th Anniversary Release
https://seclists.org/nmap-announce/2022/1
ISC StormCast for Friday, September 2nd, 2022
2 september 2022 |
7 min
Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers
https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006
Microsoft Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Gitlab Update
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006
Microsoft Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Gitlab Update
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
ISC StormCast for Thursday, September 1st, 2022
1 september 2022 |
6 min
Underscores and DNS: The Privacy Story
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
iOS 12.5.6 Update
https://support.apple.com/en-us/HT201222
Malware Disguised as Google Translate Desktop App
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Apache Geode Deserialization Flaw
https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr
Foxit PDF Reader Update
https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
iOS 12.5.6 Update
https://support.apple.com/en-us/HT201222
Malware Disguised as Google Translate Desktop App
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Apache Geode Deserialization Flaw
https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr
Foxit PDF Reader Update
https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
ISC StormCast for Wednesday, August 31st, 2022
31 augusti 2022 |
7 min
Two things that will never die: bash scripts and irc
https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998
Malware using James Webb Telescope images
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Malicious Chrome Extensions
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Chromium Based Browsers Allow Access to Clipboard
https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998
Malware using James Webb Telescope images
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Malicious Chrome Extensions
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Chromium Based Browsers Allow Access to Clipboard
https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
ISC StormCast for Tuesday, August 30th, 2022
30 augusti 2022 |
6 min
Update: VBA Malcode & UTF7 (APT-C-35)
https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994
Twilio Breach used to access 2FA Tokens
https://sec.okta.com/scatterswine
Popular PDF Reader Adware
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Google changing its VPN Ad Blocker Policy
https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994
Twilio Breach used to access 2FA Tokens
https://sec.okta.com/scatterswine
Popular PDF Reader Adware
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Google changing its VPN Ad Blocker Policy
https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
ISC StormCast for Monday, August 29th, 2022
29 augusti 2022 |
6 min
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990
HTTP2 Packet Analysis with Wireshark
https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986
Paypal Phishing/Coinbase in One Image
https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988
eth.link domain at risk
https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990
HTTP2 Packet Analysis with Wireshark
https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986
Paypal Phishing/Coinbase in One Image
https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988
eth.link domain at risk
https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
ISC StormCast for Friday, August 26th, 2022
26 augusti 2022 |
7 min
Taking Apart URL Shorteners
https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980
Python Developers Phished for PyPi Credentials
https://twitter.com/pypi/status/1562442188285308929
Group IB Connects Twilio and Cloudflare Phishing attacks to others
https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
LastPass Security Incident
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Bitbucket Vulnerability
https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980
Python Developers Phished for PyPi Credentials
https://twitter.com/pypi/status/1562442188285308929
Group IB Connects Twilio and Cloudflare Phishing attacks to others
https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
LastPass Security Incident
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Bitbucket Vulnerability
https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
ISC StormCast for Thursday, August 25th, 2022
25 augusti 2022 |
6 min
Monster Libra -> IcedID -> Cobalt Strike and DarkVNC
https://isc.sans.edu/forums/diary/VNC/28974/
Is Tox the New C&C Method for Coinminers?
https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers
Carbon Black Blue Screens
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369
Gitlab Vulnerability
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
https://isc.sans.edu/forums/diary/VNC/28974/
Is Tox the New C&C Method for Coinminers?
https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers
Carbon Black Blue Screens
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369
Gitlab Vulnerability
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
ISC StormCast for Wednesday, August 24th, 2022
24 augusti 2022 |
7 min
Who's Looking at Your security.txt File
https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972
Assessing Python Malware Detectors with a Benchmark Dataset
https://blog.chainguard.dev/taming-python-malware-scanners/
New Iranian APT Data Extraction Tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
IBM MQ Update
https://www.ibm.com/support/pages/node/6613021
https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972
Assessing Python Malware Detectors with a Benchmark Dataset
https://blog.chainguard.dev/taming-python-malware-scanners/
New Iranian APT Data Extraction Tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
IBM MQ Update
https://www.ibm.com/support/pages/node/6613021
ISC StormCast for Tuesday, August 23rd, 2022
23 augusti 2022 |
7 min
32 or 64 Bits Malware
https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
Proxies and Configurations Used for Credential Stuffing Attacks
https://www.ic3.gov/Media/News/2022/220818.pdf
DirtyCred Linux Privilege Escalation Vulnerablity
https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169
Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads
https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
Proxies and Configurations Used for Credential Stuffing Attacks
https://www.ic3.gov/Media/News/2022/220818.pdf
DirtyCred Linux Privilege Escalation Vulnerablity
https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169
Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads
https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
ISC StormCast for Monday, August 22nd, 2022
22 augusti 2022 |
6 min
Brazil malspam pushes Astaroth (Guildma) malware
https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962
Android Ring App XSS
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
iOS in App Browser Security Issues
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
iOS in-App Browser Issues
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962
Android Ring App XSS
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
iOS in App Browser Security Issues
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
iOS in-App Browser Issues
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
ISC StormCast for Friday, August 19th, 2022
19 augusti 2022 |
6 min
Honeypot Attack Summaries with Python
https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956
TP-Link Vulnerability
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/
Safari Update
https://support.apple.com/en-us/HT213414
iOS VPN Leaks
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
Janet Jackson Hard Drive DDoS
https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956
TP-Link Vulnerability
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/
Safari Update
https://support.apple.com/en-us/HT213414
iOS VPN Leaks
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
Janet Jackson Hard Drive DDoS
https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
ISC StormCast for Thursday, August 18th, 2022
18 augusti 2022 |
6 min
A Quick VoIP Experiment
https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952
Google Chrome Update
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Cisco staystaystay exploit tool
https://www.youtube.com/watch?v=ySgbHClk9HE
https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952
Google Chrome Update
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Cisco staystaystay exploit tool
https://www.youtube.com/watch?v=ySgbHClk9HE
ISC StormCast for Wednesday, August 17th, 2022
17 augusti 2022 |
6 min
VBA Maldoc and UTF7 (APT-C-35)
https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946
Disrupting SEABORGIUM's Ongoing Phishing Operations
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/
UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946
Disrupting SEABORGIUM's Ongoing Phishing Operations
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/
UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
ISC StormCast for Tuesday, August 16th, 2022
16 augusti 2022 |
7 min
Realtek CVE-2022-27255 Followup (snort signature and presentation)
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
ISC StormCast for Monday, August 15th, 2022
15 augusti 2022 |
12 min
Realtek eCOS SDK SIP ALG Vulnerability
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
Phishing HTML Attachment as Voicemail Audio Transcription
https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability
https://security.paloaltonetworks.com/CVE-2022-0028
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
Phishing HTML Attachment as Voicemail Audio Transcription
https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938
CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability
https://security.paloaltonetworks.com/CVE-2022-0028
ISC StormCast for Friday, August 12th, 2022
12 augusti 2022 |
7 min
InfoStealer Script Based on Curl and NSudo
https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
ISC StormCast for Thursday, August 11th, 2022
11 augusti 2022 |
6 min
And Here They Come Again: DNS Reflection Attacks
https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
ISC StormCast for Wednesday, August 10th, 2022
10 augusti 2022 |
6 min
Microsoft August 2022 Patch Tuesday
https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Tuesday, August 9th, 2022
9 augusti 2022 |
6 min
JSON All the Logs!
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
ISC StormCast for Monday, August 8th, 2022
8 augusti 2022 |
6 min
Exim Vulnerability Silently Patched
https://github.com/ivd38/exim_overflow
DuckDuckGo Stopping Microsoft Tracking Code
https://spreadprivacy.com/more-privacy-and-transparency/
Emergency Broadcast Messaging System Vulnerabilities
https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326
Slack Leaks Hashed Passwords
https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets
Zimbra Flaw Exploited
https://nvd.nist.gov/vuln/detail/CVE-2022-27924
https://github.com/ivd38/exim_overflow
DuckDuckGo Stopping Microsoft Tracking Code
https://spreadprivacy.com/more-privacy-and-transparency/
Emergency Broadcast Messaging System Vulnerabilities
https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326
Slack Leaks Hashed Passwords
https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets
Zimbra Flaw Exploited
https://nvd.nist.gov/vuln/detail/CVE-2022-27924
ISC StormCast for Friday, August 5th, 2022
5 augusti 2022 |
7 min
TLP 2.0 is Here
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
ISC StormCast for Thursday, August 4th, 2022
4 augusti 2022 |
7 min
l9explore and LeakIX Internet Wide Recon Scans
https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910
Arris / Arris Variant DSL/Fiber Router Critical Vulnerability
http://derekabdine.com/blog/2022-arris-advisory
35,000 Malicious Repo Forks Flood GitHub
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Palo Alto Master Key
https://twitter.com/rqu50/status/1554566757704089600#m
Laravel Unserialize RCE
https://github.com/beicheng-maker/vulns/issues/1
Unuathenticated Remote Code Execution in DrayTek Vigor Routers
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910
Arris / Arris Variant DSL/Fiber Router Critical Vulnerability
http://derekabdine.com/blog/2022-arris-advisory
35,000 Malicious Repo Forks Flood GitHub
https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/
Palo Alto Master Key
https://twitter.com/rqu50/status/1554566757704089600#m
Laravel Unserialize RCE
https://github.com/beicheng-maker/vulns/issues/1
Unuathenticated Remote Code Execution in DrayTek Vigor Routers
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html
ISC StormCast for Wednesday, August 3rd, 2022
3 augusti 2022 |
6 min
Increase in Chinese "Hacktivism" Attacks
https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
ISC StormCast for Tuesday, August 2nd, 2022
2 augusti 2022 |
7 min
A Little DDoS in the Morning
https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900
Exposed Twitter API Keys
https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/
TCL LinkHub Serialization Issues
https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Jenkins Plugin Updates
https://www.jenkins.io/security/advisory/2022-07-27/
https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900
Exposed Twitter API Keys
https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/
TCL LinkHub Serialization Issues
https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Jenkins Plugin Updates
https://www.jenkins.io/security/advisory/2022-07-27/
ISC StormCast for Monday, August 1st, 2022
1 augusti 2022 |
9 min
PDF Analysis Introduction and OpenActions Entries
https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894
IPFS The New Hotbed of Phishing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/
Mail Stealing Browser Extension
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Lofylife Malicious NPM Packages
https://securelist.com/lofylife-malicious-npm-packages/107014/
IP Camera Vulnerability
https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/
Nuki Smart Lock Vulnerabilities
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894
IPFS The New Hotbed of Phishing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/
Mail Stealing Browser Extension
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Lofylife Malicious NPM Packages
https://securelist.com/lofylife-malicious-npm-packages/107014/
IP Camera Vulnerability
https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/
Nuki Smart Lock Vulnerabilities
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
ISC StormCast for Friday, July 29th, 2022
29 juli 2022 |
7 min
Exfiltrating Data with Bookmarks
https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890
Critical Samba Bug Could Let Anyone Become Domain Admin
https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
Apple IP Address Range Hijacked by Rostelecom
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
Veritas Patches
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1
IBM Patches
https://www.ibm.com/support/pages/node/6606251
https://www.ibm.com/support/pages/node/6607135
https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890
Critical Samba Bug Could Let Anyone Become Domain Admin
https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
Apple IP Address Range Hijacked by Rostelecom
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
Veritas Patches
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1
IBM Patches
https://www.ibm.com/support/pages/node/6606251
https://www.ibm.com/support/pages/node/6607135
ISC StormCast for Thursday, July 28th, 2022
28 juli 2022 |
6 min
IcedID (BokBot) with Dark VNC and Cobalt Strike
https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
ISC StormCast for Wednesday, July 27th, 2022
27 juli 2022 |
6 min
How is Your macOS Security Posture
https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
ISC StormCast for Tuesday, July 26th, 2022
26 juli 2022 |
7 min
PowerShell Script with Fileless Capability
https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
ISC StormCast for Monday, July 25th, 2022
25 juli 2022 |
6 min
An Analysis of a Discerning Phishing Website
https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
ISC StormCast for Friday, July 22nd, 2022
22 juli 2022 |
6 min
Maldoc with non-ASCII VBA Identifiers
https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
ISC StormCast for Thursday, July 21st, 2022
21 juli 2022 |
6 min
Malicious Python Script Behaving Like a Rubber Ducky
https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
ISC StormCast for Wednesday, July 20th, 2022
20 juli 2022 |
7 min
Beacon Request
https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
ISC StormCast for Tuesday, July 19th, 2022
19 juli 2022 |
6 min
Adding Your Own Keywords to My PDF Tools
https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
ISC StormCast for Monday, July 18th, 2022
18 juli 2022 |
5 min
Python: Files in Use By Another Process
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
ISC StormCast for Friday, July 15th, 2022
15 juli 2022 |
7 min
Debugging Broadcast Storms
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
ISC StormCast for Thursday, July 14th, 2022
14 juli 2022 |
6 min
Using Referrers to Detect Phishing Attacks
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
ISC StormCast for Wednesday, July 13th, 2022
13 juli 2022 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
ISC StormCast for Tuesday, July 12th, 2022
12 juli 2022 |
6 min
Rogers Outage
https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/
Rolling Pwn
https://rollingpwn.github.io/rolling-pwn/
GitHub Runners mine Cryptocoins
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/
Rolling Pwn
https://rollingpwn.github.io/rolling-pwn/
GitHub Runners mine Cryptocoins
https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
ISC StormCast for Monday, July 11th, 2022
11 juli 2022 |
5 min
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
ISC StormCast for Thursday, July 7th, 2022
7 juli 2022 |
7 min
How Many SANs are Insane
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
ISC StormCast for Wednesday, July 6th, 2022
6 juli 2022 |
6 min
EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
ISC StormCast for Tuesday, July 5th, 2022
5 juli 2022 |
6 min
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
ISC StormCast for Friday, July 1st, 2022
1 juli 2022 |
6 min
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
ISC StormCast for Thursday, June 30th, 2022
30 juni 2022 |
7 min
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
ISC StormCast for Wednesday, June 29th, 2022
29 juni 2022 |
6 min
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
ISC StormCast for Tuesday, June 28th, 2022
28 juni 2022 |
7 min
Encrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
ISC StormCast for Monday, June 27th, 2022
27 juni 2022 |
8 min
Python Abusing the Windows GUI
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
ISC StormCast for Thursday, June 23rd, 2022
23 juni 2022 |
6 min
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
ISC StormCast for Wednesday, June 22nd, 2022
22 juni 2022 |
6 min
Experimental New Domain / Domain Age API
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
ISC StormCast for Tuesday, June 21st, 2022
21 juni 2022 |
6 min
Odd TCP Fast Open Packets
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
ISC StormCast for Monday, June 20th, 2022
20 juni 2022 |
9 min
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
ISC StormCast for Friday, June 17th, 2022
17 juni 2022 |
6 min
Houdini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
ISC StormCast for Thursday, June 16th, 2022
16 juni 2022 |
6 min
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
ISC StormCast for Wednesday, June 15th, 2022
15 juni 2022 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
SynLapse Vulnerability
https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/
Hertzbleed Attack
https://www.hertzbleed.com
https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
SynLapse Vulnerability
https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/
Hertzbleed Attack
https://www.hertzbleed.com
ISC StormCast for Tuesday, June 14th, 2022
14 juni 2022 |
6 min
Translating Saitama's DNS Tunneling
https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Mitel Desk Phone Backdoor
https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Mitel Desk Phone Backdoor
https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
ISC StormCast for Monday, June 13th, 2022
13 juni 2022 |
6 min
EPSScall: An Exploit Prediction Scoring System App
https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/
PACMan Attack
https://pacmanattack.com
https://twitter.com/wdormann/status/1535245913857351680
Carrier LenelS2 HID Mercury access panel vulnerability
https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01
Malicious Python Modules
https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/
PACMan Attack
https://pacmanattack.com
https://twitter.com/wdormann/status/1535245913857351680
Carrier LenelS2 HID Mercury access panel vulnerability
https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01
Malicious Python Modules
https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/
ISC StormCast for Friday, June 10th, 2022
10 juni 2022 |
9 min
TA570 QBot attempts to exploit CVE-2022-30190 (Follina)
https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Zyxel Security Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml
Fujitsu Centricstor Vulnerability
https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/
Meeting Owl Vulnerablities
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Zyxel Security Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml
Fujitsu Centricstor Vulnerability
https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/
Meeting Owl Vulnerablities
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
ISC StormCast for Thursday, June 9th, 2022
9 juni 2022 |
6 min
SANS RSA Panel
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-campaign
Weakness in Verbatim Keypad Secure USB Drive
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-campaign
Weakness in Verbatim Keypad Secure USB Drive
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
ISC StormCast for Wednesday, June 8th, 2022
8 juni 2022 |
6 min
The Trouble With Microsoft's Troubleshooters
https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html
Google Android Updates
https://source.android.com/security/bulletin/2022-06-01?hl=en
https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html
Google Android Updates
https://source.android.com/security/bulletin/2022-06-01?hl=en
ISC StormCast for Tuesday, June 7th, 2022
7 juni 2022 |
6 min
MS-MSDT RTF Maldocs Analysis oledump Plugins
https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/
Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
Unpatched Horde Webmail Bug
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/
Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
Unpatched Horde Webmail Bug
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
ISC StormCast for Monday, June 6th, 2022
6 juni 2022 |
5 min
Sandbox Evasion... With Just a Filename!
https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
U-Boot Vulnerablities
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Unisoc Baseband Chip Vulnerability
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
U-Boot Vulnerablities
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Unisoc Baseband Chip Vulnerability
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
ISC StormCast for Friday, June 3rd, 2022
3 juni 2022 |
6 min
Quick Answers in Incident Response RECmd.exe
https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Korenix Technology JetPort Backdoor
https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/
Elasticsearch Data Wiped
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Korenix Technology JetPort Backdoor
https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/
Elasticsearch Data Wiped
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
ISC StormCast for Thursday, June 2nd, 2022
2 juni 2022 |
6 min
HTML Phishing Attachments - Now With Anti-Analysis Features
https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html
Windows Search Vulnerability
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Call Forwarding Used to Compromise WhatsApp Accounts
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web
Badkeys in Fuji Xerox and Canon Printers
https://fermatattack.secvuln.info
https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html
Windows Search Vulnerability
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Call Forwarding Used to Compromise WhatsApp Accounts
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web
Badkeys in Fuji Xerox and Canon Printers
https://fermatattack.secvuln.info
ISC StormCast for Wednesday, June 1st, 2022
1 juni 2022 |
5 min
Follina Update
https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platform Vulnerability
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Over 3.6 million MySQL servers found exposed on the Internet
https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platform Vulnerability
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Over 3.6 million MySQL servers found exposed on the Internet
https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
ISC StormCast for Tuesday, May 31st, 2022
30 maj 2022 |
8 min
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
ISC StormCast for Friday, May 27th, 2022
27 maj 2022 |
16 min
Huge Signed PE Files
https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection
https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US
Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement
https://www.sans.edu/cyber-research/38685/
https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection
https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US
Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement
https://www.sans.edu/cyber-research/38685/
ISC StormCast for Thursday, May 26th, 2022
26 maj 2022 |
5 min
Using NMAP to Assess Hosts in Load Balanced Clusters
https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims "Research"
https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Heroku GitHub Integration Re-Enabled Again
https://blog.heroku.com/github-integration-update
Serious security vulnerablity in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims "Research"
https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Heroku GitHub Integration Re-Enabled Again
https://blog.heroku.com/github-integration-update
Serious security vulnerablity in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
ISC StormCast for Wednesday, May 25th, 2022
25 maj 2022 |
5 min
ctx Python Library Updated with "Extra" Features
https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
https://twitter.com/Horizon3Attack/status/1528935531333177344
Zyxel Firewalls, AP Controllers, APs Patch
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
https://twitter.com/Horizon3Attack/status/1528935531333177344
Zyxel Firewalls, AP Controllers, APs Patch
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
ISC StormCast for Tuesday, May 24th, 2022
24 maj 2022 |
5 min
Attacker Scanning for jQuery-File-Upload
https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM dependencies vulnerable to account hijacking
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Pre-hijacked accounts
https://arxiv.org/pdf/2205.10174.pdf
https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM dependencies vulnerable to account hijacking
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Pre-hijacked accounts
https://arxiv.org/pdf/2205.10174.pdf
ISC StormCast for Monday, May 23rd, 2022
23 maj 2022 |
6 min
A "Zip Bomb" to Bypass Security Controls & Sandboxes
https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
pwn2own Vancouver 2022 Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three
Malicious PyPi Packages Drop Cobalt Strike
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Security Advisory for BR200, BR500 and PSV-2021-0286
https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
pwn2own Vancouver 2022 Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three
Malicious PyPi Packages Drop Cobalt Strike
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Security Advisory for BR200, BR500 and PSV-2021-0286
https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
ISC StormCast for Friday, May 20th, 2022
20 maj 2022 |
6 min
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
Sonicwall Patch for SMA 1000
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
QNAP NAS Deadbolt Ransomware
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version
380,000 open Kubernetes API Servers
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
Sonicwall Patch for SMA 1000
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
QNAP NAS Deadbolt Ransomware
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version
380,000 open Kubernetes API Servers
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
ISC StormCast for Thursday, May 19th, 2022
19 maj 2022 |
7 min
VMWare Flaws
https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Credit Card Scraping via Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
Microsoft updating Delegated Admin Privileges
https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Credit Card Scraping via Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
Microsoft updating Delegated Admin Privileges
https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
ISC StormCast for Wednesday, May 18th, 2022
18 maj 2022 |
6 min
Use Your Browser Internal Password Vault... or Not?
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
ISC StormCast for Tuesday, May 17th, 2022
17 maj 2022 |
6 min
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Before Submitting
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Before Submitting
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
ISC StormCast for Monday, May 16th, 2022
16 maj 2022 |
6 min
From 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
ISC StormCast for Friday, May 13th, 2022
13 maj 2022 |
5 min
When Get-WebRequest Fails You
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
ISC StormCast for Thursday, May 12th, 2022
12 maj 2022 |
6 min
TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
ISC StormCast for Wednesday, May 11th, 2022
11 maj 2022 |
6 min
Microsoft May 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm "foreach" package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm "foreach" package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
ISC StormCast for Tuesday, May 10th, 2022
10 maj 2022 |
6 min
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
ISC StormCast for Monday, May 9th, 2022
9 maj 2022 |
6 min
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
https://redcanary.com/blog/raspberry-robin/
rubygems CVE-2022-29176 explained
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
What is the simples malware in the world?
https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
https://redcanary.com/blog/raspberry-robin/
rubygems CVE-2022-29176 explained
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
What is the simples malware in the world?
https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
ISC StormCast for Friday, May 6th, 2022
6 maj 2022 |
6 min
Password-protected Excel Spreadsheet Pushes Remcos RAT
https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/
Microsoft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/
Heroku Admits Breach
https://status.heroku.com/incidents/2413
https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/
Microsoft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/
Heroku Admits Breach
https://status.heroku.com/incidents/2413
ISC StormCast for Thursday, May 5th, 2022
5 maj 2022 |
6 min
Finding the Real "Last Patched" Day (Interim Version)
https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/
Fake Windows Updates Install Ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Vulnerablities in Ransomware
https://www.malvuln.com
Heroku Forces Password Reset
https://status.heroku.com/incidents/2413
Cisco Patches Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Big-IP iControl REST Vulnerability
https://support.f5.com/csp/article/K23605346
https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/
Fake Windows Updates Install Ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Vulnerablities in Ransomware
https://www.malvuln.com
Heroku Forces Password Reset
https://status.heroku.com/incidents/2413
Cisco Patches Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Big-IP iControl REST Vulnerability
https://support.f5.com/csp/article/K23605346
ISC StormCast for Wednesday, May 4th, 2022
4 maj 2022 |
6 min
Some Honeypot Updates
https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 - NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 - NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
ISC StormCast for Tuesday, May 3rd, 2022
3 maj 2022 |
6 min
Detecting VSTO Office Files with ExifTool
https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
ISC StormCast for Monday, May 2nd, 2022
2 maj 2022 |
5 min
Using Passive DNS Sources for Reconnaissance and Enumeration
https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
ISC StormCast for Friday, April 29th, 2022
29 april 2022 |
6 min
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/
Azure PostgreSQL Privilege Escalation
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Security alert: Attack campaign involving stolen OAuth user tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens
Netatalk Vulnerability Affecting Synology, QNAP, Others?
https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/
Azure PostgreSQL Privilege Escalation
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Security alert: Attack campaign involving stolen OAuth user tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens
Netatalk Vulnerability Affecting Synology, QNAP, Others?
https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
ISC StormCast for Thursday, April 28th, 2022
28 april 2022 |
6 min
MITRE ATT&CK v11
https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/
Microsoft Special Report: Ukraine
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Linux Privilege Escalation Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
npm Package Planting
https://blog.aquasec.com/npm-package-planting
https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/
Microsoft Special Report: Ukraine
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Linux Privilege Escalation Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
npm Package Planting
https://blog.aquasec.com/npm-package-planting
ISC StormCast for Wednesday, April 27th, 2022
27 april 2022 |
6 min
WSO2 Vuln Exploited to Install Crypto Coin Miners
https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/
Core Impact Backdoor Delivered Via VMware Vulnerablity
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
VirusTotal Exploit Update
https://twitter.com/bquintero/status/1518738072820670464
Emotet Experimenting With New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/
Core Impact Backdoor Delivered Via VMware Vulnerablity
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
VirusTotal Exploit Update
https://twitter.com/bquintero/status/1518738072820670464
Emotet Experimenting With New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
ISC StormCast for Tuesday, April 26th, 2022
26 april 2022 |
6 min
Simple PDF Linking to Malicious Content
https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/
VirusTotal Remote Code Execution
https://www.cysrc.com/blog/virus-total-blog
Apple's Private Relay can Cause the System to Ignore Firewall Rules
https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/
Emotet Breaks and Later Fixes Installer
https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/
VirusTotal Remote Code Execution
https://www.cysrc.com/blog/virus-total-blog
Apple's Private Relay can Cause the System to Ignore Firewall Rules
https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/
Emotet Breaks and Later Fixes Installer
https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
ISC StormCast for Monday, April 25th, 2022
25 april 2022 |
5 min
Analyzing Word Phishing Document
https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/
Targeting Roku Streaming Devices
https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/
JWT Null Signature Vulnerability PoC
https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
Expat XML Vulnerabilities
https://www.ibm.com/support/pages/node/6573293
Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/
Targeting Roku Streaming Devices
https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/
JWT Null Signature Vulnerability PoC
https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
Expat XML Vulnerabilities
https://www.ibm.com/support/pages/node/6573293
Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
ISC StormCast for Friday, April 22nd, 2022
22 april 2022 |
6 min
Multi Cryptocurrency Clipboard Swapper
https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/
Amazong Fixes AWS log4j Fix
https://aws.amazon.com/security/security-bulletins/AWS-2022-006/
Cisco Fixes
https://tools.cisco.com/security/center/publicationListing.x
Psychic Signature PoC
https://github.com/khalednassar/CVE-2022-21449-TLS-PoC
ALAC Audio Decoder Bug
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/
Amazong Fixes AWS log4j Fix
https://aws.amazon.com/security/security-bulletins/AWS-2022-006/
Cisco Fixes
https://tools.cisco.com/security/center/publicationListing.x
Psychic Signature PoC
https://github.com/khalednassar/CVE-2022-21449-TLS-PoC
ALAC Audio Decoder Bug
https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/
ISC StormCast for Thursday, April 21st, 2022
21 april 2022 |
6 min
AA Distribution Quakbot (Qbot) infection siwth DarkVNC
https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/
Java Psychic Signatures
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Snort DoS Vulnerability
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/
Java Psychic Signatures
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Snort DoS Vulnerability
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
ISC StormCast for Wednesday, April 20th, 2022
20 april 2022 |
6 min
u-boot Password Reset
https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/
Oracle CPU
https://www.oracle.com/security-alerts/cpuapr2022.html
MetaMask iCloud Phishing
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
SMB1 Gone From Windows 11 Home
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
Lenovo UEFI/BIOS Vulnerability
https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability
https://support.lenovo.com/de/de/product_security/LEN-84943
https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/
Oracle CPU
https://www.oracle.com/security-alerts/cpuapr2022.html
MetaMask iCloud Phishing
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
SMB1 Gone From Windows 11 Home
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
Lenovo UEFI/BIOS Vulnerability
https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability
https://support.lenovo.com/de/de/product_security/LEN-84943
ISC StormCast for Tuesday, April 19th, 2022
19 april 2022 |
5 min
Sysmon's ReigstryEvent (Value Set) and Binary Data
https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/
Ukraine CERT Posts: IcedID and Zimbra Flaw
https://cert.gov.ua/article/39606
https://cert.gov.ua/article/39609
New NSO Pegasus Exploit Spotted in the Wild
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
Unofficial Windows 11 Upgrade Delivers Spyware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/
Ukraine CERT Posts: IcedID and Zimbra Flaw
https://cert.gov.ua/article/39606
https://cert.gov.ua/article/39609
New NSO Pegasus Exploit Spotted in the Wild
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
Unofficial Windows 11 Upgrade Delivers Spyware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
ISC StormCast for Monday, April 18th, 2022
18 april 2022 |
6 min
Office Now Protects You From Malicious ISO Files
https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/
Github Stolen OAUTH User Tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
Git For Windows Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Cisco Wireless Controller Bug
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/
Github Stolen OAUTH User Tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
Git For Windows Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Cisco Wireless Controller Bug
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
ISC StormCast for Friday, April 15th, 2022
15 april 2022 |
5 min
An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW
https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/
Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/
https://twitter.com/splinter_code/status/1514653941304369153
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Cisco Webex Phones Home Audio Telemetry
https://wiscprivacy.com/papers/vca_mute.pdf
Grafana Enterprise Vulnerabilty
https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/
Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/
https://twitter.com/splinter_code/status/1514653941304369153
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Cisco Webex Phones Home Audio Telemetry
https://wiscprivacy.com/papers/vca_mute.pdf
Grafana Enterprise Vulnerabilty
https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
ISC StormCast for Thursday, April 14th, 2022
14 april 2022 |
6 min
How is Ukrainian Internet Holding Up During Russian Invasion
https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/
Update on Windows Patches and CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
Adobe Updates
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Apache Struts 2 Update
https://cwiki.apache.org/confluence/display/WW/S2-062
https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/
Update on Windows Patches and CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
Adobe Updates
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Apache Struts 2 Update
https://cwiki.apache.org/confluence/display/WW/S2-062
ISC StormCast for Wednesday, April 13th, 2022
13 april 2022 |
7 min
Microsoft April 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
NGINX Statement To LDAP Weakness
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Attacks on Ukrainian Power Grid
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
NGINX Statement To LDAP Weakness
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Attacks on Ukrainian Power Grid
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
ISC StormCast for Tuesday, April 12th, 2022
12 april 2022 |
6 min
Spring: It isn't just about Spring4Shell.
https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/
Microsoft Windows Autopatch
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839
More npm protestware
https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a
Raspberry Pi Update
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/
Microsoft Windows Autopatch
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839
More npm protestware
https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a
Raspberry Pi Update
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
ISC StormCast for Monday, April 11th, 2022
11 april 2022 |
6 min
Misc Spring4Shell Items
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
https://github.com/AgainstTheWest/NginxDay
Russian Certificate Authority Update
https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6
Conti Source Code Leak Leads to Copycats
https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
https://github.com/AgainstTheWest/NginxDay
Russian Certificate Authority Update
https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6
Conti Source Code Leak Leads to Copycats
https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/
ISC StormCast for Friday, April 8th, 2022
8 april 2022 |
16 min
What is BIMI
https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/
Watchguard Vulnerability behind Cyclops Blink
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US
Malware Targeting Amazon Lambdas
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities
https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/
Watchguard Vulnerability behind Cyclops Blink
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US
Malware Targeting Amazon Lambdas
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities
https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
ISC StormCast for Thursday, April 7th, 2022
7 april 2022 |
6 min
Windows MetaStealer Malware
https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
ISC StormCast for Wednesday, April 6th, 2022
6 april 2022 |
7 min
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
ISC StormCast for Tuesday, April 5th, 2022
5 april 2022 |
6 min
Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet
https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
ISC StormCast for Monday, April 4th, 2022
4 april 2022 |
6 min
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
ViaSat KA-SAT Network Cyber Attack
https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/
MacOS Bug Enables Phishing
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
PHP Supply Chain Attack on PEAR
https://blog.sonarsource.com/php-supply-chain-attack-on-pear
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/
ViaSat KA-SAT Network Cyber Attack
https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/
MacOS Bug Enables Phishing
https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users
PHP Supply Chain Attack on PEAR
https://blog.sonarsource.com/php-supply-chain-attack-on-pear
ISC StormCast for Friday, April 1st, 2022
1 april 2022 |
6 min
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/
Apple Patches 0 Day Vulnerability
https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/
Wyze Cam Vulnerabilities
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Zyxel Security Advisory
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/
Apple Patches 0 Day Vulnerability
https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/
Wyze Cam Vulnerabilities
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Zyxel Security Advisory
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
ISC StormCast for Thursday, March 31st, 2022
31 mars 2022 |
6 min
Java Springtime Confusion: What Vulnerabilty are We Talking About
https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/
Quickie: Parsing XLSB Documents
https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/
Pwning 3CX Phone Management Backends from the Internet
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/
Quickie: Parsing XLSB Documents
https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/
Pwning 3CX Phone Management Backends from the Internet
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
ISC StormCast for Wednesday, March 30th, 2022
30 mars 2022 |
7 min
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations
https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/
Mitigating Attacks Against Uninterruptible Power Supply Devices
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
MFA Bypass Attacks
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Google Advertises Mars Stealer
https://blog.morphisec.com/threat-research-mars-stealer
Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests"
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/
Mitigating Attacks Against Uninterruptible Power Supply Devices
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
MFA Bypass Attacks
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Google Advertises Mars Stealer
https://blog.morphisec.com/threat-research-mars-stealer
Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests"
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
ISC StormCast for Tuesday, March 29th, 2022
29 mars 2022 |
6 min
BGP Hijacking of Twitter Prefix by RTComm.ru
https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/
DDoS Against Sites in Ukraine
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Sophos Patches
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Sonicwall Patches
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
opnsense CARP protocol routing error
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/
DDoS Against Sites in Ukraine
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Sophos Patches
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Sonicwall Patches
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
opnsense CARP protocol routing error
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
ISC StormCast for Monday, March 28th, 2022
28 mars 2022 |
6 min
XLSB Files Because Binary is Stealthier Than XML
https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/
Dirty Pipe Container Escape PoC
https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/
PHP filter_var Shenanigans
https://pwning.systems/posts/php_filter_var_shenanigans/
OpenBSD slaacd vuln
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/
Dirty Pipe Container Escape PoC
https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/
PHP filter_var Shenanigans
https://pwning.systems/posts/php_filter_var_shenanigans/
OpenBSD slaacd vuln
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
ISC StormCast for Friday, March 25th, 2022
25 mars 2022 |
6 min
Malware Delivered Through Free Sharing Tool
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/
Western Digital PR4100 NAS Vulnerabilty
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Crypto malware in patched wallets targeting Android and iOS devices
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Lapsus$ Arrest
https://www.bbc.com/news/technology-60864283
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/
Western Digital PR4100 NAS Vulnerabilty
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Crypto malware in patched wallets targeting Android and iOS devices
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Lapsus$ Arrest
https://www.bbc.com/news/technology-60864283
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
ISC StormCast for Thursday, March 24th, 2022
24 mars 2022 |
6 min
Mars Stealer
https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
Okta Update
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Microsoft Lapsus$ Update
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
npm Attack Targeting Azure Developers
https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
Okta Update
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Microsoft Lapsus$ Update
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
npm Attack Targeting Azure Developers
https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
ISC StormCast for Wednesday, March 23rd, 2022
23 mars 2022 |
7 min
Statement by President Biden: What you need to do (or not do)
https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
ISC StormCast for Tuesday, March 22nd, 2022
22 mars 2022 |
8 min
Maldoc Cleaned by Anti-Virus
https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation's Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation's Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
ISC StormCast for Monday, March 21st, 2022
21 mars 2022 |
6 min
Scans for Movable Type Vulnerability (CVE-2021-20837)
https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/
SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)
https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/
MGLNDD_* Scans
https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/
CAPTCHA Phishing
https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters
Browser in the Browser Templates
https://mrd0x.com/browser-in-the-browser-phishing-attack/
https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/
SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)
https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/
MGLNDD_* Scans
https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/
CAPTCHA Phishing
https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters
Browser in the Browser Templates
https://mrd0x.com/browser-in-the-browser-phishing-attack/
ISC StormCast for Friday, March 18th, 2022
18 mars 2022 |
15 min
npm Package Sabotaged for Belarus/Russian Users
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
President Zelensky Deepfakes
https://twitter.com/ngleicher/status/1504186935291506693
ATM Rootkit
https://www.mandiant.com/resources/unc2891-overview
Scanner for Backdoored Mikrotik Routers
https://github.com/microsoft/routeros-scanner
SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide
https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
President Zelensky Deepfakes
https://twitter.com/ngleicher/status/1504186935291506693
ATM Rootkit
https://www.mandiant.com/resources/unc2891-overview
Scanner for Backdoored Mikrotik Routers
https://github.com/microsoft/routeros-scanner
SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide
https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
ISC StormCast for Thursday, March 17th, 2022
17 mars 2022 |
6 min
Qakbot Infection With Cobalt Strike and VNC Activity
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
ISC StormCast for Wednesday, March 16th, 2022
16 mars 2022 |
5 min
Clean Binaries with Suspicious Behaviour
https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
ISC StormCast for Tuesday, March 15th, 2022
15 mars 2022 |
6 min
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/
Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska
https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/
Curl on Windows
https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/
Veeam Vulnerabilities
https://www.veeam.com/kb4288
Linux Netfilter Privilege Escalation
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/
Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska
https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/
Curl on Windows
https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/
Veeam Vulnerabilities
https://www.veeam.com/kb4288
Linux Netfilter Privilege Escalation
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
ISC StormCast for Monday, March 14th, 2022
14 mars 2022 |
5 min
Malware Using WebSockets For C&C
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Racoon Stealer leverages Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
USAHERDS Hack
https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/
YARA 4.2.0 Released
https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Racoon Stealer leverages Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
USAHERDS Hack
https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/
YARA 4.2.0 Released
https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
ISC StormCast for Friday, March 11th, 2022
11 mars 2022 |
6 min
Credential Leaks on Virustotal
https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/
GPS Issues Around Finish Rusian Border
https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad
Russia Considering Internal Certificate Authority
https://www.gosuslugi.ru/tls
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
New Spectre Variant
https://www.vusec.net/projects/bhi-spectre-bhb/
Package Manager Vulnerabilities (yarn, pip, composer...)
https://blog.sonarsource.com/securing-developer-tools-package-managers
https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/
GPS Issues Around Finish Rusian Border
https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad
Russia Considering Internal Certificate Authority
https://www.gosuslugi.ru/tls
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
New Spectre Variant
https://www.vusec.net/projects/bhi-spectre-bhb/
Package Manager Vulnerabilities (yarn, pip, composer...)
https://blog.sonarsource.com/securing-developer-tools-package-managers
ISC StormCast for Thursday, March 10th, 2022
10 mars 2022 |
6 min
Infostealer in a Batch File
https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/
TP240PhoneHome reflection/amplification DDoS Attack Vector
https://blog.cloudflare.com/cve-2022-26143/
Malware Disguises as Pro Ukrainian Cybertools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more
Russian Government Sites Hacked in Supply Chain Attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Third Party Vulnerabilities in RUGGEDCOM ROS
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Adobe Bulletins
https://helpx.adobe.com/security/security-bulletin.html
https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/
TP240PhoneHome reflection/amplification DDoS Attack Vector
https://blog.cloudflare.com/cve-2022-26143/
Malware Disguises as Pro Ukrainian Cybertools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more
Russian Government Sites Hacked in Supply Chain Attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Third Party Vulnerabilities in RUGGEDCOM ROS
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Adobe Bulletins
https://helpx.adobe.com/security/security-bulletin.html
ISC StormCast for Wednesday, March 9th, 2022
9 mars 2022 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/
Critical APC UPS Vulnerability
https://www.armis.com/research/tlstorm/
Vulnerabilities in Firmware Affecting HP Devices
https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/
Critical APC UPS Vulnerability
https://www.armis.com/research/tlstorm/
Vulnerabilities in Firmware Affecting HP Devices
https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
ISC StormCast for Tuesday, March 8th, 2022
7 mars 2022 |
6 min
Ukraine Scam Followup
https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/
Dirty Pipe Linux Vulnerability
https://dirtypipe.cm4all.com
Mozilla Firefox and Thunderbird Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Azure AutoWarp
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Terramaster TOS Vulnerability
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/
Dirty Pipe Linux Vulnerability
https://dirtypipe.cm4all.com
Mozilla Firefox and Thunderbird Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Azure AutoWarp
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Terramaster TOS Vulnerability
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
ISC StormCast for Monday, March 7th, 2022
7 mars 2022 |
7 min
Ukraine Dontation Scam
https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/
Cogent Disconnects Russia
https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/
Russia DDoS Lists
https://safe-surf.ru/upload/ALRT/proxies.txt
https://safe-surf.ru/upload/ALRT/referer_http_header.txt
NVidia Stolen Certificates
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
https://twitter.com/cyb3rops/status/1499514240008437762
GitLab Vulnerabilities
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api
Cisco Patches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/
Cogent Disconnects Russia
https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/
Russia DDoS Lists
https://safe-surf.ru/upload/ALRT/proxies.txt
https://safe-surf.ru/upload/ALRT/referer_http_header.txt
NVidia Stolen Certificates
https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/
https://twitter.com/cyb3rops/status/1499514240008437762
GitLab Vulnerabilities
https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api
Cisco Patches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk
ISC StormCast for Friday, March 4th, 2022
4 mars 2022 |
7 min
Attackers Search For Exosed "LuCI" Folders
https://isc.sans.edu/diary/28400
Alexa Versus Alexa
https://arxiv.org/abs/2202.08619
Bypassing Google Cloud Armor
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Ukraine Updates
https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html
https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
https://isc.sans.edu/diary/28400
Alexa Versus Alexa
https://arxiv.org/abs/2202.08619
Bypassing Google Cloud Armor
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Ukraine Updates
https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html
https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
ISC StormCast for Thursday, March 3rd, 2022
3 mars 2022 |
5 min
The More Often Something is Repeated, the More True it Becomes
https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/
Fortinet Bug
https://www.fortiguard.com/psirt/FG-IR-21-028
IBM Updates
https://www.ibm.com/blogs/psirt/
Google Updates
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Conti Ransomware Leak
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Middle Box DDoS Attacks
https://www.akamai.com/blog/security/tcp-middlebox-reflection
https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/
Fortinet Bug
https://www.fortiguard.com/psirt/FG-IR-21-028
IBM Updates
https://www.ibm.com/blogs/psirt/
Google Updates
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Conti Ransomware Leak
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Middle Box DDoS Attacks
https://www.akamai.com/blog/security/tcp-middlebox-reflection
ISC StormCast for Wednesday, March 2nd, 2022
2 mars 2022 |
6 min
Geoblocking when you can't Geoblock
https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Memory Corruption Vulnerabilities in PJSIP
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
Octa Patch for Advanced Server Access Client
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295
ViaSat Outage
https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Memory Corruption Vulnerabilities in PJSIP
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
Octa Patch for Advanced Server Access Client
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295
ViaSat Outage
https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
ISC StormCast for Tuesday, March 1st, 2022
1 mars 2022 |
7 min
PHP Patches Code Injection Flaw
https://nvd.nist.gov/vuln/detail/CVE-2021-21708
https://bugs.php.net/bug.php?id=81708
Mozilla VPN Local Privilege Escalation
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
Google Captcha Breaking
https://east-ee.com/2022/02/28/1367/
Samsung Encryption Vulnerability
https://eprint.iacr.org/2022/208.pdf
tshark Multiple IPs
https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
https://nvd.nist.gov/vuln/detail/CVE-2021-21708
https://bugs.php.net/bug.php?id=81708
Mozilla VPN Local Privilege Escalation
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
Google Captcha Breaking
https://east-ee.com/2022/02/28/1367/
Samsung Encryption Vulnerability
https://eprint.iacr.org/2022/208.pdf
tshark Multiple IPs
https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
ISC StormCast for Monday, February 28th, 2022
28 februari 2022 |
6 min
Ukraine Update
https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
https://ddosecrets.com/wiki/Tetraedr
https://twitter.com/YourAnonOne/status/1496965766435926039
https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
Odd Windows Behaviour with Fixed Addresses
https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/
Using Snort IDS Rules in NetWitness Packet Decoder
https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/
NVidia Breach
https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted
Windows 11 Reset Not Removing All Data
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
https://ddosecrets.com/wiki/Tetraedr
https://twitter.com/YourAnonOne/status/1496965766435926039
https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
Odd Windows Behaviour with Fixed Addresses
https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/
Using Snort IDS Rules in NetWitness Packet Decoder
https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/
NVidia Breach
https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted
Windows 11 Reset Not Removing All Data
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
ISC StormCast for Friday, February 25th, 2022
25 februari 2022 |
7 min
Ukraine Update: Webcast
https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/
Other Ukraine Related Stories
https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/
https://detection.watchguard.com
Zabbix Vulnerablity Exploited
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://support.zabbix.com/browse/ZBX-20350
Asustore Victim of Deadbolt Ransomware
https://forum.asustor.com/viewtopic.php?f=45&t=12630
Firepower Rule Update Failure After March 5th 2022
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail
Social Media Takeover Malware Distrubeted Via Microsoft App Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/
Other Ukraine Related Stories
https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/
https://detection.watchguard.com
Zabbix Vulnerablity Exploited
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://support.zabbix.com/browse/ZBX-20350
Asustore Victim of Deadbolt Ransomware
https://forum.asustor.com/viewtopic.php?f=45&t=12630
Firepower Rule Update Failure After March 5th 2022
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail
Social Media Takeover Malware Distrubeted Via Microsoft App Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
ISC StormCast for Thursday, February 24th, 2022
24 februari 2022 |
7 min
New Sandworm Malware Cyclops Blink Replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Wiper Malware Seen Deployed Against Targets in the Ukraine
https://twitter.com/juanandres_gs/status/1496581710368358400
https://twitter.com/ESETresearch/status/1496581903205511181
The Rise and Fall of log4shell
https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
pfsense authenticated RCE
https://www.shielder.it/advisories/pfsense-remote-command-execution/
BVP47 Backdoor
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Wiper Malware Seen Deployed Against Targets in the Ukraine
https://twitter.com/juanandres_gs/status/1496581710368358400
https://twitter.com/ESETresearch/status/1496581903205511181
The Rise and Fall of log4shell
https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
pfsense authenticated RCE
https://www.shielder.it/advisories/pfsense-remote-command-execution/
BVP47 Backdoor
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
ISC StormCast for Wednesday, February 23rd, 2022
23 februari 2022 |
7 min
A Good Old Equation Editor Vulnerablity Deliverying Malware
https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/
Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
NoVNC Phishing
https://mrd0x.com/bypass-2fa-using-novnc/
https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/
Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
NoVNC Phishing
https://mrd0x.com/bypass-2fa-using-novnc/
ISC StormCast for Tuesday, February 22nd, 2022
22 februari 2022 |
6 min
Sending an Email to an IPv4 Address
https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/
SMS Phone-Verified Account Services
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Xenomorph Android Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Modified CryptBot Infostealer Going After Crypto Wallets
https://asec.ahnlab.com/en/31802/
Clarification for Adobe Magento Vulnerabilties
https://helpx.adobe.com/security/products/magento/apsb22-12.html
https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/
SMS Phone-Verified Account Services
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Xenomorph Android Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Modified CryptBot Infostealer Going After Crypto Wallets
https://asec.ahnlab.com/en/31802/
Clarification for Adobe Magento Vulnerabilties
https://helpx.adobe.com/security/products/magento/apsb22-12.html
ISC StormCast for Monday, February 21st, 2022
21 februari 2022 |
5 min
Remcos RAT Delivered Through Doube Compressed Archive
https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/
Cassandra User-Defined Functions Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
Apple T2 Weakness
https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/
snap priviledge escalation
https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/
Cassandra User-Defined Functions Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
Apple T2 Weakness
https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/
snap priviledge escalation
https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
ISC StormCast for Friday, February 18th, 2022
18 februari 2022 |
5 min
Hackers Attach Malicious .exe Files to Teams Conversations
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Thunderbird Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
Cisco Secure Email Gateway Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
Exploit for Magento Vulnerability (CVE-2022-24086) Available
https://twitter.com/ptswarm/status/1494240197915123713
More Packet Fu With Zeek
https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Thunderbird Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
Cisco Secure Email Gateway Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
Exploit for Magento Vulnerability (CVE-2022-24086) Available
https://twitter.com/ptswarm/status/1494240197915123713
More Packet Fu With Zeek
https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
ISC StormCast for Thursday, February 17th, 2022
17 februari 2022 |
6 min
Astaroth (Guildma) Infection
https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/
Atlassian Jira Updates
https://jira.atlassian.com/browse/CONFSERVER-66550
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
FBI Warns of BEC Using Virtual Meeting Platforms
https://www.ic3.gov/Media/Y2022/PSA220216
https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/
Atlassian Jira Updates
https://jira.atlassian.com/browse/CONFSERVER-66550
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
FBI Warns of BEC Using Virtual Meeting Platforms
https://www.ic3.gov/Media/Y2022/PSA220216
ISC StormCast for Wednesday, February 16th, 2022
16 februari 2022 |
6 min
Who Are Those Bots?
https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Details About Western Digital MyCloud Flaw
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/
Nooie Baby Monitor Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Details About Western Digital MyCloud Flaw
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/
Nooie Baby Monitor Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
ISC StormCast for Tuesday, February 15th, 2022
15 februari 2022 |
6 min
Reminder: Decoding TLS Client Hello to Non TLS Servers
https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/
Magento 2 Critical Vulnerability
https://sansec.io/research/magento-2-cve-2022-24086
BigSur/Catalina Mystery Update
https://support.apple.com/en-us/HT201222
MacOS Monterey Patch and Microsoft Defender
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Google Chrome 0-Day Fixed
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Moxa MXview Vulnerabilities and Patch
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/
Magento 2 Critical Vulnerability
https://sansec.io/research/magento-2-cve-2022-24086
BigSur/Catalina Mystery Update
https://support.apple.com/en-us/HT201222
MacOS Monterey Patch and Microsoft Defender
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Google Chrome 0-Day Fixed
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Moxa MXview Vulnerabilities and Patch
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
ISC StormCast for Monday, February 14th, 2022
14 februari 2022 |
5 min
CinaRAT Delivered Through HTML ID Attributes
https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/
Windows Defender ASR Blocks LSASS Credential Stealing
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
Brave Blocking Credential Leaking Extension
https://www.theregister.com/2022/02/12/facebook_god_mode/
Project Zero Summary of Zero Day Bugs
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/
Windows Defender ASR Blocks LSASS Credential Stealing
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
Brave Blocking Credential Leaking Extension
https://www.theregister.com/2022/02/12/facebook_god_mode/
Project Zero Summary of Zero Day Bugs
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
ISC StormCast for Friday, February 11th, 2022
11 februari 2022 |
6 min
iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit
https://support.apple.com/en-us/HT213091
Zyxel Network Storage Devics Hunted By Mirai Variant
https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
WMIC Removal
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features
Zoom Uses Microphone after Meeting is Over
https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019
Evidence Planted to Implicate Innocent Activists
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
https://support.apple.com/en-us/HT213091
Zyxel Network Storage Devics Hunted By Mirai Variant
https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
WMIC Removal
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features
Zoom Uses Microphone after Meeting is Over
https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019
Evidence Planted to Implicate Innocent Activists
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
ISC StormCast for Thursday, February 10th, 2022
10 februari 2022 |
6 min
Example of Cobalt Strike form Emotet Infection
https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
NaturalFreshMall: A Mass Store Attack
https://sansec.io/research/naturalfreshmall-mass-hack
https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
NaturalFreshMall: A Mass Store Attack
https://sansec.io/research/naturalfreshmall-mass-hack
ISC StormCast for Wednesday, February 9th, 2022
9 februari 2022 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/
Google Cloud Virtual Machine Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Android Patches
https://source.android.com/security/bulletin/2022-02-01
SAP Patches
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Podcast 13 Year Anniversary
https://isc.sans.edu/podcastdetail.html?id=25
https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/
Google Cloud Virtual Machine Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Android Patches
https://source.android.com/security/bulletin/2022-02-01
SAP Patches
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Podcast 13 Year Anniversary
https://isc.sans.edu/podcastdetail.html?id=25
ISC StormCast for Tuesday, February 8th, 2022
8 februari 2022 |
6 min
web3 phishing via self-customizign landing pages
https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/
MSFT Blocking Office VBA Malcros
https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Acronis True Image Update
https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c
Lockbit 2 IoCs
https://www.ic3.gov/Media/News/2022/220204.pdf
https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/
MSFT Blocking Office VBA Malcros
https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Acronis True Image Update
https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c
Lockbit 2 IoCs
https://www.ic3.gov/Media/News/2022/220204.pdf
ISC StormCast for Monday, February 7th, 2022
7 februari 2022 |
6 min
Intuit warns of new phishing scams
https://security.intuit.com/security-notices
IRS working with ID.me
https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services
Argo CD Vulnerability
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
Thermal Imaging of PoE Devices
https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
https://security.intuit.com/security-notices
IRS working with ID.me
https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services
Argo CD Vulnerability
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
Thermal Imaging of PoE Devices
https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
ISC StormCast for Friday, February 4th, 2022
4 februari 2022 |
5 min
Attack Surface Detection
https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/
MFA News
https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my
https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf
Zimbra Webmail 0-Day Exploited
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Cisco RV Series Routers Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/
MFA News
https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my
https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf
Zimbra Webmail 0-Day Exploited
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Cisco RV Series Routers Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D
ISC StormCast for Thursday, February 3rd, 2022
3 februari 2022 |
6 min
Finding elFinder: Who is looking for your files?
https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/
IBM Spectrum Protect Plus Container Backup Vulnerabilities
https://www.ibm.com/support/pages/node/6540860
https://www.ibm.com/support/pages/node/6552188
Microsoft Update Connectivity
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
UEFI Bios Vulnerabilities
https://www.insyde.com/security-pledge
https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/
IBM Spectrum Protect Plus Container Backup Vulnerabilities
https://www.ibm.com/support/pages/node/6540860
https://www.ibm.com/support/pages/node/6552188
Microsoft Update Connectivity
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
UEFI Bios Vulnerabilities
https://www.insyde.com/security-pledge
ISC StormCast for Wednesday, February 2nd, 2022
2 februari 2022 |
6 min
Windows Privilege Escalation Exploit CVE-2022-21882
https://github.com/KaLendsi/CVE-2022-21882
Fingerprinting Devices Via GPU
https://arxiv.org/pdf/2201.09956.pdf
SolarMarker Campaign used novel registry changes to establish persistence
https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/
Fake Job Ads
https://www.ic3.gov/Media/Y2022/PSA220201
Automation is Nice But Don't Replace Your Knowledge
https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
https://github.com/KaLendsi/CVE-2022-21882
Fingerprinting Devices Via GPU
https://arxiv.org/pdf/2201.09956.pdf
SolarMarker Campaign used novel registry changes to establish persistence
https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/
Fake Job Ads
https://www.ic3.gov/Media/Y2022/PSA220201
Automation is Nice But Don't Replace Your Knowledge
https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
ISC StormCast for Tuesday, February 1st, 2022
1 februari 2022 |
5 min
Be Careful with RPMSG Files
https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/
QNAP Auto Update Clarification
https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature
Samba Vulnerability
https://kb.cert.org/vuls/id/119678
Exposed Datacenter Management
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Expat Vulnerability
https://github.com/libexpat/libexpat/blob/master/expat/Changes
https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/
QNAP Auto Update Clarification
https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature
Samba Vulnerability
https://kb.cert.org/vuls/id/119678
Exposed Datacenter Management
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Expat Vulnerability
https://github.com/libexpat/libexpat/blob/master/expat/Changes
ISC StormCast for Monday, January 31st, 2022
31 januari 2022 |
6 min
Malicious ISO Embedded in an HTML Page
https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/
YARA Console Module
https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/
Attackers Attaching Devices to Azure AD
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
QNAP Forced Updates
https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/
YARA Console Module
https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/
Attackers Attaching Devices to Azure AD
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
QNAP Forced Updates
https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
ISC StormCast for Friday, January 28th, 2022
28 januari 2022 |
16 min
Technical Analysis of CVE-2022-22583
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/
Little Snitch Firewall Bypass
https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/
DazzleSpy Malware
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System
https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/
Little Snitch Firewall Bypass
https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/
DazzleSpy Malware
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System
https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
ISC StormCast for Thursday, January 27th, 2022
27 januari 2022 |
6 min
Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet
https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/
Apple Patches and Exploits
https://support.apple.com/en-us/HT201222
https://www.ryanpickren.com/safari-uxss
Let's Encrypt Fixes Problems and Revoces Certificates
https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/
Apple Patches and Exploits
https://support.apple.com/en-us/HT201222
https://www.ryanpickren.com/safari-uxss
Let's Encrypt Fixes Problems and Revoces Certificates
https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
ISC StormCast for Wednesday, January 26th, 2022
26 januari 2022 |
5 min
Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034)
https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/
Emotet Stops Using 0.0.0.0 in Spambot Traffic
https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
VMWare Warns of Log4j Exploitation
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/
Emotet Stops Using 0.0.0.0 in Spambot Traffic
https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
VMWare Warns of Log4j Exploitation
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
ISC StormCast for Tuesday, January 25th, 2022
25 januari 2022 |
6 min
Moonbound UEFI Malware
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Exploit of Sonicwall CVE-2021-20038
https://twitter.com/buffaloverflow/status/1485671824725786633
Dell EMC AppSync Vulnerability
https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities
Twitter API Keys Leaked in GitHub
https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Exploit of Sonicwall CVE-2021-20038
https://twitter.com/buffaloverflow/status/1485671824725786633
Dell EMC AppSync Vulnerability
https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities
Twitter API Keys Leaked in GitHub
https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
ISC StormCast for Monday, January 24th, 2022
24 januari 2022 |
6 min
Obscure Wininet.dll Feature
https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/
Mixed VBA and Excel 4 Macro in Targeted Excel Sheet
https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/
https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905
F5 January 2022 Patches
https://support.f5.com/csp/article/K40084114
McAfee Privilege Escalation
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/
Mixed VBA and Excel 4 Macro in Targeted Excel Sheet
https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/
https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905
F5 January 2022 Patches
https://support.f5.com/csp/article/K40084114
McAfee Privilege Escalation
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
ISC StormCast for Friday, January 21st, 2022
21 januari 2022 |
6 min
RedLine Stealer Delivered Through FTP
https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
ISC StormCast for Thursday, January 20th, 2022
20 januari 2022 |
6 min
0.0.0.0 in Emotet Spambot Traffic
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
ISC StormCast for Wednesday, January 19th, 2022
19 januari 2022 |
6 min
Phishing E-Mail With an Advertisement
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
ISC StormCast for Tuesday, January 18th, 2022
18 januari 2022 |
5 min
Log4Shell Attacks Getting Smarter
https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
ISC StormCast for Monday, January 17th, 2022
17 januari 2022 |
5 min
Use of Alternate Data Streams in Research Scans
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
ISC StormCast for Friday, January 14th, 2022
14 januari 2022 |
6 min
MSFT Patch Issues
https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831
Jenkins Security Advisory 2022-01-1
https://www.jenkins.io/security/advisory/2022-01-12/
Qakbot Configuration Decryptor
https://github.com/drole/qakbot-registry-decrypt
Android allows Disabling 2G
https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/
Weakness in Microsoft Defender
https://twitter.com/splinter_code/status/1481073265380581381
https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc
https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831
Jenkins Security Advisory 2022-01-1
https://www.jenkins.io/security/advisory/2022-01-12/
Qakbot Configuration Decryptor
https://github.com/drole/qakbot-registry-decrypt
Android allows Disabling 2G
https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/
Weakness in Microsoft Defender
https://twitter.com/splinter_code/status/1481073265380581381
ISC StormCast for Thursday, January 13th, 2022
13 januari 2022 |
6 min
A Quick CVE-2022-21907 FAQ
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/
Details Released Regarding Patched Sonicwall Vulnerabilities
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues
https://support.apple.com/en-us/HT201222
https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/
Atticking RDP From Inside
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/
Details Released Regarding Patched Sonicwall Vulnerabilities
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues
https://support.apple.com/en-us/HT201222
https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/
Atticking RDP From Inside
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
ISC StormCast for Wednesday, January 12th, 2022
12 januari 2022 |
7 min
Microsoft Patch Tuesday - January 2022
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/
Adobe Updates
https://helpx.adobe.com/security.html
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/
Adobe Updates
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, January 11th, 2022
11 januari 2022 |
6 min
New MacOS Vulnerability Could Lead to Unauthorized User Data Access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Exploiting URL Parsers
https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf
NPM libs "colors" and "faker" sabotaged by developer
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Exploiting URL Parsers
https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf
NPM libs "colors" and "faker" sabotaged by developer
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
ISC StormCast for Monday, January 10th, 2022
10 januari 2022 |
6 min
Extracting Cobalt Strike Beacons from MSBuild Scripts
https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/
The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
Trojanized dnSpy app drops malware cocktail
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
FIN7 Attackers Sending Malicious USB Sticks
https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/
The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
Trojanized dnSpy app drops malware cocktail
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
FIN7 Attackers Sending Malicious USB Sticks
https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
ISC StormCast for Friday, January 7th, 2022
7 januari 2022 |
5 min
Malicious Python Script Targeting Chinese People
https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
Google Voice Authentication Scams
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams
Norton Crypto Miner
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
Google Voice Authentication Scams
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams
Norton Crypto Miner
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
ISC StormCast for Thursday, January 6th, 2022
6 januari 2022 |
5 min
Code Reuse in the Malware Landscape
https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/
ZLoader Campaign Exploiting Signature Verification Bug
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
VMWare Virtual CD-Rom Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
Honda Y2k22 Bug
https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/
https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/
ZLoader Campaign Exploiting Signature Verification Bug
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
VMWare Virtual CD-Rom Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0001.html
Honda Y2k22 Bug
https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/
ISC StormCast for Wednesday, January 5th, 2022
5 januari 2022 |
5 min
A Simple Batch File That Blocks People
https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/
Windows Server Remote Desktop Emergency Update
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772
Malicious Telegram Installer Includes Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Web Skimmer Campaign Targets Real Estate Websites
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/
Windows Server Remote Desktop Emergency Update
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772
Malicious Telegram Installer Includes Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Web Skimmer Campaign Targets Real Estate Websites
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
ISC StormCast for Tuesday, January 4th, 2022
4 januari 2022 |
6 min
McAfee Phishing Campaign with a Nice Fake Scan
https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/
Trend Micro Apex One Patch
https://success.trendmicro.com/solution/000289996
E-commerce Bots Using Cheap Domain Registration Services
https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/
iOS Homekit DoS Vulnerability
https://trevorspiniolas.com/doorlock/doorlock.html
https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/
Trend Micro Apex One Patch
https://success.trendmicro.com/solution/000289996
E-commerce Bots Using Cheap Domain Registration Services
https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/
iOS Homekit DoS Vulnerability
https://trevorspiniolas.com/doorlock/doorlock.html
ISC StormCast for Monday, January 3rd, 2022
3 januari 2022 |
8 min
Exchange Server Year 2022 Bug
https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Agent Tesla Updates
https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/
https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/
Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
iLO Bleed Attack
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Agent Tesla Updates
https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/
https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/
Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
iLO Bleed Attack
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
ISC StormCast for Thursday, December 30th, 2021
30 december 2021 |
4 min
Log4j 2 Security Vulnerabilities Update Guide
https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/
Microsoft Defender Log4j False Positives
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/
T-Mobile SIM Swapping Alerts
https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/
Fisher Price Bluetooth Phone Privcy Flaw
https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/
https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/
Microsoft Defender Log4j False Positives
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/
T-Mobile SIM Swapping Alerts
https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/
Fisher Price Bluetooth Phone Privcy Flaw
https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/
ISC StormCast for Wednesday, December 29th, 2021
29 december 2021 |
5 min
Log4j Vulnerablity CVE-2021-44832
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
LotL Classifiers
https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/
LastPass Credential Stuffing
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832
LotL Classifiers
https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/
LastPass Credential Stuffing
https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
ISC StormCast for Tuesday, December 28th, 2021
28 december 2021 |
5 min
Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons
https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/
Bypassing File Quarantine, Gatekeeper and Notarization Requirements
https://objective-see.com/blog/blog_0x6A.html
Spider-Miner: Trojanized Version of Spiderman No Way Home
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/
Bypassing File Quarantine, Gatekeeper and Notarization Requirements
https://objective-see.com/blog/blog_0x6A.html
Spider-Miner: Trojanized Version of Spiderman No Way Home
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
ISC StormCast for Monday, December 27th, 2021
27 december 2021 |
6 min
Log4j/Log4Shell and Cloud Internal Meta Data Services
https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/
https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/
Log4j/Log4Shell Pushing Crypto Miner
https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Azure Source Code Leak
https://blog.wiz.io/azure-app-service-source-code-leak/
https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/
https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/
Log4j/Log4Shell Pushing Crypto Miner
https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Azure Source Code Leak
https://blog.wiz.io/azure-app-service-source-code-leak/
ISC StormCast for Thursday, December 23rd, 2021
23 december 2021 |
4 min
Forensics Challenge Solution
https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/
CAB-less 40444
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Ellume COVID Home Test Weakness
https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/
CAB-less 40444
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Ellume COVID Home Test Weakness
https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
ISC StormCast for Wednesday, December 22nd, 2021
22 december 2021 |
5 min
More Undetected PowerShell Droppers
https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/
Apache Patches
https://httpd.apache.org/security/vulnerabilities_24.html
Auerswald COMpact Multiple Backdoors
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
Vulnerabilities in Garrett Metal Detectors
https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/
Apache Patches
https://httpd.apache.org/security/vulnerabilities_24.html
Auerswald COMpact Multiple Backdoors
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
Vulnerabilities in Garrett Metal Detectors
https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
ISC StormCast for Tuesday, December 21st, 2021
21 december 2021 |
6 min
PowerPoint Atachments: Agent Tesla and Code Reuse in Malware
https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/
VMWare Workspace ONE Patch / log4j status
https://www.vmware.com/security/advisories.html
Attacks Against Building Automation
https://limessecurity.com/en/knxlock/
https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/
VMWare Workspace ONE Patch / log4j status
https://www.vmware.com/security/advisories.html
Attacks Against Building Automation
https://limessecurity.com/en/knxlock/
ISC StormCast for Monday, December 20th, 2021
20 december 2021 |
7 min
Disaster Recovery Automation Using Public DNS APIs
https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/
Office 2021: VBA Project Version
https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/
Log4j Updates
https://www.blumira.com/analysis-log4shell-local-trigger/
https://logging.apache.org/log4j/2.x/security.html
https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/
Office 2021: VBA Project Version
https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/
Log4j Updates
https://www.blumira.com/analysis-log4shell-local-trigger/
https://logging.apache.org/log4j/2.x/security.html
ISC StormCast for Friday, December 17th, 2021
17 december 2021 |
8 min
How the "Contact Forms" Campaign Tricks People
https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
Bluetooth Used to Extract WiFi Secrets
https://arxiv.org/pdf/2112.05719.pdf
Lenovo Privilege Escalation Vulnerability
https://support.lenovo.com/cy/en/product_security/len-75210
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Log4j Updates
https://github.com/cisagov/log4j-affected-db
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://twitter.com/sans_isc/status/1471611522694717445
https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
Bluetooth Used to Extract WiFi Secrets
https://arxiv.org/pdf/2112.05719.pdf
Lenovo Privilege Escalation Vulnerability
https://support.lenovo.com/cy/en/product_security/len-75210
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Log4j Updates
https://github.com/cisagov/log4j-affected-db
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://twitter.com/sans_isc/status/1471611522694717445
ISC StormCast for Thursday, December 16th, 2021
16 december 2021 |
6 min
Undetected Powershell Backdoor
https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/
Adobe Security Updates
https://helpx.adobe.com/security.html
Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension
https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Webkit Bug Exploitable in PS4
https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/
Adobe Security Updates
https://helpx.adobe.com/security.html
Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension
https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Webkit Bug Exploitable in PS4
https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
ISC StormCast for Wednesday, December 15th, 2021
15 december 2021 |
5 min
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/
Log4j Updates
https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/
Log4j Scanner
https://github.com/dtact/divd-2021-00038--log4j-scanner
Apple Updates
https://support.apple.com/en-us/HT201222
https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/
Log4j Updates
https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/
Log4j Scanner
https://github.com/dtact/divd-2021-00038--log4j-scanner
Apple Updates
https://support.apple.com/en-us/HT201222
ISC StormCast for Tuesday, December 14th, 2021
14 december 2021 |
5 min
Log4Shell Becoming Part of the Day to Day Grind
https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
https://www.youtube.com/watch?v=oC2PZB5D3Ys
Google Chrome Update
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Malicious PyPi Packages
https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
https://www.youtube.com/watch?v=oC2PZB5D3Ys
Google Chrome Update
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Malicious PyPi Packages
https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
ISC StormCast for Monday, December 13th, 2021
13 december 2021 |
8 min
Remote Code Execution in log4j2
https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/
Log4j Zero Day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data
https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/
Log4Shell Vendor Bulletins
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/
Log4j Zero Day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data
https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/
Log4Shell Vendor Bulletins
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
ISC StormCast for Friday, December 10th, 2021
10 december 2021 |
7 min
Phishing Direct Messages via Discord
https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
ISC StormCast for Thursday, December 9th, 2021
9 december 2021 |
6 min
December 2021 Forensic Challenge
https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
ISC StormCast for Wednesday, December 8th, 2021
8 december 2021 |
6 min
Webshells, Webshells everywhere!
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
ISC StormCast for Tuesday, December 7th, 2021
7 december 2021 |
6 min
The Importance of Out of Band Networks
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
ISC StormCast for Monday, December 6th, 2021
6 december 2021 |
5 min
The UPX Packer will never die
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
ISC StormCast for Friday, December 3rd, 2021
3 december 2021 |
14 min
TA551 (Shathak) Pushes IcedID (Bokbot)
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
ISC StormCast for Thursday, December 2nd, 2021
2 december 2021 |
6 min
Info-Stealer Using webhook.site to Exfiltrate Data
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
ISC StormCast for Wednesday, December 1st, 2021
1 december 2021 |
6 min
Hunting for PHPUnit Installed via Composer
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
ISC StormCast for Tuesday, November 30th, 2021
30 november 2021 |
5 min
Wireshark 3.6.0 Released
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
ISC StormCast for Monday, November 29th, 2021
29 november 2021 |
6 min
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
ISC StormCast for Wednesday, November 24th, 2021
24 november 2021 |
3 min
YARA Rule for OOXML Maldocs: Less False Positives
https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
ISC StormCast for Tuesday, November 23rd, 2021
23 november 2021 |
4 min
Simple YARA Rules for Office Maldocs
https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
ISC StormCast for Monday, November 22nd, 2021
22 november 2021 |
5 min
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
ISC StormCast for Friday, November 19th, 2021
19 november 2021 |
7 min
JavaScript Downloader Delivers Agent Tesla Trojan
https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/
Exposed Firefox cookies.sqlite Databases
https://www.theregister.com/2021/11/18/firefox_cookies_github/
FBI Warns of Fatpipe VPN Exploits
https://www.ic3.gov/Media/News/2021/211117-2.pdf
Abusing ClouDNS
https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/
Exposed Firefox cookies.sqlite Databases
https://www.theregister.com/2021/11/18/firefox_cookies_github/
FBI Warns of Fatpipe VPN Exploits
https://www.ic3.gov/Media/News/2021/211117-2.pdf
Abusing ClouDNS
https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/
ISC StormCast for Thursday, November 18th, 2021
18 november 2021 |
5 min
DDS Protocol Implementation Vulnerabilities
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
Siemens TCP/IP Flaws
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
Netgear UPNP Stack Based Buffer Overflow
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02
Siemens TCP/IP Flaws
https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/
Netgear UPNP Stack Based Buffer Overflow
https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html
ISC StormCast for Wednesday, November 17th, 2021
17 november 2021 |
7 min
Emotet Returns
https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
ISC StormCast for Tuesday, November 16th, 2021
16 november 2021 |
7 min
Microsoft Emergency Update fixes AD Authentication Problems
https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
ISC StormCast for Monday, November 15th, 2021
15 november 2021 |
6 min
Not So Fake FBI E-Mails
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
ISC StormCast for Friday, November 12th, 2021
12 november 2021 |
3 min
In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
ISC StormCast for Thursday, November 11th, 2021
11 november 2021 |
7 min
Shadow IT Makes People More Vulnerable to Phishing
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
ISC StormCast for Wednesday, November 10th, 2021
10 november 2021 |
7 min
Microsoft November 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
ISC StormCast for Tuesday, November 9th, 2021
9 november 2021 |
7 min
(Ab)Using Security Tools & Controls for the Bad
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
ISC StormCast for Monday, November 8th, 2021
8 november 2021 |
5 min
Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
ISC StormCast for Friday, November 5th, 2021
5 november 2021 |
7 min
October 2021 Forensic Contest Answers and Analysis
https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
ISC StormCast for Thursday, November 4th, 2021
4 november 2021 |
5 min
Gitlab CVE-2021-22205 Exploited (and often not patched)
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
ISC StormCast for Wednesday, November 3rd, 2021
3 november 2021 |
6 min
Revisiting BrakTooth: Two Months Later
https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
ISC StormCast for Tuesday, November 2nd, 2021
2 november 2021 |
7 min
Trojan Source: Invisible Vulnerabilities
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
ISC StormCast for Monday, November 1st, 2021
1 november 2021 |
5 min
Remote Desktop Protocol RDP Discovery
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
ISC StormCast for Friday, October 29th, 2021
29 oktober 2021 |
6 min
Critical Hikvision Patch
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
ISC StormCast for Thursday, October 28th, 2021
28 oktober 2021 |
5 min
Outlook Web Access Phishing
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
ISC StormCast for Wednesday, October 27th, 2021
27 oktober 2021 |
6 min
Apple Updates Everything (but no details yet)
https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
ISC StormCast for Tuesday, October 26th, 2021
26 oktober 2021 |
5 min
Decrypting Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
ISC StormCast for Monday, October 25th, 2021
25 oktober 2021 |
6 min
Malware Quiz
https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
ISC StormCast for Friday, October 22nd, 2021
22 oktober 2021 |
6 min
Stolen Images Evidence Campaign Pushes Sliver Based Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
ISC StormCast for Thursday, October 21st, 2021
21 oktober 2021 |
6 min
Thanks to Covid 19: New Types of Documents are Lost in the Wild
https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
ISC StormCast for Wednesday, October 20th, 2021
20 oktober 2021 |
5 min
Can You Make the Great Chinese Firewall Work For You
https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
ISC StormCast for Tuesday, October 19th, 2021
19 oktober 2021 |
5 min
Malcious PowerShell Script Using Client Certificate Authentication
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/
PowerShell Updates
https://github.com/PowerShell/Announcements/issues/27
Juniper JunOS Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
TianFu Cup
https://tianfucup.com/en/#canjia
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/
PowerShell Updates
https://github.com/PowerShell/Announcements/issues/27
Juniper JunOS Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
TianFu Cup
https://tianfucup.com/en/#canjia
ISC StormCast for Monday, October 18th, 2021
18 oktober 2021 |
6 min
Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013
https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
Warranty Repairs and Non Removable Storage Risks
https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/
Crypto Wallet Compromised on OpenSea NFT Marketplace
https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/
$5.2 Billion worth of Bitcoin Transactions Linked to Ransomware
https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
Warranty Repairs and Non Removable Storage Risks
https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/
Crypto Wallet Compromised on OpenSea NFT Marketplace
https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/
$5.2 Billion worth of Bitcoin Transactions Linked to Ransomware
https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
ISC StormCast for Friday, October 15th, 2021
15 oktober 2021 |
7 min
Port Forwarding with Windows for the Win
https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/
Please Fix Your E-Mail Brute Forcing Tool
https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/
Ad Blocker Injects Ads
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Romance Scams Go After Crypto Currency
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/
Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
Foxit Updates
https://www.foxit.com/support/security-bulletins.html
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2021-0023.html
https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/
Please Fix Your E-Mail Brute Forcing Tool
https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/
Ad Blocker Injects Ads
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Romance Scams Go After Crypto Currency
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/
Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
Foxit Updates
https://www.foxit.com/support/security-bulletins.html
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2021-0023.html
ISC StormCast for Wednesday, October 13th, 2021
13 oktober 2021 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PyPi Remove mitmproxy2 Module
https://twitter.com/maximilianhils/status/1447525552370458625
https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PyPi Remove mitmproxy2 Module
https://twitter.com/maximilianhils/status/1447525552370458625
https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333
ISC StormCast for Tuesday, October 12th, 2021
12 oktober 2021 |
5 min
Non HTTP Requests Hitting Web Server
https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/
Apple Updates iOS/iPadOS to 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://support.apple.com/en-us/HT212846
Weak SSH Keys Used with GitKraken
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
Let's Encrypt Outage
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/
Apple Updates iOS/iPadOS to 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://support.apple.com/en-us/HT212846
Weak SSH Keys Used with GitKraken
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
Let's Encrypt Outage
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
ISC StormCast for Monday, October 11th, 2021
11 oktober 2021 |
5 min
Scanning for Previous Oracle WebLogic Vulnerabilities
https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
Sorting Things Out - Sorting Data by IP Address
https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/
https://gitlab.com/slackermedia/bashcrawl
Telegram Does Not Remove Auto-Deleted Messages from Cache
https://habr.com/en/post/580582/
Microsoft To Disable Excel 4.0 Macros By Default
https://twitter.com/GelosSnake/status/1446192775087722497
https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
Sorting Things Out - Sorting Data by IP Address
https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/
https://gitlab.com/slackermedia/bashcrawl
Telegram Does Not Remove Auto-Deleted Messages from Cache
https://habr.com/en/post/580582/
Microsoft To Disable Excel 4.0 Macros By Default
https://twitter.com/GelosSnake/status/1446192775087722497
https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
ISC StormCast for Friday, October 8th, 2021
8 oktober 2021 |
6 min
Who is Hunting For Your IPTV Set-Top Box?
https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Another Update For Apache
https://httpd.apache.org
Font on Lake Rootkit
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
osquery 5 with macOS Endpoint Security
https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Another Update For Apache
https://httpd.apache.org
Font on Lake Rootkit
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
osquery 5 with macOS Endpoint Security
https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
ISC StormCast for Thursday, October 7th, 2021
7 oktober 2021 |
5 min
Apache 2.4.49 Directory Traversal Vulnerability
https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/
Python Ransomware Targeting ESXi Server
https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx
AT&T SIM Forensics
https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c
Google Making Additional 2FA Push
https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/
Python Ransomware Targeting ESXi Server
https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx
AT&T SIM Forensics
https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c
Google Making Additional 2FA Push
https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
ISC StormCast for Wednesday, October 6th, 2021
6 oktober 2021 |
6 min
Looking Glass Sites
https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/
Facebook Postmortem
https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/
Apache 2.4.49 Directory Traversal Vulnerability
https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching
Windows 11 Released
https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/
Facebook Postmortem
https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/
Apache 2.4.49 Directory Traversal Vulnerability
https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching
Windows 11 Released
https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
ISC StormCast for Tuesday, October 5th, 2021
5 oktober 2021 |
6 min
Facebook Outage
https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/
Boutique "Dark" Botnet Hunting for Crumbs
https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
Apache Airflow May Leak Credentials
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/
Boutique "Dark" Botnet Hunting for Crumbs
https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
Apache Airflow May Leak Credentials
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
ISC StormCast for Monday, October 4th, 2021
4 oktober 2021 |
6 min
A New Tool To Add to Your LOLBAS List: cvtres.exe
https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/
Google Chrome Continuing Updates
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Cyber Security Awareness Month
https://www.sans.org/security-awareness-training/resources/
https://isc.sans.edu/tag.html?tag=csam
FCC Attempts to Fight SIM Swapping
https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf
MacOS Gatekeeper Bypass
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/
Google Chrome Continuing Updates
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Cyber Security Awareness Month
https://www.sans.org/security-awareness-training/resources/
https://isc.sans.edu/tag.html?tag=csam
FCC Attempts to Fight SIM Swapping
https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf
MacOS Gatekeeper Bypass
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
ISC StormCast for Friday, October 1st, 2021
1 oktober 2021 |
15 min
Visa/Apple Express Transit Relay Attack
https://www.bbc.com/news/technology-58719891
FluBot Offering Fake FlutBot Protection
https://twitter.com/CERTNZ/status/1443701853665980440
Undetected Azure Active Directory Brute-Force Attacks
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/
https://www.bbc.com/news/technology-58719891
FluBot Offering Fake FlutBot Protection
https://twitter.com/CERTNZ/status/1443701853665980440
Undetected Azure Active Directory Brute-Force Attacks
https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks
SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/
ISC StormCast for Thursday, September 30th, 2021
30 september 2021 |
5 min
Keeping Track of Time: Network Time Protocol and GPSD Bug
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Apple Airtags Stored XSS
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
CISA/NSA Guidance To Configure VPNs
https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps
https://engineering.fb.com/2021/09/29/security/mariana-trench/
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Apple Airtags Stored XSS
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
CISA/NSA Guidance To Configure VPNs
https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps
https://engineering.fb.com/2021/09/29/security/mariana-trench/
ISC StormCast for Wednesday, September 29th, 2021
29 september 2021 |
6 min
TLS 1.3 and SSL: The Current State of Affairs
https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/
EFF Discontinues HTTPS Everywhere Plugin
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
Malicious CryptoCoin Wallet
https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/
EFF Discontinues HTTPS Everywhere Plugin
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
Malicious CryptoCoin Wallet
https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
ISC StormCast for Tuesday, September 28th, 2021
28 september 2021 |
6 min
Trend Micro ServerProtect Authentication Bypass Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-21-1115/
Let's Encrypt Root CA Expiration
https://community.letsencrypt.org/t/production-chain-changes/150739
ERMAC Android Malware
https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
QNAP Vulnerabilities
https://www.qnap.com/en/security-advisory/QSA-21-35
https://www.zerodayinitiative.com/advisories/ZDI-21-1115/
Let's Encrypt Root CA Expiration
https://community.letsencrypt.org/t/production-chain-changes/150739
ERMAC Android Malware
https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html
QNAP Vulnerabilities
https://www.qnap.com/en/security-advisory/QSA-21-35
ISC StormCast for Monday, September 27th, 2021
27 september 2021 |
6 min
Mobile Device Inventory via Active Sync
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/
Autodiscover Attacks
https://autodiscover-vulnerable-tlds.com
https://wiki.mozilla.org/Public_Suffix_List
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Three More 0-Day Vulnerabilities in iOS
https://habr.com/en/post/579714/
original russian version: https://habr.com/en/post/579716/
Cisco CAPWAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf
Sonicwall SMA 100 Series Vulnerablity
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/
Autodiscover Attacks
https://autodiscover-vulnerable-tlds.com
https://wiki.mozilla.org/Public_Suffix_List
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Three More 0-Day Vulnerabilities in iOS
https://habr.com/en/post/579714/
original russian version: https://habr.com/en/post/579716/
Cisco CAPWAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf
Sonicwall SMA 100 Series Vulnerablity
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
ISC StormCast for Friday, September 24th, 2021
24 september 2021 |
6 min
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
ISC StormCast for Thursday, September 23rd, 2021
23 september 2021 |
7 min
An XML-Obfustcated Office Document (CVE-2021-40444)
https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
ISC StormCast for Wednesday, September 22nd, 2021
22 september 2021 |
6 min
A First Look at Apple's iOS 15 "Private Relay" feature
https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
ISC StormCast for Tuesday, September 21st, 2021
21 september 2021 |
6 min
OMIGOD Exploits Captured in the Wild.
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
ISC StormCast for Monday, September 20th, 2021
20 september 2021 |
6 min
Malicious Calendar Subscriptions Are Back
https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
ISC StormCast for Friday, September 17th, 2021
17 september 2021 |
7 min
Phishing 101: why depend on one suspicious message subject when you can use many
https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
ISC StormCast for Thursday, September 16th, 2021
16 september 2021 |
5 min
Hancitor Campaign Abusing Microsoft's OneDrive
https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/
"Secret"Agent Exposes Azure Customers To Unauthorized Code Execution
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/
"Secret"Agent Exposes Azure Customers To Unauthorized Code Execution
https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution
ISC StormCast for Wednesday, September 15th, 2021
15 september 2021 |
5 min
ISC StormCast for Tuesday, September 14th, 2021
14 september 2021 |
5 min
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
ISC StormCast for Monday, September 13th, 2021
13 september 2021 |
6 min
Shipping Microsoft DNS Logs to Elasticsearch
https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
ISC StormCast for Friday, September 10th, 2021
10 september 2021 |
7 min
ISC/DShield API Updates
https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
ISC StormCast for Thursday, September 9th, 2021
9 september 2021 |
6 min
Protonmail Correction
https://protonmail.com/blog/climate-activist-arrest/
https://protonmail.com/privacy-policy
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
Thyotic Secret Server Critical Update
https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md
Zoho Vulnerablity Exploited
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
https://protonmail.com/blog/climate-activist-arrest/
https://protonmail.com/privacy-policy
"Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/
Thyotic Secret Server Critical Update
https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md
Zoho Vulnerablity Exploited
https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html
ISC StormCast for Wednesday, September 8th, 2021
8 september 2021 |
6 min
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
ISC StormCast for Tuesday, September 7th, 2021
7 september 2021 |
5 min
Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://www.jenkins.io/blog/2021/09/04/wiki-attacked/
ProxyShell Update
https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
RCE-0-Day for GhostScript 9.50
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
Netgear Switch Auth Bypass
https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
https://www.jenkins.io/blog/2021/09/04/wiki-attacked/
ProxyShell Update
https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
RCE-0-Day for GhostScript 9.50
https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50
Netgear Switch Auth Bypass
https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145
ISC StormCast for Friday, September 3rd, 2021
3 september 2021 |
14 min
Attackers Will Always Abuse Major Events in our Lifes
https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084
https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
GitHub Removing old Ciphers / Keys
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Hackers are Selling Tool to Hide Malware in GPUs
https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html
Michael Beck: Cloud Forensics Triage Framework (CFTF)
https://www.sans.org/white-papers/40415/
https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084
https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
GitHub Removing old Ciphers / Keys
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Hackers are Selling Tool to Hide Malware in GPUs
https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html
Michael Beck: Cloud Forensics Triage Framework (CFTF)
https://www.sans.org/white-papers/40415/
ISC StormCast for Thursday, September 2nd, 2021
2 september 2021 |
6 min
STRRAT: A Java Based RAT That Doesn't Care if You Have Java
https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/
IPC360 Baby Monitor Vulnerability
https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf
Annke Network Video Recorder Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
ProxyWare Abuse
https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/
IPC360 Baby Monitor Vulnerability
https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf
Annke Network Video Recorder Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
ProxyWare Abuse
https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
ISC StormCast for Wednesday, September 1st, 2021
1 september 2021 |
5 min
BrakTooth: Impacts, Implications and Next Steps
https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/
Fortress Home Security System Weakness
https://threatpost.com/fortress-home-security-remote-disarmament/169069/
PostgreSQL set_user Module Vulnerability
https://www.postgresql.org/about/news/set_user-201-released-2279/
https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/
Fortress Home Security System Weakness
https://threatpost.com/fortress-home-security-remote-disarmament/169069/
PostgreSQL set_user Module Vulnerability
https://www.postgresql.org/about/news/set_user-201-released-2279/
ISC StormCast for Tuesday, August 31st, 2021
31 augusti 2021 |
6 min
Cryptocurrency Clipboard Swapper Delivered With Love
https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/
ProxyToken Vulnerability in Exchange
https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
LockFile Ransomware Evasion Tricks
https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/
ProxyToken Vulnerability in Exchange
https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
LockFile Ransomware Evasion Tricks
https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
ISC StormCast for Monday, August 30th, 2021
30 augusti 2021 |
5 min
ChaosDB: Azure Cosmos Database Vulnerability
https://chaosdb.wiz.io
Phishing via Open Redirects
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
Parallels Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/208188
https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
https://chaosdb.wiz.io
Phishing via Open Redirects
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
Parallels Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/208188
https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
ISC StormCast for Friday, August 27th, 2021
27 augusti 2021 |
6 min
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
GETH DoS Vulnerability
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8
Confluence Security Advisory
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
VMWare Updates
https://www.vmware.com/security/advisories.html
https://tools.cisco.com/security/center/publicationListing.x
GETH DoS Vulnerability
https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8
Confluence Security Advisory
https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html
VMWare Updates
https://www.vmware.com/security/advisories.html
ISC StormCast for Thursday, August 26th, 2021
26 augusti 2021 |
6 min
There May Be Many More SPF Records Than We Might Expect
https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
ISC StormCast for Wednesday, August 25th, 2021
25 augusti 2021 |
5 min
Attackers Hunting for Twilio Credentials
https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
ISC StormCast for Tuesday, August 24th, 2021
24 augusti 2021 |
6 min
Out of Band Phishing Using SMS Messages to Evade Network Detection
https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
ISC StormCast for Monday, August 23rd, 2021
23 augusti 2021 |
5 min
Waiting for the C2 to Show Up
https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
ISC StormCast for Friday, August 20th, 2021
20 augusti 2021 |
15 min
When Lightning Strikes: What works and doesn't work
https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
ISC StormCast for Thursday, August 19th, 2021
19 augusti 2021 |
5 min
5 Things to Consider Before Moving Back to the Office
https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
ISC StormCast for Wednesday, August 18th, 2021
18 augusti 2021 |
6 min
Laravel Exploit Attempts Tageting Vulnerability in "Ignition"
https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/
ThroughTek "Kaley" Protocol Vulnerability
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Fortinet FortiWeb Vulnerability
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/
ThroughTek "Kaley" Protocol Vulnerability
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Fortinet FortiWeb Vulnerability
https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/
ISC StormCast for Tuesday, August 17th, 2021
17 augusti 2021 |
5 min
Triage of Malware Bazaar's Daily Malware Batches
https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/
Realtek SDK Vulnerability
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
STARTTLS Vulnerabilities
https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak
Racoon Infostealer Self Infection
https://mobile.twitter.com/HRock/status/1427259563363950596
https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/
Realtek SDK Vulnerability
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf
STARTTLS Vulnerabilities
https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak
Racoon Infostealer Self Infection
https://mobile.twitter.com/HRock/status/1427259563363950596
ISC StormCast for Monday, August 16th, 2021
16 augusti 2021 |
6 min
Exchange E-Discovery Scans
https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/
Danabot Distributed Through Malspam
https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
Weaponizing Middleboxes
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
Deep Blue Magic Ransomware
https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/
Danabot Distributed Through Malspam
https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/
Weaponizing Middleboxes
https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/
https://www.usenix.org/conference/usenixsecurity21/presentation/bock
Deep Blue Magic Ransomware
https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html
ISC StormCast for Friday, August 13th, 2021
13 augusti 2021 |
3 min
Print Nightmare Continues: CVE-2021-36958
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Print Nightmare Abused by Ransomware Gangs
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
PolyNetwork Attack
https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Print Nightmare Abused by Ransomware Gangs
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
PolyNetwork Attack
https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/
ISC StormCast for Thursday, August 12th, 2021
12 augusti 2021 |
6 min
TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike
https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
New AdLoad Campaign Goes Undetected by XProtect
https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/
Android FlyTrap Malware Hitting Facebook Users
https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html
5G Shortcuts allow Evesdropping
https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/
Cloud DNS Service Weeknesses
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/
New AdLoad Campaign Goes Undetected by XProtect
https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/
Android FlyTrap Malware Hitting Facebook Users
https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html
5G Shortcuts allow Evesdropping
https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/
Cloud DNS Service Weeknesses
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
ISC StormCast for Wednesday, August 11th, 2021
11 augusti 2021 |
5 min
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/
Adobe Patches
https://helpx.adobe.com/security.html
cPanel/WHM Vulnerabilities
https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/
Firefox Update Released
https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/
Adobe Patches
https://helpx.adobe.com/security.html
cPanel/WHM Vulnerabilities
https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/
Firefox Update Released
https://www.mozilla.org/en-US/firefox/91.0/releasenotes/
ISC StormCast for Tuesday, August 10th, 2021
10 augusti 2021 |
6 min
Microsoft Exchange ProxyShell
https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/
Synology Warns of Brute Force Attacks
https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet
Router Auth Bypass
https://threatpost.com/auth-bypass-bug-routers-exploited/168491/
Firefox Version 100 Experiment
https://bugzilla.mozilla.org/show_bug.cgi?id=1719070
Interaction Less Vulnerabilities in Messaging Apps
https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html
HTTP2 Vulnerabilities
https://portswigger.net/research/http2#conclusion
https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/
Synology Warns of Brute Force Attacks
https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet
Router Auth Bypass
https://threatpost.com/auth-bypass-bug-routers-exploited/168491/
Firefox Version 100 Experiment
https://bugzilla.mozilla.org/show_bug.cgi?id=1719070
Interaction Less Vulnerabilities in Messaging Apps
https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html
HTTP2 Vulnerabilities
https://portswigger.net/research/http2#conclusion
ISC StormCast for Monday, August 9th, 2021
9 augusti 2021 |
5 min
Malicious Microsoft Word Remains A Key Infection Vector
https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/
Malware Bazaar Daily Download
https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/
Go/Rust IP Address Validation Vulnerability
https://github.com/rust-lang/rust/pull/83652
Facial Recognition "Master Keys"
https://arxiv.org/pdf/2108.01077.pdf
Pulse Secure Patch Bypass
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858
Hadoop ResourceManager Vulnerability Exploited
https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/
Malware Bazaar Daily Download
https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/
Go/Rust IP Address Validation Vulnerability
https://github.com/rust-lang/rust/pull/83652
Facial Recognition "Master Keys"
https://arxiv.org/pdf/2108.01077.pdf
Pulse Secure Patch Bypass
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858
Hadoop ResourceManager Vulnerability Exploited
https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/
ISC StormCast for Friday, August 6th, 2021
6 augusti 2021 |
15 min
Cisco Patches Unauthencticated RCE in RV340/345 devices
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
Telegram Flawed Self Destruct in MacOS
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/
Significant Vulnerabilities in MacOS Privacy Protections
https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections
Windows Hello Bypass
https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/
STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy
Telegram Flawed Self Destruct in MacOS
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/
Significant Vulnerabilities in MacOS Privacy Protections
https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections
Windows Hello Bypass
https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/
STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380
ISC StormCast for Thursday, August 5th, 2021
5 augusti 2021 |
6 min
Pivoting and Hunting for Shenanigans from a Reported Phishing Domain
https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/
NichStack TCP/IP Vulnerabilities
https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/
Securing the Cloud
https://www.sans.org/newsletters/ouch/securely-using-the-cloud/
Lockbit Recruiting Insiders
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
Sneaky Phishing Hittin Office 365 Users
https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html
https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/
NichStack TCP/IP Vulnerabilities
https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/
Securing the Cloud
https://www.sans.org/newsletters/ouch/securely-using-the-cloud/
Lockbit Recruiting Insiders
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/
Sneaky Phishing Hittin Office 365 Users
https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html
ISC StormCast for Wednesday, August 4th, 2021
3 augusti 2021 |
5 min
2FA Issues
https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/
Crazy Smishing
https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/
Google Chrome Update
https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/
Google Android Update
https://source.android.com/security/bulletin/2021-08-01?hl=en
DoD/NSA Publichses Kubernetes Hardening Guides
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/
Crazy Smishing
https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/
Google Chrome Update
https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html
https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/
Google Android Update
https://source.android.com/security/bulletin/2021-08-01?hl=en
DoD/NSA Publichses Kubernetes Hardening Guides
https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF
ISC StormCast for Tuesday, August 3rd, 2021
3 augusti 2021 |
6 min
Unsolicited DNS Queries
https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
Changing BAT Files on the Fly
https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/
Empty NPM Package has Over 700,000 Downloads
https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/
Blocking PetitPotam with netsh RPC Filters
https://twitter.com/gentilkiwi/status/1421949715986403329
Pneumatic Tube Vulnerabilities
https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
Changing BAT Files on the Fly
https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/
Empty NPM Package has Over 700,000 Downloads
https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/
Blocking PetitPotam with netsh RPC Filters
https://twitter.com/gentilkiwi/status/1421949715986403329
Pneumatic Tube Vulnerabilities
https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
ISC StormCast for Sunday, August 1st, 2021
1 augusti 2021 |
5 min
Infected With a .reg File
https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
Excessive Exchange Permissions (Patched)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2186
Node.JS July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Malicious PyPi Packages
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
REvil / Darkside May be Back as Blackmatter
https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
Excessive Exchange Permissions (Patched)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2186
Node.JS July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Malicious PyPi Packages
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
REvil / Darkside May be Back as Blackmatter
https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
ISC StormCast for Friday, July 30th, 2021
30 juli 2021 |
6 min
Malicious Content Delivered Trhough archive.org
https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
https://arxiv.org/abs/2107.12699
Crimea "manifesto" deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
https://arxiv.org/abs/2107.12699
Crimea "manifesto" deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
ISC StormCast for Thursday, July 29th, 2021
29 juli 2021 |
9 min
A Sextortion E-Mail From ... IT Support?!
https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/
AV-Test Compares Android Anti-Virus Software
https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/
Oscorp evolves into UBEL: Advanced Android Malware
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
QOMPLX Reboots Punkspider
https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html
AFRINIC IPv4 Address Heist
https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/
AV-Test Compares Android Anti-Virus Software
https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/
Oscorp evolves into UBEL: Advanced Android Malware
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
QOMPLX Reboots Punkspider
https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html
AFRINIC IPv4 Address Heist
https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
ISC StormCast for Wednesday, July 28th, 2021
28 juli 2021 |
7 min
Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS)
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
Zimbra 8.8.15 XSS and SSRF Vulnerability
https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
LockBit Ransomware Uses Group Policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
Microsoft Extending SafeLinks to Teams
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
Zimbra 8.8.15 XSS and SSRF Vulnerability
https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
LockBit Ransomware Uses Group Policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
Microsoft Extending SafeLinks to Teams
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
ISC StormCast for Tuesday, July 27th, 2021
27 juli 2021 |
6 min
Recovering Malspam Password
https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/
Apple Patches 0-Day
https://support.apple.com/en-us/HT201222
Attackers Adopt Exotic Programming Languages
https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages
LemonDuck/LemonCat Coinminers Going Multi-OS
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
GitHub Expending Supply Chain Security Support to Go
https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/
Apple Patches 0-Day
https://support.apple.com/en-us/HT201222
Attackers Adopt Exotic Programming Languages
https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages
LemonDuck/LemonCat Coinminers Going Multi-OS
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
GitHub Expending Supply Chain Security Support to Go
https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
ISC StormCast for Monday, July 26th, 2021
26 juli 2021 |
6 min
PetitPotam ADCS Domain Admin Vulnerability
https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/
XCSSET Mac Malware Target Google Chrome / Telegram
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Defunct Video Hosting Site Flooding Normal Websites With Porn
https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/
XCSSET Mac Malware Target Google Chrome / Telegram
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Defunct Video Hosting Site Flooding Normal Websites With Porn
https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
ISC StormCast for Friday, July 23rd, 2021
23 juli 2021 |
6 min
Akamai Outage
https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/
"Summer of SAM" Continues
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2021.html
Kaseya Decryptor Available
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Jira Data Center and Jira Service Management Data Center Security Advisory
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
Forgot password? Taking over user accounts Kaminsky style
https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/
"Summer of SAM" Continues
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2021.html
Kaseya Decryptor Available
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Jira Data Center and Jira Service Management Data Center Security Advisory
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
Forgot password? Taking over user accounts Kaminsky style
https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
ISC StormCast for Thursday, July 22nd, 2021
22 juli 2021 |
7 min
Microsoft Published Summer of SAM Guidance
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Apple Patches Everything
https://support.apple.com/en-us/HT201222
Formbook/XLoader Malware Ported to Mac
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Pulse Secure Backdoors
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Apple Patches Everything
https://support.apple.com/en-us/HT201222
Formbook/XLoader Malware Ported to Mac
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Pulse Secure Backdoors
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
ISC StormCast for Wednesday, July 21st, 2021
21 juli 2021 |
7 min
Windows Registry Hives Permission Problem
https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/
HP Printer Drivers Allows Privilege Escalation
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
Linux Local Privilege Escalation in Filesystem Layer
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
FortiManager and FortiAnalyzer Vulnerability
https://www.fortiguard.com/psirt/FG-IR-21-067
https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/
HP Printer Drivers Allows Privilege Escalation
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
Linux Local Privilege Escalation in Filesystem Layer
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
FortiManager and FortiAnalyzer Vulnerability
https://www.fortiguard.com/psirt/FG-IR-21-067
ISC StormCast for Tuesday, July 20th, 2021
20 juli 2021 |
6 min
New Windows Print Spooler Vulnerability - CVE-2021-34481
https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/
iOS/WatchOS/tvOS/Safari Updates
https://support.apple.com/en-us/HT201222
iOS Format String Vulnerability Exploitable as RCE
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Surfside Condo Collapse Scams
https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/
iOS/WatchOS/tvOS/Safari Updates
https://support.apple.com/en-us/HT201222
iOS Format String Vulnerability Exploitable as RCE
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Surfside Condo Collapse Scams
https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
ISC StormCast for Monday, July 19th, 2021
19 juli 2021 |
6 min
Multiple BaseXX Obfuscations
https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/
Juniper Patches: Radius Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST
fail2ban vulnerability
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
NSO Group Victims Leaked
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Dangers of Autofilling Passwords
https://marektoth.com/blog/password-managers-autofill/#analysis
https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/
Juniper Patches: Radius Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST
fail2ban vulnerability
https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm
NSO Group Victims Leaked
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Dangers of Autofilling Passwords
https://marektoth.com/blog/password-managers-autofill/#analysis
ISC StormCast for Friday, July 16th, 2021
16 juli 2021 |
6 min
USPS Phishing Kit Reporting Data Back Via Telegram
https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/
Sonicwall Warns of Ransomware
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
WooCommerce Flaw Exploited
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
KiwiSDR Backdoor
https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/
Sonicwall Warns of Ransomware
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
WooCommerce Flaw Exploited
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
KiwiSDR Backdoor
https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
ISC StormCast for Thursday, July 15th, 2021
15 juli 2021 |
6 min
One way to fail at malspam - give reipients the wrong password
https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
SAP Netweaver Vulnerabilities
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter/
less.js RCE
https://www.softwaresecured.com/exploiting-less-js
https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
SAP Netweaver Vulnerabilities
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter/
less.js RCE
https://www.softwaresecured.com/exploiting-less-js
ISC StormCast for Wednesday, July 14th, 2021
14 juli 2021 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
ForgeRock OpenAM Vulnerability
https://backstage.forgerock.com/knowledge/kb/article/a47894244
GMail Supporting BIMI
https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace
https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb21-51.html
ForgeRock OpenAM Vulnerability
https://backstage.forgerock.com/knowledge/kb/article/a47894244
GMail Supporting BIMI
https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace
ISC StormCast for Tuesday, July 13th, 2021
13 juli 2021 |
6 min
Kaseya Releases Patch and Hardening Guide
https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417
Solarwinds Advisory CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Mint Mobile Breach and Porting
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/
Twitter Verified Account Mistake
https://twitter.com/conspirator0/status/1414475519609999366
https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417
Solarwinds Advisory CVE-2021-35211
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211
Mint Mobile Breach and Porting
https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/
Twitter Verified Account Mistake
https://twitter.com/conspirator0/status/1414475519609999366
ISC StormCast for Monday, July 12th, 2021
12 juli 2021 |
6 min
Scanning for Microsoft Secure Socket Tunneling Protocol
https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/
Hancitor tries XLL as Initial Malware File
https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/
Android Updates
https://source.android.com/security/bulletin/2021-07-01
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4
Job Seekers Attacked with Malicious Documents
https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/
Hancitor tries XLL as Initial Malware File
https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/
Android Updates
https://source.android.com/security/bulletin/2021-07-01
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4
Job Seekers Attacked with Malicious Documents
https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
ISC StormCast for Friday, July 9th, 2021
9 juli 2021 |
6 min
Using Sudo With Python For More Security Controls
https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/
Fake Kaseya Updates Include CobaltStrike Payload
https://www.theregister.com/2021/07/07/kaseya_malware_patches_/
WildPressure macOS Trojan
https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east
https://www.patreon.com/posts/53462690
iCloud Password Reset Weaknesss
https://thezerohack.com/apple-vulnerability-bug-bounty
https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/
Fake Kaseya Updates Include CobaltStrike Payload
https://www.theregister.com/2021/07/07/kaseya_malware_patches_/
WildPressure macOS Trojan
https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east
https://www.patreon.com/posts/53462690
iCloud Password Reset Weaknesss
https://thezerohack.com/apple-vulnerability-bug-bounty
ISC StormCast for Thursday, July 8th, 2021
8 juli 2021 |
6 min
Microsoft Releases Patches for CVE-2021-34527 UPDATED
https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/
GitLab Update
https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html
Vulnerable NuGet Packages
https://blog.secure.software/third-party-code-comes-with-some-baggage
https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/
GitLab Update
https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html
Vulnerable NuGet Packages
https://blog.secure.software/third-party-code-comes-with-some-baggage
ISC StormCast for Wednesday, July 7th, 2021
7 juli 2021 |
9 min
Microsoft Releases Printnightmare Patch
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Kaseya Update
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Kaspersky Password Manager
https://donjon.ledger.com/kaspersky-password-manager/
Amazon Echo Dot After Reset Artifacts
https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
Kaseya Update
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Kaspersky Password Manager
https://donjon.ledger.com/kaspersky-password-manager/
Amazon Echo Dot After Reset Artifacts
https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
ISC StormCast for Tuesday, July 6th, 2021
6 juli 2021 |
7 min
Kaseya REvil Update
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
Printnightmare Update
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
Expired RPM Key Problem
https://github.com/rpm-software-management/rpm/issues/1598
Node.JS Update
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
Printnightmare Update
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
Expired RPM Key Problem
https://github.com/rpm-software-management/rpm/issues/1598
Node.JS Update
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
ISC StormCast for Monday, July 5th, 2021
4 juli 2021 |
5 min
Kaseya VSA REvil Ransomware Incident
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b
https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
ISC StormCast for Friday, July 2nd, 2021
2 juli 2021 |
8 min
Print Spooler printnightmare Update
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527
https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c
https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/
https://github.com/LaresLLC/CVE-2021-1675
ISC StormCast for Thursday, July 1st, 2021
1 juli 2021 |
7 min
CVE-2021-1675 Incomplete Patch - Printnightmware
https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/
Internet Explorer PDF Update
https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7
NETGEAR Router Vulnerabilities (DGN-2200v1)
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/
Internet Explorer PDF Update
https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7
NETGEAR Router Vulnerabilities (DGN-2200v1)
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
ISC StormCast for Wednesday, June 30th, 2021
30 juni 2021 |
6 min
Google "Sweepstake" Phish Withouth Link
https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/
Forensics Contest Solution / Winner
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
WD MyBook Details
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/
Adobe Experience Manager PoC
https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/
Forensics Contest Solution / Winner
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/
WD MyBook Details
https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/
Adobe Experience Manager PoC
https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
ISC StormCast for Monday, June 28th, 2021
28 juni 2021 |
6 min
Increase in UDP Port 389 Scans (LDAP/AD)
https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/
CD/DVD Destruction
https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/
Zyxel Exploits
https://twitter.com/JAMESWT_MHT/status/1407987022170578946
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN
Cisco Vulnerability Exploited
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
Microsoft Signs Netfilter Rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/
CD/DVD Destruction
https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/
Zyxel Exploits
https://twitter.com/JAMESWT_MHT/status/1407987022170578946
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN
Cisco Vulnerability Exploited
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
Microsoft Signs Netfilter Rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
ISC StormCast for Friday, June 25th, 2021
25 juni 2021 |
6 min
Do You Like Cookies? Some are for sale!
https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/
A supply-chain breach: Taking over an Atlassian account
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf
Dell Bios Connect Vulnerability
https://eclypsium.com/2021/06/24/biosdisconnect/
ATM Jackpotting via NFC
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/
A supply-chain breach: Taking over an Atlassian account
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf
Dell Bios Connect Vulnerability
https://eclypsium.com/2021/06/24/biosdisconnect/
ATM Jackpotting via NFC
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
ISC StormCast for Thursday, June 24th, 2021
24 juni 2021 |
6 min
DNS Name Server Hijack Attack
https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
Paloalto Cortex XSOAR Vulnerablity
https://security.paloaltonetworks.com/CVE-2021-3044
VMWare Carbon Black App Control Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?
Standing With Security Researchers Against Misuse of the DMCA
https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
Paloalto Cortex XSOAR Vulnerablity
https://security.paloaltonetworks.com/CVE-2021-3044
VMWare Carbon Black App Control Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?
Standing With Security Researchers Against Misuse of the DMCA
https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
ISC StormCast for Wednesday, June 23rd, 2021
23 juni 2021 |
6 min
Phishing asking recipients not to report abuse
https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/
PyPi Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Dovecot TLS Implementation Vulnerability
https://hackerone.com/reports/1204962
(see the link to the PDF for more details)
Sonicwall Patch Incomplete
https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/
PyPi Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Dovecot TLS Implementation Vulnerability
https://hackerone.com/reports/1204962
(see the link to the PDF for more details)
Sonicwall Patch Incomplete
https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
ISC StormCast for Tuesday, June 22nd, 2021
22 juni 2021 |
5 min
Attack and Defend: Distributed Web Applications (free Webcast)
https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610
Darkside Impersonators
https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/
Tesla RAT COVID-19 Vaccination Phish
https://threatpost.com/agent-tesla-covid-vax-phish/167082/
Tor Browser Update
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Schneider PowerLogic Vulnerabilities
https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html
AutoCAD Update
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610
Darkside Impersonators
https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/
Tesla RAT COVID-19 Vaccination Phish
https://threatpost.com/agent-tesla-covid-vax-phish/167082/
Tor Browser Update
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Schneider PowerLogic Vulnerabilities
https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html
AutoCAD Update
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
ISC StormCast for Monday, June 21st, 2021
21 juni 2021 |
6 min
Network Forensics on Azure VMs (Part #2)
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
Google Open Redirect Being Abused
https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
iOS Wifi Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
NSA VoIP Security Guide
https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
Google Open Redirect Being Abused
https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
iOS Wifi Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
NSA VoIP Security Guide
https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
ISC StormCast for Friday, June 18th, 2021
18 juni 2021 |
6 min
Network Forensics on Azure VMs
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/
Fake Ledger Hardware Wallets
https://www.ledger.com/phishing-campaigns-status#phishing-campaigns
https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/
Zoll Defibrilator Dashboard Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01
Akamai Prolexic Outage
https://threatpost.com/hiccup-akamais-ddos-outages/167004/
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/
Fake Ledger Hardware Wallets
https://www.ledger.com/phishing-campaigns-status#phishing-campaigns
https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/
Zoll Defibrilator Dashboard Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01
Akamai Prolexic Outage
https://threatpost.com/hiccup-akamais-ddos-outages/167004/
ISC StormCast for Thursday, June 17th, 2021
17 juni 2021 |
5 min
June 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/
ThroughTek IP Camera SDK Vulnerability
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Peleoton Insecure Boot Vulnerability
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
Microsoft Defender for Endpoint Detecting Jailbroken Devices
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/
ThroughTek IP Camera SDK Vulnerability
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Peleoton Insecure Boot Vulnerability
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
Microsoft Defender for Endpoint Detecting Jailbroken Devices
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
ISC StormCast for Wednesday, June 16th, 2021
16 juni 2021 |
6 min
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/
Google Open Sourcing Homomorphic Encrypion Libraries
https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html
Stealing Tokens, emails, files and more in Microsoft Teams
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/
Google Open Sourcing Homomorphic Encrypion Libraries
https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html
Stealing Tokens, emails, files and more in Microsoft Teams
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
ISC StormCast for Tuesday, June 15th, 2021
15 juni 2021 |
6 min
Apple iOS 12.5.4 Security Update
https://support.apple.com/en-us/HT212548
NIST.gov DNS Issues
https://puck.nether.net/pipermail/outages/2021-June/013670.html
Akkadian Provisioning Manager Multiple Vulnerabilities
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Bypassing MFA in Exchange Online
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
https://support.apple.com/en-us/HT212548
NIST.gov DNS Issues
https://puck.nether.net/pipermail/outages/2021-June/013670.html
Akkadian Provisioning Manager Multiple Vulnerabilities
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Bypassing MFA in Exchange Online
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
ISC StormCast for Monday, June 14th, 2021
14 juni 2021 |
7 min
EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks
https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/
Older Fortinet Vulnerability Still Exploited
https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/
PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition
http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf
Linux Vulnerability in polkit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/
Older Fortinet Vulnerability Still Exploited
https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/
PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition
http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf
Linux Vulnerability in polkit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
ISC StormCast for Friday, June 11th, 2021
11 juni 2021 |
7 min
Are Cookie Banners a Waste of Time or a Complete Waste of Time?
https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/
Citrix Application Delivery Controller Vulnerability
https://support.citrix.com/article/CTX297155
VoIP Monitor GUI XSS
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ
https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/
Citrix Application Delivery Controller Vulnerability
https://support.citrix.com/article/CTX297155
VoIP Monitor GUI XSS
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ
https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
ISC StormCast for Thursday, June 10th, 2021
10 juni 2021 |
6 min
Architecture, Compilers and Black Magic
https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/
ALPACA TLS Attack
https://alpaca-attack.com/ALPACA.pdf
Google Chrome Update
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/
ALPACA TLS Attack
https://alpaca-attack.com/ALPACA.pdf
Google Chrome Update
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
ISC StormCast for Wednesday, June 9th, 2021
9 juni 2021 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
Adobe Updates
https://helpx.adobe.com/security.html
Let's Encrypt and CentOS 7
https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
Adobe Updates
https://helpx.adobe.com/security.html
Let's Encrypt and CentOS 7
https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
ISC StormCast for Tuesday, June 8th, 2021
8 juni 2021 |
6 min
Amazon Sidewalk
https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/
Windows Container Malware
https://unit42.paloaltonetworks.com/siloscape/
Darkside Ransom Confiscated
https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945
https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/
Windows Container Malware
https://unit42.paloaltonetworks.com/siloscape/
Darkside Ransom Confiscated
https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945
ISC StormCast for Monday, June 7th, 2021
7 juni 2021 |
5 min
Strange Goings on With Port 37
https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/
QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21
Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT
VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/
QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21
Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT
VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
ISC StormCast for Friday, June 4th, 2021
4 juni 2021 |
6 min
Script to Test CIS Zoom Benchmark
https://github.com/turbot/steampipe-mod-zoom-compliance
F5 BIG-IP Edge Client for Windows Vulnerability
https://support.f5.com/csp/article/K20346072
Fancy Product Designer Wordpress Plugin Vulnerability
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
WordPress Pushes Jetpack Plugin Patch
https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
We.Lock Vulnerability
https://github.com/CriticalSecurity/welock
https://github.com/turbot/steampipe-mod-zoom-compliance
F5 BIG-IP Edge Client for Windows Vulnerability
https://support.f5.com/csp/article/K20346072
Fancy Product Designer Wordpress Plugin Vulnerability
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
WordPress Pushes Jetpack Plugin Patch
https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
We.Lock Vulnerability
https://github.com/CriticalSecurity/welock
ISC StormCast for Thursday, June 3rd, 2021
3 juni 2021 |
5 min
Realtek RTL8170C Vulnerabilities
https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
Huawei LTE USB Stick E3372 Vulnerablity
https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/
NortonLifeLock Crypto
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
OpenPGP RNP Patch
https://www.rnpgp.org/advisories/ri-2021-001/
https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day
Huawei LTE USB Stick E3372 Vulnerablity
https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/
NortonLifeLock Crypto
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
OpenPGP RNP Patch
https://www.rnpgp.org/advisories/ri-2021-001/
ISC StormCast for Wednesday, June 2nd, 2021
2 juni 2021 |
6 min
Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses
https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
Bypassing Protected Folders Protections
https://dl.acm.org/doi/10.1145/3431286
Firefox 89 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Microsoft Edge Will make https default
https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
Bypassing Protected Folders Protections
https://dl.acm.org/doi/10.1145/3431286
Firefox 89 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Microsoft Edge Will make https default
https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
ISC StormCast for Tuesday, June 1st, 2021
1 juni 2021 |
5 min
Malicious PowerShell Hosted on script.google.com
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/
Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/
Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/
Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/
Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
ISC StormCast for Friday, May 28th, 2021
28 maj 2021 |
7 min
AV evasion with 64-bit Executables
https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type-confusion/
VSCode Extension Vulnerabilities
https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/
M1RACLES
https://m1racles.com
https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type-confusion/
VSCode Extension Vulnerabilities
https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/
M1RACLES
https://m1racles.com
ISC StormCast for Thursday, May 27th, 2021
27 maj 2021 |
6 min
A Survey of Bluetooth Vulnerabilities
https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Attacks on PDF Certification
https://www.pdf-insecurity.org
nginx vulnerability
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Attacks on PDF Certification
https://www.pdf-insecurity.org
nginx vulnerability
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
ISC StormCast for Wednesday, May 26th, 2021
26 maj 2021 |
5 min
Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit
https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Trend Micro Bugs
https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Trend Micro Bugs
https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
ISC StormCast for Tuesday, May 25th, 2021
25 maj 2021 |
5 min
Apple Patches 0-Days
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
NAGIOS Vulnerabilities
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
NAGIOS Vulnerabilities
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
ISC StormCast for Monday, May 24th, 2021
24 maj 2021 |
6 min
Serverless Phishing Campaign
https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerable to http.sys Vulnerability
https://twitter.com/JimDinMN/status/1395071966487269376
Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution
https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerable to http.sys Vulnerability
https://twitter.com/JimDinMN/status/1395071966487269376
Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution
https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
ISC StormCast for Friday, May 21st, 2021
21 maj 2021 |
20 min
New YouTube Video Series: Everything you ever wanted to know about DNS and more
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/
Attackers Scanned for Exchange Servers Five Minutes after Patch Release
https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html
GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu
https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/
Attackers Scanned for Exchange Servers Five Minutes after Patch Release
https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html
GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu
https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
ISC StormCast for Thursday, May 20th, 2021
20 maj 2021 |
6 min
May 2021 Forensic Contest: Answers and Analysis
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability
QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover
https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability
QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover
https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
ISC StormCast for Wednesday, May 19th, 2021
19 maj 2021 |
5 min
From RunDLL32 to JavaScript then PowerShell
https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware Vulnerabilities
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Double Encrypting Ransomware
https://www.wired.com/story/ransomware-double-encryption/
https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware Vulnerabilities
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Double Encrypting Ransomware
https://www.wired.com/story/ransomware-double-encryption/
ISC StormCast for Tuesday, May 18th, 2021
18 maj 2021 |
6 min
Ransomware Defenses
https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/
AXA Stops Ransomware Payments
https://www.insurancejournal.com/news/international/2021/05/09/613255.htm
http.sys Proof of Concept
https://github.com/0vercl0k/CVE-2021-31166
Google/Mozilla colaborating on HTML Sanitizer API
https://wicg.github.io/sanitizer-api/#sanitizer-api
SANS Technology Institute Research Journal
https://www.sans.edu/cyber-research
https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/
AXA Stops Ransomware Payments
https://www.insurancejournal.com/news/international/2021/05/09/613255.htm
http.sys Proof of Concept
https://github.com/0vercl0k/CVE-2021-31166
Google/Mozilla colaborating on HTML Sanitizer API
https://wicg.github.io/sanitizer-api/#sanitizer-api
SANS Technology Institute Research Journal
https://www.sans.edu/cyber-research
ISC StormCast for Monday, May 17th, 2021
17 maj 2021 |
6 min
"Open" Access to Industrial Systems Interfaces is Also Far From Zero
https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/
Malicious Rust Macro for VSCode
https://github.com/lucky/bad_actor_poc
Exim PoC Released
https://adepts.of0x.cc/exim-cve-2020-28018/
Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity
https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/
Malicious Rust Macro for VSCode
https://github.com/lucky/bad_actor_poc
Exim PoC Released
https://adepts.of0x.cc/exim-cve-2020-28018/
Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity
https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
ISC StormCast for Friday, May 14th, 2021
14 maj 2021 |
7 min
Cross Browser Tracking with Schemeflood
https://fingerprintjs.com/blog/external-protocol-flooding/
Cisco AnyConnect Secure Mobility Client Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
MSBuild Abused By Attackers
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
https://fingerprintjs.com/blog/external-protocol-flooding/
Cisco AnyConnect Secure Mobility Client Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
MSBuild Abused By Attackers
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
ISC StormCast for Thursday, May 13th, 2021
13 maj 2021 |
6 min
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/
Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775
Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html
Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my
https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/
Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775
Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html
Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my
ISC StormCast for Wednesday, May 12th, 2021
12 maj 2021 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408
WiFi Fragmentation Attacks
https://www.fragattacks.com
https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408
WiFi Fragmentation Attacks
https://www.fragattacks.com
ISC StormCast for Tuesday, May 11th, 2021
11 maj 2021 |
5 min
Validating IP Addresses: Why Encoding Matters
https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/
Jail Breaking AirTags
https://twitter.com/ghidraninja/status/1391148503196438529
Malicious Tor Exit Relay Activities
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/
Jail Breaking AirTags
https://twitter.com/ghidraninja/status/1391148503196438529
Malicious Tor Exit Relay Activities
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
ISC StormCast for Monday, May 10th, 2021
10 maj 2021 |
5 min
Who is Probing the Internet for Research Purposes
https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/
Cycle Hunter and tsuNAME DDoS Attack
https://github.com/SIDN/CycleHunter
https://tsuname.io/tech_report.pdf
Foxit Reader / Phantom PDF Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06
Hypocrit Patches Reviewed By Linux Foundation
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/
Cycle Hunter and tsuNAME DDoS Attack
https://github.com/SIDN/CycleHunter
https://tsuname.io/tech_report.pdf
Foxit Reader / Phantom PDF Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06
Hypocrit Patches Reviewed By Linux Foundation
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
ISC StormCast for Friday, May 7th, 2021
7 maj 2021 |
6 min
Scans for Exposed Azure Storage Containers
https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/
Qualcomm MSM Vulnerability
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Google to Automatically enroll users in 2SF
https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
New Cellebrite Vulnerabilities Announced
https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/
Qualcomm MSM Vulnerability
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Google to Automatically enroll users in 2SF
https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
New Cellebrite Vulnerabilities Announced
https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
ISC StormCast for Thursday, May 6th, 2021
6 maj 2021 |
6 min
May 2021 Forensic Contest
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/
Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files
https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
VMWare vRealize Business for Cloud Patch
https://kb.vmware.com/s/article/83475
Cisco Updates SD-WAN vManager / HyperFlex HX
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Security and Privacy Risks of Number Recycling at Mobile Carriers in the US
https://recyclednumbers.cs.princeton.edu
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/
Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files
https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
VMWare vRealize Business for Cloud Patch
https://kb.vmware.com/s/article/83475
Cisco Updates SD-WAN vManager / HyperFlex HX
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Security and Privacy Risks of Number Recycling at Mobile Carriers in the US
https://recyclednumbers.cs.princeton.edu
ISC StormCast for Wednesday, May 5th, 2021
5 maj 2021 |
6 min
Android Update
https://source.android.com/security/bulletin/2021-05-01?hl=en
Dell Privilege Escalation Vulnerability
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
Exim Mail Server Vulnerabilities
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Quick and Dirty Python: masscan
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/
ICMP Tunnel Backdoor
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
https://source.android.com/security/bulletin/2021-05-01?hl=en
Dell Privilege Escalation Vulnerability
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
Exim Mail Server Vulnerabilities
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Quick and Dirty Python: masscan
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/
ICMP Tunnel Backdoor
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
ISC StormCast for Tuesday, May 4th, 2021
4 maj 2021 |
5 min
Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS
https://support.apple.com/en-us/HT201222
PoC Exploit for CVE-2021-28482 (Microsoft Exchange)
https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda
https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f
Yet Another Processor Side-Channel: Micro-Ops Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
Pulse Secure Update
https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
https://support.apple.com/en-us/HT201222
PoC Exploit for CVE-2021-28482 (Microsoft Exchange)
https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda
https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f
Yet Another Processor Side-Channel: Micro-Ops Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
Pulse Secure Update
https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
ISC StormCast for Monday, May 3rd, 2021
3 maj 2021 |
6 min
Qiling: A true instrumentable binary emulation framework
https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/
Python "ipaddress" improper input validation
https://sick.codes/sick-2021-014/
EXIF Tool Vulnerabilities
https://twitter.com/wcbowling/status/1385803927321415687
ABUS Secvest Internet Connected Alarm Systems
https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973
FiveHands Ransomware Installed via SonicWall Flaw
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/
Python "ipaddress" improper input validation
https://sick.codes/sick-2021-014/
EXIF Tool Vulnerabilities
https://twitter.com/wcbowling/status/1385803927321415687
ABUS Secvest Internet Connected Alarm Systems
https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973
FiveHands Ransomware Installed via SonicWall Flaw
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
ISC StormCast for Friday, April 30th, 2021
30 april 2021 |
5 min
From Python to .Net
https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/
PHP Composer Vulnerability
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
Microsoft Identifies Several Integer Overflow Vulnerablities
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/
PHP Composer Vulnerability
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
Microsoft Identifies Several Integer Overflow Vulnerablities
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
ISC StormCast for Thursday, April 29th, 2021
29 april 2021 |
5 min
Stopping Google FLoC
https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org
RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246
https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org
RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246
ISC StormCast for Wednesday, April 28th, 2021
28 april 2021 |
4 min
Diving into a Singapore Post Phihsing E-Mail
https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/
Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms
https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/
Microsoft Defender Blocks Cryptojacking Malware
https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/
Linux Privilege Escalation Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/
Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms
https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/
Microsoft Defender Blocks Cryptojacking Malware
https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/
Linux Privilege Escalation Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
ISC StormCast for Tuesday, April 27th, 2021
27 april 2021 |
7 min
CAD: .DGN and .MVBA Files analyzed with oledump
https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/
MacOS 0-Day Bug Patched
https://objective-see.com/blog/blog_0x64.html
https://support.apple.com/en-us/HT201222
Emotet Uninstaller Triggered
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
HashiCorp Code Signing Key Exposed By Codecov Compromise
https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/
MacOS 0-Day Bug Patched
https://objective-see.com/blog/blog_0x64.html
https://support.apple.com/en-us/HT201222
Emotet Uninstaller Triggered
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
HashiCorp Code Signing Key Exposed By Codecov Compromise
https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
ISC StormCast for Monday, April 26th, 2021
26 april 2021 |
6 min
Compact VBA Macros
https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/
Base64 Strings Used in Web Scanning
https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/
Clickstudios Password Manager Compromise
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
Homebrew Code Execution Vulnerability
https://brew.sh/2021/04/21/security-incident-disclosure/
Apple AirDrop Shares Personal Data
https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/
Base64 Strings Used in Web Scanning
https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/
Clickstudios Password Manager Compromise
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
Homebrew Code Execution Vulnerability
https://brew.sh/2021/04/21/security-incident-disclosure/
Apple AirDrop Shares Personal Data
https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
ISC StormCast for Friday, April 23rd, 2021
23 april 2021 |
6 min
How Safe are Your Docker Images
https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/
Additional SolarWinds Infrastructure
https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/
Cellebrite Exploit
https://signal.org/blog/cellebrite-vulnerabilities/
Duo 2FA Bypass
https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/
Additional SolarWinds Infrastructure
https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/
Cellebrite Exploit
https://signal.org/blog/cellebrite-vulnerabilities/
Duo 2FA Bypass
https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
ISC StormCast for Thursday, April 22nd, 2021
22 april 2021 |
6 min
Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota
https://lore.kernel.org/lkml/[email protected]/
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
QNAP QLocker uses 7-Zip
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
Chrome O-Day Fixed
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
https://lore.kernel.org/lkml/[email protected]/
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
QNAP QLocker uses 7-Zip
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
Chrome O-Day Fixed
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
ISC StormCast for Wednesday, April 21st, 2021
21 april 2021 |
6 min
Pulse Secure VPN 0-Day Exploited
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
SonicWall Vulnerabilities
https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
Synology Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more
Air Fryer Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/
SonicWall Vulnerabilities
https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/
Synology Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more
Air Fryer Vulnerability
https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html
ISC StormCast for Tuesday, April 20th, 2021
20 april 2021 |
5 min
Hunting Phishing Websites with Favicon Hashes
https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/
Nagios XI Vulnerability Exploited by Cryptominers
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
XCSSET Malware Adapting to MacOS 11 and M1
https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html
QNAP Patches
https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/
Nagios XI Vulnerability Exploited by Cryptominers
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
XCSSET Malware Adapting to MacOS 11 and M1
https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html
QNAP Patches
https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
ISC StormCast for Monday, April 19th, 2021
19 april 2021 |
6 min
Decoding Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/
Codecov Breach
https://about.codecov.io/security-update/
Google Project Zero Tweaks Disclosure Rules
https://googleprojectzero.blogspot.com
EIPStackGroup OpENer Ethernet/IP
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
DNS Problems with Windows 10 Security Update
https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/
Codecov Breach
https://about.codecov.io/security-update/
Google Project Zero Tweaks Disclosure Rules
https://googleprojectzero.blogspot.com
EIPStackGroup OpENer Ethernet/IP
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
DNS Problems with Windows 10 Security Update
https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
ISC StormCast for Friday, April 16th, 2021
16 april 2021 |
14 min
Why and How You Should be Using an Internal Certificate Authority
https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/
Vulnerabilities Used By Russian Foreign Intelligence Service
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Insecurity URL Handling
https://positive.security/blog/url-open-rce
SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning
https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/
Vulnerabilities Used By Russian Foreign Intelligence Service
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Insecurity URL Handling
https://positive.security/blog/url-open-rce
SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning
https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
ISC StormCast for Thursday, April 15th, 2021
15 april 2021 |
6 min
April 2021 Forensics Quiz Solution
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Congratulations to the SANS.edu National Cyber League Teams!
https://twitter.com/SANS_EDU/status/1382453652602941440
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Congratulations to the SANS.edu National Cyber League Teams!
https://twitter.com/SANS_EDU/status/1382453652602941440
ISC StormCast for Wednesday, April 14th, 2021
14 april 2021 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/
NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/
https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/
NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/
ISC StormCast for Tuesday, April 13th, 2021
13 april 2021 |
6 min
Example of Cleartext Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/
ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html
Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR
Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/
https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/
ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html
Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR
Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/
ISC StormCast for Monday, April 12th, 2021
12 april 2021 |
7 min
No Python Interpreter? This Simple RAT Installs Its Own Copy
https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/
Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202
Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html
Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/
Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202
Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html
Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
ISC StormCast for Friday, April 9th, 2021
9 april 2021 |
6 min
Simple Powershell Ransomware Creating a 7Z Archive of your Files
https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Royal FLush: Privilege Escalation Vulnerability in Azure Functions
https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
Google Chrome Blocking Port 10080
https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Royal FLush: Privilege Escalation Vulnerability in Azure Functions
https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
Google Chrome Blocking Port 10080
https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
ISC StormCast for Thursday, April 8th, 2021
8 april 2021 |
7 min
WiFi IDS's and Private MAC Addresses
https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/
Update on PHP Incident
https://externals.io/message/113981
Details about Linux Kernel Bluetooth Vulnerabilities
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
LinkedIn Leak
https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html
VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0005.html
Cisco SD-WAN vManage Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/
Update on PHP Incident
https://externals.io/message/113981
Details about Linux Kernel Bluetooth Vulnerabilities
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
LinkedIn Leak
https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html
VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0005.html
Cisco SD-WAN vManage Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
ISC StormCast for Wednesday, April 7th, 2021
7 april 2021 |
6 min
Malspam with Lokibot vs. Outlook and RFCs
https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/
SAP Attacks
https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications
QNAP Upates Older EOL Devices
https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322
GIGASET Android Phones Infected by Compromised Update Server
https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/
SAP Attacks
https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications
QNAP Upates Older EOL Devices
https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322
GIGASET Android Phones Infected by Compromised Update Server
https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
ISC StormCast for Tuesday, April 6th, 2021
6 april 2021 |
6 min
LinkedIn Spear-Phishing Campaign Targets Job Hunters
https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/
Malicious Text Files (CVE-2019-8761)
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
Rust Privacy Concerns
https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/
Malicious Text Files (CVE-2019-8761)
https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html
Rust Privacy Concerns
https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/
ISC StormCast for Monday, April 5th, 2021
5 april 2021 |
6 min
C2 Activity: Sandboxes or Real Victims
https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
ISC StormCast for Friday, April 2nd, 2021
2 april 2021 |
6 min
April 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
ISC StormCast for Thursday, April 1st, 2021
1 april 2021 |
5 min
Quick Analysis of a Modular InfoStealer
https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
ISC StormCast for Wednesday, March 31st, 2021
31 mars 2021 |
6 min
Old TLS Versions: Gone but not Forgotten
https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
ISC StormCast for Tuesday, March 30th, 2021
30 mars 2021 |
7 min
Jumping Into Shellcode
https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/
PHP git repo compromised
https://news-web.php.net/php.internals/113838
npm "netmask" package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/
PHP git repo compromised
https://news-web.php.net/php.internals/113838
npm "netmask" package vulnerability
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
ISC StormCast for Friday, March 19th, 2021
19 mars 2021 |
6 min
A Simple Python Keylogger
https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
ISC StormCast for Thursday, March 18th, 2021
18 mars 2021 |
6 min
"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex
https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
ISC StormCast for Wednesday, March 17th, 2021
17 mars 2021 |
6 min
One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
ISC StormCast for Tuesday, March 16th, 2021
16 mars 2021 |
5 min
NimzaLoader Malware Written in "nim"
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
ISC StormCast for Monday, March 15th, 2021
15 mars 2021 |
5 min
Wireshark Code Execution Exploit
https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
ISC StormCast for Friday, March 12th, 2021
12 mars 2021 |
16 min
Pichktochart - Phishing with Infographics
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
ISC StormCast for Thursday, March 11th, 2021
11 mars 2021 |
5 min
SharpRDP - PSExec with PSExec, PSRemoting without PowerShell
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
ISC StormCast for Wednesday, March 10th, 2021
10 mars 2021 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
ISC StormCast for Tuesday, March 9th, 2021
9 mars 2021 |
6 min
YARA and CyberChef
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
ISC StormCast for Monday, March 8th, 2021
8 mars 2021 |
7 min
Update on Microsoft Exchange Vulnerability
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
ISC StormCast for Friday, March 5th, 2021
5 mars 2021 |
6 min
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
ISC StormCast for Thursday, March 4th, 2021
4 mars 2021 |
5 min
Microsoft Exchange Followup
https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/
Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/
Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
ISC StormCast for Wednesday, March 3rd, 2021
3 mars 2021 |
7 min
Qakbot Infection with Cobalt Strike
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
ISC StormCast for Tuesday, March 2nd, 2021
2 mars 2021 |
6 min
Fun with DNS over TLS and
https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
ISC StormCast for Monday, March 1st, 2021
1 mars 2021 |
5 min
Pretending to be an Outlook Version Update
https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
ISC StormCast for Friday, February 26th, 2021
26 februari 2021 |
5 min
Forensicating Azure VMs
https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/
FriarFox Browser Extension Targeting GMail Accounts
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
JSON Parser Inconsistencies
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Apple MacOS Update
https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/
https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/
FriarFox Browser Extension Targeting GMail Accounts
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
JSON Parser Inconsistencies
https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities
Apple MacOS Update
https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/
ISC StormCast for Thursday, February 25th, 2021
25 februari 2021 |
5 min
Malspam Pushes GuLoader for Remcos RAT
https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/
vCenter Exploit / Vulnerability Details
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
DNS CNAME Tracking
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Cisco MSO Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/
vCenter Exploit / Vulnerability Details
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
DNS CNAME Tracking
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Cisco MSO Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
ISC StormCast for Wednesday, February 24th, 2021
24 februari 2021 |
6 min
Qakbot In a Response to Full Disclosure Post
https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/
Firefox Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
VMWare ESXi / vCenter Server Update
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Replacing Content in Signed PDFs
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/
Firefox Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
VMWare ESXi / vCenter Server Update
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Replacing Content in Signed PDFs
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
ISC StormCast for Tuesday, February 23rd, 2021
23 februari 2021 |
6 min
Unprotecting Malicious Documents For Inspection
https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/
Brave Browser DNS Leak
https://www.theregister.com/2021/02/22/in_brief_security/
Telephony DoS
https://www.ic3.gov/Media/Y2021/PSA210217
https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/
Brave Browser DNS Leak
https://www.theregister.com/2021/02/22/in_brief_security/
Telephony DoS
https://www.ic3.gov/Media/Y2021/PSA210217
ISC StormCast for Monday, February 22nd, 2021
22 februari 2021 |
6 min
Dynamic Data Exchange (DDE) is Back in the Wild
https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/
https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/
macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings/
New Phishing Attack Identifed: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Sonicwall SMA 100 Firmware Update
https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/
https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/
macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings/
New Phishing Attack Identifed: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Sonicwall SMA 100 Firmware Update
https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
ISC StormCast for Friday, February 19th, 2021
19 februari 2021 |
6 min
Malspam Pushes Trickbot gtag rob13
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
AppleJeus
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
Python 3 Buffer Overflow
https://bugs.python.org/issue42938
Apple Platform Security Guide
https://support.apple.com/guide/security/welcome/web
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/
AppleJeus
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
Python 3 Buffer Overflow
https://bugs.python.org/issue42938
Apple Platform Security Guide
https://support.apple.com/guide/security/welcome/web
ISC StormCast for Thursday, February 18th, 2021
18 februari 2021 |
6 min
The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
ISC StormCast for Wednesday, February 17th, 2021
17 februari 2021 |
5 min
More Weirdness on TCP Port 26
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700
ISC StormCast for Tuesday, February 16th, 2021
16 februari 2021 |
7 min
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
ISC StormCast for Monday, February 15th, 2021
15 februari 2021 |
8 min
AgentTesla Dropped Through Automatic Click in Microsoft Help File
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
ISC StormCast for Friday, February 12th, 2021
12 februari 2021 |
6 min
Agent Tesla Hidden in Historical Anti-Malware Tool
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
ISC StormCast for Thursday, February 11th, 2021
11 februari 2021 |
6 min
Phishing Message to the ISC Handlers E-Mail Distro
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
ISC StormCast for Wednesday, February 10th, 2021
10 februari 2021 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
ISC StormCast for Tuesday, February 9th, 2021
9 februari 2021 |
6 min
Tshark and Malware Analysis
https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
ISC StormCast for Monday, February 8th, 2021
8 februari 2021 |
6 min
VBA Macro Trying to Alter the Application Menus
https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
ISC StormCast for Friday, February 5th, 2021
5 februari 2021 |
6 min
Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
ISC StormCast for Thursday, February 4th, 2021
4 februari 2021 |
6 min
Excel Spreadsheets Push SystemBC Malware
https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
SolarWinds Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389
SolarWinds SANS Lightning Summit
https://www.sans.org/webcasts/solarwinds-lightning-summit-118550
SonicWall Patch
https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
Realtek RTL8195A Wi-Fi Module Vulnerability
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
https://isc.sans.edu/forums/diary/Excel+spreadsheets+push+SystemBC+malware/27060/
SolarWinds Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=28389
SolarWinds SANS Lightning Summit
https://www.sans.org/webcasts/solarwinds-lightning-summit-118550
SonicWall Patch
https://www.sonicwall.com/support/product-notification/urgent-patch-available-for-sma-100-series-10-x-firmware-zero-day-vulnerability-updated-feb-3-2-p-m-cst/210122173415410/
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
Realtek RTL8195A Wi-Fi Module Vulnerability
https://www.vdoo.com/blog/realtek-rtl8195a-vulnerabilities-discovered
ISC StormCast for Wednesday, February 3rd, 2021
3 februari 2021 |
6 min
New Example of XSL Script Processing aka "Mitre T1220"
https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
ISC StormCast for Tuesday, February 2nd, 2021
2 februari 2021 |
6 min
MacOS 11.2 Update
https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
ISC StormCast for Monday, February 1st, 2021
1 februari 2021 |
5 min
Perl.com Domain Hijacked
https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html
Spamcop Domain Expired
https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
libgcrypt vulnerability
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Fingerprinting QUIC
https://arxiv.org/pdf/2101.11871.pdf
https://www.ehackingnews.com/2021/01/perlcom-official-site-for-perl.html
Spamcop Domain Expired
https://www.bleepingcomputer.com/news/security/spamcop-anti-spam-service-suffers-an-outage-after-its-domain-expired/
libgcrypt vulnerability
https://lists.gnupg.org/pipermail/gnupg-announce/2021q1/000456.html
Fingerprinting QUIC
https://arxiv.org/pdf/2101.11871.pdf
ISC StormCast for Friday, January 29th, 2021
29 januari 2021 |
6 min
New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
ISC StormCast for Thursday, January 28th, 2021
28 januari 2021 |
6 min
Emotet vs. Windows Attack Surface Reduction
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
ISC StormCast for Wednesday, January 27th, 2021
27 januari 2021 |
7 min
Critical sudo Vulnerability
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
ISC StormCast for Tuesday, January 26th, 2021
26 januari 2021 |
5 min
Fun With nmap nse Scripts and DoH (DNS over HTTPS)
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
ISC StormCast for Monday, January 25th, 2021
25 januari 2021 |
6 min
Another File Extension to Block: JNLP
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
ISC StormCast for Friday, January 22nd, 2021
22 januari 2021 |
14 min
Powershell Ropping REvil Ransomware
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
ISC StormCast for Thursday, January 21st, 2021
21 januari 2021 |
7 min
SolarWinds Updates
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444
ISC StormCast for Wednesday, January 20th, 2021
20 januari 2021 |
6 min
Qakbot Activity Resumes After Holiday Break
https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
Multiple dnsmasq Vulnerabilities
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
FreakOut Malware
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Kids Break Screensaver
https://github.com/linuxmint/cinnamon-screensaver/issues/354
https://isc.sans.edu/forums/diary/Qakbot+activity+resumes+after+holiday+break/27008/
Multiple dnsmasq Vulnerabilities
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq_Technical-Whitepaper.pdf
FreakOut Malware
https://blog.checkpoint.com/2021/01/19/linux-users-should-patch-now-to-block-new-freakout-malware-which-exploits-new-vulnerabilities/
Kids Break Screensaver
https://github.com/linuxmint/cinnamon-screensaver/issues/354
ISC StormCast for Tuesday, January 19th, 2021
19 januari 2021 |
6 min
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
ISC StormCast for Monday, January 18th, 2021
18 januari 2021 |
5 min
Scans for DNS over HTTPs
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
ISC StormCast for Friday, January 15th, 2021
15 januari 2021 |
5 min
Dynamically Analzying A Heavily Obfuscted Excel 4 Macro Malicious File
https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/
Odd Filename Corrupts NTFS Disks
https://twitter.com/jonasLyk/status/1347900440000811010
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
https://isc.sans.edu/forums/diary/Dynamically+analyzing+a+heavily+obfuscated+Excel+4+macro+malicious+file/26986/
Odd Filename Corrupts NTFS Disks
https://twitter.com/jonasLyk/status/1347900440000811010
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
ISC StormCast for Thursday, January 14th, 2021
14 januari 2021 |
6 min
Hancitor Activity Resumes After a Holiday Break
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
ISC StormCast for Wednesday, January 13th, 2021
13 januari 2021 |
6 min
MSFT January 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
ISC StormCast for Tuesday, January 12th, 2021
12 januari 2021 |
6 min
Using the NVD Database API Part 3/3
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
ISC StormCast for Monday, January 11th, 2021
11 januari 2021 |
6 min
Maldoc Strings Analysis
https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/
CVSS Reliablity Survey
https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857
Fake Trump Video Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/
SMS Phishing (Smishing)
https://www.bbc.com/news/business-55563748
dnsren vulnerability
https://www.exploit-db.com/exploits/49394
https://isc.sans.edu/forums/diary/Maldoc+Strings+Analysis/26966/
CVSS Reliablity Survey
https://user-surveys.cs.fau.de/index.php?r=survey/index&sid=248857
Fake Trump Video Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/updated-qnode-rat-downloader-distributed-as-trump-video-scandal/
SMS Phishing (Smishing)
https://www.bbc.com/news/business-55563748
dnsren vulnerability
https://www.exploit-db.com/exploits/49394
ISC StormCast for Friday, January 8th, 2021
8 januari 2021 |
16 min
Using the NIST Database and API to Keep Up with Vulnerabilities
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
ISC StormCast for Thursday, January 7th, 2021
7 januari 2021 |
4 min
Zyxel Exploitation Under Way
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
ISC StormCast for Wednesday, January 6th, 2021
6 januari 2021 |
6 min
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
ISC StormCast for Tuesday, January 5th, 2021
5 januari 2021 |
5 min
From a Small BAT File to Mass Logger Infostealer
https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
ISC StormCast for Monday, January 4th 2021
4 januari 2021 |
4 min
Traffic Analysis Quiz
https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
ISC StormCast for Wednesday, December 30th 2020
30 december 2020 |
4 min
Accessing Restricted Directory Listings via Your AV Solution
https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
ISC StormCast for Tuesday, December 29th 2020
29 december 2020 |
5 min
Extending Android Device Compatibility for Let's Encrypt Certificates
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3
ISC StormCast for Monday, December 28th 2020
28 december 2020 |
6 min
base64dump.py Supported Encodings
https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT
https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT
ISC StormCast for Wednesday, December 23rd 2020
23 december 2020 |
4 min
Malware Victim Selection Through WiFi Identification
https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector
https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector
ISC StormCast for Tuesday, December 22nd 2020
22 december 2020 |
6 min
What's The Deal With Openportstats.com?
https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
ISC StormCast for Monday, December 21st 2020
21 december 2020 |
6 min
A slightly optimistic tale of how patching went for CVE-2019-19781
https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
ISC StormCast for Friday, December 18th 2020
18 december 2020 |
6 min
Token Authentication Requirements for Git Operations
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast
ISC StormCast for Thursday, December 17th 2020
17 december 2020 |
6 min
Cloud DNS Logs
https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
ISC StormCast for Wednesday, December 16th 2020
16 december 2020 |
6 min
Analyzing A Fireeye Maldoc
https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/
Didier Stevens: 2020 Difference Makers
https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154
F5 Big IP Vulnerabilities
https://support.f5.com/csp/article/K20984059
https://support.f5.com/csp/article/K42696541
https://support.f5.com/csp/article/K37960100
Google Outage
https://status.cloud.google.com/incident/zall/20013
GoLang XML Parser Vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/
Didier Stevens: 2020 Difference Makers
https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154
F5 Big IP Vulnerabilities
https://support.f5.com/csp/article/K20984059
https://support.f5.com/csp/article/K42696541
https://support.f5.com/csp/article/K37960100
Google Outage
https://status.cloud.google.com/incident/zall/20013
GoLang XML Parser Vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
ISC StormCast for Tuesday, December 15th 2020
15 december 2020 |
7 min
SolarWinds Followup
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
https://sansurl.com/solarwinds
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Sophos and Reversing Labs Release 20 Million Malware Samples
https://github.com/sophos-ai/SOREL-20M
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
https://sansurl.com/solarwinds
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Sophos and Reversing Labs Release 20 Million Malware Samples
https://github.com/sophos-ai/SOREL-20M
ISC StormCast for Monday, December 14th 2020
14 december 2020 |
6 min
SolarWinds Compromise
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures
https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/
Flash Player EoL
https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html
Subway Marketing System Hacked to Send TrickBot Malware Emails
https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures
https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/
Flash Player EoL
https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html
Subway Marketing System Hacked to Send TrickBot Malware Emails
https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
ISC StormCast for Friday, December 11th 2020
11 december 2020 |
13 min
Python Backdoor Talking to a C2 Through Ngrok
https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/
Cisco Releases Improved Patch for Jabber Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/
Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/
Cisco Releases Improved Patch for Jabber Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/
Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
ISC StormCast for Thursday, December 10th 2020
10 december 2020 |
6 min
Oblivious DoH
https://blog.cloudflare.com/oblivious-dns/
HTTP Archive Almanach
https://almanac.httparchive.org/en/2020/security
Open Source IoT TCP/IP Stack Vulnerabilities
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Fireeye Red Team Tool Signatures
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://blog.cloudflare.com/oblivious-dns/
HTTP Archive Almanach
https://almanac.httparchive.org/en/2020/security
Open Source IoT TCP/IP Stack Vulnerabilities
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Fireeye Red Team Tool Signatures
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
ISC StormCast for Wednesday, December 9th 2020
9 december 2020 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
OpenSSL Patch (Tuesday)
https://www.openssl.org/news/secadv/20201208.txt
https://isc.sans.edu/forums/diary/December+2020+Microsoft+Patch+Tuesday+Exchange+Sharepoint+Dynamics+and+DNS+Spoofing/26860/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
OpenSSL Patch (Tuesday)
https://www.openssl.org/news/secadv/20201208.txt
ISC StormCast for Tuesday, December 8th 2020
8 december 2020 |
6 min
Corrupt BASE64 Strings: Detection and Decoding
https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/
Microsoft Teams Remote Code Execution Vulnerability (Patched)
https://github.com/oskarsve/ms-teams-rce
PlayStation Now RCE
https://hackerone.com/reports/873614
Cisco Security Manager Java Deserialization Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/
Microsoft Teams Remote Code Execution Vulnerability (Patched)
https://github.com/oskarsve/ms-teams-rce
PlayStation Now RCE
https://hackerone.com/reports/873614
Cisco Security Manager Java Deserialization Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
ISC StormCast for Monday, December 7th 2020
7 december 2020 |
6 min
Proxy Scanner Attempting to Connect to Specific Hostname
https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/
Recovering Passwords From Pixelized Screenshots
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Tomcat Information Leak
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
Google Updates
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/
Recovering Passwords From Pixelized Screenshots
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Tomcat Information Leak
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
Google Updates
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
ISC StormCast for Friday, December 4th 2020
4 december 2020 |
17 min
Traffic Analysis Quiz: Mr. Natural
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/
An iOS Zero-Click Radio Proximity Exploit Odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Github "State of the Octoverse" Report
https://octoverse.github.com/static/2020-security-report.pdf
Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive
https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/
An iOS Zero-Click Radio Proximity Exploit Odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Github "State of the Octoverse" Report
https://octoverse.github.com/static/2020-security-report.pdf
Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive
https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
ISC StormCast for Thursday, December 3rd 2020
3 december 2020 |
7 min
Prevelance of DNS Spoofing
https://arxiv.org/abs/2011.12978
New npm Malware Includes Bladabindi Trojan
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
https://arxiv.org/abs/2011.12978
New npm Malware Includes Bladabindi Trojan
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
ISC StormCast for Wednesday, December 2nd 2020
2 december 2020 |
9 min
Xanthe Docker Aware Miner
https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more
Ocean Lotus Mac Backdoor
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
OpenClinic vs OpenClinic GA
https://labs.bishopfox.com/advisories/openclinic-version-0.8.2
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/
Register For Cyberstart
https://www.cyberstartamerica.org
https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more
Ocean Lotus Mac Backdoor
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
OpenClinic vs OpenClinic GA
https://labs.bishopfox.com/advisories/openclinic-version-0.8.2
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/
Register For Cyberstart
https://www.cyberstartamerica.org
ISC StormCast for Tuesday, December 1st 2020
1 december 2020 |
6 min
Decrypting PowerShell Payloads
https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/
Trend Micro ServerProtect for Linux
https://success.trendmicro.com/solution/000281950
WebKit Vulnerabilities
https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html
New Skimmer JS
https://twitter.com/AffableKraut/status/1333258498910588928
https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/
Trend Micro ServerProtect for Linux
https://success.trendmicro.com/solution/000281950
WebKit Vulnerabilities
https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html
New Skimmer JS
https://twitter.com/AffableKraut/status/1333258498910588928
ISC StormCast for Monday, November 30th 2020
30 november 2020 |
7 min
Live Patching Windows API Calls Using PowerShell
https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/
Threat Hunting with JARM
https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/
https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/
Be Careful With IoT Gifts
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
Active Exploitation of Mobile Iron Vulnerabilities
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/
Threat Hunting with JARM
https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/
https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/
Be Careful With IoT Gifts
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
Active Exploitation of Mobile Iron Vulnerabilities
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
ISC StormCast for Wednesday, November 25th 2020
25 november 2020 |
11 min
The Special Case of TCP Resets
https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/
VMWare Workspace Vulnerability
https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Holiday Hack Challenge 2020
https://holidayhackchallenge.com/2020/
https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/
VMWare Workspace Vulnerability
https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Holiday Hack Challenge 2020
https://holidayhackchallenge.com/2020/
ISC StormCast for Tuesday, November 24th 2020
24 november 2020 |
4 min
Quick Tip: Cobalt Strike Beacon Analysis
https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/
Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains
https://blog.liquid.com/security-incident-november-13-2020
Spoofed FBI Domains
https://www.ic3.gov/Media/Y2020/PSA201123
https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/
Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains
https://blog.liquid.com/security-incident-november-13-2020
Spoofed FBI Domains
https://www.ic3.gov/Media/Y2020/PSA201123
ISC StormCast for Monday, November 23rd 2020
23 november 2020 |
4 min
Updates for VMWare ESXi; Fusion and Workstation
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
IBM DB2 Vulnerability
https://www.ibm.com/support/pages/node/6370025
https://www.ibm.com/support/pages/node/6370023
Fortinet SSL VPN Exploit Used to Collect Credentials
https://twitter.com/Bank_Security/status/1329426020647243778
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
IBM DB2 Vulnerability
https://www.ibm.com/support/pages/node/6370025
https://www.ibm.com/support/pages/node/6370023
Fortinet SSL VPN Exploit Used to Collect Credentials
https://twitter.com/Bank_Security/status/1329426020647243778
ISC StormCast for Friday, November 20th 2020
20 november 2020 |
16 min
PowerShell Dropper Delivering Formbook
https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/
Google Leading the Way in Phishing
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign
Identifying Malicious Servers With JARM
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production
https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/
Google Leading the Way in Phishing
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign
Identifying Malicious Servers With JARM
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production
https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
ISC StormCast for Thursday, November 19th 2020
19 november 2020 |
5 min
When Security Controls Lead to Security Issues
https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
Firefox 83 HTTPS Only Mode
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
OOB Windows Kerberos Update
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center
Cisco WebEx Patch Fixes "Ghost Users"
https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/
Ransomware Flooding Printers
https://twitter.com/Irlenys/status/1327784305465188353
https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
Firefox 83 HTTPS Only Mode
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
OOB Windows Kerberos Update
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center
Cisco WebEx Patch Fixes "Ghost Users"
https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/
Ransomware Flooding Printers
https://twitter.com/Irlenys/status/1327784305465188353
ISC StormCast for Wednesday, November 18th 2020
18 november 2020 |
6 min
Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11
https://twitter.com/patrickwardle/status/1327726496203476992
Apple Improving Privacy on App Certificate Checks
https://support.apple.com/en-us/HT202491
Cisco Security Manager Vulnerabilities
https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e
https://tools.cisco.com/security/center/publicationListing.x
https://twitter.com/patrickwardle/status/1327726496203476992
Apple Improving Privacy on App Certificate Checks
https://support.apple.com/en-us/HT202491
Cisco Security Manager Vulnerabilities
https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e
https://tools.cisco.com/security/center/publicationListing.x
ISC StormCast for Tuesday, November 17th 2020
17 november 2020 |
6 min
Old Vulnerbilities Don't Die
https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/
Citrix Virtual Apps and Desktops Security Update
https://support.citrix.com/article/CTX285059
Zoom Security Improvements
https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/
Firefox File Read Vulnerability Details
https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/
Citrix Virtual Apps and Desktops Security Update
https://support.citrix.com/article/CTX285059
Zoom Security Improvements
https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/
Firefox File Read Vulnerability Details
https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
ISC StormCast for Monday, November 16th 2020
16 november 2020 |
7 min
Oledump Removed Macro Indicator
https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/
Old Worm But New Obfuscation Technique
https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/
MacOS OCSP Disaster
https://blog.cryptohack.org/macos-ocsp-disaster
VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface
https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/
Old Worm But New Obfuscation Technique
https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/
MacOS OCSP Disaster
https://blog.cryptohack.org/macos-ocsp-disaster
VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface
https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
ISC StormCast for Friday, November 13th 2020
13 november 2020 |
14 min
Preventing Exposed Azure Blob Storage
https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/
Apple Security Updates
https://support.apple.com/en-us/HT201222
DNS Cache Poisoning Attack Reloaded
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/
Apple Security Updates
https://support.apple.com/en-us/HT201222
DNS Cache Poisoning Attack Reloaded
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
ISC StormCast for Thursday, November 12th 2020
12 november 2020 |
6 min
Traffic Analysis Quiz
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/
Open Source Security Scorecards
https://github.com/ossf/scorecard
Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions
https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/
Ubuntu 20.04 Privilege Escalation
https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+DESKTOPFX23IK5/26780/
Open Source Security Scorecards
https://github.com/ossf/scorecard
Bitdefender: UPX Unpacking Featuring Ten Memory Corruptions
https://landave.io/2020/11/bitdefender-upx-unpacking-featuring-ten-memory-corruptions/
Ubuntu 20.04 Privilege Escalation
https://securitylab.github.com/research/Ubuntu-gdm3-accountsservice-LPE
ISC StormCast for Wednesday, November 11th 2020
11 november 2020 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/
"Platypus" Attack against Intel SGX
https://platypusattack.com/
Adobe Updates
https://helpx.adobe.com/security.html
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
Fingerprinting ADS-B Signals
https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/
"Platypus" Attack against Intel SGX
https://platypusattack.com/
Adobe Updates
https://helpx.adobe.com/security.html
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
Fingerprinting ADS-B Signals
https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
ISC StormCast for Tuesday, November 10th 2020
10 november 2020 |
6 min
How Attackers Brush Up Their Malicious Scripts
https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/
RansomEXX Trojan Attacks Linux Systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/
More NPM Malare Found
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
The Internet is Getting Safer: Fall 2020 RPKI Update
https://blog.cloudflare.com/rpki-2020-fall-update/
https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/
RansomEXX Trojan Attacks Linux Systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/
More NPM Malare Found
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
The Internet is Getting Safer: Fall 2020 RPKI Update
https://blog.cloudflare.com/rpki-2020-fall-update/
ISC StormCast for Monday, November 9th 2020
9 november 2020 |
5 min
Cryptojacking Targeting WebLogic TCP/7001
Cryptojacking Targeting WebLogic TCP/7001
https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
Extracting VBA Code From Maldocs
https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/
Let's Encrypt May No Longer Be Recognized by Older Android Versions
https://letsencrypt.org/2020/11/06/own-two-feet.html
Linux Kernel to Remove set_fs()
http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html
BigIP Vulnerability
https://support.f5.com/csp/article/K43310520
Cryptojacking Targeting WebLogic TCP/7001
https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
Extracting VBA Code From Maldocs
https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/
Let's Encrypt May No Longer Be Recognized by Older Android Versions
https://letsencrypt.org/2020/11/06/own-two-feet.html
Linux Kernel to Remove set_fs()
http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html
BigIP Vulnerability
https://support.f5.com/csp/article/K43310520
ISC StormCast for Friday, November 6th 2020
6 november 2020 |
16 min
Did You Spot "Invoke-Expression" ?
https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Corporte VoIP Phone System Attacks
https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/
Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers
https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Corporte VoIP Phone System Attacks
https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/
Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers
https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
ISC StormCast for Thursday, November 5th 2020
5 november 2020 |
6 min
Cisco AnyConnect Security Mobility Client
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
Google Chrome Root CA Policy
https://www.chromium.org/Home/chromium-security/root-ca-policy
Android November 2020 Security Bulletin
https://source.android.com/security/bulletin/2020-11-01
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
Google Chrome Root CA Policy
https://www.chromium.org/Home/chromium-security/root-ca-policy
Android November 2020 Security Bulletin
https://source.android.com/security/bulletin/2020-11-01
ISC StormCast for Wednesday, November 4th 2020
4 november 2020 |
5 min
Attackers Exploiting WebLogic Servers to Install Cobalt Strike
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
https://isc.sans.edu/forums/diary/Attackers+Exploiting+WebLogic+Servers+via+CVE202014882+to+install+Cobalt+Strike/26752
New SaltStack Vulnerabilities
https://www.saltstack.com/blog/on-november-3-2020-saltstack-publicly-disclosed-three-new-cves/
Adobe Releases Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb20-67.html
Malicious Twilio NPM Package
https://www.npmjs.com/advisories/1574
GitHub Workflow Injection Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2070&can=2&q=&colspec=ID%20Type%20Status%20Priority%20Milestone%20Owner%20Summary&cells=ids
ISC StormCast for Tuesday, November 3rd 2020
3 november 2020 |
7 min
Emotet -> Qakbot -> More Emotet
https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
WebLogic Bad News
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://twitter.com/80vul/status/1322078337137700865
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
NAT Slipstreaming Re-Discovered
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
WebLogic Bad News
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://twitter.com/80vul/status/1322078337137700865
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
NAT Slipstreaming Re-Discovered
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
ISC StormCast for Monday, November 2nd 2020
2 november 2020 |
6 min
Quick Status of the CAA DNS Record Adoption
https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/
Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
Operation Earth Kitsune
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/
Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
Operation Earth Kitsune
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
ISC StormCast for Friday, October 30th 2020
30 oktober 2020 |
15 min
PATCH NOW: CVE-2020-14882 WebLogic Actively Exploited
https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/
Zonealarm Update
https://www.zonealarm.com/software/extreme-security/release-history
Ransomware Targeting Healthcare
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
OpenEMR Vulnerabilities
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications
https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845
https://isc.sans.edu/forums/diary/PATCH+NOW+CVE202014882+Weblogic+Actively+Exploited+Against+Honeypots/26734/
Zonealarm Update
https://www.zonealarm.com/software/extreme-security/release-history
Ransomware Targeting Healthcare
https://us-cert.cisa.gov/ncas/alerts/aa20-302a
OpenEMR Vulnerabilities
https://blog.sonarsource.com/openemr-5-0-2-1-command-injection-vulnerability
Mishka McCowan: Mitigating Risk with the CSA 12 Critical Risks for Serverless Applications
https://www.sans.org/reading-room/whitepapers/cloud/mitigating-risk-csa-12-critical-risks-serverless-applications-39845
ISC StormCast for Thursday, October 29th 2020
29 oktober 2020 |
6 min
SMBGhost Remains Unpatched on 8% of Exposed SMB Servers
https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/
Microsoft Defender ATP Cobalt Strike False Positive
https://twitter.com/ffforward/status/1321375690084810753?s=20
QNAP Security Advisory
https://www.qnap.com/en/security-advisory/QSA-20-09
New Linux Trickbot Version Sighted
https://www.netscout.com/blog/asert/dropping-anchor
Abuse.ch Needs Help
https://abuse.ch/blog/moving-forward/
https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/
Microsoft Defender ATP Cobalt Strike False Positive
https://twitter.com/ffforward/status/1321375690084810753?s=20
QNAP Security Advisory
https://www.qnap.com/en/security-advisory/QSA-20-09
New Linux Trickbot Version Sighted
https://www.netscout.com/blog/asert/dropping-anchor
Abuse.ch Needs Help
https://abuse.ch/blog/moving-forward/
ISC StormCast for Wednesday, October 28th 2020
28 oktober 2020 |
5 min
Vulnerable SonarQube Configurations Used to Steal Code
https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc
Microsoft Edge Security Updates (Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
Microsoft Releases Flash Removal Tool
https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Bypassing MSFT Teams Policies
https://o365blog.com/post/teams-policies/
https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc
Microsoft Edge Security Updates (Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
Microsoft Releases Flash Removal Tool
https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Bypassing MSFT Teams Policies
https://o365blog.com/post/teams-policies/
ISC StormCast for Tuesday, October 27th 2020
27 oktober 2020 |
6 min
Excel 4 Macros: "Abnormal Sheet Visibility"
https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/
HP Printer Applications Certificate Revoked
https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/
Link Previews and Privacy
https://www.mysk.blog/2020/10/25/link-previews/
https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/
HP Printer Applications Certificate Revoked
https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/
Link Previews and Privacy
https://www.mysk.blog/2020/10/25/link-previews/
ISC StormCast for Monday, October 26th 2020
26 oktober 2020 |
6 min
An Alternative to Shodan: Censys
https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
Sooty: SOC Analyst's All-in-One Tool
https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/
Adversarial ML Threat Matrix
https://github.com/mitre/advmlthreatmatrix
Samsung S20 RCE
https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/
VMWare Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
Sooty: SOC Analyst's All-in-One Tool
https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/
Adversarial ML Threat Matrix
https://github.com/mitre/advmlthreatmatrix
Samsung S20 RCE
https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/
VMWare Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
ISC StormCast for Friday, October 23rd 2020
23 oktober 2020 |
6 min
BazarLoader Phishing Lures
https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/
Stalled Reviews for Secure Boot Shim
https://github.com/rhboot/shim-review/issues/120
https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
https://isc.sans.edu/forums/diary/BazarLoader+phishing+lures+plan+a+Halloween+party+get+a+bonus+and+be+fired+in+the+same+afternoon/26710/
Stalled Reviews for Secure Boot Shim
https://github.com/rhboot/shim-review/issues/120
https://github.com/rhboot/shim-review/issues/102#issuecomment-698963751
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
ISC StormCast for Thursday, October 22nd 2020
22 oktober 2020 |
6 min
Shipping Dangerous Goods
https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/
Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
URL Bar Spoofing Vulnerabilities
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2020.html
https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/
Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
URL Bar Spoofing Vulnerabilities
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2020.html
ISC StormCast for Wednesday, October 21st 2020
21 oktober 2020 |
6 min
Mirai-alike Python Scanner
https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Google Chrome Update (actively exploited vulnerability fixed)
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
QNAP Fixes ZeroLogon Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-07
GravityRat Going Multi Platform
https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms
US Census Spoof
https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Google Chrome Update (actively exploited vulnerability fixed)
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
QNAP Fixes ZeroLogon Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-07
GravityRat Going Multi Platform
https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms
US Census Spoof
https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
ISC StormCast for Tuesday, October 20th 2020
20 oktober 2020 |
5 min
Out of Band MSFT Patches
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
Adobe Magento Patches
https://helpx.adobe.com/security/products/magento/apsb20-59.html
Attacks against SS7
https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
Adobe Magento Patches
https://helpx.adobe.com/security/products/magento/apsb20-59.html
Attacks against SS7
https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
ISC StormCast for Monday, October 19th 2020
19 oktober 2020 |
7 min
CVE-2020-5135 SonicWall Buffer Overflow
https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/
Spammer Attached Mass Mailer Configuration Instead of Malware
https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/
Traffic Analysis Quiz: Ugly-Wolf.net
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/
Qualcomm QCMAP Vulnerabilities
https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities
Discord Desktop App RCE
https://mksben.l0.cm/2020/10/discord-desktop-rce.html
https://isc.sans.edu/forums/diary/CVE20205135+Buffer+Overflow+in+SonicWall+VPNs+Patch+Now/26692/
Spammer Attached Mass Mailer Configuration Instead of Malware
https://isc.sans.edu/forums/diary/File+Selection+Gaffe/26694/
Traffic Analysis Quiz: Ugly-Wolf.net
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+UglyWolfnet/26688/
Qualcomm QCMAP Vulnerabilities
https://www.vdoo.com/blog/qualcomm-qcmap-vulnerabilities
Discord Desktop App RCE
https://mksben.l0.cm/2020/10/discord-desktop-rce.html
ISC StormCast for Friday, October 16th 2020
16 oktober 2020 |
6 min
Obfuscated Python RAT
https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/
BadNeighbor ICMPv6 Router Advertisement Update
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/
BlueZ Vulnerability
https://www.youtube.com/watch?v=qPYrLRausSw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://security.googleblog.com/ (available "soon")
Zoom Rolling Out End-to-End Encryption
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/
BadNeighbor ICMPv6 Router Advertisement Update
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/
BlueZ Vulnerability
https://www.youtube.com/watch?v=qPYrLRausSw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://security.googleblog.com/ (available "soon")
Zoom Rolling Out End-to-End Encryption
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
ISC StormCast for Thursday, October 15th 2020
15 oktober 2020 |
6 min
TA551/Shathak Word Docs Push IcedID and Bokbot
https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/
MSFT Patch Tuesday Followup
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
Apple T2 Chip Vulnerability Confirmed
https://9to5mac.com/2020/10/13/t2-exploit-team/
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/
MSFT Patch Tuesday Followup
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
Apple T2 Chip Vulnerability Confirmed
https://9to5mac.com/2020/10/13/t2-exploit-team/
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
ISC StormCast for Wednesday, October 14th 2020
14 oktober 2020 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/
Adobe Updates
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/
Adobe Updates
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
ISC StormCast for Tuesday, October 13th 2020
13 oktober 2020 |
6 min
Nested .MSGs: Turtles All The Way Down
https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/
Microsoft Attempting To Take Down Trickbot C2 Infrastructure
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Google Chrome Cache Partitioning
https://developers.google.com/web/updates/2020/10/http-cache-partitioning
https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/
Microsoft Attempting To Take Down Trickbot C2 Infrastructure
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Google Chrome Cache Partitioning
https://developers.google.com/web/updates/2020/10/http-cache-partitioning
ISC StormCast for Monday, October 12th 2020
12 oktober 2020 |
6 min
Phishing Kits As Far As The Eye Can See
https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/
Open Packaging Conventions
https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/
Analyzing MSG Files
https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/
Cisco Video Surveillance 8000 Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx
55 New Apple Flaws
https://samcurry.net/hacking-apple/
https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/
Open Packaging Conventions
https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/
Analyzing MSG Files
https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/
Cisco Video Surveillance 8000 Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx
55 New Apple Flaws
https://samcurry.net/hacking-apple/
ISC StormCast for Friday, October 9th 2020
9 oktober 2020 |
20 min
Hashicorp Vault Vulnerabilities
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
Ryuk Ransomware Writeup
https://thedfirreport.com/2020/10/08/ryuks-return/
Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile
https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
Ryuk Ransomware Writeup
https://thedfirreport.com/2020/10/08/ryuks-return/
Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile
https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
ISC StormCast for Thursday, October 8th 2020
8 oktober 2020 |
7 min
Today, Nobody is Going to Attack You
https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/
Google Chrome Patches
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Android Security Update
https://source.android.com/security/bulletin/2020-10-01
QNAP Patches Helpdesk Application
https://www.qnap.com/en/security-advisory/QSA-20-08
Comcast Remote Control Evesdropping
https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/
Google Chrome Patches
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Android Security Update
https://source.android.com/security/bulletin/2020-10-01
QNAP Patches Helpdesk Application
https://www.qnap.com/en/security-advisory/QSA-20-08
Comcast Remote Control Evesdropping
https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
ISC StormCast for Wednesday, October 7th 2020
7 oktober 2020 |
9 min
Apple T2 Chip Vulnerability
https://ironpeak.be/blog/crouching-t2-hidden-danger/
NVIDIA Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/5075
Cloudflare DDoS Alerts
https://blog.cloudflare.com/announcing-ddos-alerts/
Gravatar Privacy Issue
https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
https://ironpeak.be/blog/crouching-t2-hidden-danger/
NVIDIA Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/5075
Cloudflare DDoS Alerts
https://blog.cloudflare.com/announcing-ddos-alerts/
Gravatar Privacy Issue
https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
ISC StormCast for Tuesday, October 6th 2020
6 oktober 2020 |
6 min
Obfuscation and Repetition
https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/
Compromised UEFI Payload Found
https://securelist.com/mosaicregressor/98849/
Privilege Escalation Flaw in All AntiVirus Products
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Rapid7 SMTP "NICER" Report
https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/
Compromised UEFI Payload Found
https://securelist.com/mosaicregressor/98849/
Privilege Escalation Flaw in All AntiVirus Products
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Rapid7 SMTP "NICER" Report
https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
ISC StormCast for Monday, October 5th 2020
5 oktober 2020 |
6 min
Analysis of a Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/
Hoaxcalls Botnet Scanning for Huawei Home Gateway
https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/
SQL Server Cumulative Update 8
https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019
Telstra Accidentially Reroutes Proton Mail Traffic
https://protonmail.com/blog/bgp-hijacking-september-2020/
"Raccine" Ransomware Vaccine
https://github.com/Neo23x0/Raccine
https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/
Hoaxcalls Botnet Scanning for Huawei Home Gateway
https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/
SQL Server Cumulative Update 8
https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019
Telstra Accidentially Reroutes Proton Mail Traffic
https://protonmail.com/blog/bgp-hijacking-september-2020/
"Raccine" Ransomware Vaccine
https://github.com/Neo23x0/Raccine
ISC StormCast for Friday, October 2nd 2020
2 oktober 2020 |
5 min
Making Sensor of Azure AD Activity Logs
https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/
IOCs Turning into IOOIs
https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/
Apple Security Patch Pulled
https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated
Have I Been EMOTET Service
https://www.haveibeenemotet.com/
https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/
IOCs Turning into IOOIs
https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/
Apple Security Patch Pulled
https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated
Have I Been EMOTET Service
https://www.haveibeenemotet.com/
ISC StormCast for Thursday, October 1st 2020
1 oktober 2020 |
6 min
Scans for FPURL.xml: Reconnaissance or Not?
https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/
HP Device Manager Backdoor
https://support.hp.com/us-en/document/c06921908
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
KensingtonWorks RCE
https://robertheaton.com/another-rce-in-kensingtonworks/
https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/
HP Device Manager Backdoor
https://support.hp.com/us-en/document/c06921908
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
KensingtonWorks RCE
https://robertheaton.com/another-rce-in-kensingtonworks/
ISC StormCast for Wednesday, September 30th 2020
30 september 2020 |
5 min
Managing Remote Access for Contractors and Partners
https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments
Updated Windows ZeroLogon Advisory
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Cisco Patching Exploited DoS Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
FoxIT PDF Reader Update
https://www.foxitsoftware.com/support/security-bulletins.html
https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments
Updated Windows ZeroLogon Advisory
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Cisco Patching Exploited DoS Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
FoxIT PDF Reader Update
https://www.foxitsoftware.com/support/security-bulletins.html
ISC StormCast for Tuesday, September 29th 2020
29 september 2020 |
6 min
Some Tyler Technologies Customers Targeted after Breach
https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/
Obfuscated PowerShell Backdoor
https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/
QNAP Fixes AgeLocker Vulnerability in Photo Station
https://www.qnap.com/de-de/security-advisory/qsa-20-06
TrendMicro Apex One Vulnerablity
https://success.trendmicro.com/product-support/apex-one
https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/
Obfuscated PowerShell Backdoor
https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/
QNAP Fixes AgeLocker Vulnerability in Photo Station
https://www.qnap.com/de-de/security-advisory/qsa-20-06
TrendMicro Apex One Vulnerablity
https://success.trendmicro.com/product-support/apex-one
ISC StormCast for Monday, September 28th 2020
28 september 2020 |
6 min
Securing Exchange Online
https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/
Decoding Corrupt BASE64
https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/
Fortinet VPN Default Setting Problem
https://securingsam.com/breaching-the-fort/
Single Use Credit Cards Numbers
https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/
Decoding Corrupt BASE64
https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/
Fortinet VPN Default Setting Problem
https://securingsam.com/breaching-the-fort/
Single Use Credit Cards Numbers
https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
ISC StormCast for Friday, September 25th 2020
25 september 2020 |
6 min
Party in Ibiza with PowerShell
https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Microsoft Tracking Zerologon Exploits
https://twitter.com/MsftSecIntel/status/1308941504707063808
Apple Patches
https://support.apple.com/en-us/HT201222
Instagram for Android Vulnerability
https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Microsoft Tracking Zerologon Exploits
https://twitter.com/MsftSecIntel/status/1308941504707063808
Apple Patches
https://support.apple.com/en-us/HT201222
Instagram for Android Vulnerability
https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
ISC StormCast for Thursday, September 24th 2020
24 september 2020 |
6 min
Dynamic Malicious Word Document
https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
ISC StormCast for Wednesday, September 23rd 2020
23 september 2020 |
6 min
Citrix ADC Udpates
https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
ISC StormCast for Tuesday, September 22nd 2020
22 september 2020 |
6 min
Slightly Broken Overlay Phishing
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
ISC StormCast for Monday, September 21st 2020
21 september 2020 |
6 min
A Mix of Python and VBA in a Malicious Word Document
https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
ISC StormCast for Friday, September 18th 2020
18 september 2020 |
6 min
OSSEC Active Response
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
ISC StormCast for Thursday, September 17th 2020
17 september 2020 |
6 min
Most Recent "Mirai" Bot Includes Code to Target Backups
https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
ISC StormCast for Wednesday, September 16th 2020
16 september 2020 |
6 min
Traffic Analysis Quiz: Oh No... Another Infection
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
ISC StormCast for Tuesday, September 15th 2020
15 september 2020 |
5 min
Not Everything About ".well-known" is Well Known
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
ISC StormCast for Monday, September 14th 2020
14 september 2020 |
6 min
Pillaging and Protecting the Clipboard
https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
ISC StormCast for Friday, September 11th 2020
11 september 2020 |
8 min
Recent Dridex Activity
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
ISC StormCast for Thursday, September 10th 2020
10 september 2020 |
6 min
MacOS 11 Network Traffic
https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/
Azure Offers Automatic Windows VM Patching
https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/
WeaveScope Used to Attack Docker Infrastructure
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/
Azure Offers Automatic Windows VM Patching
https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/
WeaveScope Used to Attack Docker Infrastructure
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
ISC StormCast for Wednesday, September 9th 2020
9 september 2020 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
https://isc.sans.edu/forums/diary/Microsoft+September+2020+Patch+Tuesday/26544/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
ISC StormCast for Tuesday, September 8th 2020
8 september 2020 |
6 min
A Blast From The Past: XXEncoded VB 6.0 Trojan
https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/
Office: About OLE and ZIP Files
https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/
Go XSS Vulnerability
https://seclists.org/fulldisclosure/2020/Sep/5
"Baka" JavaScript Skimmer
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/
Office: About OLE and ZIP Files
https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/
Go XSS Vulnerability
https://seclists.org/fulldisclosure/2020/Sep/5
"Baka" JavaScript Skimmer
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
ISC StormCast for Friday, September 4th 2020
4 september 2020 |
6 min
Sandbox Evasion Using NTP
https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/
Android DNS over HTTPS
https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html
Cisco Jabber Vulnerability Fullowup
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/
Android DNS over HTTPS
https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html
Cisco Jabber Vulnerability Fullowup
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
ISC StormCast for Thursday, September 3rd 2020
3 september 2020 |
6 min
Python and Risky Windows API Calls
https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/
QNAP Updates
https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825
https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817
iOS 13.7 Update
https://support.apple.com/en-us/HT201222
Cisco Jabber Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
MoFi Router Vulnerabilities
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/
QNAP Updates
https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825
https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817
iOS 13.7 Update
https://support.apple.com/en-us/HT201222
Cisco Jabber Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
MoFi Router Vulnerabilities
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
ISC StormCast for Wednesday, September 2nd 2020
2 september 2020 |
7 min
Exposed Domain Controllers Used in DDoS Attacks
https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
Microsoft Reviving SHA-1
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585
Trend Micro Updating Anti Malware Products
https://success.trendmicro.com/solution/000263632
Public Voter Data Sold as "Breach"
https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
Microsoft Reviving SHA-1
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585
Trend Micro Updating Anti Malware Products
https://success.trendmicro.com/solution/000263632
Public Voter Data Sold as "Breach"
https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
ISC StormCast for Tuesday, September 1st 2020
1 september 2020 |
5 min
Finding The Original Maldoc
https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/
Slack Remote Code Execution
https://hackerone.com/reports/783877
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Cisco IOS XR Bug Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/
Slack Remote Code Execution
https://hackerone.com/reports/783877
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Cisco IOS XR Bug Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
ISC StormCast for Monday, August 31st 2020
31 augusti 2020 |
7 min
CenturyLink Outage
https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
New Zealand Stock Market Denial of Service Attack
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
Pulse Connect Secure RCE Patch
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
New Zealand Stock Market Denial of Service Attack
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
Pulse Connect Secure RCE Patch
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
ISC StormCast for Friday, August 28th 2020
28 augusti 2020 |
7 min
A Reminder about Security.txt
https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/
DNS Queries to Root Name Servers
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/
Microsoft Extends Windows 10 1803 Deadline
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
LemonDuck Adding New Tricks
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/
DNS Queries to Root Name Servers
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/
Microsoft Extends Windows 10 1803 Deadline
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
LemonDuck Adding New Tricks
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
ISC StormCast for Thursday, August 27th 2020
27 augusti 2020 |
6 min
Malicious Excel Sheet with a NULL VT Score
https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/
APT Attack Uses Autodesk Plugin
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
Arrest in Insider Attack
https://www.justice.gov/opa/press-release/file/1308766/download
https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/
APT Attack Uses Autodesk Plugin
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
Arrest in Insider Attack
https://www.justice.gov/opa/press-release/file/1308766/download
ISC StormCast for Wednesday, August 26th 2020
26 augusti 2020 |
5 min
Keep an Eye on LOLBins
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
ISC StormCast for Tuesday, August 25th 2020
25 augusti 2020 |
6 min
Tracking a Malware Campaign Through VT
https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
ISC StormCast for Monday, August 24th 2020
24 augusti 2020 |
7 min
A Word of Caution: Helping Cyber Stalking Victims
https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
ISC StormCast for Friday, August 21st 2020
21 augusti 2020 |
7 min
Office 365 Mail Forwarding Rules (and other Mail Rules too)
https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
ISC StormCast for Thursday, August 20th 2020
20 augusti 2020 |
6 min
Example of a Word Document Delivering Qakbot
https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
ISC StormCast for Wednesday, August 19th 2020
19 augusti 2020 |
6 min
Using APIs to Track Attackers
https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
ISC StormCast for Tuesday, August 18th 2020
18 augusti 2020 |
6 min
Apache Struts Patch and PoC Exploit
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
ISC StormCast for Monday, August 17th 2020
17 augusti 2020 |
5 min
SANS Data Incident 2020 - Indicators of Compromise
https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
ISC StormCast for Friday, August 14th 2020
14 augusti 2020 |
8 min
Decrypting Voice over LTE Calls
https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
ISC StormCast for Thursday, August 13th 2020
13 augusti 2020 |
7 min
To the Brim at the Gates of Mordor
https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/
Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/
Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
ISC StormCast for Wednesday, August 12th 2020
12 augusti 2020 |
5 min
vBulletin 0-Day Exploit
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/
Adobe Patches
https://helpx.adobe.com/security.html
Citrix End Point Management Updates
https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/
Adobe Patches
https://helpx.adobe.com/security.html
Citrix End Point Management Updates
https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
ISC StormCast for Tuesday, August 11th 2020
11 augusti 2020 |
7 min
Small Challenge: A Simple Word Maldoc (Solution)
https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/
Scoping Web Application Pentests
https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/
Problems With Chrome Extensions
https://adguard.com/en/blog/fake-ad-blockers-part-3.html
PDF Test Suite
https://github.com/RUB-NDS/PDF101
https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png
Teamviewer Update
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/
Scoping Web Application Pentests
https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/
Problems With Chrome Extensions
https://adguard.com/en/blog/fake-ad-blockers-part-3.html
PDF Test Suite
https://github.com/RUB-NDS/PDF101
https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png
Teamviewer Update
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
ISC StormCast for Monday, August 10th 2020
10 augusti 2020 |
7 min
Scanning Activity Against WIFICAM Using Netcat
https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
Qualcom Snapdragon Vulnerabilities
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
China Blocking TLS 1.3 and ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
Qualcom Snapdragon Vulnerabilities
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
China Blocking TLS 1.3 and ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
ISC StormCast for Friday, August 7th 2020
7 augusti 2020 |
6 min
FTCode Ransomware Resurfaces
https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/
Microsoft Anti-Malware Flaging Host File Manipulation
https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/
Reviving older printer vulnerablity
https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685
https://isc.sans.edu/forums/diary/A+Fork+of+the+FTCode+Powershell+Ransomware/26434/
Microsoft Anti-Malware Flaging Host File Manipulation
https://www.bleepingcomputer.com/news/microsoft/windows-10-hosts-file-blocking-telemetry-is-now-flagged-as-a-risk/
Reviving older printer vulnerablity
https://www.blackhat.com/us-20/briefings/schedule/#a-decade-after-stuxnets-printer-vulnerability-printing-is-still-the-stairway-to-heaven-19685
ISC StormCast for Thursday, August 6th 2020
6 augusti 2020 |
6 min
Malware Analysis Quiz
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
Exploiting CVE-2020-9854 on MacOS
https://objective-see.com/blog/blog_0x4D.html
iOS OAuth2 Vulnerablity
https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/
Limiting Location Data Exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
Exploiting CVE-2020-9854 on MacOS
https://objective-see.com/blog/blog_0x4D.html
iOS OAuth2 Vulnerablity
https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/
Limiting Location Data Exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
ISC StormCast for Wednesday, August 5th 2020
5 augusti 2020 |
6 min
A Reminder to Patch CVE-2020-3452. Active Exploitation Seen
https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/
Internet Choke Points: Concentration of Authoritative Name Servers
https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
August Android Patches Released
https://source.android.com/security/bulletin/2020-08-01
Possible New iOS Jailbreak Affecting Secure Enclave
https://twitter.com/SparkZheng/status/1286599007834271744
https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/
Internet Choke Points: Concentration of Authoritative Name Servers
https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
August Android Patches Released
https://source.android.com/security/bulletin/2020-08-01
Possible New iOS Jailbreak Affecting Secure Enclave
https://twitter.com/SparkZheng/status/1286599007834271744
ISC StormCast for Tuesday, August 4th 2020
4 augusti 2020 |
6 min
VBA Macro With Multiple Command and Control Channels
https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/
Boothole Patch Causes Unbootable Systems
https://access.redhat.com/solutions/5272311
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery
Disabling MacOS TCC
https://objective-see.com/blog/blog_0x4C.html
CISA Publishes Details about Chinese Malware
https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/
Boothole Patch Causes Unbootable Systems
https://access.redhat.com/solutions/5272311
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery
Disabling MacOS TCC
https://objective-see.com/blog/blog_0x4C.html
CISA Publishes Details about Chinese Malware
https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
ISC StormCast for Monday, August 3rd 2020
3 augusti 2020 |
5 min
Pages Hit By Bad Bots
https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/
KeePassRPC Vulnerablity
https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040
QNAP Updates Malware Remover
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
Android Phone Updates
https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/
KeePassRPC Vulnerablity
https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040
QNAP Updates Malware Remover
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
Android Phone Updates
https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
ISC StormCast for Friday, July 31st 2020
31 juli 2020 |
6 min
Python Developers: Prepare!
https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/
Office 365 Phishing Hiding in Google Ads
https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/
Zoom Brute Forcing Vulnerability
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
Netgear Vulnerabilities
https://www.kb.cert.org/vuls/id/576779
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
OPNSense Update
https://opnsense.org/opnsense-20-7/
Microsoft Retiring SHA1
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/
Office 365 Phishing Hiding in Google Ads
https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/
Zoom Brute Forcing Vulnerability
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
Netgear Vulnerabilities
https://www.kb.cert.org/vuls/id/576779
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
OPNSense Update
https://opnsense.org/opnsense-20-7/
Microsoft Retiring SHA1
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
ISC StormCast for Thursday, July 30th 2020
30 juli 2020 |
6 min
Consumer VPNs: You May Be Fine Without It
https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/
Tails Update
https://tails.boum.org/news/version_4.9/index.en.html
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
Chrome Update
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
GRUB2 Vulnerability
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Facial Recognition With Masks
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/
Tails Update
https://tails.boum.org/news/version_4.9/index.en.html
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
Chrome Update
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
GRUB2 Vulnerability
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Facial Recognition With Masks
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
ISC StormCast for Wednesday, July 29th 2020
29 juli 2020 |
6 min
New Datafeeds
https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/
Emotet Stealing Email Attachments
https://twitter.com/CofenseLabs/status/1288167724594671618
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Explosed Docker Servers Infected with More Malware
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/
Emotet Stealing Email Attachments
https://twitter.com/CofenseLabs/status/1288167724594671618
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Explosed Docker Servers Infected with More Malware
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
ISC StormCast for Tuesday, July 28th 2020
28 juli 2020 |
5 min
In Memory of Donald Smith
https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/
Analyzing Metasploit ASP .Net Payloads
https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/
Emotet Payloads Replaces with GIFs
https://twitter.com/GossiTheDog/status/1286271503005290497
QNAP Devices Attacked
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/
Analyzing Metasploit ASP .Net Payloads
https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/
Emotet Payloads Replaces with GIFs
https://twitter.com/GossiTheDog/status/1286271503005290497
QNAP Devices Attacked
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
ISC StormCast for Monday, July 27th 2020
27 juli 2020 |
6 min
Compromized Desktop Applications By Web Technologies
https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/
Cracking Maldoc VBA Project Passwords
https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/
Cisco Patching Treck IP Stack Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Ubiquity Devices Breack Due to Malformed Feed
https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/
Cracking Maldoc VBA Project Passwords
https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/
Cisco Patching Treck IP Stack Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Ubiquity Devices Breack Due to Malformed Feed
https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
ISC StormCast for Friday, July 24th 2020
24 juli 2020 |
6 min
Simple Blocklisting with MISP and pfSense
https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/
ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST)
https://isc.sans.edu/api/intelfeed?json
(also see isc.sans.edu/api )
ASUS RT-AC1900P Router Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440
DLink Leaks Firmware Encryption Key
https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/
ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST)
https://isc.sans.edu/api/intelfeed?json
(also see isc.sans.edu/api )
ASUS RT-AC1900P Router Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440
DLink Leaks Firmware Encryption Key
https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
ISC StormCast for Thursday, July 23rd 2020
23 juli 2020 |
6 min
A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092
https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/
PDF Signature Weaknesses
https://pdf-insecurity.org/
Sharepoint Vulnerabliity PoC CVE-2020-1147
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Twilio Compromise
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/
PDF Signature Weaknesses
https://pdf-insecurity.org/
Sharepoint Vulnerabliity PoC CVE-2020-1147
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Twilio Compromise
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
ISC StormCast for Wednesday, July 22nd 2020
22 juli 2020 |
5 min
Comparing Covid19 Remote Services in Different Countries
https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/
Adobe Patches Photoshop
https://helpx.adobe.com/security/products/bridge/apsb20-44.html
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Citrix Workspace App Vulnerability
https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/
Microsoft Publishes Sysinternals Procmon for Linux
https://github.com/microsoft/ProcMon-for-Linux
https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/
Adobe Patches Photoshop
https://helpx.adobe.com/security/products/bridge/apsb20-44.html
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Citrix Workspace App Vulnerability
https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/
Microsoft Publishes Sysinternals Procmon for Linux
https://github.com/microsoft/ProcMon-for-Linux
ISC StormCast for Tuesday, July 21st 2020
21 juli 2020 |
6 min
Sextortion Follow the Money Wrapup
https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/
"BadPower" USB-C Charger Firmware Weakness (link in chinese)
https://xlab.tencent.com/cn/2020/07/16/badpower/
Zoom Phishing
https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/
Microsoft Office TLS 1.x Phaseout
https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/
"BadPower" USB-C Charger Firmware Weakness (link in chinese)
https://xlab.tencent.com/cn/2020/07/16/badpower/
Zoom Phishing
https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/
Microsoft Office TLS 1.x Phaseout
https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
ISC StormCast for Monday, July 20th 2020
20 juli 2020 |
6 min
#SigRed Update
https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Exploitation of ZeroShell Routers
https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
Zone.Identifier: A Coupe of Observations
https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/
Forgotten tcpdump Options
https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Exploitation of ZeroShell Routers
https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
Zone.Identifier: A Coupe of Observations
https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/
Forgotten tcpdump Options
https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
ISC StormCast for Friday, July 17th 2020
17 juli 2020 |
14 min
Twitter Compromise
https://twitter.com/TwitterSupport/status/1283591846464233474?s=20
SIGRed PoC
hxxps://github.com/maxpl0it/CVE-2020-1350-DoS
Apple Updates
https://support.apple.com/en-us/HT201222
SAP PoC Exploit Code Published
https://github.com/chipik/SAP_RECON
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
SANS.edu Student: Aaron Elyard: KITT
https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655
KITT: https://github.com/intrepidtechie/KITT-O365-Tool
https://twitter.com/TwitterSupport/status/1283591846464233474?s=20
SIGRed PoC
hxxps://github.com/maxpl0it/CVE-2020-1350-DoS
Apple Updates
https://support.apple.com/en-us/HT201222
SAP PoC Exploit Code Published
https://github.com/chipik/SAP_RECON
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
SANS.edu Student: Aaron Elyard: KITT
https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655
KITT: https://github.com/intrepidtechie/KITT-O365-Tool
ISC StormCast for Thursday, July 16th 2020
16 juli 2020 |
5 min
MSFT DNS Server Vulnerability
https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/
https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120
Outlook Crashes After Patch Tuesday Updates
https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2020.html
Cisco Backdoors
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/
https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120
Outlook Crashes After Patch Tuesday Updates
https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2020.html
Cisco Backdoors
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
ISC StormCast for Wednesday, July 15th 2020
15 juli 2020 |
6 min
MSFT Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/
Adobe Patches
https://helpx.adobe.com/security.html
https://isc.sans.edu/forums/diary/Microsoft+July+2020+Patch+Tuesday+Patch+Now/26350/
Adobe Patches
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, July 14th 2020
14 juli 2020 |
6 min
Purged VBA Code
https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/
Password protected VBA Code
https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/
MacOS mount_apfs TCC Bypass
https://theevilbit.github.io/posts/cve_2020_9771/
https://isc.sans.edu/forums/diary/Maldoc+VBA+Purging+Example/26342/
Password protected VBA Code
https://isc.sans.edu/forums/diary/VBA+Project+Passwords/26346/
MacOS mount_apfs TCC Bypass
https://theevilbit.github.io/posts/cve_2020_9771/
ISC StormCast for Monday, July 13th 2020
13 juli 2020 |
7 min
Excel Spreadsheet Macro Kicks Off Formbook Infection
https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
Zoom Update Fixing Zoom on Windows 7 Vulnerability
https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020
DigiCert Replaces 50,000 EV Certificates
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement
Microsoft Warns of OAUTH consent Phishing
https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
Zoom Update Fixing Zoom on Windows 7 Vulnerability
https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020
DigiCert Replaces 50,000 EV Certificates
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement
Microsoft Warns of OAUTH consent Phishing
https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
ISC StormCast for Friday, July 10th 2020
10 juli 2020 |
14 min
Citrix Scanning
https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Google Releases Tsunami Security Scanner
https://github.com/google/tsunami-security-scanner
SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes
https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Google Releases Tsunami Security Scanner
https://github.com/google/tsunami-security-scanner
SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes
https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
ISC StormCast for Thursday, July 9th 2020
9 juli 2020 |
7 min
Obfuscated Malware
https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/
PaloAlto Networks PAN-OS CVE-2020-2034
https://security.paloaltonetworks.com/CVE-2020-2034
Citrix Vulnerability Details (CVE-2020-8194)
https://dmaasland.github.io/posts/citrix.html
Mozilla Suspending Send Service
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/
PaloAlto Networks PAN-OS CVE-2020-2034
https://security.paloaltonetworks.com/CVE-2020-2034
Citrix Vulnerability Details (CVE-2020-8194)
https://dmaasland.github.io/posts/citrix.html
Mozilla Suspending Send Service
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
ISC StormCast for Wednesday, July 8th 2020
8 juli 2020 |
5 min
F5 Big IP Wrapup
https://twitter.com/NCCGroupInfosec/status/1280593966879125504
https://www.sans.org/webcasts/116065
Citrix ADC / Citrix Gateway Patches
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Microsoft Releases Free Memory Analysis Service
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
https://twitter.com/NCCGroupInfosec/status/1280593966879125504
https://www.sans.org/webcasts/116065
Citrix ADC / Citrix Gateway Patches
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Microsoft Releases Free Memory Analysis Service
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
ISC StormCast for Tuesday, July 7th 2020
7 juli 2020 |
5 min
More BigIP Exploits
https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/
Special F5 BigIP Webcast
https://www.sans.org/webcasts/116065
Microsoft ATP Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445
Ouch Newsletter: Ransomware
https://www.sans.org/security-awareness-training/resources/ransomware
Extended Research Feed: Added Net Systems Research
https://isc.sans.edu/api/threatcategory/research
https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/
Special F5 BigIP Webcast
https://www.sans.org/webcasts/116065
Microsoft ATP Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445
Ouch Newsletter: Ransomware
https://www.sans.org/security-awareness-training/resources/ransomware
Extended Research Feed: Added Net Systems Research
https://isc.sans.edu/api/threatcategory/research
ISC StormCast for Monday, July 6th 2020
6 juli 2020 |
6 min
F5 BigIP Critical RCE
https://support.f5.com/csp/article/K52145254
https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller
Guacamole RDP Gateway Vulnerability
https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/
Barclays Caught Serving Code from Wayback Machine
https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/
https://support.f5.com/csp/article/K52145254
https://isc.sans.edu/forums/diary/CVE20205902+F5+BIGIP+Exploitation+Attempt/26310/
https://github.com/rapid7/metasploit-framework/pull/13807/commits/0417e88ff24bf05b8874c953bd91600f10186ba4
https://www.ptsecurity.com/ww-en/about/news/f5-fixes-critical-vulnerability-discovered-by-positive-technologies-in-big-ip-application-delivery-controller
Guacamole RDP Gateway Vulnerability
https://blog.checkpoint.com/2020/07/02/hole-y-guacamole-fixing-critical-vulnerabilities-in-apaches-popular-remote-desktop-gateway/
Barclays Caught Serving Code from Wayback Machine
https://www.theregister.com/2020/07/03/barclays_bank_javascript_wayback_machine/
ISC StormCast for Thursday, July 2nd 2020
2 juli 2020 |
4 min
Alina PoS Malware Exfiltrating Data via DNS
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Evil Quest "Ransomware" Update
https://objective-see.com/blog/blog_0x59.html
IBM Cyber Resilient Organziation Report
https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Evil Quest "Ransomware" Update
https://objective-see.com/blog/blog_0x59.html
IBM Cyber Resilient Organziation Report
https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
ISC StormCast for Wednesday, July 1st 2020
1 juli 2020 |
6 min
Window 10 / 2019 Server Out of Order Patch
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
MacOS Ransomare Arrives as Fake Little Snitch Software
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
VPN Privilege Escalation
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
DNSSEC Phishing Scam
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
MacOS Ransomare Arrives as Fake Little Snitch Software
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
VPN Privilege Escalation
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
DNSSEC Phishing Scam
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
ISC StormCast for Tuesday, June 30th 2020
30 juni 2020 |
5 min
Sysmon 11.10 and ADS Logging
https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/
Paloalto PAN-OS SAML Vulnerability
https://security.paloaltonetworks.com/CVE-2020-2021
Cisco Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
https://isc.sans.edu/forums/diary/Sysmon+and+Alternate+Data+Streams/26292/
Paloalto PAN-OS SAML Vulnerability
https://security.paloaltonetworks.com/CVE-2020-2021
Cisco Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-telnetd-EFJrEzPx
https://appgateresearch.blogspot.com/2020/02/bravestarr-fedora-31-netkit-telnetd_28.html
ISC StormCast for Monday, June 29th 2020
29 juni 2020 |
7 min
MacOS 11 Security Changes
https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/
Certificate Lifetime Limited to 1 Year Starting September
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
https://support.apple.com/en-us/HT211025
https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/
Certificate Lifetime Limited to 1 Year Starting September
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
https://support.apple.com/en-us/HT211025
https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
ISC StormCast for Friday, June 26th 2020
26 juni 2020 |
17 min
Recordings of the Tech Tuesday Workshop
https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
Credit Card Skimmers Hide Code in Favicon EXIF Data
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
GeoVision Scanners Vulnerabilities
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
Docker Images Containing Cryptojacking Malware
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
Credit Card Skimmers Hide Code in Favicon EXIF Data
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
GeoVision Scanners Vulnerabilities
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
Docker Images Containing Cryptojacking Malware
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
ISC StormCast for Thursday, June 25th 2020
25 juni 2020 |
6 min
Using Shell Links as zero-touch downloaders and to initiate network connections
https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Chrome Updates Released
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
QNAP Updates for Helpdesk
https://www.qnap.com/de-de/security-advisory/qsa-20-03
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-41.html
Attacks Against Microsoft Exchange Servers
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Chrome Updates Released
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
QNAP Updates for Helpdesk
https://www.qnap.com/de-de/security-advisory/qsa-20-03
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-41.html
Attacks Against Microsoft Exchange Servers
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
ISC StormCast for Wednesday, June 24th 2020
24 juni 2020 |
6 min
Analysis Of Traffic Targeting CyberBunker IP Space
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
Microsoft Offering Enterprise Security Products for Linux/Android
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344
Microsoft Safe Documents
https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
Microsoft Offering Enterprise Security Products for Linux/Android
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344
Microsoft Safe Documents
https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
ISC StormCast for Tuesday, June 23rd 2020
23 juni 2020 |
7 min
Comparing Office Documents with WinMerge
https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/
VMWare Tools and Microsoft Office Updates for macOS
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229
Remote Code Execution Vulnerability in Bitdefender
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Google Analytics Used to Exfiltrate Data
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/
VMWare Tools and Microsoft Office Updates for macOS
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229
Remote Code Execution Vulnerability in Bitdefender
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Google Analytics Used to Exfiltrate Data
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
ISC StormCast for Monday, June 22nd 2020
22 juni 2020 |
5 min
Sigma Rules! The Generic Signature Format for SIEM Systems
https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/
Pi Zero Honeypot
https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/
Ransomware Operators Lurk on Your Network
https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/
Discord Modified to Steal Accounts
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/
Pi Zero Honeypot
https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/
Ransomware Operators Lurk on Your Network
https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/
Discord Modified to Steal Accounts
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
ISC StormCast for Friday, June 19th 2020
19 juni 2020 |
6 min
Broken Phishing Accidentially Exploiting Outlook Zero-Day
https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/
Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430
Cisco Updates
Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
All Advisories: https://tools.cisco.com/security/center/publicationListing.x
Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability
https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
https://isc.sans.edu/forums/diary/Broken+phishing+accidentally+exploiting+Outlook+zeroday/26254/
Webcast: https://www.sans.org/webcasts/sansatmic-catch-release-phishing-techniques-good-guys-115430
Cisco Updates
Treck IP Stack: https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
All Advisories: https://tools.cisco.com/security/center/publicationListing.x
Netgear httpd Firmware Upload Stack-based Buffer Overflow RCE Vulnerability
https://blog.grimm-co.com/2020/06/soho-device-exploitation.html
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
ISC StormCast for Thursday, June 18th 2020
18 juni 2020 |
7 min
Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation
https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/
Zoom Publishes End-to-End Encryption Whitepaper
https://github.com/zoom/zoom-e2e-whitepaper
Linux ACPI Bug Defeats UEFI Secure Boot
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/
Zoom Publishes End-to-End Encryption Whitepaper
https://github.com/zoom/zoom-e2e-whitepaper
Linux ACPI Bug Defeats UEFI Secure Boot
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
ISC StormCast for Wednesday, June 17th 2020
17 juni 2020 |
7 min
Sextortion to the Next Level
https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
TMobile Outage Due to Configuration Error
https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Track IP Stack Contains Multiple Vulnerabilities
https://www.kb.cert.org/vuls/id/257161
https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
TMobile Outage Due to Configuration Error
https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Track IP Stack Contains Multiple Vulnerabilities
https://www.kb.cert.org/vuls/id/257161
ISC StormCast for Tuesday, June 16th 2020
16 juni 2020 |
7 min
HTML Based Phishing Run
https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/
Major T-Mobile Outage (may affect other carriers as well)
https://twitter.com/NevilleRay/status/1272650750665953280
https://status.duo.com/incidents/txv7kq6tr0h8
Vulnerabilities in LTE and 5G Networks
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
SANSFIRE Handler Talks
Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420
Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/
Major T-Mobile Outage (may affect other carriers as well)
https://twitter.com/NevilleRay/status/1272650750665953280
https://status.duo.com/incidents/txv7kq6tr0h8
Vulnerabilities in LTE and 5G Networks
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
SANSFIRE Handler Talks
Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420
Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
ISC StormCast for Monday, June 15th 2020
15 juni 2020 |
6 min
Fileless Excel Malware
https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/
Windows Update Issues
https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10
https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099
Privnote.com Phishing
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
SANS @Mic Talk: ISC Handler Bojan Zdrnja
https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/
Windows Update Issues
https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10
https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099
Privnote.com Phishing
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
SANS @Mic Talk: ISC Handler Bojan Zdrnja
https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
ISC StormCast for Friday, June 12th 2020
12 juni 2020 |
7 min
Anti-Debugging JavaScript Techniques
https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
Facebook Messenger Desktop App Vulnerability
https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
Outlook Massmailing Macros
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?
Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580
Video: https://youtu.be/faoFx7Q3_aM
https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
Facebook Messenger Desktop App Vulnerability
https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
Outlook Massmailing Macros
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?
Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580
Video: https://youtu.be/faoFx7Q3_aM
ISC StormCast for Thursday, June 11th 2020
11 juni 2020 |
6 min
Job Application Themed Malspam Pushes ZLoader
https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/
More Expiring Root CAs
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Black Lives Matter Themed Malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/
More Expiring Root CAs
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Black Lives Matter Themed Malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
ISC StormCast for Wednesday, June 10th 2020
10 juni 2020 |
6 min
Microsoft Patch Day
https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
SMBleed
https://github.com/ZecOps/CVE-2020-1206-POC
Adobe Patches
https://helpx.adobe.com/security.html
Intel Patch Day
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
SMBleed
https://github.com/ZecOps/CVE-2020-1206-POC
Adobe Patches
https://helpx.adobe.com/security.html
Intel Patch Day
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
ISC StormCast for Tuesday, June 9th 2020
9 juni 2020 |
7 min
Translating BASE64 Obfuscated Scripts
https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/
Fake Ransomware Decryptor
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/
GNUTLS TLS 1.3 Machine in the Middle
https://gitlab.com/gnutls/gnutls/-/issues/1011
CallStranger UPNP Vulnerability
https://callstranger.com/
Shellcode Analysis 101
https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160
https://isc.sans.edu/forums/diary/Translating+BASE64+Obfuscated+Scripts/26214/
Fake Ransomware Decryptor
https://www.bleepingcomputer.com/news/security/fake-ransomware-decryptor-double-encrypts-desperate-victims-files/
GNUTLS TLS 1.3 Machine in the Middle
https://gitlab.com/gnutls/gnutls/-/issues/1011
CallStranger UPNP Vulnerability
https://callstranger.com/
Shellcode Analysis 101
https://www.sans.org/webcasts/sansatmic-shellcode-analysis-101-114160
ISC StormCast for Monday, June 8th 2020
8 juni 2020 |
6 min
PHP FastCGI Attacks
https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/
Protest Cybersecurity
https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/
uBlock Origin Blocks Portscans
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-01
https://isc.sans.edu/forums/diary/Not+so+FastCGI/26208/
Protest Cybersecurity
https://isc.sans.edu/forums/diary/Cyber+Security+for+Protests/26210/
uBlock Origin Blocks Portscans
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-01
ISC StormCast for Friday, June 5th 2020
5 juni 2020 |
13 min
Anti-Debugging Technique Based on Memory Protection
https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/
Suspending Suspicious Domain Feed/Update to Researcher IP Feed
https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/
Bank Transaction Comments Used for Abusive Messages
https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/
Android Security Bulletin
https://source.android.com/security/bulletin/2020-06-01
Android Wallpaper Crash
https://www.androidauthority.com/android-wallpaper-crash-1124577/
STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS
https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/
Suspending Suspicious Domain Feed/Update to Researcher IP Feed
https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/
Bank Transaction Comments Used for Abusive Messages
https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/
Android Security Bulletin
https://source.android.com/security/bulletin/2020-06-01
Android Wallpaper Crash
https://www.androidauthority.com/android-wallpaper-crash-1124577/
STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS
https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
ISC StormCast for Thursday, June 4th 2020
4 juni 2020 |
6 min
Polish Malspam Pushes ZLoader Malware
https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
Cisco Patches IP-in-IP Flaw
https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
Zoom Fixes Two Critical Flaws
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS
https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
Cisco Patches IP-in-IP Flaw
https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
Zoom Fixes Two Critical Flaws
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS
https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
ISC StormCast for Wednesday, June 3rd 2020
3 juni 2020 |
6 min
Type 2 Strackstrings
https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/
More Details About AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
VMWare Cloud Director Vulnerability and Exploit
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/
More Details About AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
VMWare Cloud Director Vulnerability and Exploit
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
ISC StormCast for Tuesday, June 2nd 2020
2 juni 2020 |
7 min
Apple Patches Unc0ver
https://support.apple.com/en-us/HT201222
Office 365 Adds Details About Malicious E-Mail Attachments
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570
Impact of Research on Our Data
https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
https://support.apple.com/en-us/HT201222
Office 365 Adds Details About Malicious E-Mail Attachments
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570
Impact of Research on Our Data
https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
ISC StormCast for Monday, June 1st 2020
1 juni 2020 |
6 min
Sectigo AddTrust CA Expired
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Critical Sign In With Apple Flaw
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
DABANGG: Refined Flush Based Cache Attacks
https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf
New Website Explaining FIDO
https://loginwithfido.com/
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Critical Sign In With Apple Flaw
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
DABANGG: Refined Flush Based Cache Attacks
https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf
New Website Explaining FIDO
https://loginwithfido.com/
ISC StormCast for Friday, May 29th 2020
29 maj 2020 |
19 min
USBFuzz Finds Numerous USB Flaws
https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
ISC StormCast for Thursday, May 28th 2020
28 maj 2020 |
7 min
Phishing With Google Cloud
https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/
Trend Micro AntiVirus Blocked by Microsoft
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/
Trend Micro AntiVirus Blocked by Microsoft
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
ISC StormCast for Wednesday, May 27th 2020
27 maj 2020 |
6 min
Where is SHA3
https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/
Apple Updates
https://support.apple.com/en-us/HT201222
Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-20-666/
https://www.zerodayinitiative.com/advisories/ZDI-20-665/
https://www.zerodayinitiative.com/advisories/ZDI-20-663/
https://www.zerodayinitiative.com/advisories/ZDI-20-662/
https://www.zerodayinitiative.com/advisories/ZDI-20-664/
Research into Phish Detection
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/
Apple Updates
https://support.apple.com/en-us/HT201222
Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-20-666/
https://www.zerodayinitiative.com/advisories/ZDI-20-665/
https://www.zerodayinitiative.com/advisories/ZDI-20-663/
https://www.zerodayinitiative.com/advisories/ZDI-20-662/
https://www.zerodayinitiative.com/advisories/ZDI-20-664/
Research into Phish Detection
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
ISC StormCast for Tuesday, May 26th 2020
26 maj 2020 |
7 min
Malicious PowerPoint Add-Ins Deliver Malware
https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/
Virtual Machine Delivers Malware
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
iOS Patch Analysis
https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/
eBay Port Scanning
https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/
iPhone Jailbreak
https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html
SANSFIRE
https://isc.sans.edu/sansfire
https://isc.sans.edu/forums/diary/AgentTesla+Delivered+via+a+Malicious+PowerPoint+AddIn/26162/
Virtual Machine Delivers Malware
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/
iOS Patch Analysis
https://blog.zecops.com/vulnerabilities/hidden-demons-maildemon-patch-analysis-ios-13-4-5-beta-vs-ios-13-5/
eBay Port Scanning
https://www.ghacks.net/2020/05/25/ebay-is-port-scanning-your-system-when-you-load-the-webpage/
iPhone Jailbreak
https://thehackernews.com/2020/05/iphone-ios-jailbreak-tools.html
SANSFIRE
https://isc.sans.edu/sansfire
ISC StormCast for Friday, May 22nd 2020
22 maj 2020 |
6 min
Malware Triage with FLOSS: API Calls Based Behavior
https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/
Verizon Breach Report
https://enterprise.verizon.com/resources/reports/dbir/
Apple Updates
https://support.apple.com/en-us/HT201222
Sophos Firewall Vulnerability Exploit
https://news.sophos.com/en-us/2020/05/21/asnarok2/
https://isc.sans.edu/forums/diary/Malware+Triage+with+FLOSS+API+Calls+Based+Behavior/26156/
Verizon Breach Report
https://enterprise.verizon.com/resources/reports/dbir/
Apple Updates
https://support.apple.com/en-us/HT201222
Sophos Firewall Vulnerability Exploit
https://news.sophos.com/en-us/2020/05/21/asnarok2/
ISC StormCast for Thursday, May 21st 2020
21 maj 2020 |
6 min
IceID Malware Update
https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
NXNSAttack DNS Amplification
https://www.nxnsattack.com/
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
Adobe Updates
https://helpx.adobe.com/security.html
https://isc.sans.edu/forums/diary/Microsoft+Word+document+with+malicious+macro+pushes+IcedID+Bokbot/26146/
NXNSAttack DNS Amplification
https://www.nxnsattack.com/
https://en.blog.nic.cz/2020/05/19/nxnsattack-upgrade-resolvers-to-stop-new-kind-of-random-subdomain-attack/
Adobe Updates
https://helpx.adobe.com/security.html
ISC StormCast for Wednesday, May 20th 2020
20 maj 2020 |
7 min
Spike of Scans for Port 62234
https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB
Google Chrome 83 Released
https://chromereleases.googleblog.com/
QNAP Vulnerability Details Released
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
ISC YouTube Channel
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB
Google Chrome 83 Released
https://chromereleases.googleblog.com/
QNAP Vulnerability Details Released
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
ISC YouTube Channel
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
ISC StormCast for Tuesday, May 19th 2020
19 maj 2020 |
6 min
Antivirus & Multiple Detections
https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
ISC StormCast for Monday, May 18th 2020
18 maj 2020 |
6 min
OWA Scans
https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
ISC StormCast for Friday, May 15th 2020
15 maj 2020 |
6 min
Rethinking Severity
https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
ISC StormCast for Thursday, May 14th 2020
14 maj 2020 |
6 min
Malspam with Links to ZIP Archives Pushes Dridex Malware
https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
ISC StormCast for Wednesday, May 13th 2020
13 maj 2020 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
ISC StormCast for Tuesday, May 12th 2020
12 maj 2020 |
6 min
Excel 4 Macro Analysis: XLMMacroDeobfuscator
https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/
LinkedIn Phish
https://youtu.be/g0WHz6rikoc
ThunderSpy Thunderbolt Attack
https://thunderspy.io/
vBulletin Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-12720
Mini-Netwars
https://www.sans.org/mini-netwars
https://isc.sans.edu/forums/diary/Excel+4+Macro+Analysis+XLMMacroDeobfuscator/26110/
LinkedIn Phish
https://youtu.be/g0WHz6rikoc
ThunderSpy Thunderbolt Attack
https://thunderspy.io/
vBulletin Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2020-12720
Mini-Netwars
https://www.sans.org/mini-netwars
ISC StormCast for Monday, May 11th 2020
11 maj 2020 |
5 min
YARA 4.0.0 Released
https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/
VMWare Patches vRealize to Address Saltstack Vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2020-0009.html
Samsung Paches Android RCE Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://security.samsungmobile.com/securityUpdate.smsb
MacOS 2FA Application Trojan
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
https://isc.sans.edu/forums/diary/YARA+v400+BASE64+Strings/26106/
VMWare Patches vRealize to Address Saltstack Vulnerabilities
https://www.vmware.com/security/advisories/VMSA-2020-0009.html
Samsung Paches Android RCE Vulnerabilities
https://bugs.chromium.org/p/project-zero/issues/detail?id=2002
https://security.samsungmobile.com/securityUpdate.smsb
MacOS 2FA Application Trojan
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
ISC StormCast for Friday, May 8th 2020
8 maj 2020 |
6 min
Scanning With NMAP NSE Scripts
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
ISC StormCast for Thursday, May 7th 2020
7 maj 2020 |
6 min
Keeping an Eye on Malicious Files Life Time
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
ISC StormCast for Wednesday, May 6th 2020
6 maj 2020 |
5 min
Do Cloud Security Features Replace Pesonnel Security Capabilities?
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
ISC StormCast for Tuesday, May 5th 2020
5 maj 2020 |
5 min
Exploring the Sysmon 11 File Deletion Protection
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
ISC StormCast for Monday, May 4th 2020
4 maj 2020 |
5 min
ZIP Files and AES
https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
ISC StormCast for Friday, May 1st 2020
1 maj 2020 |
7 min
Collecting IOCs from IMAP Folder
https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
ISC StormCast for Thursday, April 30th 2020
30 april 2020 |
6 min
Privacy Preserving Protocols to Trace Covid19 Exposure
https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
ISC StormCast for Wednesday, April 29th 2020
29 april 2020 |
5 min
Agent Tesla Delivered by the Same Phishing Campagin for Over a Year
https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, April 28th 2020
28 april 2020 |
6 min
Powershell Payload Stored in a PSCredential Object
https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
ISC StormCast for Monday, April 27th 2020
27 april 2020 |
8 min
Malware Bazaar
https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/
CIRA Luanches Canadian Shield
https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians
Covid19 Tracing Protocols
https://github.com/DP-3T/documents
https://www.pepp-pt.org/content
https://www.apple.com/covid19/contacttracing/
Sophos XG Firewall SQL Injection Vulnerablity Exploited
https://community.sophos.com/kb/en-us/135412
https://isc.sans.edu/forums/diary/MALWARE+Bazaar/26052/
CIRA Luanches Canadian Shield
https://www.cira.ca/newsroom/canadian-shield/cira-launches-canadian-shield-provide-free-privacy-and-security-canadians
Covid19 Tracing Protocols
https://github.com/DP-3T/documents
https://www.pepp-pt.org/content
https://www.apple.com/covid19/contacttracing/
Sophos XG Firewall SQL Injection Vulnerablity Exploited
https://community.sophos.com/kb/en-us/135412
ISC StormCast for Friday, April 24th 2020
24 april 2020 |
7 min
GCC's New Security Analyzer Finds Flaw in OpenSSL
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
ISC StormCast for Thursday, April 23rd 2020
23 april 2020 |
6 min
iOS Mail 0Day
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
ISC StormCast for Wednesday, April 22nd 2020
22 april 2020 |
6 min
SpectX: Log Parser for DFIR
https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
ISC StormCast for Tuesday, April 21st 2020
21 april 2020 |
6 min
KPOT AutoIt Script: Analysis
https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/
FPGA Vulnerablity
https://www.usenix.org/conference/usenixsecurity20/presentation/ender
Nagios XI Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/179406
https://isc.sans.edu/forums/diary/KPOT+AutoIt+Script+Analysis/26012/
FPGA Vulnerablity
https://www.usenix.org/conference/usenixsecurity20/presentation/ender
Nagios XI Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/179406
ISC StormCast for Monday, April 20th 2020
20 april 2020 |
6 min
Weaponized RTF Document Generator Mailer in PowerShell
https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
ISC StormCast for Friday, April 17th 2020
17 april 2020 |
6 min
Applocker vs. Living off the Land Attacks
https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
ISC StormCast for Thursday, April 16th 2020
16 april 2020 |
5 min
Hunting Without IOCs
https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/
Cloudflare/Online Banking Outages
https://twitter.com/eastdakota/status/1250520852354854912
Crypto Currency Stealing Browser Extensions
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
https://isc.sans.edu/forums/diary/No+IOCs+No+Problem+Getting+a+Start+Hunting+for+Malicious+Office+Files/26026/
Cloudflare/Online Banking Outages
https://twitter.com/eastdakota/status/1250520852354854912
Crypto Currency Stealing Browser Extensions
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
ISC StormCast for Wednesday, April 15th 2020
15 april 2020 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
ISC StormCast for Tuesday, April 14th 2020
14 april 2020 |
6 min
Comparing the same Phishing Campaign 3 Months Appart
https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
ISC StormCast for Monday, April 13th 2020
13 april 2020 |
5 min
Dynamic Analysis Technique to Get Decrypted KPOT Malware
https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
ISC StormCast for Friday, April 10th 2020
10 april 2020 |
6 min
Spoofing OS Fingerprints
https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
ISC StormCast for Thursday, April 9th 2020
9 april 2020 |
6 min
German Malspam Pushes ZLoader Malware; Decrypting HTTPs
https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
ISC StormCast for Wednesday, April 8th 2020
8 april 2020 |
5 min
RDP Scanning Increase
https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
ISC StormCast for Tuesday, April 7th 2020
7 april 2020 |
7 min
ROSTELECOM Reroutes Traffic for Multiple Cloud Providers
https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
ISC StormCast for Monday, April 6th 2020
6 april 2020 |
6 min
New Bypass Technique or Corrupt Word Document
https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
ISC StormCast for Friday, April 3rd 2020
3 april 2020 |
7 min
Twitter Cache Bug in Firefox
https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
ISC StormCast for Thursday, April 2nd 2020
2 april 2020 |
6 min
Quakbot Malspam Sent From an Infected Windows Host
https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
ISC StormCast for Wednesday, April 1st 2020
1 april 2020 |
7 min
Kwampirs Update
https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/
Exposed RDP
https://blog.shodan.io/trends-in-internet-exposure/
D-Link DSL-2640B Vulnerability
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit
https://github.com/danigargu/CVE-2020-0796
https://isc.sans.edu/forums/diary/Kwampirs+Targeted+Attacks+Involving+Healthcare+Sector/25968/
Exposed RDP
https://blog.shodan.io/trends-in-internet-exposure/
D-Link DSL-2640B Vulnerability
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
SMB 3.1.1 (CVE-2020-0796) Local Privilege Escalation Exploit
https://github.com/danigargu/CVE-2020-0796
ISC StormCast for Tuesday, March 31st 2020
31 mars 2020 |
7 min
Crashing Windows Explorer Without a Click
https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
ISC StormCast for Monday, March 30th 2020
30 mars 2020 |
6 min
Covid19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
ISC StormCast for Friday, March 27th 2020
27 mars 2020 |
6 min
Very Large Sample as an Obfuscation Technique
https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
ISC StormCast for Thursday, March 26th 2020
26 mars 2020 |
5 min
Dridex Update
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
ISC StormCast for Wednesday, March 25th 2020
25 mars 2020 |
6 min
Updated Microsoft Advisory 200006
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
ISC StormCast for Tuesday, March 24th 2020
24 mars 2020 |
6 min
Windows Font Parsing 0-Day
https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
ISC StormCast for Monday, March 23rd 2020
23 mars 2020 |
7 min
More Covid19 Malware
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
ISC StormCast for Friday, March 20th 2020
20 mars 2020 |
5 min
COVID-19 Themed Multistage Malware
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
ISC StormCast for Thursday, March 19th 2020
19 mars 2020 |
6 min
TrendMicro Update
https://success.trendmicro.com/solution/000245571
More VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
EnigmaSpark Malware
https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/
Recent Ransomware Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
https://success.trendmicro.com/solution/000245571
More VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2020-0005.html
EnigmaSpark Malware
https://securityintelligence.com/posts/EnigmaSpark-Politically-Themed-Cyber-Activity-Highlights-Regional-Opposition-to-Middle-East-Peace-Plan/
Recent Ransomware Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
ISC StormCast for Wednesday, March 18th 2020
18 mars 2020 |
8 min
A Quick Summary of Current Reflective DNS DDoS Attacks
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
ISC StormCast for Tuesday, March 17th 2020
17 mars 2020 |
6 min
Desktop.ini as a post-exploitation tool
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
ISC StormCast for Monday, March 16th 2020
16 mars 2020 |
7 min
Phishing PDFs With Incremental Updates
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
ISC StormCast for Friday, March 13th 2020
13 mars 2020 |
7 min
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
ISC StormCast for Thursday, March 12th 2020
12 mars 2020 |
6 min
Mystery SMB3 Flaw Update
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
ISC StormCast for Wednesday, March 11th 2020
11 mars 2020 |
5 min
ISC StormCast for Tuesday, March 10th 2020
10 mars 2020 |
7 min
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
ISC StormCast for Monday, March 9th 2020
9 mars 2020 |
6 min
Excel Maldocs: Hidden Sheets
https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
ISC StormCast for Friday, March 6th 2020
6 mars 2020 |
6 min
Survey Phish
https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
ISC StormCast for Thursday, March 5th 2020
5 mars 2020 |
7 min
MSFT Subdomain Takeover
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Homoglyph Attacks in the News Again
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Coronavirus Phish
https://twitter.com/JCyberSec_/status/1234806881195044865
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Homoglyph Attacks in the News Again
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Coronavirus Phish
https://twitter.com/JCyberSec_/status/1234806881195044865
ISC StormCast for Wednesday, March 4th 2020
4 mars 2020 |
6 min
Introduction to EvtxEcmd (Evtx Explorer)
https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/
Let's Encrypt Revoking Certificates
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
Using Smart Devices in the Home Securely (NCSC Version)
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Ransomware and Cloud Backups
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
SANS Coronavirus Training Guarantee
https://www.sans.org/training-guarantee
https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/
Let's Encrypt Revoking Certificates
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
Using Smart Devices in the Home Securely (NCSC Version)
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Ransomware and Cloud Backups
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
SANS Coronavirus Training Guarantee
https://www.sans.org/training-guarantee
ISC StormCast for Tuesday, March 3rd 2020
3 mars 2020 |
6 min
SSL Distribution by Country
https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/
Checkpoint Evasion Encyclopedia
https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/
OWASP Threat Dragon
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
SANS Free Things
https://sans.org/free
https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/
Checkpoint Evasion Encyclopedia
https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/
OWASP Threat Dragon
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
SANS Free Things
https://sans.org/free
ISC StormCast for Monday, March 2nd 2020
2 mars 2020 |
5 min
Show me Your Clipboard Data!
https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/
Hazelcast IMDB Discover Scan
https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/
Microsoft Exchange Server Vulnerabilty Scans
https://twitter.com/GossiTheDog/status/1232369036438233088
Tomcat Ghostcat Vulnerability
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/
Hazelcast IMDB Discover Scan
https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/
Microsoft Exchange Server Vulnerabilty Scans
https://twitter.com/GossiTheDog/status/1232369036438233088
Tomcat Ghostcat Vulnerability
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
ISC StormCast for Friday, February 28th 2020
28 februari 2020 |
6 min
Ultrasonic Triggers for Cellphone Assistants.
https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
Comparing Information Leakage from Different Browsers
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Cloud Snooper Attack
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
Comparing Information Leakage from Different Browsers
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Cloud Snooper Attack
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
ISC StormCast for Thursday, February 27th 2020
27 februari 2020 |
7 min
Kr00k WiFi Attack
https://www.eset.com/int/kr00k/
Impersonating LTE Users
https://imp4gt-attacks.net/
Zyxel RCE Vulnerablity
https://www.kb.cert.org/vuls/id/498544/
https://www.eset.com/int/kr00k/
Impersonating LTE Users
https://imp4gt-attacks.net/
Zyxel RCE Vulnerablity
https://www.kb.cert.org/vuls/id/498544/
ISC StormCast for Wednesday, February 26th 2020
26 februari 2020 |
6 min
Fraudulant Paypal Charges (links in German)
https://twitter.com/iblueconnection/status/1232259071602044928
https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html
https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/
Chrome Update
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Microsoft Public Preview For Azure AD Hybrid Environments
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
https://twitter.com/iblueconnection/status/1232259071602044928
https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html
https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/
Chrome Update
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Microsoft Public Preview For Azure AD Hybrid Environments
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
ISC StormCast for Tuesday, February 25th 2020
25 februari 2020 |
7 min
ScrollToTextFragment Privacy Concerns in Google Chrome 80
https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989
https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx
Another OpenSMTPD Vulnerability
https://github.com/OpenSMTPD/OpenSMTPD/releases
WhatsApp Group Invite Links in Search Engines
https://twitter.com/JordanWildon/status/1230829082662842369
https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989
https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx
Another OpenSMTPD Vulnerability
https://github.com/OpenSMTPD/OpenSMTPD/releases
WhatsApp Group Invite Links in Search Engines
https://twitter.com/JordanWildon/status/1230829082662842369
ISC StormCast for Monday, February 24th 2020
24 februari 2020 |
7 min
Old Style Excel Macro Malware
https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/
Simple But Efficient VBScript Obfuscation
https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/
Let's Encrypt Beefs Up Validation
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Google Play Store Joker / Clicken Malware
https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
Google Warns of Microsoft Edge
https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/
Simple But Efficient VBScript Obfuscation
https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/
Let's Encrypt Beefs Up Validation
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Google Play Store Joker / Clicken Malware
https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
Google Warns of Microsoft Edge
https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
ISC StormCast for Friday, February 21st 2020
21 februari 2020 |
7 min
Enumerating Who "Owns" a Workstation for IR
https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/
Special Update for Adobe After Effects and Media Encoder
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Python ReDoS Bugs
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/
Special Update for Adobe After Effects and Media Encoder
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Python ReDoS Bugs
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
ISC StormCast for Thursday, February 20th 2020
20 februari 2020 |
6 min
Sonicwall Vulnerabilities
https://psirt.global.sonicwall.com/vuln-list
https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
SQL Server RCE Exploit
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
Ransomware in Switzerland
https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html
Peripheral Vulnerabilities in Windows and Linux
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
https://psirt.global.sonicwall.com/vuln-list
https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
SQL Server RCE Exploit
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
Ransomware in Switzerland
https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html
Peripheral Vulnerabilities in Windows and Linux
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
ISC StormCast for Wednesday, February 19th 2020
19 februari 2020 |
6 min
Discovering Contents of Folders Without Permission
https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/
Ring Enforces 2FA
https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/
Iranian's finally discover VPN Vulnerabilities
https://www.clearskysec.com/fox-kitten/
WordPress ThemeGrill Auth Bypass
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/
Ring Enforces 2FA
https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/
Iranian's finally discover VPN Vulnerabilities
https://www.clearskysec.com/fox-kitten/
WordPress ThemeGrill Auth Bypass
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
ISC StormCast for Tuesday, February 18th 2020
18 februari 2020 |
6 min
More about Curl on Windows
https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
ISC StormCast for Monday, February 17th 2020
17 februari 2020 |
5 min
Keep an Eye on Command-Line Browsers
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/
Old Tricks in New Bots: KBOT
https://securelist.com/kbot-sometimes-they-come-back/96157/
OpenSSH Now With Fido/U2F
http://www.openssh.com/txt/release-8.2
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/
Old Tricks in New Bots: KBOT
https://securelist.com/kbot-sometimes-they-come-back/96157/
OpenSSH Now With Fido/U2F
http://www.openssh.com/txt/release-8.2
ISC StormCast for Friday, February 14th 2020
14 februari 2020 |
7 min
Changes to Microsoft LDAP/AD And How to Cope with them
https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/
https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/
SweynTooth BLE Vulnerabilities
https://asset-group.github.io/disclosures/sweyntooth/
Symantec Endpoint Protection Multiple Issues
https://support.symantec.com/us/en/article.SYMSA1505.html
DNSSEC Root Key Signing Ceremony Delayed
https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/
https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/
SweynTooth BLE Vulnerabilities
https://asset-group.github.io/disclosures/sweyntooth/
Symantec Endpoint Protection Multiple Issues
https://support.symantec.com/us/en/article.SYMSA1505.html
DNSSEC Root Key Signing Ceremony Delayed
https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
ISC StormCast for Thursday, February 13th 2020
13 februari 2020 |
6 min
Malspam Pushes Ursnif
https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/
Safe Documents in Office 365 Advanced Threat Protection
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs
Wordpress GDPR Cookie Consent Plugin Vulnerability
https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/
Apple Joins Fido Alliance
https://fidoalliance.org/members/
https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
https://isc.sans.edu/forums/diary/Malpsam+pushes+Ursnif+through+Italian+language+Word+docs/25792/
Safe Documents in Office 365 Advanced Threat Protection
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/safe-docs
Wordpress GDPR Cookie Consent Plugin Vulnerability
https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/
Apple Joins Fido Alliance
https://fidoalliance.org/members/
https://research.kudelskisecurity.com/2020/02/12/fido2-deep-dive-attestations-trust-model-and-security/
ISC StormCast for Wednesday, February 12th 2020
12 februari 2020 |
22 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/
Adobe Patches
https://helpx.adobe.com/security.html
Ransomware Abuses Out of Date Driver
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/
Adobe Patches
https://helpx.adobe.com/security.html
Ransomware Abuses Out of Date Driver
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
ISC StormCast for Tuesday, February 11th 2020
11 februari 2020 |
6 min
Paypal Phish is Asking for Everything
https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/
Dell SupportAssist Client Uncontrolled Search Patch Vulnerability
https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
Lock My PC Used By Support Scammers
https://fspro.net/lock-pc/
https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/
Insecure Docker Registries
https://unit42.paloaltonetworks.com/leaked-docker-code/
https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/
Dell SupportAssist Client Uncontrolled Search Patch Vulnerability
https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
Lock My PC Used By Support Scammers
https://fspro.net/lock-pc/
https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/
Insecure Docker Registries
https://unit42.paloaltonetworks.com/leaked-docker-code/
ISC StormCast for Monday, February 10th 2020
10 februari 2020 |
7 min
Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript
https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/
Emotet Spreads via Wifi
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Exploit Available for sudo pwfeedback bug
https://dylankatz.com/Analysis-of-CVE-2019-18634/
xiongmail/hisilicon Vulnerability
https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/
Emotet Spreads via Wifi
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Exploit Available for sudo pwfeedback bug
https://dylankatz.com/Analysis-of-CVE-2019-18634/
xiongmail/hisilicon Vulnerability
https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
ISC StormCast for Friday, February 7th 2020
7 februari 2020 |
6 min
Criticial Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
ISC StormCast for Thursday, February 6th 2020
6 februari 2020 |
6 min
Fake Browser Updates installing NetSupport RAT
https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/
https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/
ISC StormCast for Wednesday, February 5th 2020
5 februari 2020 |
6 min
Google Chrome 80 Released
https://www.chromium.org/updates/same-site
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
File Read Vulnerablity in WhatsApp
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
HiSilicon DVR Backdoor
https://habr.com/en/post/486856/
https://www.chromium.org/updates/same-site
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
File Read Vulnerablity in WhatsApp
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
HiSilicon DVR Backdoor
https://habr.com/en/post/486856/
ISC StormCast for Tuesday, February 4th 2020
4 februari 2020 |
7 min
Triple Encrypted AZORult Installer
https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/
New sudo Vulnerability (pwfeedback)
https://www.sudo.ws/alerts/pwfeedback.html
Teamviewer Password Storage
https://whynotsecurity.com/blog/teamviewer/
https://isc.sans.edu/forums/diary/Analysis+of+a+tripleencrypted+AZORult+downloader/25768/
New sudo Vulnerability (pwfeedback)
https://www.sudo.ws/alerts/pwfeedback.html
Teamviewer Password Storage
https://whynotsecurity.com/blog/teamviewer/
ISC StormCast for Monday, February 3rd 2020
3 februari 2020 |
6 min
Stego and Cryptominers (with video)
https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/
Corona Virus Phishing / Scams
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index
https://twitter.com/briankrebs/status/1223959185764896768
Google Open Sources Security Token Software
https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html
https://isc.sans.edu/forums/diary/Video+Stego+Cryptominers/25764/
Corona Virus Phishing / Scams
https://blog.knowbe4.com/heads-up-scam-of-the-week-coronavirus-phishing-attacks-in-the-wild?nCOV-2019-bc-index
https://twitter.com/briankrebs/status/1223959185764896768
Google Open Sources Security Token Software
https://security.googleblog.com/2020/01/say-hello-to-opensk-fully-open-source.html
ISC StormCast for Friday, January 31st 2020
31 januari 2020 |
10 min
Chrome Same-Site Cookie Change
https://www.chromestatus.com/feature/5088147346030592
https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications
https://caniuse.com/#feat=same-site-cookie-attribute
Avast Apology
https://blog.avast.com/a-message-from-ceo-ondrej-vlcek
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-02.html
https://www.chromestatus.com/feature/5088147346030592
https://docs.microsoft.com/en-us/office365/troubleshoot/miscellaneous/chrome-behavior-affects-applications
https://caniuse.com/#feat=same-site-cookie-attribute
Avast Apology
https://blog.avast.com/a-message-from-ceo-ondrej-vlcek
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-02.html
ISC StormCast for Thursday, January 30th 2020
30 januari 2020 |
7 min
Malware Using Text from Impeachment News Coverage
https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/
Coronavirus Themed Malware Targets Japan with Emotet
https://twitter.com/Cryptolaemus1/status/1222388971428294656
https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b
abuse.ch Offers new "I got phished" service
https://igotphished.abuse.ch/
OpenSMTPD RCE Vulnerability
https://www.openwall.com/lists/oss-security/2020/01/28/3
https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/
Coronavirus Themed Malware Targets Japan with Emotet
https://twitter.com/Cryptolaemus1/status/1222388971428294656
https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b
abuse.ch Offers new "I got phished" service
https://igotphished.abuse.ch/
OpenSMTPD RCE Vulnerability
https://www.openwall.com/lists/oss-security/2020/01/28/3
ISC StormCast for Wednesday, January 29th 2020
29 januari 2020 |
5 min
Recent Emotet Infection installs Trickbot
https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
Apple Updates
https://support.apple.com/en-us/HT201222
Zoom Fixes Video Conferencing Brute Forcing Vulnerability
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Intel Fixes Yet Another Information Leakage Flaw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
https://cacheoutattack.com/
Avast Anti Virus Selling User's Browsing Data
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
Apple Updates
https://support.apple.com/en-us/HT201222
Zoom Fixes Video Conferencing Brute Forcing Vulnerability
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Intel Fixes Yet Another Information Leakage Flaw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
https://cacheoutattack.com/
Avast Anti Virus Selling User's Browsing Data
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
ISC StormCast for Tuesday, January 28th 2020
28 januari 2020 |
5 min
Coronavirus Preparedness and Associated Scams
https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/
RD Gateway RCE Exploit Demoed
https://twitter.com/layle_ctf/status/1221514332049113095?s=12
Mitsubishi Electric Compromised via Trend Micro Vulnerability
http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/
RD Gateway RCE Exploit Demoed
https://twitter.com/layle_ctf/status/1221514332049113095?s=12
Mitsubishi Electric Compromised via Trend Micro Vulnerability
http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
ISC StormCast for Monday, January 27th 2020
27 januari 2020 |
6 min
Citrix Releases ADC Updates For All Versions
https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/
Temporary Windows 0-Day Fix Breaks Printers
https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/
Critical Vulnerabilitiesin GE Medical Devices
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/
Temporary Windows 0-Day Fix Breaks Printers
https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/
Critical Vulnerabilitiesin GE Medical Devices
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
ISC StormCast for Friday, January 24th 2020
24 januari 2020 |
7 min
Simple vs. Complex Obfuscation
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
ISC StormCast for Thursday, January 23rd 2020
23 januari 2020 |
6 min
German Malspam Pushing Ursnif
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
ISC StormCast for Wednesday, January 22nd 2020
22 januari 2020 |
6 min
DeepBlueCLI
https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
ISC StormCast for Tuesday, January 21st 2020
21 januari 2020 |
6 min
Twist on Sextortion
https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
ISC StormCast for Monday, January 20th 2020
20 januari 2020 |
6 min
Microsoft Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
CVE-2020-0601 Update
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
Curveball Update
https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/
https://isc.sans.edu/diary//25724
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
CVE-2020-0601 Update
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
Curveball Update
https://www.citrix.com/blogs/2020/01/19/vulnerability-update-first-permanent-fixes-available-timeline-accelerated/
https://isc.sans.edu/diary//25724
ISC StormCast for Friday, January 17th 2020
17 januari 2020 |
14 min
CVE-2020-0601 Update ("Curveball" , "Letsdecrypt")
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
ISC StormCast for Thursday, January 16th 2020
16 januari 2020 |
6 min
CVE-2020-0601 Followup
https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/
Oracle Patches
https://www.oracle.com/security-alerts/cpujan2020.html
https://isc.sans.edu/forums/diary/CVE20200601+Followup/25714/
Oracle Patches
https://www.oracle.com/security-alerts/cpujan2020.html
ISC StormCast for Wednesday, January 15th 2020
15 januari 2020 |
10 min
Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw
Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
ISC StormCast for Tuesday, January 14th 2020
14 januari 2020 |
7 min
Upcoming Critical MSFT Patch
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
ISC StormCast for Monday, January 13th 2020
13 januari 2020 |
8 min
Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised.
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
ISC StormCast for Friday, January 10th 2020
10 januari 2020 |
11 min
Another Malicious Word Document
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
ISC StormCast for Thursday, January 9th 2020
9 januari 2020 |
6 min
Critical Firefox Update Fixing Exploited Bug
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
ISC StormCast for Wednesday, January 8th 2020
8 januari 2020 |
5 min
Citrix ADC Update
https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
ISC StormCast for Tuesday, January 7th 2020
7 januari 2020 |
5 min
Spoofed Scans from 103/8
https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
ISC StormCast for Monday, January 6th 2020
6 januari 2020 |
5 min
Quick Summary of the California Conumser Privacy Act
https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
ISC StormCast for Friday, January 3rd 2020
3 januari 2020 |
8 min
Ransomware written in JavaScript using Node.js
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
ISC StormCast for Tuesday, December 31st 2019
31 december 2019 |
7 min
ISC StormCast for Monday, December 30th 2019
30 december 2019 |
6 min
Breaking 2FA Soft Tokens
https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
PiHole Dashboard
https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/
Corrupt Office Documents
https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/
Enumerating Office 365 Users
https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
PiHole Dashboard
https://isc.sans.edu/forums/diary/ELK+Dashboard+for+Pihole+Logs/25652/
Corrupt Office Documents
https://isc.sans.edu/forums/diary/Corrupt+Office+Documents/25650/
Enumerating Office 365 Users
https://isc.sans.edu/forums/diary/Enumerating+office365+users/25648/
ISC StormCast for Friday, December 27th 2019
27 december 2019 |
4 min
Citrix Application Delivery Controller (Netscaler ADC) Critical Vulnerability
https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
https://support.citrix.com/article/CTX267027
https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
https://support.citrix.com/article/CTX267027
ISC StormCast for Monday, December 23rd 2019
23 december 2019 |
5 min
Extracting VBA Macros From .DWG Files
https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
ISC StormCast for Friday, December 20th 2019
20 december 2019 |
5 min
More DNS over HTTPS Details
https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
ISC StormCast for Thursday, December 19th 2019
19 december 2019 |
4 min
An Emotet Update
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
ISC StormCast for Wednesday, December 18th 2019
18 december 2019 |
6 min
Discovering DNS over HTTPS
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
ISC StormCast for Tuesday, December 17th 2019
17 december 2019 |
6 min
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
ISC StormCast for Monday, December 16th 2019
16 december 2019 |
6 min
VBA Macros in Autocad
https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
https://isc.sans.edu/forums/diary/Malicious+DWG+Files/25612/
OpenBSD Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/11/cve-2019-19726/local-privilege-escalation-openbsd-dynamic-loader.txt
NPM Fixes Critical Security Vulnerability
https://blog.npmjs.org/post/189618601100/binary-planting-with-the-npm-cli
ISC StormCast for Friday, December 13th 2019
13 december 2019 |
14 min
Malware Information Sharing
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
ISC StormCast for Thursday, December 12th 2019
12 december 2019 |
5 min
German Malspam Installs Trickbot
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
ISC StormCast for Wednesday, December 11th 2019
11 december 2019 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
ISC StormCast for Tuesday, December 10th 2019
10 december 2019 |
8 min
Another Word Maldoc
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
ISC StormCast for Monday, December 9th 2019
9 december 2019 |
6 min
E-Mail Includes Entire HTML/Javascript Phishing Kit
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
ISC StormCast for Friday, December 6th 2019
6 december 2019 |
14 min
OpenBSD Authentication Bypass and Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
ISC StormCast for Thursday, December 5th 2019
5 december 2019 |
6 min
Atlasian Companion App / IBM Aspera Cloud
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
ISC StormCast for Wednesday, December 4th 2019
4 december 2019 |
6 min
Avast Online Security and Avast Secure Browser Blocked for Spying on Users
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
ISC StormCast for Tuesday, December 3rd 2019
3 december 2019 |
6 min
Increased Scans on Port 26
https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
ISC StormCast for Monday, December 2nd 2019
2 december 2019 |
7 min
Agent Tesla Malware Sample Analysis
https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
ISC StormCast for Wednesday, November 27th 2019
27 november 2019 |
6 min
Playing With Phishing
https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
ISC StormCast for Tuesday, November 26th 2019
26 november 2019 |
5 min
DNS over HTTPS (DoH) in SOHO Networks
https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
ISC StormCast for Monday, November 25th 2019
25 november 2019 |
5 min
Web Filter Misconfiguration Abused for Recognisance
https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
ISC StormCast for Friday, November 22nd 2019
22 november 2019 |
6 min
Weaknesses in Memory Encryption Solutions
https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
ISC StormCast for Thursday, November 21st 2019
21 november 2019 |
6 min
Latest Hancitor Malspam Update
https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
ISC StormCast for Wednesday, November 20th 2019
20 november 2019 |
6 min
JAWS DVR Bot
https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
ISC StormCast for Tuesday, November 19th 2019
19 november 2019 |
6 min
Carriers Filter SMS Messages Sent By Applications
https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
ISC StormCast for Monday, November 18th 2019
18 november 2019 |
6 min
TPM Fail Update
https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
ISC StormCast for Friday, November 15th 2019
15 november 2019 |
7 min
LokiBot Update (November 2019)
https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
ISC StormCast for Wednesday, November 13th 2019
13 november 2019 |
7 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
ISC StormCast for Tuesday, November 12th 2019
12 november 2019 |
6 min
Are We Going Back to TheMoon And How is Liquor Involved
https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
ISC StormCast for Monday, November 11th 2019
11 november 2019 |
7 min
Microsoft Applications Diverted from Their Main Use
https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
ISC StormCast for Friday, November 8th 2019
8 november 2019 |
7 min
Adobe Mobile SDK Update Fixes TLS Defaults
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
ISC StormCast for Thursday, November 7th 2019
7 november 2019 |
5 min
Google Improving PlayStore Security With Partners
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
ISC StormCast for Wednesday, November 6th 2019
6 november 2019 |
6 min
Formbook Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
ISC StormCast for Tuesday, November 5th 2019
5 november 2019 |
6 min
Clam AV Vulnerability
https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
ISC StormCast for Monday, November 4th 2019
4 november 2019 |
6 min
Critical Google Chrome Update Fixes Exploited Vulnerability
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
ISC StormCast for Friday, November 1st 2019
1 november 2019 |
6 min
Phishing Made Easy With EML Files and Outlook 365
https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or
MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or
MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
ISC StormCast for Thursday, October 31st 2019
31 oktober 2019 |
7 min
Apple Security Updates Details Released
https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
ISC StormCast for Wednesday, October 30th 2019
30 oktober 2019 |
6 min
xHelper Android Malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
ISC StormCast for Tuesday, October 29th 2019
29 oktober 2019 |
5 min
PHP 7 Remote Code Execution Vulnerability Exploited
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
ISC StormCast for Monday, October 28th 2019
28 oktober 2019 |
6 min
Odd Double Base64 Endoded "BS_REAL_IP" Header
https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
ISC StormCast for Friday, October 25th 2019
25 oktober 2019 |
7 min
XML External Entity Vuln in LSP4XML Affects Various Developer Tools
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
ISC StormCast for Thursday, October 24th 2019
24 oktober 2019 |
5 min
FTC Issues SIM Swapping Guidance
https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
ISC StormCast for Wednesday, October 23rd 2019
23 oktober 2019 |
7 min
Testing TLS 1.3 And Supported Ciphers
https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
ISC StormCast for Tuesday, October 22nd 2019
22 oktober 2019 |
6 min
DNS over TLS Scans
https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
ISC StormCast for Monday, October 21st 2019
21 oktober 2019 |
7 min
Attacks Against NVMS-9000 DVR Web Vulnerability
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
ISC StormCast for Friday, October 18th 2019
18 oktober 2019 |
17 min
Phishing E-Mail Spoofing SPF Protected Domain
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
ISC StormCast for Thursday, October 17th 2019
17 oktober 2019 |
6 min
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
ISC StormCast for Wednesday, October 16th 2019
16 oktober 2019 |
5 min
Adobe Updates
https://helpx.adobe.com/security.html
Symantec BSOD
https://support.symantec.com/us/en/article.TECH256643.html
OSX/Shlayer Bypasses Gatekeeper/XProtect
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
Fake iOS Jailbreak Leads to Clickfraud
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
https://helpx.adobe.com/security.html
Symantec BSOD
https://support.symantec.com/us/en/article.TECH256643.html
OSX/Shlayer Bypasses Gatekeeper/XProtect
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
Fake iOS Jailbreak Leads to Clickfraud
https://blog.talosintelligence.com/2019/10/checkrain-click-fraud.html
ISC StormCast for Tuesday, October 15th 2019
15 oktober 2019 |
6 min
sudo vulnerability
https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
ISC StormCast for Monday, October 14th 2019
14 oktober 2019 |
4 min
YARA Update
https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
ISC StormCast for Friday, October 11th 2019
11 oktober 2019 |
6 min
Mining Live Networks for OUI Data Oddness
https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
ISC StormCast for Thursday, October 10th 2019
10 oktober 2019 |
6 min
What Data Does Vidar Malware Steal
https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
ISC StormCast for Wednesday, October 9th 2019
9 oktober 2019 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
ISC StormCast for Tuesday, October 8th 2019
8 oktober 2019 |
6 min
Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
ISC StormCast for Monday, October 7th 2019
7 oktober 2019 |
5 min
visNetwork for Network Data
https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
ISC StormCast for Friday, October 4th 2019
4 oktober 2019 |
15 min
Last Files Ransomware is Back With New Ruse
https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
ISC StormCast for Thursday, October 3rd 2019
3 oktober 2019 |
5 min
Latest Emotet News
https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/
SANS Ouch! Newsletter
https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure
XPdf and Foxit Updates
https://www.foxitsoftware.com/support/security-bulletins.php
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
eFax Malspam
https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html
Office 365 Idle Timeout
https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
https://isc.sans.edu/forums/diary/A+recent+example+of+Emotet+malspam/25378/
SANS Ouch! Newsletter
https://www.sans.org/security-awareness-training/resources/four-simple-steps-staying-secure
XPdf and Foxit Updates
https://www.foxitsoftware.com/support/security-bulletins.php
https://forum.xpdfreader.com/viewtopic.php?f=3&t=41885
eFax Malspam
https://www.heise.de/security/meldung/Achtung-Angebliches-eFax-birgt-Trojaner-4544386.html
Office 365 Idle Timeout
https://docs.microsoft.com/en-us/sharepoint/sign-out-inactive-users
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=55183
ISC StormCast for Wednesday, October 2nd 2019
2 oktober 2019 |
6 min
PDF Encryption Flaw
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
ISC StormCast for Tuesday, October 1st 2019
1 oktober 2019 |
5 min
Maldoc, PowerShell and BITS
https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
ISC StormCast for Monday, September 30th 2019
30 september 2019 |
6 min
Polycom Scans
https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
ISC StormCast for Friday, September 27th 2019
27 september 2019 |
6 min
vBulletin Botnet
https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
ISC StormCast for Thursday, September 26th 2019
26 september 2019 |
5 min
Malspam Pushing Quasar RAT
https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
ISC StormCast for Wednesday, September 25th 2019
25 september 2019 |
5 min
Remotewebaccess.com Domain in Certificate Transparency Logs
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
ISC StormCast for Tuesday, September 24th 2019
24 september 2019 |
6 min
Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
ISC StormCast for Monday, September 23rd 2019
23 september 2019 |
5 min
Popular Android Selfie Apps Act as Adware
https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
ISC StormCast for Friday, September 20th 2019
20 september 2019 |
5 min
Agent Tesla
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
ISC StormCast for Thursday, September 19th 2019
19 september 2019 |
6 min
Analyzing a Current Emotet Sample
https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
ISC StormCast for Wednesday, September 18th 2019
18 september 2019 |
6 min
Investigating Gaps in Windows Event Logs
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
ISC StormCast for Tuesday, September 17th 2019
17 september 2019 |
7 min
Encrypted Sextortion
https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
ISC StormCast for Monday, September 16th 2019
16 september 2019 |
6 min
Rig Exploit Kit Delivering VBScript
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/
Pentesters Arrested During Physical Access Pentest
https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/
iOS Lock Screen Unlock Vulnerability
https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+Delivering+VBScript/25318/
Pentesters Arrested During Physical Access Pentest
https://arstechnica.com/information-technology/2019/09/check-the-scope-pen-testers-nabbed-jailed-in-iowa-courthouse-break-in-attempt/
iOS Lock Screen Unlock Vulnerability
https://www.theregister.co.uk/2019/09/12/apples_ios_lock_workaround/
ISC StormCast for Wednesday, September 11th 2019
11 september 2019 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
ISC StormCast for Tuesday, September 10th 2019
10 september 2019 |
6 min
Firefox to Enable DNS over HTTPs by Default in September
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
ISC StormCast for Monday, September 9th 2019
9 september 2019 |
5 min
Unidentified Scanning Activity Likely Associated with Mirai/Successors
https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
ISC StormCast for Wednesday, September 4th 2019
4 september 2019 |
6 min
Tricky Link Retrieves Trick Bot
https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
ISC StormCast for Tuesday, September 3rd 2019
3 september 2019 |
5 min
Malware Installs Node.js
https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/
Dovecot and PigeonHole Vulnerability
https://www.openwall.com/lists/oss-security/2019/08/28/3
Cloudflare Workers Spreading Malware
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
https://isc.sans.edu/forums/diary/Malware+Dropping+a+Local+Nodejs+Instance/25284/
Dovecot and PigeonHole Vulnerability
https://www.openwall.com/lists/oss-security/2019/08/28/3
Cloudflare Workers Spreading Malware
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
ISC StormCast for Monday, September 2nd 2019
2 september 2019 |
5 min
iOS Exploits in the Wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
ISC StormCast for Friday, August 30th 2019
30 augusti 2019 |
6 min
Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself;
https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
ISC StormCast for Thursday, August 29th 2019
29 augusti 2019 |
6 min
Open Redirects: A Small But Very Common Vulnerability
https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
ISC StormCast for Wednesday, August 28th 2019
28 augusti 2019 |
7 min
Is it "Safe" To Require TLS 1.2 for Email
https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
ISC StormCast for Tuesday, August 27th 2019
27 augusti 2019 |
5 min
Apple Patches Jailbreak Vulnerability
https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
ISC StormCast for Monday, August 26th 2019
26 augusti 2019 |
5 min
Simple Mimikatz And RDPWrapper Dropper
https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
ISC StormCast for Friday, August 23rd 2019
23 augusti 2019 |
6 min
Steam Zero Days and Bug Bounty Controversy
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
ISC StormCast for Thursday, August 22nd 2019
22 augusti 2019 |
6 min
KAPE vs. Commando VM: Red vs. Blue
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
ISC StormCast for Wednesday, August 21st 2019
21 augusti 2019 |
6 min
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
ISC StormCast for Tuesday, August 20th 2019
20 augusti 2019 |
6 min
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
ISC StormCast for Monday, August 19th 2019
19 augusti 2019 |
5 min
Large Number of VoIP System Vulnerabilities Released
https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
ISC StormCast for Friday, August 16th 2019
16 augusti 2019 |
6 min
Analysis of a Spearphishing Maldoc
https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
ISC StormCast for Thursday, August 15th 2019
15 augusti 2019 |
6 min
MedusaHTTP Malware
https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/
Cryptominer uses DuckDNS for C&C
https://www.varonis.com/blog/monero-cryptominer/
Intel NUC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/default.html
HTTP/2 Vulnerabilities
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://isc.sans.edu/forums/diary/Recent+example+of+MedusaHTTP+malware/25234/
Cryptominer uses DuckDNS for C&C
https://www.varonis.com/blog/monero-cryptominer/
Intel NUC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/default.html
HTTP/2 Vulnerabilities
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
ISC StormCast for Wednesday, August 14th 2019
14 augusti 2019 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
ISC StormCast for Tuesday, August 13th 2019
13 augusti 2019 |
6 min
Malicious DAA Attachments
https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/
SQLLite Exploits
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
Printer Vulnerabilities
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories
https://isc.sans.edu/forums/diary/Malicious+DAA+Attachments/25230/
SQLLite Exploits
https://research.checkpoint.com/select-code_execution-from-using-sqlite/
Printer Vulnerabilities
https://www.defcon.org/html/defcon-27/dc-27-speakers.html#Romero
https://www.nccgroup.trust/us/our-research/technical-advisory-multiple-vulnerabilities-in-xerox-printers/?research=Technical+advisories
ISC StormCast for Monday, August 12th 2019
12 augusti 2019 |
5 min
100% JavaScript Phishing Page
https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
ISC StormCast for Friday, August 9th 2019
9 augusti 2019 |
6 min
Kubernetes Security Audit Published
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
ISC StormCast for Thursday, August 8th 2019
8 augusti 2019 |
7 min
AT&T Insiders Bribed to Obtain Unlock Codes
https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
ISC StormCast for Wednesday, August 7th 2019
7 augusti 2019 |
6 min
Corporate IoT Used in Intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
ISC StormCast for Tuesday, August 6th 2019
6 augusti 2019 |
6 min
Sexploitation E-Mail: Where did the winnings go
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
ISC StormCast for Monday, August 5th 2019
5 augusti 2019 |
6 min
Misconfigured JIRA Leaks User Details
https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
ISC StormCast for Friday, August 2nd 2019
2 augusti 2019 |
6 min
What Is Listening On Port 9527/TCP
https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
ISC StormCast for Thursday, August 1st 2019
1 augusti 2019 |
6 min
Phishing Attack Targeting Financial Sector
https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
ISC StormCast for Wednesday, July 31st 2019
31 juli 2019 |
6 min
Luno Phishing E-Mail and Badly Implemented 2FA
https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
ISC StormCast for Tuesday, July 30th 2019
30 juli 2019 |
7 min
11 Flaws in VxWorks IPNet TCP/IP Stack
https://go.armis.com/urgent11
iOS iMessage File Disclosure Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
https://go.armis.com/urgent11
iOS iMessage File Disclosure Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1858
ISC StormCast for Monday, July 29th 2019
29 juli 2019 |
7 min
DVRIP Port 34567 Uptick
https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
ISC StormCast for Friday, July 26th 2019
26 juli 2019 |
6 min
When Users Attack: Users and Admins Thwarting Security Controls
https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
ISC StormCast for Thursday, July 25th 2019
25 juli 2019 |
6 min
VLC not Vulnerable to libebml Vulnerablity
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
ISC StormCast for Wednesday, July 24th 2019
24 juli 2019 |
6 min
TLS Configuration
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
ISC StormCast for Tuesday, July 23rd 2019
23 juli 2019 |
5 min
Analyzing Compressed PowerShell Scripts
https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/
PaloAlto GlobalProtect PreAuth RCE
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Fortinet Vulnerability
https://fortiguard.com/psirt/FG-IR-19-144
ProFTPd Permission Bypass Vulnerability
https://tbspace.de/cve201912815proftpd.html
https://isc.sans.edu/forums/diary/Analyzing+Compressed+PowerShell+Scripts/25158/
PaloAlto GlobalProtect PreAuth RCE
http://blog.orange.tw/2019/07/attacking-ssl-vpn-part-1-preauth-rce-on-palo-alto.html
Fortinet Vulnerability
https://fortiguard.com/psirt/FG-IR-19-144
ProFTPd Permission Bypass Vulnerability
https://tbspace.de/cve201912815proftpd.html
ISC StormCast for Monday, July 22nd 2019
22 juli 2019 |
6 min
PHP Malware
https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/
Drupal Vulnerabilities
https://www.drupal.org/sa-core-2019-008
iNSYNQ Breach
https://www.insynq.com/support/#status
https://isc.sans.edu/forums/diary/Malicious+PHP+Script+Back+on+Stage/25148/
Drupal Vulnerabilities
https://www.drupal.org/sa-core-2019-008
iNSYNQ Breach
https://www.insynq.com/support/#status
ISC StormCast for Friday, July 19th 2019
19 juli 2019 |
7 min
802.1x Tips
https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/
Kazachstan TLS Interception
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ
BEC Trends
https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf
Cyclance Weakness
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
https://isc.sans.edu/forums/diary/The+Other+Side+of+Critical+Control+1+8021x+Wired+Network+Access+Controls/25146/
Kazachstan TLS Interception
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wnuKAhACo3E/cpsvHgcuDwAJ
BEC Trends
https://www.fincen.gov/sites/default/files/shared/FinCEN_Financial_Trend_Analysis_FINAL_508.pdf
Cyclance Weakness
https://skylightcyber.com/2019/07/18/cylance-i-kill-you/
ISC StormCast for Thursday, July 18th 2019
18 juli 2019 |
6 min
Analysis of DNS TXT Records
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
ISC StormCast for Wednesday, July 17th 2019
17 juli 2019 |
6 min
Zoom/Apple Patches Additional Software
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
ISC StormCast for Tuesday, July 16th 2019
16 juli 2019 |
7 min
isodump.py and malicious ISO files
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
ISC StormCast for Monday, July 15th 2019
15 juli 2019 |
6 min
Magecart Targets S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
ISC StormCast for Friday, July 12th 2019
12 juli 2019 |
13 min
Analysis of a Recent AZORult Sample
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
ISC StormCast for Thursday, July 11th 2019
11 juli 2019 |
5 min
Samba Project Disabling SMBv1 By Default
https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
ISC StormCast for Wednesday, July 10th 2019
10 juli 2019 |
6 min
ISC StormCast for Tuesday, July 9th 2019
9 juli 2019 |
5 min
Canonical Github Hack
https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
ISC StormCast for Monday, July 8th 2019
8 juli 2019 |
6 min
Does "Godlua" Use DNS over HTTPS or Not?
https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
ISC StormCast for Wednesday, July 3rd 2019
3 juli 2019 |
6 min
Zipato SmartHub Vulnerabilities
https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
ISC StormCast for Tuesday, July 2nd 2019
2 juli 2019 |
5 min
Maldoc Payloads in User Forms
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
ISC StormCast for Sunday, June 30th 2019
30 juni 2019 |
7 min
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide
https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
ISC StormCast for Friday, June 28th 2019
27 juni 2019 |
17 min
New Brickerbot (Silex) Sightings
https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
ISC StormCast for Wednesday, June 26th 2019
25 juni 2019 |
6 min
Rig Exploit Kit Installs Pitou.B. Trojan
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/
AWS VPC Traffic Mirroring
https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring
Elastic SIEM App
https://www.elastic.co/blog/introducing-elastic-siem
National Emergency Alerts Potentially Vulnerable to Attack
https://www.colorado.edu/today/2019/06/11/emergency-alerts
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+sends+PitouB+Trojan/25068/
AWS VPC Traffic Mirroring
https://aws.amazon.com/blogs/aws/new-vpc-traffic-mirroring
Elastic SIEM App
https://www.elastic.co/blog/introducing-elastic-siem
National Emergency Alerts Potentially Vulnerable to Attack
https://www.colorado.edu/today/2019/06/11/emergency-alerts
ISC StormCast for Tuesday, June 25th 2019
24 juni 2019 |
7 min
Cloudflare Outage
https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/
https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/
WeTransfer Misdirects Files
https://betanews.com/2019/06/21/wetransfer-fail/
Jenkins Pillage
https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
https://blog.cloudflare.com/how-verizon-and-a-bgp-optimizer-knocked-large-parts-of-the-internet-offline-today/
https://isc.sans.edu/forums/diary/Extensive+BGP+Issues+Affecting+Cloudflare+and+possibly+others/25064/
WeTransfer Misdirects Files
https://betanews.com/2019/06/21/wetransfer-fail/
Jenkins Pillage
https://dolosgroup.io/blog/2019/6/20/pillaging-the-jenkins-treasure-chest
ISC StormCast for Monday, June 24th 2019
23 juni 2019 |
6 min
SSH Will Start Encrypting Secret Keys in Memory
https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
ISC StormCast for Friday, June 21st 2019
21 juni 2019 |
15 min
Updates for Dell Support Assistant
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
ISC StormCast for Thursday, June 20th 2019
20 juni 2019 |
6 min
Critical Patch For WebLogic
https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
ISC StormCast for Wednesday, June 19th 2019
19 juni 2019 |
5 min
Critical Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
ISC StormCast for Tuesday, June 18th 2019
18 juni 2019 |
6 min
TCP SACK Panic DoS in Linux
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
ISC StormCast for Monday, June 17th 2019
17 juni 2019 |
6 min
Whats App Phishing
https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
ISC StormCast for Friday, June 14th 2019
14 juni 2019 |
15 min
Exim Flaw Exploited
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
ISC StormCast for Thursday, June 13th 2019
13 juni 2019 |
5 min
Sandbox Escaper Publishes Additional CVE-2019-0841 Bypass
http://archive.is/3toQY
http://sandboxescaper.blogspot.com/p/disclosures_8.html
Bypassing NTLM Message Signing (CVE-2019-1040)
https://blog.preempt.com/drop-the-mic
Details About macOS Keysteal Vulnerability
https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
http://archive.is/3toQY
http://sandboxescaper.blogspot.com/p/disclosures_8.html
Bypassing NTLM Message Signing (CVE-2019-1040)
https://blog.preempt.com/drop-the-mic
Details About macOS Keysteal Vulnerability
https://www.pinauten.de/resources/KeySteal_OBTS_2019.pdf
ISC StormCast for Wednesday, June 12th 2019
12 juni 2019 |
6 min
Microsoft Patches
https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
ISC StormCast for Tuesday, June 11th 2019
11 juni 2019 |
6 min
Interesting JavaScript Obfuscation Example
https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
ISC StormCast for Monday, June 10th 2019
10 juni 2019 |
8 min
Keep An Eye On Your WMI Logs
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
ISC StormCast for Friday, June 7th 2019
6 juni 2019 |
7 min
GoldBrute Botnet Brute Forcing RDP
https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
Exim Vulnerability
https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/
iOS App Developers Disabling TLS
https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
Exim Vulnerability
https://isc.sans.edu/forums/diary/Time+is+partially+on+our+side+the+new+Exim+vulnerability/25008/
iOS App Developers Disabling TLS
https://www.wandera.com/mobile-security/ios-app-developer-security-shortcuts/
ISC StormCast for Thursday, June 6th 2019
6 juni 2019 |
5 min
Android Monthly Update
https://source.android.com/security/bulletin/2019-06-01
Google Chrome Updates
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
MacOS Malware Injects Bing Ads
https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/
Kubernetes Vulnerability
https://github.com/kubernetes/kubernetes/issues/78308
Vulnerabilities in Phihsing Kits
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
https://source.android.com/security/bulletin/2019-06-01
Google Chrome Updates
https://chromereleases.googleblog.com/2019/06/stable-channel-update-for-desktop.html
MacOS Malware Injects Bing Ads
https://www.airoav.com/mitm-proxy-a-new-search-hijack-method-on-mojave/
Kubernetes Vulnerability
https://github.com/kubernetes/kubernetes/issues/78308
Vulnerabilities in Phihsing Kits
https://blogs.akamai.com/sitr/2019/06/identifying-vulnerabilities-in-phishing-kits.html
ISC StormCast for Wednesday, June 5th 2019
5 juni 2019 |
6 min
Vulnerability in Notepad
https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
ISC StormCast for Tuesday, June 4th 2019
4 juni 2019 |
5 min
Bypassing macOS Synthetic Click Protection
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
ISC StormCast for Monday, June 3rd 2019
3 juni 2019 |
6 min
Google Outage
https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
ISC StormCast for Friday, May 31st 2019
31 maj 2019 |
7 min
Analysing Shell Code with scdbg
https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
ISC StormCast for Thursday, May 30th 2019
30 maj 2019 |
6 min
Behavioural Malware Analysis With Microsoft Attack Surface Analyzer
https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
ISC StormCast for Wednesday, May 29th 2019
29 maj 2019 |
6 min
Office Document And Base64 Encoded PowerShell Script
https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/
https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html
Enumeration of BlueKeep Vulnerable Hosts
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
DHCP Client Vulnerablity Analysis
https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/
Office File Deleting Phishing Emails
https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
https://isc.sans.edu/forums/diary/Office+Document+BASE64+PowerShell/24976/
https://0xdf.gitlab.io/2019/05/21/malware-analysis-unnamed-emotet-doc.html
Enumeration of BlueKeep Vulnerable Hosts
https://blog.erratasec.com/2019/05/almost-one-million-vulnerable-to.html
DHCP Client Vulnerablity Analysis
https://sensepost.com/blog/2019/analysis-of-a-1day-cve-2019-0547-and-discovery-of-a-forgotten-condition-in-the-patch-cve-2019-0726-part-1-of-2/
Office File Deleting Phishing Emails
https://www.bleepingcomputer.com/news/security/phishing-emails-pretend-to-be-office-365-file-deletion-alerts/
ISC StormCast for Tuesday, May 28th 2019
28 maj 2019 |
6 min
MacOS GateKeeper Bypass
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
Fortinet FortiOS SSL VPN Vulnerabilities
https://fortiguard.com/psirt
Customizing NMAP Service Detection
https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
https://www.fcvl.net/vulnerabilities/macosx-gatekeeper-bypass
Fortinet FortiOS SSL VPN Vulnerabilities
https://fortiguard.com/psirt
Customizing NMAP Service Detection
https://isc.sans.edu/forums/diary/Video+nmap+Service+Detection+Customization/24970/
ISC StormCast for Friday, May 24th 2019
24 maj 2019 |
6 min
Dangers of Custom URL Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
ISC StormCast for Thursday, May 23rd 2019
22 maj 2019 |
6 min
An Update on the Microsoft Windows RDP BlueKeep Vulnerablity
https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
ISC StormCast for Wednesday, May 22nd 2019
21 maj 2019 |
6 min
Setting Up Shodan Monitoring
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
ISC StormCast for Tuesday, May 21st 2019
20 maj 2019 |
5 min
MSFT RDP Vulnerability (#BlueKeep) Update
https://twitter.com/search?q=%23bluekeep
Sharepoint Exploited
https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
Risks of JWT
https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/
MuddyWater Campaign Evolves
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
https://twitter.com/search?q=%23bluekeep
Sharepoint Exploited
https://isc.sans.edu/forums/diary/CVE20190604+Attack/24952/
Risks of JWT
https://snikt.net/blog/2019/05/16/jwt-signature-vs-mac-attacks/
MuddyWater Campaign Evolves
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
ISC StormCast for Monday, May 20th 2019
19 maj 2019 |
6 min
Google Analyzes Vendor Response to 0-Day Exploits
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
ISC StormCast for Friday, May 17th 2019
17 maj 2019 |
6 min
The Risk of Authenticated Vulnerability Scans
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
ISC StormCast for Thursday, May 16th 2019
16 maj 2019 |
5 min
Forbes Website Infected by Magecart
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
ISC StormCast for Wednesday, May 15th 2019
15 maj 2019 |
6 min
New Intel CPU Vulnerabilities
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
ISC StormCast for Tuesday, May 14th 2019
14 maj 2019 |
6 min
Linux Remote Code Execution When Closing TCP Sockets
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
ISC StormCast for Monday, May 13th 2019
13 maj 2019 |
5 min
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
ISC StormCast for Friday, May 10th 2019
10 maj 2019 |
6 min
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
ISC StormCast for Thursday, May 9th 2019
9 maj 2019 |
6 min
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
ISC StormCast for Wednesday, May 8th 2019
8 maj 2019 |
5 min
Jenkins Exploit Mines Cryptocurrencies
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
ISC StormCast for Tuesday, May 7th 2019
7 maj 2019 |
6 min
Decoding UTF-16 in UDF Files
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
ISC StormCast for Monday, May 6th 2019
5 maj 2019 |
7 min
Git Ransomware
https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/
DLink Ransomware Patch
https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor
Jenkins Plugin Vulnerabilities
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/
Malicious WPAD Domains
https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
https://www.theregister.co.uk/2019/05/03/git_ransomware_bitcoin/
DLink Ransomware Patch
https://eu.dlink.com/de/de/support/support-news/2019/february/28/dns320_trojan_cr1pttor
Jenkins Plugin Vulnerabilities
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2019/may/story-of-a-hundred-vulnerable-jenkins-plugins/
Malicious WPAD Domains
https://blog.redteam.pl/2019/05/badwpad-and-wpad-pl-wpadblocking-com.html
ISC StormCast for Friday, May 3rd 2019
3 maj 2019 |
6 min
New SAP Exploits Used to Target Exposed
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
ISC StormCast for Thursday, May 2nd 2019
2 maj 2019 |
6 min
RCE Vulnerability in Dell Support Assist
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
ISC StormCast for Wednesday, May 1st 2019
1 maj 2019 |
6 min
Sodinokibi Ransomware Exploits WebLogic Server Vulnerability
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Facebook Leaking Sellers Exact Locations
https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
Revive Adserver Deserialization Vulnerability
https://www.revive-adserver.com/security/revive-sa-2019-001/
AutoMacTC: Automating Mac Forensics Triage
https://www.crowdstrike.com/blog/automating-mac-forensic-triage/
Kroll Artifact Parser And Extractor (KAPE)
https://learn.duffandphelps.com/kape
https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Facebook Leaking Sellers Exact Locations
https://www.7elements.co.uk/resources/blog/facebooks-burglary-shopping-list/
Revive Adserver Deserialization Vulnerability
https://www.revive-adserver.com/security/revive-sa-2019-001/
AutoMacTC: Automating Mac Forensics Triage
https://www.crowdstrike.com/blog/automating-mac-forensic-triage/
Kroll Artifact Parser And Extractor (KAPE)
https://learn.duffandphelps.com/kape
ISC StormCast for Tuesday, April 30th 2019
30 april 2019 |
6 min
iLnkP2P Allows Access To Millions of Security Cameras
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
ISC StormCast for Monday, April 29th 2019
29 april 2019 |
5 min
WebLogic Update
https://isc.sans.edu/diary.html?storyid=24890
Docker Hub Breach
https://success.docker.com/article/docker-hub-user-notification
https://isc.sans.edu/diary.html?storyid=24890
Docker Hub Breach
https://success.docker.com/article/docker-hub-user-notification
ISC StormCast for Friday, April 26th 2019
26 april 2019 |
5 min
Unpatched Vulnerablity in WebLogic Exploited
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
ISC StormCast for Thursday, April 25th 2019
25 april 2019 |
7 min
Rooting Out Unwanted Domain Admins With Powershell
https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
ISC StormCast for Wednesday, April 24th 2019
24 april 2019 |
6 min
Decoding Malicious VBA Office Document Without Source Code
https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
ISC StormCast for Tuesday, April 23rd 2019
22 april 2019 |
6 min
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250
https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
ISC StormCast for Monday, April 22nd 2019
22 april 2019 |
7 min
Analyzing UDF Files Using Python
https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
ISC StormCast for Friday, April 19th 2019
19 april 2019 |
7 min
Malware Delivered As a UDF .img file
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
ISC StormCast for Thursday, April 18th 2019
18 april 2019 |
5 min
DNS Hijacking by Sea Turtle
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
ISC StormCast for Wednesday, April 17th 2019
17 april 2019 |
6 min
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian)
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
ISC StormCast for Tuesday, April 16th 2019
16 april 2019 |
7 min
Common "False Positives" in DNS Query Logs
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/
Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/
Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
ISC StormCast for Monday, April 15th 2019
15 april 2019 |
6 min
Configuring MTA-STS
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
ISC StormCast for Friday, April 12th 2019
12 april 2019 |
6 min
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
ISC StormCast for Thursday, April 11th 2019
11 april 2019 |
8 min
WPA3 Dragonblood Vulnerability
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
ISC StormCast for Wednesday, April 10th 2019
9 april 2019 |
7 min
Microsoft and Adobe Patches
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
ISC StormCast for Tuesday, April 9th 2019
9 april 2019 |
6 min
GHidra vs. IDA
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
ISC StormCast for Monday, April 8th 2019
7 april 2019 |
7 min
Fake Office 365 Invoices Spread Ransomware
https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/
Malware Hiding in .well-known directory
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Altering CT Images to Manipulate Diagnosis
https://arxiv.org/pdf/1901.03597.pdf
QT Framework RCE Vulnerability
https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
https://isc.sans.edu/forums/diary/Fake+Office+365+Payment+Information+Update/24818/
Malware Hiding in .well-known directory
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Altering CT Images to Manipulate Diagnosis
https://arxiv.org/pdf/1901.03597.pdf
QT Framework RCE Vulnerability
https://www.zerodayinitiative.com/blog/2019/4/3/loading-up-a-pair-of-qt-bugs-detailing-cve-2019-1636-and-cve-2019-6739
ISC StormCast for Friday, April 5th 2019
4 april 2019 |
6 min
New Waves of Scans Detected By An Old Rule
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
ISC StormCast for Thursday, April 4th 2019
4 april 2019 |
6 min
Ghidra tips for IDA users: Automatic Comments for API Call Parameters
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
ISC StormCast for Wednesday, April 3rd 2019
3 april 2019 |
5 min
Compromised LaCie Drive Spread Fake AntiVirus
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
ISC StormCast for Tuesday, April 2nd 2019
2 april 2019 |
5 min
Common "OpenAction" False Positive in PDFs Created by OpenOffice
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
ISC StormCast for Monday, April 1st 2019
31 mars 2019 |
6 min
Annotating Golang Binaries with Cutter and Jupyter
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
ISC StormCast for Friday, March 29th 2019
28 mars 2019 |
5 min
Creating Your Own Passive DNS Logs
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
ISC StormCast for Thursday, March 28th 2019
27 mars 2019 |
5 min
Microsoft Releases Application Guard for Firefox and Chrome
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
ISC StormCast for Wednesday, March 27th 2019
26 mars 2019 |
6 min
Apple Updates
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
ISC StormCast for Tuesday, March 26th 2019
25 mars 2019 |
5 min
ASUS Live Update "ShadowHammer" Backdoor
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883
ISC StormCast for Monday, March 25th 2019
24 mars 2019 |
6 min
Reversing Malware Written In Golang
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
ISC StormCast for Thursday, March 21st 2019
21 mars 2019 |
5 min
Google Photo Cross-Site-Leak Exposes Picture Meta Data
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
ISC StormCast for Wednesday, March 20th 2019
20 mars 2019 |
6 min
Using Active Directory (AD) To Find Hosts That Are Not in AD
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
ISC StormCast for Wednesday, March 20th 2019
19 mars 2019 |
6 min
Cloudflare Releases Proxy Detection Tools
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
ISC StormCast for Monday, March 18th 2019
18 mars 2019 |
6 min
Putty Updates
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
ISC StormCast for Sunday, March 17th 2019
17 mars 2019 |
7 min
Binary Analysis With Jupyter and Radare2
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
ISC StormCast for Friday, March 15th 2019
15 mars 2019 |
5 min
Analyzing ZIP Files in Ghydra
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
ISC StormCast for Wednesday, March 13th 2019
13 mars 2019 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
Adobe Updates
https://helpx.adobe.com/security.html
PSMiner
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Automatic Certificate Managment Environment
https://tools.ietf.org/html/rfc8555
https://isc.sans.edu/forums/diary/Microsoft+March+2019+Patch+Tuesday/24742/
Adobe Updates
https://helpx.adobe.com/security.html
PSMiner
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Automatic Certificate Managment Environment
https://tools.ietf.org/html/rfc8555
ISC StormCast for Tuesday, March 12th 2019
12 mars 2019 |
5 min
DevOps Tool StackStorm Vulnerability
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
ISC StormCast for Monday, March 11th 2019
10 mars 2019 |
7 min
Reversing HTA Files
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
ISC StormCast for Friday, March 8th 2019
8 mars 2019 |
6 min
RSA Panel Video
https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them
Disposable E-Mail Addresses
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/
NetApp Default Account Vulnerability
https://security.netapp.com/advisory/ntap-20190305-0001/
Cisco NS-OS NX-API Privilege Escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
Slub Backdoor Users GitHub and Slack
https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
https://www.rsaconference.com/videos/the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them
Disposable E-Mail Addresses
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Disposable+Email+Addresses/24716/
NetApp Default Account Vulnerability
https://security.netapp.com/advisory/ntap-20190305-0001/
Cisco NS-OS NX-API Privilege Escalation
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190306-nxos-NXAPI-cmdinj
Slub Backdoor Users GitHub and Slack
https://blog.trendmicro.com/trendlabs-security-intelligence/new-slub-backdoor-uses-github-communicates-via-slack/
ISC StormCast for Thursday, March 7th 2019
7 mars 2019 |
6 min
More Resume Malspam. Now With Trickbot and EternalBlue
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
ISC StormCast for Wednesday, March 6th 2019
6 mars 2019 |
6 min
Comcast Uses same "0000" PIN For All Number Porting Requests
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
ISC StormCast for Tuesday, March 5th 2019
5 mars 2019 |
6 min
MacOS Unpatched Privilge Escalation Vulnerability made Public
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
ISC StormCast for Monday, March 4th 2019
4 mars 2019 |
6 min
Cisco Router Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
ISC StormCast for Friday, March 1st 2019
1 mars 2019 |
6 min
Emotet Backend Analysis
https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/
Kaspersky Vs. Chromecast
https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/
MageCart Updates
https://www.riskiq.com/research/inside-magecart/
https://maxkersten.nl/binary-analysis-course/malware-analysis/emotet-droppers/
Kaspersky Vs. Chromecast
https://www.bleepingcomputer.com/news/security/kaspersky-av-having-certificate-conflicts-with-google-chromecast/
MageCart Updates
https://www.riskiq.com/research/inside-magecart/
ISC StormCast for Thursday, February 28th 2019
28 februari 2019 |
5 min
Coinhive Shutting Down
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
ISC StormCast for Wednesday, February 27th 2019
27 februari 2019 |
5 min
Thunderbolt "Thunderclap" Vulnerabilities
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
ISC StormCast for Tuesday, February 26th 2019
26 februari 2019 |
7 min
WinRAR ACE Vulnerabilty used in Malspam
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
ISC StormCast for Monday, February 25th 2019
25 februari 2019 |
5 min
B0ront0k Linux Server Ransomware
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
ISC StormCast for Friday, February 22nd 2019
22 februari 2019 |
7 min
Adobe Re-Patches Reader/Acrobat Data Leakage Bug
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
ISC StormCast for Thursday, February 21st 2019
21 februari 2019 |
6 min
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
ISC StormCast for Wednesday, February 20th 2019
20 februari 2019 |
6 min
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
ISC StormCast for Tuesday, February 19th 2019
19 februari 2019 |
5 min
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
ISC StormCast for Monday, February 18th 2019
18 februari 2019 |
5 min
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
ISC StormCast for Friday, February 15th 2019
15 februari 2019 |
6 min
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
ISC StormCast for Thursday, February 14th 2019
14 februari 2019 |
6 min
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
ISC StormCast for Wednesday, February 13th 2019
13 februari 2019 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
ISC StormCast for Tuesday, February 12th 2019
12 februari 2019 |
5 min
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
ISC StormCast for Monday, February 11th 2019
11 februari 2019 |
7 min
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
ISC StormCast for Friday, February 8th 2019
8 februari 2019 |
5 min
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
ISC StormCast for Thursday, February 7th 2019
6 februari 2019 |
6 min
Android Monthly Security Update
https://source.android.com/security/bulletin/2019-02-01.html
Skia Graphics Library Vulnerability
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
Google Chrome Password Check
https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related
Hancitor HelloFax Malspam
https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
https://source.android.com/security/bulletin/2019-02-01.html
Skia Graphics Library Vulnerability
https://googleprojectzero.blogspot.com/2019/02/the-curious-case-of-convexity-confusion.html
Google Chrome Password Check
https://chrome.google.com/webstore/detail/password-checkup/pncabnpcffmalkkjpajodfhijclecjno/related
Hancitor HelloFax Malspam
https://isc.sans.edu/forums/diary/Hancitor+malspam+and+infection+traffic+from+Tuesday+20190205/24616/
ISC StormCast for Wednesday, February 6th 2019
6 februari 2019 |
7 min
Mitigations against Mimikatz Style Attacks
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
ISC StormCast for Tuesday, February 5th 2019
5 februari 2019 |
5 min
Exploiting Struts in vCenter
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
ISC StormCast for Monday, February 4th 2019
4 februari 2019 |
8 min
Sextortion EMail Update
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
ISC StormCast for Friday, February 1st 2019
1 februari 2019 |
6 min
Tracking DNS Changes
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
ISC StormCast for Thursday, January 31st 2019
31 januari 2019 |
6 min
Chrome Update
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
ISC StormCast for Wednesday, January 30th 2019
30 januari 2019 |
6 min
Phishing Not Ready for IPv6
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
ISC StormCast for Tuesday, January 29th 2019
29 januari 2019 |
5 min
Relaying Exchange's NTLM Autentication to Become Domain Admin
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
ISC StormCast for Monday, January 28th 2019
28 januari 2019 |
7 min
Cisco RV320/325 Router Vulnerability Exploited
https://github.com/0x27/CiscoRV320Dump
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
HTTP Signed Exchanges
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
BGP Experiments Disrupt Routers
https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html
Packet Challenge
https://johannes.homepc.org/packet9.txt
https://github.com/0x27/CiscoRV320Dump
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-inject
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-rv-info
HTTP Signed Exchanges
https://wicg.github.io/webpackage/draft-yasskin-http-origin-signed-responses.html
BGP Experiments Disrupt Routers
https://mailman.nanog.org/pipermail/nanog/2019-January/098761.html
Packet Challenge
https://johannes.homepc.org/packet9.txt
ISC StormCast for Friday, January 25th 2019
25 januari 2019 |
6 min
Ghostscript Remote Code Execution Vulnerability
https://www.openwall.com/lists/oss-security/2019/01/23/5
Abusing Exchange to Obtain Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
IPC Voucher UaF Remote Jailbreak
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html
Cisco Security Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
https://www.openwall.com/lists/oss-security/2019/01/23/5
Abusing Exchange to Obtain Domain Admin
https://dirkjanm.io/abusing-exchange-one-api-call-away-from-domain-admin/
IPC Voucher UaF Remote Jailbreak
http://blogs.360.cn/post/IPC%20Voucher%20UaF%20Remote%20Jailbreak%20Stage%202%20(EN).html
Cisco Security Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190123-sdwan-bo
ISC StormCast for Thursday, January 24th 2019
24 januari 2019 |
5 min
DHS Emergency Directive Regarding DNS Tampering
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
ISC StormCast for Wednesday, January 23rd 2019
23 januari 2019 |
7 min
Turning MISP Data into RPZs
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
ISC StormCast for Tuesday, January 22nd 2019
22 januari 2019 |
6 min
Suspicious GET Request: Do you know what it is?
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
ISC StormCast for Monday, January 21st 2019
21 januari 2019 |
6 min
Drupal Patches
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
ISC StormCast for Friday, January 18th 2019
18 januari 2019 |
6 min
Android Malware Uses Motion Detection to Evade Analysis
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
ISC StormCast for Thursday, January 17th 2019
17 januari 2019 |
6 min
Emotet and Other Malspam Campaigns Resume After Holiday Break
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
ISC StormCast for Wednesday, January 16th 2019
16 januari 2019 |
6 min
MSFT Skype/Team Foundation Server Patches
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
ISC StormCast for Tuesday, January 15th 2019
14 januari 2019 |
6 min
Microsoft LAPS - Blue Team / Red Team
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
ISC StormCast for Monday, January 14th 2019
14 januari 2019 |
6 min
Government Website TLS Certificates Expire due to Partial Shutdown
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
ISC StormCast for Friday, January 11th 2019
11 januari 2019 |
6 min
Old Tricks still work: I love you Malspam
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
ISC StormCast for Thursday, January 10th 2019
10 januari 2019 |
6 min
Simple Mechanism for Creating Certificates
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
ISC StormCast for Wednesday, January 9th 2019
9 januari 2019 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
ISC StormCast for Tuesday, January 8th 2019
8 januari 2019 |
7 min
Malware of the Day: Encrypted Word Document
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
ISC StormCast for Monday, January 7th 2019
7 januari 2019 |
7 min
Malware in TAR Files
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
ISC StormCast for Friday, January 4th 2019
4 januari 2019 |
6 min
Malware Leaks Victim Data via FTP
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
ISC StormCast for Thursday, January 3rd 2019
3 januari 2019 |
6 min
ISC StormCast for Wednesday, January 2nd 2019
2 januari 2019 |
7 min
Bypassing Vein Scanner Authentication (in german)
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
ISC StormCast for Friday, December 28th 2018
28 december 2018 |
6 min
Phishing Attack Uses IP Counter
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
ISC StormCast for Thursday, December 27th 2018
26 december 2018 |
3 min
Problems with IE Emergency Patch
https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
Bitcoin Blacklists
https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/
D-Link DIR-816 A2 Stack Overflow
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
https://support.microsoft.com/en-us/help/4483229/december192018kb4483229osbuild143932670
Bitcoin Blacklists
https://isc.sans.edu/forums/diary/Bitcoin+Blacklists/24456/
D-Link DIR-816 A2 Stack Overflow
https://github.com/RootSoull/Vuln-Poc/tree/master/D-Link/DIR-816
ISC StormCast for Friday, December 21st 2018
21 december 2018 |
6 min
Windows 0-Day PoC Published: Arbitrary File Read as System
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
ISC StormCast for Thursday, December 20th 2018
20 december 2018 |
4 min
Microsoft Publishes Emergency Patch for Internet Explorer
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
ISC StormCast for Wednesday, December 19th 2018
19 december 2018 |
6 min
ASUS Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
ISC StormCast for Tuesday, December 18th 2018
18 december 2018 |
5 min
Password Protected ZIP with Maldoc
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
ISC StormCast for Monday, December 17th 2018
17 december 2018 |
5 min
Magellan Sqlite Vulnerability
https://blade.tencent.com/magellan/index_en.html
Logitech Options Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1663
Intel NUC BIOS Protection Flaw
https://embedi.org/blog/nuclear-explotion/
HiddenTear Ransomware Decrypter
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
https://blade.tencent.com/magellan/index_en.html
Logitech Options Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1663
Intel NUC BIOS Protection Flaw
https://embedi.org/blog/nuclear-explotion/
HiddenTear Ransomware Decrypter
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
ISC StormCast for Friday, December 14th 2018
14 december 2018 |
7 min
Fake E-Mail Bomb Threats
https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/
https://www.cnn.com/2018/12/13/us/email-bomb-threats/index.html
Phishing Via Non-Delivery Notices
https://isc.sans.edu/forums/diary/Phishing+Attack+Through+NonDelivery+Notification/24412/
LamePyre MacOS Malware
https://blog.malwarebytes.com/detections/osx-lamepyre/
ISC StormCast for Thursday, December 13th 2018
13 december 2018 |
5 min
Yet Another DOSfuscation Sample
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
ISC StormCast for Wednesday, December 12th 2018
12 december 2018 |
6 min
Microsoft December 2018 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
ISC StormCast for Tuesday, December 11th 2018
11 december 2018 |
6 min
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
ISC StormCast for Monday, December 10th 2018
10 december 2018 |
6 min
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
ISC StormCast for Friday, December 7th 2018
7 december 2018 |
22 min
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
ISC StormCast for Thursday, December 6th 2018
6 december 2018 |
5 min
Adobe Releases Emergency Flash Patch
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
ISC StormCast for Wednesday, December 5th 2018
5 december 2018 |
6 min
Fake Ransomware Decryption Service
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
ISC StormCast for Tuesday, December 4th 2018
4 december 2018 |
5 min
Word Maldoc: Yet Another Place to Hide a Command
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
ISC StormCast for Monday, December 3rd 2018
3 december 2018 |
7 min
KingMiner Improved Cryptomining
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Siglent Technologies Oscilloscope Vulnerabilities
https://seclists.org/fulldisclosure/2018/Nov/68
Autocad Malware
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
ISC Stickers (login required. first 10 requests each day)
https://isc.sans.edu/sticker.html
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Siglent Technologies Oscilloscope Vulnerabilities
https://seclists.org/fulldisclosure/2018/Nov/68
Autocad Malware
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
ISC Stickers (login required. first 10 requests each day)
https://isc.sans.edu/sticker.html
ISC StormCast for Friday, November 30th 2018
30 november 2018 |
14 min
Russian Language Malspam Pushing Shade (Troldesh) Ransomware
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
ISC StormCast for Thursday, November 29th 2018
29 november 2018 |
6 min
Obfuscated Shell Scripts: Fake MacOS Flash Updates
https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/
Sennheiser HeadSetup Certificate Authority Install
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Microsoft Fixes Shared Folder Permission Deletion Problem
https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684
3ve Botnet Dismanteled
https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
https://isc.sans.edu/forums/diary/More+obfuscated+shell+scripts+Fake+MacOS+Flash+update/24352/
Sennheiser HeadSetup Certificate Authority Install
https://www.secorvo.de/publikationen/headsetup-vulnerability-report-secorvo-2018.pdf
Microsoft Fixes Shared Folder Permission Deletion Problem
https://support.microsoft.com/en-us/help/4467684/windows-10-update-kb4467684
3ve Botnet Dismanteled
https://services.google.com/fh/files/blogs/3ve_google_whiteops_whitepaper_final_nov_2018.pdf
ISC StormCast for Wednesday, November 28th 2018
28 november 2018 |
5 min
Obfuscated QNAP bash Malware;
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
ISC StormCast for Tuesday, November 27th 2018
27 november 2018 |
6 min
ViperMonkey: VBA Maldoc Deobfuscation
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
ISC StormCast for Monday, November 26th 2018
26 november 2018 |
6 min
Attacks Against Docker API
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
ISC StormCast for Wednesday, November 21st 2018
21 november 2018 |
3 min
Critical Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
ISC StormCast for Tuesday, November 20th 2018
20 november 2018 |
5 min
Google Play Malware
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
ISC StormCast for Monday, November 19th 2018
18 november 2018 |
5 min
Multipurpose PCAP Analysis Tool
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
ISC StormCast for Friday, November 16th 2018
16 november 2018 |
15 min
Emotet Spreading IcedID Banking Malware
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
ISC StormCast for Thursday, November 15th 2018
15 november 2018 |
6 min
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
ISC StormCast for Wednesday, November 14th 2018
14 november 2018 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, November 13th 2018
13 november 2018 |
5 min
Google BGP Hijack via Russia
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
ISC StormCast for Monday, November 12th 2018
12 november 2018 |
6 min
Cloudflare Releases Mobile Apps To Use 1.1.1.1
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
ISC StormCast for Friday, November 9th 2018
9 november 2018 |
17 min
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
ISC StormCast for Thursday, November 8th 2018
8 november 2018 |
7 min
VirtualBox 0 Day Guest Escape Exploit Released
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
ISC StormCast for Wednesday, November 7th 2018
7 november 2018 |
6 min
China Telecom's Internet Traffic Misdirection
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
ISC StormCast for Tuesday, November 6th 2018
6 november 2018 |
6 min
Struts 2.3 Uses Outdated commons-fileupload library
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
Fake Elon Musk Tweet used to steal Bitcoin
https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/
Bypassing SSD Drive Hardware Encryption
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
https://isc.sans.edu/forums/diary/Struts+23+Vulnerable+to+Two+Year+old+File+Upload+Flaw/24278/
Fake Elon Musk Tweet used to steal Bitcoin
https://www.bleepingcomputer.com/news/security/fake-elon-musk-twitter-bitcoin-scam-earned-180k-in-one-day/
Bypassing SSD Drive Hardware Encryption
https://www.ru.nl/english/news-agenda/news/vm/icis/cyber-security/2018/radboud-university-researchers-discover-security/
ISC StormCast for Monday, November 5th 2018
5 november 2018 |
5 min
Beyond good ol' LaunchAgents
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
ISC StormCast for Friday, November 2nd 2018
1 november 2018 |
5 min
Windows Defender Sandboxing Bug
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
ISC StormCast for Thursday, November 1st 2018
1 november 2018 |
5 min
Encrypted Word Maldocs
https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
iOS / MacOS ICMP Error Remote Code Execution
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
iOS Lock Screen Bypass
https://www.youtube.com/watch?v=ojigFgwrtKs
https://isc.sans.edu/forums/diary/More+malspam+using+passwordprotected+Word+docs/24262/
iOS / MacOS ICMP Error Remote Code Execution
https://lgtm.com/blog/apple_xnu_icmp_error_CVE-2018-4407
iOS Lock Screen Bypass
https://www.youtube.com/watch?v=ojigFgwrtKs
ISC StormCast for Wednesday, October 31st 2018
31 oktober 2018 |
5 min
Change in Strategy for Hancitor Malware
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
ISC StormCast for Tuesday, October 30th 2018
30 oktober 2018 |
6 min
Maldoc Duplicating PowerShell
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
ISC StormCast for Monday, October 29th 2018
29 oktober 2018 |
5 min
Dissecting Malicious Office Documents in Linux
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
ISC StormCast for Friday, October 26th 2018
26 oktober 2018 |
5 min
Scam Calls Targeting Chinese Living in the US
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
ISC StormCast for Thursday, October 25th 2018
25 oktober 2018 |
5 min
Reversing AutoIT
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
ISC StormCast for Wednesday, October 24th 2018
24 oktober 2018 |
6 min
Malware Uses Decoy Picture
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
ISC StormCast for Tuesday, October 23rd 2018
23 oktober 2018 |
5 min
MSG Files: Compressed RTF
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
ISC StormCast for Monday, October 22nd 2018
22 oktober 2018 |
5 min
MacOS LaunchAgent
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/
TLS Session Tracking
https://arxiv.org/pdf/1810.07304.pdf
jQuery File Upload Plugin
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Drupal Update
https://www.drupal.org/sa-core-2018-006
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+0/24230/
TLS Session Tracking
https://arxiv.org/pdf/1810.07304.pdf
jQuery File Upload Plugin
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Drupal Update
https://www.drupal.org/sa-core-2018-006
ISC StormCast for Friday, October 19th 2018
19 oktober 2018 |
4 min
Cisco Patches
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17
51% Attack Against Crypto Currencies
https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/
VMWare Patch
https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
https://tools.cisco.com/security/center/Search.x?publicationTypeIDs=1&firstPublishedStartDate=2018%2F10%2F17&firstPublishedEndDate=2018%2F10%2F17&lastPublishedStartDate=2018%2F10%2F17&lastPublishedEndDate=2018%2F10%2F17
51% Attack Against Crypto Currencies
https://old.reddit.com/r/CryptoCurrency/comments/9m1uuj/if_i_livestreamed_the_setup_and_execution_of/
VMWare Patch
https://www.vmware.com/au/security/advisories/VMSA-2018-0026.html
ISC StormCast for Thursday, October 18th 2018
18 oktober 2018 |
5 min
Abandoned "NewShareCount" Twitter Counter abused
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
ISC StormCast for Wednesday, October 17th 2018
17 oktober 2018 |
6 min
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
ISC StormCast for Tuesday, October 16th 2018
16 oktober 2018 |
6 min
Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
ISC StormCast for Monday, October 15th 2018
15 oktober 2018 |
6 min
Many Large Websites Affected by Branch.io XSS Flaw
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
ISC StormCast for Friday, October 12th 2018
11 oktober 2018 |
6 min
New Campaign Using Old Equation Editor Vulnerability
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
ISC StormCast for Thursday, October 11th 2018
11 oktober 2018 |
6 min
Remote Code Execution Vulnerability in WhatsApp
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
ISC StormCast for Wednesday, October 10th 2018
10 oktober 2018 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/
Adobe Updates
https://helpx.adobe.com/security.html
Magecart Infects "Shopper Approved" Plugin
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
https://isc.sans.edu/forums/diary/October+2018+Microsoft+Patch+Tuesday/24186/
Adobe Updates
https://helpx.adobe.com/security.html
Magecart Infects "Shopper Approved" Plugin
https://www.riskiq.com/blog/labs/magecart-shopper-approved/
ISC StormCast for Tuesday, October 9th 2018
9 oktober 2018 |
5 min
Apple Updates iOS and iCloud for Windows
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
ISC StormCast for Monday, October 8th 2018
8 oktober 2018 |
7 min
WPA2 Karck Attack Update
https://www.krackattacks.com/followup.html#overview
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Seattle Police Tries to Stop SWATing
https://www.seattle.gov/police/need-help/swatting
git Vulnerability Fixed
https://github.com/timwr/CVE-2017-1000117
https://www.krackattacks.com/followup.html#overview
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities
Seattle Police Tries to Stop SWATing
https://www.seattle.gov/police/need-help/swatting
git Vulnerability Fixed
https://github.com/timwr/CVE-2017-1000117
ISC StormCast for Friday, October 5th 2018
5 oktober 2018 |
7 min
Does the Chinese Military Manipulate Supermicro Motherboards?
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
ISC StormCast for Thursday, October 4th 2018
4 oktober 2018 |
6 min
Identifying a Phisher
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
ISC StormCast for Wednesday, October 3rd 2018
3 oktober 2018 |
5 min
How to Write Yara Rules
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
ISC StormCast for Tuesday, October 2nd 2018
2 oktober 2018 |
6 min
Update About Facebook Breach
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
ISC StormCast for Monday, October 1st 2018
1 oktober 2018 |
6 min
Facebook Leaks more than 50 Million Accounts
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
ISC StormCast for Friday, September 28th 2018
28 september 2018 |
6 min
Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
ISC StormCast for Thursday, September 27th 2018
27 september 2018 |
5 min
Emotet Malware Delivery Service Update
https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
ISC StormCast for Wednesday, September 26th 2018
26 september 2018 |
5 min
Firefox Haveibeenpwned Monitor
https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/
Chrome 69 Privacy Issues
https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/
Cisco FragmentSmack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment
Micorsoft Bitlocker Turns itself Off During Updates
https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
https://blog.mozilla.org/blog/2018/09/25/introducing-firefox-monitor-helping-people-take-control-after-a-data-breach/
Chrome 69 Privacy Issues
https://www.bleepingcomputer.com/news/google/chrome-69-keeps-googles-cookies-after-you-clear-browser-data/
Cisco FragmentSmack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180824-linux-ip-fragment
Micorsoft Bitlocker Turns itself Off During Updates
https://social.technet.microsoft.com/Forums/en-US/0e48536f-40ff-4046-bd08-ed4a39b4840f/bitlocker-automatically-suspending-during-updates?forum=win10itprosecurity
ISC StormCast for Tuesday, September 25th 2018
25 september 2018 |
6 min
More Sextortion Emails
https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/
MacOS 10.14 (Mojahve) Security Fixes
https://support.apple.com/en-us/HT209139
Mojave Privacy Protection Bypass
https://vimeo.com/291491984
Cloudflare Supporting Encrypted SNI
https://blog.cloudflare.com/esni/
https://isc.sans.edu/forums/diary/Sextortion+Spam+and+the+Infinite+Monkey+Theorem/24136/
MacOS 10.14 (Mojahve) Security Fixes
https://support.apple.com/en-us/HT209139
Mojave Privacy Protection Bypass
https://vimeo.com/291491984
Cloudflare Supporting Encrypted SNI
https://blog.cloudflare.com/esni/
ISC StormCast for Monday, September 24th 2018
24 september 2018 |
5 min
Odd DNS Requests from Firewalls
https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
ISC StormCast for Friday, September 21st 2018
21 september 2018 |
13 min
Hunting for Suspicious Processes with OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
ISC StormCast for Thursday, September 20th 2018
20 september 2018 |
5 min
Adobe Releases Special Patch for Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
ISC StormCast for Wednesday, September 19th 2018
19 september 2018 |
5 min
Certificate Transparency Tools
https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
ISC StormCast for Tuesday, September 18th 2018
18 september 2018 |
5 min
Analyzing Office Docs
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
ISC StormCast for Monday, September 17th 2018
17 september 2018 |
5 min
Reversing Visual Basic Shortcuts
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
ISC StormCast for Friday, September 14th 2018
14 september 2018 |
6 min
Malicious MHT Files
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
Improved Coldboot Attack
https://blog.f-secure.com/cold-boot-attacks/
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+MHT+Files/24096/
Improved Coldboot Attack
https://blog.f-secure.com/cold-boot-attacks/
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=499356993
ISC StormCast for Thursday, September 13th 2018
13 september 2018 |
7 min
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
ISC StormCast for Wednesday, September 12th 2018
12 september 2018 |
5 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
ISC StormCast for Tuesday, September 11th 2018
10 september 2018 |
5 min
"findstr" used to extract malware from LNK files
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
ISC StormCast for Sunday, September 9th 2018
9 september 2018 |
7 min
Crypto Mining in a Windows Headless Browser
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
ISC StormCast for Friday, September 7th 2018
6 september 2018 |
5 min
Malware Uses Powershell to Comple C# Code on the Fly
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
ISC StormCast for Thursday, September 6th 2018
5 september 2018 |
5 min
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
ISC StormCast for Wednesday, September 5th 2018
4 september 2018 |
6 min
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
ISC StormCast for Tuesday, September 4th 2018
4 september 2018 |
5 min
Reversing and Modifying the Medium Mobile App
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
ISC StormCast for Sunday, September 2nd 2018
2 september 2018 |
5 min
OSX/MacOS and Dangerous of Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
ISC StormCast for Friday, August 31st 2018
30 augusti 2018 |
6 min
Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
ISC StormCast for Thursday, August 30th 2018
29 augusti 2018 |
6 min
More Octoprint Details
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
ISC StormCast for Wednesday, August 29th 2018
28 augusti 2018 |
5 min
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
ISC StormCast for Tuesday, August 28th 2018
27 augusti 2018 |
4 min
H-Worm Variant Notes Infection Date in Registry
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
ISC StormCast for Monday, August 27th 2018
26 augusti 2018 |
6 min
Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample)
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
ISC StormCast for Friday, August 24th 2018
23 augusti 2018 |
6 min
Simple Phishing Through formcrafts.com
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
ISC StormCast for Thursday, August 23rd 2018
22 augusti 2018 |
5 min
New Critical Apache Struts Vulnerability (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
ISC StormCast for Wednesday, August 22nd 2018
21 augusti 2018 |
5 min
Malicious DDL Loaded Through AutoIT
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
ISC StormCast for Tuesday, August 21st 2018
20 augusti 2018 |
5 min
Regular Expression DDoS in Javascript
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
ISC StormCast for Monday, August 20th 2018
19 augusti 2018 |
6 min
Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
ISC StormCast for Friday, August 17th 2018
17 augusti 2018 |
7 min
Anonymize PCAPS
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
ISC StormCast for Thursday, August 16th 2018
16 augusti 2018 |
6 min
Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
ISC StormCast for Wednesday, August 15th 2018
15 augusti 2018 |
6 min
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
ISC StormCast for Tuesday, August 14th 2018
14 augusti 2018 |
5 min
New Sextorition Wave Using Partial Phone Numbers
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
ISC StormCast for Monday, August 13th 2018
13 augusti 2018 |
6 min
VIA C3 "God Mode"
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
ISC StormCast for Friday, August 10th 2018
10 augusti 2018 |
5 min
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
ISC StormCast for Thursday, August 9th 2018
9 augusti 2018 |
5 min
Homebrew Exposed Github Credentials
https://brew.sh/2018/08/05/security-incident-disclosure/
WhatsApp Vulnerability
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Netflix Releases Tool To Detected Cloud Credential Compromise
https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
https://brew.sh/2018/08/05/security-incident-disclosure/
WhatsApp Vulnerability
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Netflix Releases Tool To Detected Cloud Credential Compromise
https://medium.com/netflix-techblog/netflix-cloud-security-detecting-credential-compromise-in-aws-9493d6fd373a
ISC StormCast for Wednesday, August 8th 2018
8 augusti 2018 |
6 min
Linux TCP DoS Vulnerability
https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
ISC StormCast for Tuesday, August 7th 2018
7 augusti 2018 |
5 min
Numeric Obfuscation
https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/
Crestron Touchscreen Vulnerability
https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5
Facebook Releases "Fizz" TLS 1.3 Library
https://github.com/facebookincubator/fizz
https://isc.sans.edu/forums/diary/Numeric+obfuscation+another+example/23960/
Crestron Touchscreen Vulnerability
https://blog.securitycompass.com/security-advisory-regarding-crestron-tsw-xx60-touch-panel-devices-9f1a71a926a5
Facebook Releases "Fizz" TLS 1.3 Library
https://github.com/facebookincubator/fizz
ISC StormCast for Monday, August 6th 2018
6 augusti 2018 |
6 min
New WPA Attack
https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
ISC StormCast for Friday, August 3rd 2018
3 augusti 2018 |
7 min
Malware in Animated GIF Files
https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
ISC StormCast for Thursday, August 2nd 2018
2 augusti 2018 |
6 min
Facebook Smishing Attack
https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
ISC StormCast for Wednesday, August 1st 2018
1 augusti 2018 |
6 min
Powershell Inside Certificates
https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
ISC StormCast for Tuesday, July 31st 2018
31 juli 2018 |
7 min
DOSFuscation Campaign
https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/
Let's Encrypt Outage
https://letsencrypt.status.io
Malvertising Campaign Insides
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
https://isc.sans.edu/forums/diary/Malicious+Word+documents+using+DOSfuscation/23932/
Let's Encrypt Outage
https://letsencrypt.status.io
Malvertising Campaign Insides
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
ISC StormCast for Monday, July 30th 2018
30 juli 2018 |
7 min
Summary of Earchings in Recent Sextortion Attack
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
ISC StormCast for Friday, July 27th 2018
27 juli 2018 |
16 min
NetSpectre: Read Arbitrary Memory over the Network
https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
ISC StormCast for Thursday, July 26th 2018
26 juli 2018 |
5 min
Etherscan.io XSS Vulnerability
https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
ISC StormCast for Wednesday, July 25th 2018
25 juli 2018 |
5 min
Emotet Update
https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
ISC StormCast for Tuesday, July 24th 2018
24 juli 2018 |
6 min
More Spectre
https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
ISC StormCast for Monday, July 23rd 2018
23 juli 2018 |
5 min
New WebLogic Vulnerability Already Exploited
https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
ISC StormCast for Friday, July 20th 2018
20 juli 2018 |
5 min
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
ISC StormCast for Thursday, July 19th 2018
19 juli 2018 |
5 min
Increase in scans for port 15454
https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
ISC StormCast for Wednesday, July 18th 2018
18 juli 2018 |
5 min
Searching for Geographically Improbably Login Attempts
https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
ISC StormCast for Tuesday, July 17th 2018
17 juli 2018 |
8 min
Encrypted SNI in TLS 1.3
https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426
Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426
Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
ISC StormCast for Monday, July 16th 2018
16 juli 2018 |
7 min
Processing JSON
https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
ISC StormCast for Friday, July 13th 2018
13 juli 2018 |
6 min
Extortion Claims Include Leaked Passwords to Appear more Plausiable
https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
ISC StormCast for Thursday, July 12th 2018
12 juli 2018 |
6 min
Hello Peppa Followup
https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
ISC StormCast for Wednesday, July 11th 2018
11 juli 2018 |
6 min
MSFT Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/
https://patchtuesdaydashboard.com/
SettingContent-ms Files Blacklisted
https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US
Adobe Patches
https://helpx.adobe.com/security.html
Stolen DLINK Certificate
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+July+2018+now+with+Dashboard/23858/
https://patchtuesdaydashboard.com/
SettingContent-ms Files Blacklisted
https://support.office.com/en-us/article/packager-activation-in-office-365-desktop-applications-52808039-4a7c-4550-be3a-869dd338d834?ui=en-US&rs=en-US&ad=US
Adobe Patches
https://helpx.adobe.com/security.html
Stolen DLINK Certificate
https://www.welivesecurity.com/2018/07/09/certificates-stolen-taiwanese-tech-companies-plead-malware-campaign/
ISC StormCast for Tuesday, July 10th 2018
10 juli 2018 |
6 min
Reverse Shell via Weblogic Flaw
https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
ISC StormCast for Monday, July 9th 2018
9 juli 2018 |
4 min
Trivial Exploit For HP iLO 4 (patched last August)
https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
ISC StormCast for Friday, July 6th 2018
6 juli 2018 |
5 min
Gentoo GitHub Breach Post Morten
https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
ISC StormCast for Thursday, July 5th 2018
5 juli 2018 |
3 min
Progress Indication For Scripts in Windows
https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
ISC StormCast for Tuesday, July 3rd 2018
2 juli 2018 |
5 min
Odd PHP Exploit Attempt
https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
ISC StormCast for Monday, July 2nd 2018
2 juli 2018 |
6 min
MacOS Malware Targeting Slack/Dicord Crypto Comunities
https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
ISC StormCast for Friday, June 29th 2018
29 juni 2018 |
6 min
Less Greedy Cryptominers
https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/
Disassemling Webassembly
https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
Spectre Browser Mitigation Bypass
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
Gentoo Github Repository Compromise
https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
https://isc.sans.edu/forums/diary/New+and+Improved+Cryptominers+Now+with+50+less+Greed/23812/
Disassemling Webassembly
https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries
Spectre Browser Mitigation Bypass
https://alephsecurity.com/2018/06/26/spectre-browser-query-cache/
Gentoo Github Repository Compromise
https://archives.gentoo.org/gentoo-announce/message/dc23d48d2258e1ed91599a8091167002
ISC StormCast for Thursday, June 28th 2018
27 juni 2018 |
7 min
Secret Office 365 Activity Log API Unveiled (plus tool to extract logs)
http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/
Anonymizing Printers
https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung
Silently Profiling Unknown Malware Samples
https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/
Cisco CVE-2018-0296 Exploited
https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
http://lmgsecurity.com/exposing-the-secret-office-365-forensics-tool/
Anonymizing Printers
https://tu-dresden.de/ing/informatik/sya/ps/die-professur/news/geheime-daten-auf-dem-druckpapier-diplominformatiker-der-tu-dresden-entwickeln-verfahren-gegen-druckerueberwachung
Silently Profiling Unknown Malware Samples
https://isc.sans.edu/forums/diary/Silently+Profiling+Unknown+Malware+Samples/23808/
Cisco CVE-2018-0296 Exploited
https://www.bleepingcomputer.com/news/security/cisco-asa-flaw-exploited-in-the-wild-after-publication-of-two-pocs/
ISC StormCast for Wednesday, June 27th 2018
27 juni 2018 |
7 min
Analyzing XPS Files
https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/
WPA3 Standard Finalized
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
Executing Code with SettingContent-ms Files
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
EFF Analysis of STARTTLS
https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
https://isc.sans.edu/forums/diary/Analyzing+XPS+files/23804/
WPA3 Standard Finalized
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-wi-fi-certified-wpa3-security
Executing Code with SettingContent-ms Files
https://posts.specterops.io/the-tale-of-settingcontent-ms-files-f1ea253e4d39
EFF Analysis of STARTTLS
https://www.eff.org/deeplinks/2018/06/technical-deep-dive-starttls-everywhere
ISC StormCast for Tuesday, June 26th 2018
26 juni 2018 |
7 min
Guilty By Association
https://isc.sans.edu/forums/diary/Guilty+by+association/23800/
Filezila and Adware
https://forum.filezilla-project.org/viewtopic.php?t=48441
iOS Pin Brute Forcing Confusion
https://twitter.com/hackerfantastic/status/1010631766087032832
https://twitter.com/hackerfantastic/status/1010240042990596096
Azure Baseline Security Policy
https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/
Phone Battery Usage as Keystroke Logger
https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
https://isc.sans.edu/forums/diary/Guilty+by+association/23800/
Filezila and Adware
https://forum.filezilla-project.org/viewtopic.php?t=48441
iOS Pin Brute Forcing Confusion
https://twitter.com/hackerfantastic/status/1010631766087032832
https://twitter.com/hackerfantastic/status/1010240042990596096
Azure Baseline Security Policy
https://cloudblogs.microsoft.com/enterprisemobility/2018/06/22/baseline-security-policy-for-azure-ad-admin-accounts-in-public-preview/
Phone Battery Usage as Keystroke Logger
https://sites.google.com/site/silbersteinmark/Home/popets18power.pdf?attredirects=1
ISC StormCast for Monday, June 25th 2018
25 juni 2018 |
6 min
XPS Documents Used for Spam
https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
New Exploit Kit Trends
https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/
https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/
Deprecating TLSv1.0 and TLSv1.1
https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
Leaky Firebase Installs
http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
https://isc.sans.edu/forums/diary/XPS+Attachment+Used+for+Phishing/23794/
New Exploit Kit Trends
https://researchcenter.paloaltonetworks.com/2018/06/unit42-the-old-and-new-current-trends-in-web-based-threats/
https://blog.malwarebytes.com/cybercrime/2018/06/exploit-kits-spring-2018-review/
Deprecating TLSv1.0 and TLSv1.1
https://datatracker.ietf.org/doc/draft-moriarty-tls-oldversions-diediedie/
Leaky Firebase Installs
http://info.appthority.com/-q2-2018-mtr-download-Firebase-vulnerability
ISC StormCast for Friday, June 22nd 2018
22 juni 2018 |
6 min
Fake Fortnite
https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/
Fake Wannacry E-Mails
https://twitter.com/actionfrauduk/status/1009803967705092096
Ransomware Installs In Internet Cafes
http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm
OpenVPN Malicious Configuration Files
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
https://blog.malwarebytes.com/cybercrime/2018/06/fake-fortnite-android-links-found-youtube/
Fake Wannacry E-Mails
https://twitter.com/actionfrauduk/status/1009803967705092096
Ransomware Installs In Internet Cafes
http://hznews.hangzhou.com.cn/shehui/content/2018-06/16/content_7020998.htm
OpenVPN Malicious Configuration Files
https://medium.com/tenable-techblog/reverse-shell-from-an-openvpn-configuration-file-73fd8b1d38da
Cisco Advisories
https://tools.cisco.com/security/center/publicationListing.x
ISC StormCast for Thursday, June 21st 2018
21 juni 2018 |
7 min
Netflix Phishing Sites Using TLS
https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/[email protected]/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/[email protected]/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
ISC StormCast for Wednesday, June 20th 2018
19 juni 2018 |
6 min
PowerShell ScriptBlock Loggin Bypass in the Wild
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
ISC StormCast for Tuesday, June 19th 2018
19 juni 2018 |
6 min
Obfuscated JavaScript Targeting Mobile Devices
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
ISC StormCast for Monday, June 18th 2018
18 juni 2018 |
7 min
SMTP Strangeness - Possible C2
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
ISC StormCast for Friday, June 15th 2018
15 juni 2018 |
12 min
Analyzing a Compromised Wordpress Site
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
ISC StormCast for Thursday, June 14th 2018
14 juni 2018 |
6 min
From MicroTik With Love: Yet Another Router Botnet?
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
ISC StormCast for Wednesday, June 13th 2018
13 juni 2018 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
ISC StormCast for Tuesday, June 12th 2018
12 juni 2018 |
5 min
More Malspam Pushing Lokibot
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
ISC StormCast for Monday, June 11th 2018
11 juni 2018 |
6 min
The Seven Properties of Highly Secure Devices
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
ISC StormCast for Friday, June 8th 2018
8 juni 2018 |
6 min
Critical Adobe Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
SuperMicro Firmware Vulnerability
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
FOSCAM Video Camera Vulnerabilities
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Sofacy Update
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Automated Twitter Loot Collection
https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
https://helpx.adobe.com/security/products/flash-player/apsb18-19.html
SuperMicro Firmware Vulnerability
https://blog.eclypsium.com/2018/06/07/firmware-vulnerabilities-in-supermicro-systems/
FOSCAM Video Camera Vulnerabilities
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Sofacy Update
https://researchcenter.paloaltonetworks.com/2018/06/unit42-sofacy-groups-parallel-attacks/
Automated Twitter Loot Collection
https://isc.sans.edu/forums/diary/Automated+twitter+loot+collection/23743/
ISC StormCast for Thursday, June 7th 2018
7 juni 2018 |
5 min
VPNFilter Update
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Prowli Botnet
https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
F-Secure RAR Vulnerability
https://www.f-secure.com/en/web/labs_global/fsc-2018-2
PCAP to Weblogs
https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Prowli Botnet
https://www.guardicore.com/2018/06/operation-prowli-traffic-manipulation-cryptocurrency-mining/
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
F-Secure RAR Vulnerability
https://www.f-secure.com/en/web/labs_global/fsc-2018-2
PCAP to Weblogs
https://isc.sans.edu/forums/diary/Converting+PCAP+Web+Traffic+to+Apache+Log/23739/
ISC StormCast for Wednesday, June 6th 2018
6 juni 2018 |
6 min
Analysis of a Post Exploit Script
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
ISC StormCast for Tuesday, June 5th 2018
5 juni 2018 |
6 min
Running Only Signed Code. Does it work in Windows 10?
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
ISC StormCast for Monday, June 4th 2018
4 juni 2018 |
5 min
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
ISC StormCast for Friday, June 1st 2018
1 juni 2018 |
6 min
Safely Resetting Routers
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
ISC StormCast for Thursday, May 31st 2018
31 maj 2018 |
5 min
Windows JScript Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
ISC StormCast for Wednesday, May 30th 2018
29 maj 2018 |
6 min
New DNS Features
https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
ISC StormCast for Tuesday, May 29th 2018
29 maj 2018 |
6 min
Ultrasound Mobile Location Tracking
https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
ISC StormCast for Friday, May 25th 2018
25 maj 2018 |
5 min
GDPR Going Into Effect May 25th
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
ISC StormCast for Thursday, May 24th 2018
24 maj 2018 |
6 min
VPNFilter Malware Affecting Cisco Routers
https://blog.talosintelligence.com/2018/05/VPNFilter.html
DLink Vulnerabilities
https://securelist.com/backdoors-in-d-links-backyard/85530/
Firefox Disabling "Spy APIs" and enabling 2FA
https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
https://blog.talosintelligence.com/2018/05/VPNFilter.html
DLink Vulnerabilities
https://securelist.com/backdoors-in-d-links-backyard/85530/
Firefox Disabling "Spy APIs" and enabling 2FA
https://www.fxsitecompat.com/en-CA/docs/2018/ambient-light-and-proximity-sensor-apis-have-been-disabled/
ISC StormCast for Wednesday, May 23rd 2018
23 maj 2018 |
5 min
Malicious SYLK Files Used to Execute Code in Excel
https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
ISC StormCast for Tuesday, May 22nd 2018
22 maj 2018 |
5 min
Spectre NG Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
ISC StormCast for Monday, May 21st 2018
21 maj 2018 |
6 min
Redis Cryptocoin Mining Worm
https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/
Evolving Chrome's Security Indicator
https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
DrayTek CSRF 0-Day Exploited to Change DNS Servers
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks
Rowhammer Remote Exploit
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
https://arxiv.org/abs/1805.04956
https://isc.sans.edu/forums/diary/Anatomy+of+a+Redis+mining+worm/23673/
Evolving Chrome's Security Indicator
https://blog.chromium.org/2018/05/evolving-chromes-security-indicators.html
DrayTek CSRF 0-Day Exploited to Change DNS Servers
https://www.draytek.co.uk/support/security-advisories/kb-advisory-csrf-and-dns-dhcp-web-attacks
Rowhammer Remote Exploit
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
https://arxiv.org/abs/1805.04956
ISC StormCast for Friday, May 18th 2018
18 maj 2018 |
6 min
Claymore Miner Attack
https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x
https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x
ISC StormCast for Thursday, May 17th 2018
16 maj 2018 |
6 min
Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7
https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
ISC StormCast for Wednesday, May 16th 2018
16 maj 2018 |
7 min
PDF Exploit (and Windows Priv. Escalation) Leaked
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
ISC StormCast for Tuesday, May 15th 2018
15 maj 2018 |
7 min
PGP/SMIME efail Vulnerability
https://efail.de
Adobe PDF Reader / Acrobat Bulletins
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
https://efail.de
Adobe PDF Reader / Acrobat Bulletins
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
ISC StormCast for Monday, May 14th 2018
14 maj 2018 |
6 min
Odd njRat Like Scans
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
ISC StormCast for Friday, May 11th 2018
11 maj 2018 |
5 min
DNS Exfiltration in Windows
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
ISC StormCast for Thursday, May 10th 2018
10 maj 2018 |
4 min
Loyds Bank Phish Leads to Trickbot
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
ISC StormCast for Wednesday, May 9th 2018
9 maj 2018 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2018+Patch+Tuesday/23637/
Basestriker Vulnerability Hitting Office 365
https://www.avanan.com/resources/basestriker-vulnerability-office-365
wget Cookie Injection Vulnerability
http://seclists.org/fulldisclosure/2018/May/20
ISC StormCast for Tuesday, May 8th 2018
8 maj 2018 |
5 min
Parsing Windows Job Files
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
ISC StormCast for Monday, May 7th 2018
7 maj 2018 |
5 min
Malicious NPM Library Stopped
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
ISC StormCast for Friday, May 4th 2018
4 maj 2018 |
15 min
More WebLogic Exploits
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
ISC StormCast for Thursday, May 3rd 2018
3 maj 2018 |
6 min
GPS Jamming Becoming More Common
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
ISC StormCast for Wednesday, May 2nd 2018
2 maj 2018 |
6 min
Creating Malicious Office Documents
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
ISC StormCast for Tuesday, May 1st 2018
1 maj 2018 |
6 min
April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
ISC StormCast for Monday, April 30th 2018
30 april 2018 |
7 min
A Few Sample #Drupal Exploits including CVE-2018-7602
https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
ISC StormCast for Friday, April 27th 2018
27 april 2018 |
7 min
HP iLO Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
ISC StormCast for Thursday, April 26th 2018
26 april 2018 |
5 min
New Drupal Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
ISC StormCast for Monday, March 12th 2018
12 mars 2018 |
8 min
Paying For Ransomware Often Fails to Recover Files
https://cyber-edge.com/cdr/#about-this-report
Microtik Router Malware Infects Sysadmin PCs
https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
CNNVD Held Back Vulnerabilities
https://www.recordedfuture.com/chinese-mss-vulnerability-influence/
Keeper Exposes S3 Bucket
http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/
Chip and Pin Clones
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
https://cyber-edge.com/cdr/#about-this-report
Microtik Router Malware Infects Sysadmin PCs
https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
CNNVD Held Back Vulnerabilities
https://www.recordedfuture.com/chinese-mss-vulnerability-influence/
Keeper Exposes S3 Bucket
http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/
Chip and Pin Clones
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
ISC StormCast for Friday, March 9th 2018
9 mars 2018 |
6 min
Apache Solr Vulnerability used to Install Cryptocoin Miner
https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/
CRIMEB4NK IRC Bot
https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Any.Run Malware Analysis Tool
https://any.run
https://isc.sans.edu/forums/diary/Apache+SOLR+the+new+target+for+cryptominers/23425/
CRIMEB4NK IRC Bot
https://isc.sans.edu/forums/diary/CRIMEB4NK+IRC+Bot/23423/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Any.Run Malware Analysis Tool
https://any.run
ISC StormCast for Thursday, March 8th 2018
8 mars 2018 |
6 min
Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there
https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/
How to Break Encryption
https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/
Bypassing Adobe Flash Security Protections
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
Hundreds of Bitcoin Mining Servers Stolen in Iceland
https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland
Several Android Mail Apps Send Password To Developer (article in German)
https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/
How to Break Encryption
https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/
Bypassing Adobe Flash Security Protections
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
Hundreds of Bitcoin Mining Servers Stolen in Iceland
https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland
Several Android Mail Apps Send Password To Developer (article in German)
https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
ISC StormCast for Wednesday, March 7th 2018
7 mars 2018 |
6 min
Exploit for CVE-2018-6789
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Microsoft Fixes USB Issues Introduced By February Patches
https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251
123 Reg Looses Backups
https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/
Android March Security Bulletin
https://source.android.com/security/bulletin/2018-03-01#media-framework
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Microsoft Fixes USB Issues Introduced By February Patches
https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251
123 Reg Looses Backups
https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/
Android March Security Bulletin
https://source.android.com/security/bulletin/2018-03-01#media-framework
ISC StormCast for Tuesday, March 6th 2018
6 mars 2018 |
7 min
Malicious Bash Script with Multiple Features
https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/
More Memcached DDoS Attacks
https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/
Spring Framework Vulnerability
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046
LTE Vulnerabilities
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/
More Memcached DDoS Attacks
https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/
Spring Framework Vulnerability
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046
LTE Vulnerabilities
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
ISC StormCast for Monday, March 5th 2018
5 mars 2018 |
6 min
Protective Malicious Monero Crypto Coin Miners
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
memcached DDoS Attacks Ask For Ransom
https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html
Cheap Android Trojans Come PreInstalled With Banking Malware
https://news.drweb.com/show/?lng=en&i=11749&c=5
RedDrop Android Malware Installed via 3rd Party App Stores
https://www.wandera.com/blog/reddrop-malware/
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
memcached DDoS Attacks Ask For Ransom
https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html
Cheap Android Trojans Come PreInstalled With Banking Malware
https://news.drweb.com/show/?lng=en&i=11749&c=5
RedDrop Android Malware Installed via 3rd Party App Stores
https://www.wandera.com/blog/reddrop-malware/
ISC StormCast for Friday, March 2nd 2018
2 mars 2018 |
8 min
Censoring Images At Scale in #WeChat
https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/
Trustico Update: Certificate Revocation List Monitor
https://isc.sans.edu/crls.html
Memcached Update: Github Attack
https://githubengineering.com/ddos-incident-report/
http://powerofcommunity.net/poc2017/shengbao.pdf
Microsoft Releases Intel Spectre Microcode Updates
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/
Trustico Update: Certificate Revocation List Monitor
https://isc.sans.edu/crls.html
Memcached Update: Github Attack
https://githubengineering.com/ddos-incident-report/
http://powerofcommunity.net/poc2017/shengbao.pdf
Microsoft Releases Intel Spectre Microcode Updates
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
ISC StormCast for Thursday, March 1st 2018
1 mars 2018 |
6 min
How Did This Memcache Thing Happen?
https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/
Trustico TLS Certificate Revocation
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
Flash on Its Way Out
https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/
DNSSEC Is Getting Better But Still Struggeling
http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/
Smart TV Firmware Flaws
https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/
Trustico TLS Certificate Revocation
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
Flash on Its Way Out
https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/
DNSSEC Is Getting Better But Still Struggeling
http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/
Smart TV Firmware Flaws
https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
ISC StormCast for Wednesday, February 28th 2018
28 februari 2018 |
6 min
Memcached Servers Used in Reflective DDoS Attacks
https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/
Malspam Pushing Formbook Info Stealer
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Various SAML Parsers Affected by Comment Parsing Vulnerability
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/
Malspam Pushing Formbook Info Stealer
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Various SAML Parsers Affected by Comment Parsing Vulnerability
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
ISC StormCast for Tuesday, February 27th 2018
27 februari 2018 |
5 min
Enumerating S3 Buckets
https://github.com/jordanpotti/AWSBucketDump
Creating AWS Network Diagrams
https://github.com/duo-labs/cloudmapper
Selling Macs and "Find my Mac" Feature
https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf
Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista
https://support.apple.com/en-us/HT208104
https://github.com/jordanpotti/AWSBucketDump
Creating AWS Network Diagrams
https://github.com/duo-labs/cloudmapper
Selling Macs and "Find my Mac" Feature
https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf
Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista
https://support.apple.com/en-us/HT208104
ISC StormCast for Monday, February 26th 2018
26 februari 2018 |
6 min
Retrieving Malware Over Tor On Windows (Update)
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/
Blackholing Advertising Sites with Pi-Hole
https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/
Taxslayer Consent Degree with FTC
https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/
Fortinet (OMG) Mirai
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/
Blackholing Advertising Sites with Pi-Hole
https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/
Taxslayer Consent Degree with FTC
https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/
Fortinet (OMG) Mirai
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
ISC StormCast for Friday, February 2nd 2018
2 februari 2018 |
6 min
Adobe Flash 0-Day
https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/
Adaptive Phishing Kit
https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/
Crypto Miners "Payload of Choice"
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Autosploit Links Shodan to Metasploit
https://github.com/NullArray/AutoSploit
https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/
Adaptive Phishing Kit
https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/
Crypto Miners "Payload of Choice"
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Autosploit Links Shodan to Metasploit
https://github.com/NullArray/AutoSploit
ISC StormCast for Thursday, February 1st 2018
1 februari 2018 |
7 min
Tax Phishing Season Starts
https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
ISC StormCast for Wednesday, January 31st 2018
30 januari 2018 |
7 min
DCShadow Attack
https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf
https://blog.alsid.eu/dcshadow-explained-4510f52fc19d
Cisco WebVPN Update
https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/
Reviving DDE Code Execution via OneNote
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
https://www.dropbox.com/s/baypdb6glmvp0j9/Buehat%20IL%20v2.3.pdf
https://blog.alsid.eu/dcshadow-explained-4510f52fc19d
Cisco WebVPN Update
https://isc.sans.edu/forums/diary/Cisco+ASA+WebVPN+Vulnerability/23289/
Reviving DDE Code Execution via OneNote
https://posts.specterops.io/reviving-dde-using-onenote-and-excel-for-code-execution-d7226864caee
ISC StormCast for Tuesday, January 30th 2018
30 januari 2018 |
6 min
Lenovo Fingerprint Mananger Pro Vulnerability
https://support.lenovo.com/us/en/product_security/len-15999
ClamAV Vulnerablities
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/
Malwarebytes Corrupted Update
https://www.malwarebytes.com/pdf/WebProtectionFP.pdf
Cisco Adaptive Security Appliance Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Web2Top Proxy onion.tor Appears to Steal Ransomware Payments
https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
https://support.lenovo.com/us/en/product_security/len-15999
ClamAV Vulnerablities
http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
https://blog.malwarebytes.com/malwarebytes-news/2018/01/important-web-blocking-ram-usage/
Malwarebytes Corrupted Update
https://www.malwarebytes.com/pdf/WebProtectionFP.pdf
Cisco Adaptive Security Appliance Remote Code Execution Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180129-asa1
Web2Top Proxy onion.tor Appears to Steal Ransomware Payments
https://www.proofpoint.com/us/threat-insight/post/double-dipping-diverting-ransomware-bitcoin-payments-onion-domains
ISC StormCast for Monday, January 29th 2018
29 januari 2018 |
6 min
Analyzing a Word Document Used in a Pentest
https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
ISC StormCast for Friday, January 26th 2018
25 januari 2018 |
18 min
Ransomware As a Service
https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
ISC StormCast for Thursday, January 25th 2018
25 januari 2018 |
6 min
RTF Files For Hancitor Utilize Exploit for CVE-2017-11882
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
ISC StormCast for Wednesday, January 24th 2018
24 januari 2018 |
6 min
Apple Patches Everything, Again
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
ISC StormCast for Tuesday, January 23rd 2018
23 januari 2018 |
5 min
HTTPs on Every Port
https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
ISC StormCast for Monday, January 22nd 2018
22 januari 2018 |
5 min
Analyzing an RTF Phishing Document
https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
ISC StormCast for Friday, January 19th 2018
19 januari 2018 |
5 min
Oracle E-Business Suite Server Can Be Attackt via WebLogic
https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
ISC StormCast for Thursday, January 18th 2018
18 januari 2018 |
5 min
Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB
https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
ISC StormCast for Tuesday, January 9th 2018
9 januari 2018 |
5 min
WebLogic Flaw Used to Install Monero Crypto Coin Miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
ISC StormCast for Monday, January 8th 2018
8 januari 2018 |
5 min
Campaign is using a recently released WebLogic exploit to deploy a Monero miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
ISC StormCast for Friday, January 5th 2018
5 januari 2018 |
8 min
SANS Special Webcast
https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
ISC StormCast for Thursday, January 4th 2018
4 januari 2018 |
8 min
Intel CPU Vulnerablity
https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
ISC StormCast for Wednesday, January 3rd 2018
3 januari 2018 |
7 min
Extracting URLs From PDFs
https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
ISC StormCast for Tuesday, January 2nd 2018
1 januari 2018 |
7 min
Analyzing TNEF Files
https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/
Obfuscated RTF Files
https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/
2017 Flood of CVEs
https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/
Sonos/Bose Smart Speaker Flaws
https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
Web Trackers Exploit Login Managers
https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
Backdoored Wordpress Plugins
https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
https://isc.sans.edu/forums/diary/Analyzing+TNEF+files/23175/
Obfuscated RTF Files
https://isc.sans.edu/forums/diary/Dealing+with+obfuscated+RTF+files/23169/
2017 Flood of CVEs
https://isc.sans.edu/forums/diary/2017+The+Flood+of+CVEs/23173/
Sonos/Bose Smart Speaker Flaws
https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
Web Trackers Exploit Login Managers
https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
Backdoored Wordpress Plugins
https://www.bleepingcomputer.com/news/security/three-more-wordpress-plugins-found-hiding-a-backdoor/
ISC StormCast for Friday, December 22nd 2017
22 december 2017 |
6 min
Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS
http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
ISC StormCast for Thursday, December 21st 2017
21 december 2017 |
5 min
Kernel Hooking Basics
https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/
Intel Memory Encryption
https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b
WordPress Sites Infected with Monero Miners
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
https://isc.sans.edu/forums/diary/Guest+Diary+Etay+Nir+Kernel+Hooking+Basics/23155/
Intel Memory Encryption
https://software.intel.com/sites/default/files/managed/a5/16/Multi-Key-Total-Memory-Encryption-Spec.pdf
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=33e63acc119d15c2fac3e3775f32d1ce7a01021b
WordPress Sites Infected with Monero Miners
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
ISC StormCast for Wednesday, December 20th 2017
20 december 2017 |
5 min
Example of "MouseOver" Link in a Powerpoint File
https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
ISC StormCast for Tuesday, December 19th 2017
19 december 2017 |
5 min
Not So Malicious Word Doc
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
ISC StormCast for Monday, December 18th 2017
18 december 2017 |
6 min
Microsoft Office VBA Macro Obfuscation via Metadata
https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
ISC StormCast for Friday, December 15th 2017
15 december 2017 |
5 min
Citizen Lab Security Planner
https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
ISC StormCast for Thursday, December 14th 2017
14 december 2017 |
5 min
Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
ISC StormCast for Wednesday, December 13th 2017
13 december 2017 |
7 min
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
ISC StormCast for Tuesday, December 12th 2017
12 december 2017 |
7 min
Pornographic Spam Messages Used to Deliver Crypto Coin Miner
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
ISC StormCast for Monday, December 11th 2017
11 december 2017 |
6 min
Sometimes An RTF Document is Just an RTF Document
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
ISC StormCast for Friday, December 8th 2017
8 december 2017 |
7 min
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
ISC StormCast for Thursday, December 7th 2017
6 december 2017 |
6 min
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
ISC StormCast for Wednesday, December 6th 2017
6 december 2017 |
5 min
AI.Type Data Exposed in MongoDB Database
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
ISC StormCast for Tuesday, December 5th 2017
5 december 2017 |
7 min
Incidence Response Using TheHive
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
ISC StormCast for Monday, December 4th 2017
4 december 2017 |
6 min
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
ISC StormCast for Friday, December 1st 2017
1 december 2017 |
15 min
More Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
ISC StormCast for Thursday, November 30th 2017
30 november 2017 |
5 min
Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug
https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
ISC StormCast for Wednesday, November 29th 2017
29 november 2017 |
6 min
Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra
https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
ISC StormCast for Tuesday, November 28th 2017
28 november 2017 |
7 min
Golden SAML Ticket Attack
https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
ISC StormCast for Monday, November 27th 2017
27 november 2017 |
6 min
Critical Exim Mail Server Vulnerability (Exploit released!)
https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
ISC StormCast for Wednesday, November 22nd 2017
22 november 2017 |
7 min
Ethereum JSON-RPC Scans
https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
ISC StormCast for Tuesday, November 21st 2017
21 november 2017 |
6 min
Intel Patches Several Vulnerabilities in its Management Engine
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
ISC StormCast for Monday, November 20th 2017
20 november 2017 |
7 min
Bitcoin Pickpockets Scanning For Wallets
https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
ISC StormCast for Friday, November 17th 2017
17 november 2017 |
6 min
A Domain Dashboard For Splunk
https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
ISC StormCast for Thursday, November 16th 2017
16 november 2017 |
6 min
Malicious Document Turns Off Word Macro Protections
https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
ISC StormCast for Wednesday, November 15th 2017
15 november 2017 |
6 min
Microsoft Patch Tuesday Updates
https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
ISC StormCast for Tuesday, November 14th 2017
14 november 2017 |
8 min
FaceID Beaten By Mask
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
ISC StormCast for Monday, November 13th 2017
13 november 2017 |
7 min
Auditing TLS Root Certificates on Windows
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
ISC StormCast for Friday, November 10th 2017
10 november 2017 |
7 min
Twilio Credentials Found in Mobile Apps (requires registration)
http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf
Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf
Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
ISC StormCast for Thursday, November 9th 2017
9 november 2017 |
6 min
Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
ISC StormCast for Wednesday, November 8th 2017
8 november 2017 |
7 min
Interesting RTF Maldoc VBA Dropper
https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
ISC StormCast for Tuesday, November 7th 2017
7 november 2017 |
6 min
Fake WhatsApp App in Google Play Store
https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
ISC StormCast for Monday, November 6th 2017
6 november 2017 |
5 min
PDF Parser for URLs and Text Content of PDFs
https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/
Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/
Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
ISC StormCast for Friday, November 3rd 2017
2 november 2017 |
7 min
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
ISC StormCast for Thursday, November 2nd 2017
1 november 2017 |
6 min
Configuring SSH Properly on Cisco IOS
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
ISC StormCast for Wednesday, November 1st 2017
31 oktober 2017 |
5 min
Malicious Powershell Code
https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
ISC StormCast for Tuesday, October 31st 2017
30 oktober 2017 |
6 min
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP)
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
ISC StormCast for Monday, October 30th 2017
29 oktober 2017 |
5 min
Critical New Oracle Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
ISC StormCast for Friday, October 27th 2017
26 oktober 2017 |
6 min
Results of Kaspersky's Internal Investigation
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
ISC StormCast for Thursday, October 26th 2017
25 oktober 2017 |
6 min
Coinhive Domain Compromise
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
ISC StormCast for Wednesday, October 25th 2017
24 oktober 2017 |
5 min
Stop Relying on File Extensions
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
ISC StormCast for Tuesday, October 24th 2017
23 oktober 2017 |
6 min
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies?
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
ISC StormCast for Sunday, October 22nd 2017
22 oktober 2017 |
6 min
IoT "Reaper" Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
ISC StormCast for Friday, October 20th 2017
20 oktober 2017 |
6 min
Locky Ransomware Updates
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
ISC StormCast for Thursday, October 19th 2017
19 oktober 2017 |
5 min
Baselining Servers to Detect Outliers
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
ISC StormCast for Wednesday, October 18th 2017
18 oktober 2017 |
5 min
Hancitor Malspam Uses DDE Attack To Spread Banking Malware
https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
Infineon RSA Key Generation Weakness
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Chrome Improving Security
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
https://isc.sans.edu/forums/diary/Hancitor+malspam+uses+DDE+attack/22936/
Infineon RSA Key Generation Weakness
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
Chrome Improving Security
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
ISC StormCast for Tuesday, October 17th 2017
16 oktober 2017 |
9 min
WPA2 "Krack" Attack
https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
ISC StormCast for Monday, October 16th 2017
15 oktober 2017 |
5 min
Peeking Into an Outlook .msg File
https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
ISC StormCast for Friday, October 13th 2017
12 oktober 2017 |
6 min
Version Control Tools Are Not Only For Developers
https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
ISC StormCast for Thursday, October 12th 2017
11 oktober 2017 |
7 min
Outlook Includes plain text version of e-mail with S/MIME Encryption
https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
ISC StormCast for Wednesday, October 11th 2017
11 oktober 2017 |
6 min
Microsoft Monthly Updates
https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
ISC StormCast for Tuesday, October 10th 2017
9 oktober 2017 |
7 min
Base64 Encoded Word Documents
https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/
Skimmer Scanner Helps Find Credit Card Skimmers
https://github.com/sparkfunX/Skimmer_Scanner
TLS 1.3 Remains "On Hold"
https://www.ietf.org/mail-archive/web/tls/current/msg24517.html
FIDO U2F Key Review / Test
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
https://isc.sans.edu/forums/diary/Base64+All+The+Things/22912/
Skimmer Scanner Helps Find Credit Card Skimmers
https://github.com/sparkfunX/Skimmer_Scanner
TLS 1.3 Remains "On Hold"
https://www.ietf.org/mail-archive/web/tls/current/msg24517.html
FIDO U2F Key Review / Test
https://www.imperialviolet.org/2017/10/08/securitykeytest.html
ISC StormCast for Sunday, October 8th 2017
8 oktober 2017 |
8 min
Payment Handler API
https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
ISC StormCast for Friday, October 6th 2017
6 oktober 2017 |
16 min
Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands
https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
ISC StormCast for Thursday, October 5th 2017
4 oktober 2017 |
6 min
Cyber Security Awareness Month: Ouch! Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
ISC StormCast for Wednesday, October 4th 2017
4 oktober 2017 |
6 min
Fedex Malspam Pushes Formbook Infostealer Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
ISC StormCast for Tuesday, October 3rd 2017
3 oktober 2017 |
6 min
Passive DNS
Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
ISC StormCast for Monday, October 2nd 2017
2 oktober 2017 |
5 min
Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites
https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
ISC StormCast for Friday, September 29th 2017
29 september 2017 |
6 min
Dealing With Massive Packet Captures
https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
ISC StormCast for Thursday, September 28th 2017
28 september 2017 |
5 min
Everything You Ever Wanted To Know About JPEGs (and more)
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
ISC StormCast for Wednesday, September 27th 2017
27 september 2017 |
5 min
XPCTRA Steals Banking / Cryptocurrency Info
https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
ISC StormCast for Tuesday, September 26th 2017
26 september 2017 |
6 min
macOS High Sierra Security Updates
https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
ISC StormCast for Monday, September 25th 2017
25 september 2017 |
6 min
Forensic Use of "mount --bind"
https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
ISC StormCast for Friday, September 22nd 2017
22 september 2017 |
6 min
More (Likely Fake) DDoS Extortion Attempts
https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
ISC StormCast for Thursday, September 21st 2017
21 september 2017 |
6 min
Newest Locky Update: RAR Attachments and "Invoice" E-Mails
https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
Viacom S3 Bucket Leak
https://www.upguard.com/breaches/cloud-leak-viacom
iOS 11 Outlook.com Bug
https://support.apple.com/en-us/HT208136
https://isc.sans.edu/forums/diary/Ongoing+Ykcol+Locky+campaign/22848/
Viacom S3 Bucket Leak
https://www.upguard.com/breaches/cloud-leak-viacom
iOS 11 Outlook.com Bug
https://support.apple.com/en-us/HT208136
ISC StormCast for Wednesday, September 20th 2017
20 september 2017 |
6 min
Mac-Robber Python Rewrite
https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/
Apache Tomcat Patch
https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat
Apple Updates For iOS, Xcode, tvOS, watchOS and Safari
https://support.apple.com/en-us/HT201222
https://isc.sans.edu/forums/diary/New+tool+macrobberpy/22844/
Apache Tomcat Patch
https://www.us-cert.gov/ncas/current-activity/2017/09/19/Apache-Releases-Security-Updates-Apache-Tomcat
Apple Updates For iOS, Xcode, tvOS, watchOS and Safari
https://support.apple.com/en-us/HT201222
ISC StormCast for Tuesday, September 19th 2017
19 september 2017 |
8 min
CCleaner Compromise
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
Word INCLUDEPICTURE Feature Abuse
https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/
security.txt file
https://www.ietf.org/id/draft-foudil-securitytxt-00.txt
https://www.ietf.org/rfc/rfc2142.txt
http://blog.talosintelligence.com/2017/09/avast-distributes-malware.html
http://www.piriform.com/news/release-announcements/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users
Word INCLUDEPICTURE Feature Abuse
https://securelist.com/an-undocumented-word-feature-abused-by-attackers/81899/
security.txt file
https://www.ietf.org/id/draft-foudil-securitytxt-00.txt
https://www.ietf.org/rfc/rfc2142.txt
ISC StormCast for Monday, September 18th 2017
18 september 2017 |
6 min
Bashware: Bypassing Windows Security via Linux (WSL)
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
ISC StormCast for Friday, September 15th 2017
15 september 2017 |
5 min
Another Webshell; Another Backdoor
https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
ISC StormCast for Thursday, September 14th 2017
14 september 2017 |
5 min
No IPv6? Challenge Accepted
https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
ISC StormCast for Wednesday, September 13th 2017
13 september 2017 |
6 min
Microsoft Patch Tuesday
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
ISC StormCast for Tuesday, September 12th 2017
12 september 2017 |
7 min
Cisco Struts Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/[email protected]/msg08027.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/[email protected]/msg08027.html
ISC StormCast for Monday, September 11th 2017
11 september 2017 |
6 min
Analyzing JPEG Files
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
ISC StormCast for Friday, September 8th 2017
8 september 2017 |
16 min
Yet Another Struts RCE Vulnerability
https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
ISC StormCast for Thursday, September 7th 2017
7 september 2017 |
5 min
Struts2 Metasploit Module
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
ISC StormCast for Wednesday, September 6th 2017
6 september 2017 |
7 min
A Look Back At Nira and What's Next
https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
ISC StormCast for Tuesday, September 5th 2017
5 september 2017 |
6 min
Locky Ransom Ware is Back and This Time Pretents to Be a Font
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
ISC StormCast for Friday, September 1st 2017
1 september 2017 |
14 min
Is Remote Work Feasible in a SOC?
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
ISC StormCast for Thursday, August 31st 2017
30 augusti 2017 |
6 min
IoT Gear Affected by ConnMan Vulnerablity
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
ISC StormCast for Wednesday, August 30th 2017
30 augusti 2017 |
6 min
Another Chrome Extension Banking Malware
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
ISC StormCast for Tuesday, August 29th 2017
29 augusti 2017 |
6 min
Survey of Recent DVR Attacks
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
ISC StormCast for Monday, August 28th 2017
28 augusti 2017 |
7 min
Analyzing 7zip Malware
https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/
Worldwide DNS Manipulation Survey
https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf
Sophos Withdraws UTM Update
https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released
Crypto Currency Malware
https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
https://isc.sans.edu/forums/diary/Malware+analysis+searching+for+dots/22758/
Worldwide DNS Manipulation Survey
https://people.eecs.berkeley.edu/~pearce/papers/dns_usenix_2017.pdf
Sophos Withdraws UTM Update
https://community.sophos.com/products/unified-threat-management/b/utm-blog/posts/utm-up2date-9-503-released
Crypto Currency Malware
https://resources.netskope.com/h/i/361264722-coin-mining-malware-heads-to-the-cloud-with-zminer
ISC StormCast for Friday, August 25th 2017
25 augusti 2017 |
12 min
Critical HPE iLo Vulnerability
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
ISC StormCast for Thursday, August 24th 2017
24 augusti 2017 |
6 min
Malware Loading Avast Safe Zone Browser
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
ISC StormCast for Wednesday, August 23rd 2017
23 augusti 2017 |
5 min
Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
ISC StormCast for Tuesday, August 22nd 2017
22 augusti 2017 |
6 min
Hackers Scam $ 500,000 From Enigma Digital Currency Investors
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
ISC StormCast for Monday, August 21st 2017
20 augusti 2017 |
5 min
EngineBox Banking Malware
https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
ISC StormCast for Friday, August 18th 2017
18 augusti 2017 |
16 min
Maldoc with auto-updated link
https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
ISC StormCast for Thursday, August 17th 2017
17 augusti 2017 |
6 min
Analysis of a Paypal Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
ISC StormCast for Wednesday, August 16th 2017
16 augusti 2017 |
6 min
Malspam Pushing Trickbot Banking Trojan
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
ISC StormCast for Tuesday, August 15th 2017
15 augusti 2017 |
6 min
When A Malicious Looking E-Mail Turns Out to be "just" spam
https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
ISC StormCast for Monday, August 14th 2017
14 augusti 2017 |
6 min
Outlook Web Access Based Attacks
https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
ISC StormCast for Friday, August 11th 2017
11 augusti 2017 |
6 min
Maldoc Analysis With ViperMonkey
https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
ISC StormCast for Thursday, August 10th 2017
10 augusti 2017 |
7 min
DirectDefense Accuses Carbon Black of Data Leak
https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
ISC StormCast for Wednesday, August 9th 2017
9 augusti 2017 |
6 min
Microsoft Updates
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
ISC StormCast for Tuesday, August 8th 2017
7 augusti 2017 |
6 min
PHPMyAdmin Scans
https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
ISC StormCast for Monday, August 7th 2017
7 augusti 2017 |
6 min
Opengraph Used to Obfuscate Facebook Links
https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
ISC StormCast for Friday, August 4th 2017
4 augusti 2017 |
6 min
Raspberry Pi Honeypot
https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
ISC StormCast for Thursday, August 3rd 2017
2 augusti 2017 |
5 min
Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/
Web Developer Chrome Toolbar Replaced with AdWare
https://twitter.com/chrispederick
Android Banking Trojans
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
Amazon Stops Selling Blu Smartphones
http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications+part+2/22676/
Web Developer Chrome Toolbar Replaced with AdWare
https://twitter.com/chrispederick
Android Banking Trojans
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
Amazon Stops Selling Blu Smartphones
http://www.zdnet.com/article/amazon-halts-blu-phone-sales-over-potential-security-issue/
ISC StormCast for Wednesday, August 2nd 2017
2 augusti 2017 |
6 min
Detect SMB Versions with nmap
https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
ISC StormCast for Tuesday, August 1st 2017
1 augusti 2017 |
6 min
MSFT Re-Releases June Outlook Update
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
ISC StormCast for Monday, July 31st 2017
31 juli 2017 |
6 min
SMBloris DoS Attack Locks Up Windows
https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
ISC StormCast for Friday, July 28th 2017
28 juli 2017 |
14 min
Targeting HTTP's Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
ISC StormCast for Thursday, July 27th 2017
27 juli 2017 |
5 min
Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
ISC StormCast for Wednesday, July 26th 2017
26 juli 2017 |
6 min
Adobe Announces End of Flash for 2020
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
ISC StormCast for Tuesday, July 25th 2017
25 juli 2017 |
7 min
Uber Drivers Targeted in Social Engineering Scam
https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
ISC StormCast for Monday, July 24th 2017
24 juli 2017 |
5 min
Malicious .iso Attachments
https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
ISC StormCast for Friday, July 21st 2017
21 juli 2017 |
11 min
Symantec Sloppy Key Verification Leads To Revocation of Certificates
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
ISC StormCast for Thursday, July 20th 2017
20 juli 2017 |
6 min
Bots Searching for Keys and Config Files
https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
ISC StormCast for Wednesday, July 19th 2017
19 juli 2017 |
6 min
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Cisco WebEx Plugin Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2
Node.JS DoS Vulnerability
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
Bitdefender Remote Stack Buffer Overflow
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
Coindash Hack
https://twitter.com/coindashio/status/886936799695818752
https://www.coindash.io
DowJones Leaks Customer Data via S3 Buckets
https://www.upguard.com/breaches/cloud-leak-dow-jones
http://www.oracle.com/technetwork/security-advisory/cpujul2017verbose-3236625.html
Cisco WebEx Plugin Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170717-webex
https://bugs.chromium.org/p/project-zero/issues/detail?id=1324&desc=2
Node.JS DoS Vulnerability
https://nodejs.org/en/blog/vulnerability/july-2017-security-releases/
Bitdefender Remote Stack Buffer Overflow
https://landave.io/2017/07/bitdefender-remote-stack-buffer-overflow-via-7z-ppmd/
Coindash Hack
https://twitter.com/coindashio/status/886936799695818752
https://www.coindash.io
DowJones Leaks Customer Data via S3 Buckets
https://www.upguard.com/breaches/cloud-leak-dow-jones
ISC StormCast for Tuesday, July 18th 2017
18 juli 2017 |
6 min
SMS Phishing Asks Victims to Upload Picture of Token Card
https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
ISC StormCast for Monday, July 17th 2017
17 juli 2017 |
5 min
NemucodAES UPS Malspam
https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
Analyzing Malicious Office Document With LNK
https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/
Gandi Breach Leads to Domain Compromise
https://news.gandi.net/en/2017/07/detailed-incident-report/
iSmart Alarm Vulnerabilities
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
https://isc.sans.edu/forums/diary/NemucodAES+and+the+malspam+that+distributes+it/22614/
Analyzing Malicious Office Document With LNK
https://isc.sans.edu/forums/diary/Office+maldoc+lnk/22618/
Gandi Breach Leads to Domain Compromise
https://news.gandi.net/en/2017/07/detailed-incident-report/
iSmart Alarm Vulnerabilities
http://dojo.bullguard.com/blog/burglar-hacker-when-a-physical-security-is-compromised-by-iot-vulnerabilities/
ISC StormCast for Friday, July 14th 2017
13 juli 2017 |
15 min
Malware Loads ffmpeg For Video Recording Features
https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
ISC StormCast for Thursday, July 13th 2017
12 juli 2017 |
6 min
Simple File Integrity Monitoring With Backup Scripts
https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
ISC StormCast for Wednesday, July 12th 2017
11 juli 2017 |
6 min
Microsoft Patch Tuesday
https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
ISC StormCast for Tuesday, July 11th 2017
10 juli 2017 |
6 min
Takeover of .io TLD
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
ISC StormCast for Monday, July 10th 2017
9 juli 2017 |
6 min
More DDoS Ransom Demands
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
ISC StormCast for Friday, July 7th 2017
6 juli 2017 |
6 min
Finding Odd Domain Names
https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/
BitTorrent Sync 2.0 Log Files
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Finding Weak Password Hashing Algorithms Via Hash Collisions
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
BIND TSIG Exploit
http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
https://isc.sans.edu/forums/diary/Selecting+domains+with+random+names/22580/
BitTorrent Sync 2.0 Log Files
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Service+Part+2+Log+Files+artefacts/22582/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170705-esc2
Finding Weak Password Hashing Algorithms Via Hash Collisions
https://www.netsparker.com/blog/web-security/collision-based-hashing-algorithm-disclosure/
BIND TSIG Exploit
http://www.synacktiv.ninja/ressources/CVE-2017-3143_BIND9_TSIG_dynamic_updates_vulnerability_Synacktiv.pdf
ISC StormCast for Thursday, July 6th 2017
5 juli 2017 |
5 min
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
ISC StormCast for Wednesday, July 5th 2017
4 juli 2017 |
6 min
Microsoft Patches Skype Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
ISC StormCast for Friday, June 30th 2017
30 juni 2017 |
15 min
Catching up With Blank Slate
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
ISC StormCast for Thursday, June 29th 2017
29 juni 2017 |
6 min
Petya Ransomware Update
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
ISC StormCast for Wednesday, June 28th 2017
28 juni 2017 |
5 min
Petya/Goldeneye Variant Makes the Rounds
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
ISC StormCast for Tuesday, June 27th 2017
27 juni 2017 |
6 min
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
ISC StormCast for Monday, June 26th 2017
25 juni 2017 |
7 min
Fake DDoS Extortions Continue
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
ISC StormCast for Friday, June 23rd 2017
23 juni 2017 |
12 min
Obfuscating Without XOR
https://isc.sans.edu/forums/diary/Obfuscating+without+XOR/22544/
Airbnb OAUTH Token Theft
https://www.arneswinnen.net/2017/06/authentication-bypass-on-airbnb-via-oauth-tokens-theft/
Critical Drupal Vulnerablity
https://www.drupal.org/SA-CORE-2017-003
Auditing Docker Containers
https://www.sans.org/reading-room/whitepapers/auditing/checklist-audit-docker-containers-37437
ISC StormCast for Thursday, June 22nd 2017
22 juni 2017 |
5 min
New Vulnerabilities Found in OpenVPN
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
ISC StormCast for Wednesday, June 21st 2017
21 juni 2017 |
6 min
Cisco Ships Private Key For drmlocal.cisco.com With Video Player
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
ISC StormCast for Tuesday, June 20th 2017
20 juni 2017 |
7 min
Stack Clash Vulnerability Affects Various Unix Based Operating Systems
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
ISC StormCast for Monday, June 19th 2017
19 juni 2017 |
5 min
Uptick in Port 83 Traffic
https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
ISC StormCast for Friday, June 16th 2017
16 juni 2017 |
18 min
WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit
https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/
Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/
Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
ISC StormCast for Thursday, June 15th 2017
14 juni 2017 |
6 min
Systemd Odd Defaults
https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/
Voice over LTE Vulnerabilities
https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf
Tails 3.0 Released
https://tails.boum.org/install/download/index.en.html
Nexus 9 Headphone Jack Vulnerability
https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/
Voice over LTE Vulnerabilities
https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf
Tails 3.0 Released
https://tails.boum.org/install/download/index.en.html
Nexus 9 Headphone Jack Vulnerability
https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
ISC StormCast for Wednesday, June 14th 2017
14 juni 2017 |
6 min
MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities
https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/
North Korea Building DDoS Botnet
https://www.us-cert.gov/ncas/alerts/TA17-164A
https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/
North Korea Building DDoS Botnet
https://www.us-cert.gov/ncas/alerts/TA17-164A
ISC StormCast for Tuesday, June 13th 2017
13 juni 2017 |
6 min
Industropyer / CrashOverride Malware Analysis From Power System Attacks
https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
MacSpy Spyware As A Service For Macs
http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
VolUtility Memory Analysis Made Easy
https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/
Google News Abused For Spam
http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
MacSpy Spyware As A Service For Macs
http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
VolUtility Memory Analysis Made Easy
https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/
Google News Abused For Spam
http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
ISC StormCast for Monday, June 12th 2017
12 juni 2017 |
6 min
SAMBA Vulnerability Exploited To Install Bitcoin Miners
https://securelist.com/78674/sambacry-is-coming/
Intel's AMT Technology Used For Covert Channel
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Broadcom Vulnerablities to be Announced
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
Release Lag In National Vulnerablity Database
https://www.recordedfuture.com/vulnerability-disclosure-delay/
https://securelist.com/78674/sambacry-is-coming/
Intel's AMT Technology Used For Covert Channel
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Broadcom Vulnerablities to be Announced
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
Release Lag In National Vulnerablity Database
https://www.recordedfuture.com/vulnerability-disclosure-delay/
ISC StormCast for Friday, June 9th 2017
9 juni 2017 |
13 min
Cisco Prime Data Center Network Manager Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Oracle Peoplesoft Default Accounts
https://erpscan.com/press-center/blog/peoplesoft-default-accounts/
FOSCAM Camera Default Passwords and Other Vulnerabilities
http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Android Malware With Code Injections
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
STI Student John Dittmer: Legal Implication of Vulnerablity Scans
https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Oracle Peoplesoft Default Accounts
https://erpscan.com/press-center/blog/peoplesoft-default-accounts/
FOSCAM Camera Default Passwords and Other Vulnerabilities
http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Android Malware With Code Injections
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
STI Student John Dittmer: Legal Implication of Vulnerablity Scans
https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
ISC StormCast for Thursday, June 8th 2017
8 juni 2017 |
6 min
Deceptive Advertisements: What They Do And Where They Come From
https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/
Instagram as Covert Channel
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Domain Shadowing Used in Rik Exploit Kit
https://blogs.rsa.com/shadowfall/
https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/
Instagram as Covert Channel
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Domain Shadowing Used in Rik Exploit Kit
https://blogs.rsa.com/shadowfall/
ISC StormCast for Wednesday, June 7th 2017
6 juni 2017 |
5 min
Finding XOR Keys Part 2
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/
Instagram Stories Not Using TLS
https://vvyper.com/2017/05/22/instagram-stories-ssl/
Printer "Dots" May Have Lead to Arrest of NSA Contractor
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt
Exfiltrating Data via Blinking LED
https://arxiv.org/abs/1706.01140
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/
Instagram Stories Not Using TLS
https://vvyper.com/2017/05/22/instagram-stories-ssl/
Printer "Dots" May Have Lead to Arrest of NSA Contractor
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt
Exfiltrating Data via Blinking LED
https://arxiv.org/abs/1706.01140
ISC StormCast for Tuesday, June 6th 2017
6 juni 2017 |
7 min
Finding XOR Keys Used To Encode Malware
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/
Citywide IMSI Discovery
https://seaglass.cs.washington.edu
Hijacking Country Level Domains
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/
Citywide IMSI Discovery
https://seaglass.cs.washington.edu
Hijacking Country Level Domains
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
ISC StormCast for Monday, June 5th 2017
5 juni 2017 |
8 min
Phishing Campaigns for Bitcoin
https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/
Mouseover May Trigger Powerpoint Macro
https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/
Vault 7 "Pandemic" Tool
https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf
Mozilla Considering Move Away From OCSP
https://bugzilla.mozilla.org/show_bug.cgi?id=1366100
Defending Web Application Security Minneapolis
https://www.sans.org/event/minneapolis-2017
Intrusion Detection in Depth Columbia MD
https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/
Mouseover May Trigger Powerpoint Macro
https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/
Vault 7 "Pandemic" Tool
https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf
Mozilla Considering Move Away From OCSP
https://bugzilla.mozilla.org/show_bug.cgi?id=1366100
Defending Web Application Security Minneapolis
https://www.sans.org/event/minneapolis-2017
Intrusion Detection in Depth Columbia MD
https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
ISC StormCast for Friday, June 2nd 2017
2 juni 2017 |
11 min
Sharing Private Data With Webcast Invitations
https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/
onelogin breach
https://www.onelogin.com/blog/may-31-2017-security-incident
Google AMP Phishing
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
STI Student Paper: Kevin Kelly Tesla Crypt
https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/
onelogin breach
https://www.onelogin.com/blog/may-31-2017-security-incident
Google AMP Phishing
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
STI Student Paper: Kevin Kelly Tesla Crypt
https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
ISC StormCast for Thursday, June 1st 2017
1 juni 2017 |
6 min
Analysis of Competing Hypotheses, WCry and Lazarus
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
Windows XP Not Stable Enough for WannaCry
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Mexican Biker Gang Uses Jeep Database to Steal Car
https://regmedia.co.uk/2017/05/31/indictment5_30.pdf
Dangers of Public WAS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
Windows XP Not Stable Enough for WannaCry
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Mexican Biker Gang Uses Jeep Database to Steal Car
https://regmedia.co.uk/2017/05/31/indictment5_30.pdf
Dangers of Public WAS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
ISC StormCast for Wednesday, May 31st 2017
31 maj 2017 |
7 min
FreeRADIUS Vulnerability
https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/
Microsoft Malware Protection Engine Update
http://seclists.org/microsoft/2017/q2/8
Chrome UI Bug May Allow Unnoticed Recording
https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659
AWS Auditing Tools
https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/
SANS Social Denver June 14th
https://pages.sans.org/denversocial
https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/
Microsoft Malware Protection Engine Update
http://seclists.org/microsoft/2017/q2/8
Chrome UI Bug May Allow Unnoticed Recording
https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659
AWS Auditing Tools
https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/
SANS Social Denver June 14th
https://pages.sans.org/denversocial
ISC StormCast for Tuesday, May 30th 2017
30 maj 2017 |
7 min
Analysis of Competing Hypotheses
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
Microsoft Master File Table BSOD Exploit
http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
SMTP Split Tunnel / Transparent Proxy Exploit
https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
Microsoft Master File Table BSOD Exploit
http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
SMTP Split Tunnel / Transparent Proxy Exploit
https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
ISC StormCast for Friday, May 26th 2017
25 maj 2017 |
14 min
Samba Remote Code Execution Vulnerability
https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
Pacemaker Vulnerabilities
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Patching May have Affected Access to Australian Health Systems
http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
Pacemaker Vulnerabilities
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Patching May have Affected Access to Australian Health Systems
http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
ISC StormCast for Thursday, May 25th 2017
25 maj 2017 |
6 min
Jaff Ransomware Gets a Makeover
https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/
OpenVPN Access Server Vulnerability
http://seclists.org/oss-sec/2017/q2/332
Large Credential Dumps Used in Password Brute Forcing Attacks
http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/
OpenVPN Access Server Vulnerability
http://seclists.org/oss-sec/2017/q2/332
Large Credential Dumps Used in Password Brute Forcing Attacks
http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
ISC StormCast for Wednesday, May 24th 2017
24 maj 2017 |
6 min
Multiple Video Players are Vulnerable to Code Execution via Subtitle Files
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Samsung Galaxy S8 Iris Scanner Bypass
https://www.ccc.de/en/updates/2017/iriden
Verizon XSS Flaw in Web Messaging Application
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Samsung Galaxy S8 Iris Scanner Bypass
https://www.ccc.de/en/updates/2017/iriden
Verizon XSS Flaw in Web Messaging Application
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
ISC StormCast for Tuesday, May 23rd 2017
23 maj 2017 |
7 min
Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate
https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/
Let's Encrypt Outage
http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da
https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506
More ImageMagik Flaws
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/
Let's Encrypt Outage
http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da
https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506
More ImageMagik Flaws
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
ISC StormCast for Monday, May 22nd 2017
22 maj 2017 |
5 min
Typosquatting: A recent example and what to do with look alike domains
https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/
Netgear Collecting Analytics Data in Recent Update
https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
WannaCry Updates
https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/
LastPass Authenticator Cloud Backup
https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/
Netgear Collecting Analytics Data in Recent Update
https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
WannaCry Updates
https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/
LastPass Authenticator Cloud Backup
https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
ISC StormCast for Friday, May 19th 2017
19 maj 2017 |
13 min
Discovering Relevant CVEs with CVE Bot
https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
Probablility of Vulnerability Re-Discovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Wannakey May Recover WannaCry Keys
https://github.com/aguinet/wannakey
Finding Bad With Splunk
https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
Probablility of Vulnerability Re-Discovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Wannakey May Recover WannaCry Keys
https://github.com/aguinet/wannakey
Finding Bad With Splunk
https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
ISC StormCast for Thursday, May 18th 2017
18 maj 2017 |
5 min
Handbreak Proton Malware Used to Steal Sourcecode
https://panic.com/blog/stolen-source-code/
NIST Password Guidance Update
https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/
Exploiting XXE Vulnerabilities in Peoplesoft
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
https://panic.com/blog/stolen-source-code/
NIST Password Guidance Update
https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/
Exploiting XXE Vulnerabilities in Peoplesoft
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
ISC StormCast for Wednesday, May 17th 2017
17 maj 2017 |
6 min
Docusign Breach Leads to Increase in Phishing Email
https://trust.docusign.com/en-us/personal-safeguards/
HP Updates Audio Drivers (twice) to Remove Keylogger
https://support.hp.com/us-en/document/c05519670
Chrome File Download Behaviour Can Lead to SMB Credential Theft
http://defensecode.com/news_article.php?id=21
https://trust.docusign.com/en-us/personal-safeguards/
HP Updates Audio Drivers (twice) to Remove Keylogger
https://support.hp.com/us-en/document/c05519670
Chrome File Download Behaviour Can Lead to SMB Credential Theft
http://defensecode.com/news_article.php?id=21
ISC StormCast for Tuesday, May 16th 2017
16 maj 2017 |
7 min
Apple Updates Everything
https://support.apple.com/en-us/HT201222
OpenVPN Audit Results
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
Italian Car Insurance Leaks User Driving Data
https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
https://support.apple.com/en-us/HT201222
OpenVPN Audit Results
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
Italian Car Insurance Leaks User Driving Data
https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
ISC StormCast for Monday, May 15th 2017
15 maj 2017 |
7 min
WannaCry Malware Links
Latest updates see https://isc.sans.edu
Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160
PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt
Latest updates see https://isc.sans.edu
Webcast: https://www.sans.org/webcasts/special-webcast-wannacry-ransomeware-threat-105160
PowerPoint: https://isc.sans.edu/presentations/WannaCry.ppt
ISC StormCast for Friday, May 12th 2017
12 maj 2017 |
13 min
Conexant Audio Drivers Log Keystrokes;
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Rig Exploit Kit Used to Send Ramnit Trojan
https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/
Encase Forensic Imager Exploit
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Rig Exploit Kit Used to Send Ramnit Trojan
https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/
Encase Forensic Imager Exploit
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
ISC StormCast for Thursday, May 11th 2017
11 maj 2017 |
9 min
How to Review OAUTH Application Permissions for Popular Sites
https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/
Apple Working on Firmware Integrity Check
http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear
Panda Mobile Anti Malware Releases Patch for Evilgrade Bug
https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/
ASUS RT Router Vulnerabilities
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Microsoft Edge SOP Bypass
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
Linux Kernel Packet Socket Vulnerability Exploit
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/
Apple Working on Firmware Integrity Check
http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear
Panda Mobile Anti Malware Releases Patch for Evilgrade Bug
https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/
ASUS RT Router Vulnerabilities
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Microsoft Edge SOP Bypass
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
Linux Kernel Packet Socket Vulnerability Exploit
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
ISC StormCast for Wednesday, May 10th 2017
9 maj 2017 |
6 min
Microsoft Path Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/
Snake For Mac OS X Included in Handbrake
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Cisco Patches CMP-Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability
http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/
Snake For Mac OS X Included in Handbrake
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Cisco Patches CMP-Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability
http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
ISC StormCast for Tuesday, May 9th 2017
9 maj 2017 |
7 min
Exploring a P2P Transient Botnet - From Discovery to Enumeration
https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/
Video Conversion Application Handbrake Compromised
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
Emergency Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/en-us/library/security/4022344
OS X Keychain OTR Vulnerability
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/
Video Conversion Application Handbrake Compromised
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
Emergency Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/en-us/library/security/4022344
OS X Keychain OTR Vulnerability
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
ISC StormCast for Monday, May 8th 2017
7 maj 2017 |
6 min
Tenable Discovers Details Regarding Intel AMT Vulnerability
http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Android Apps Use Ultrasound Beacons To Track Users
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
HTTP Headers... the Achilles' Heel of Many Applications
https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Android Apps Use Ultrasound Beacons To Track Users
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
HTTP Headers... the Achilles' Heel of Many Applications
https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
ISC StormCast for Friday, May 5th 2017
5 maj 2017 |
5 min
Google OAUTH Spam Wrapup
https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/
Artificial Master Fingerprint Set
https://wp.nyu.edu/memon/the-master-print/
rpcbind denial of service
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Debian Discontinue FTP Support for Downloads
https://www.debian.org/News/2017/20170425
https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/
Artificial Master Fingerprint Set
https://wp.nyu.edu/memon/the-master-print/
rpcbind denial of service
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Debian Discontinue FTP Support for Downloads
https://www.debian.org/News/2017/20170425
ISC StormCast for Thursday, May 4th 2017
3 maj 2017 |
8 min
Google Docs OAUTH Phishing E-Mails
https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/
Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/
Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
ISC StormCast for Wednesday, May 3rd 2017
2 maj 2017 |
5 min
Scans Sighted for Ports Used by Intel Remote Management Interface
https://isc.sans.edu/port.html?port=16992
https://isc.sans.edu/port.html?port=16993
Outlook Forms Can Run Macros
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Jenkins Vulnerability
https://jenkins.io/security/advisory/2017-04-26/
Google Android May Patchday
https://source.android.com/security/bulletin/2017-05-01
IBM Storwize USB Stick Malware
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
https://isc.sans.edu/port.html?port=16992
https://isc.sans.edu/port.html?port=16993
Outlook Forms Can Run Macros
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Jenkins Vulnerability
https://jenkins.io/security/advisory/2017-04-26/
Google Android May Patchday
https://source.android.com/security/bulletin/2017-05-01
IBM Storwize USB Stick Malware
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
ISC StormCast for Tuesday, May 2nd 2017
2 maj 2017 |
6 min
Intel AMT, SBT and ISM Escalation of Privilege Vulnerability
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Local Root Exploit in chkrootkit
https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/
Escape Sequence Exploits in Various Linux Terminals
http://www.openwall.com/lists/oss-security/2017/05/01/13
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Local Root Exploit in chkrootkit
https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/
Escape Sequence Exploits in Various Linux Terminals
http://www.openwall.com/lists/oss-security/2017/05/01/13
ISC StormCast for Monday, May 1st 2017
1 maj 2017 |
6 min
Simple Javascript Word Macro Not Recognized By Many AV Products
https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/
OS X Malware Adds Proxy To Intercept HTTPS
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
OVH Vulnerability Put Servers at Risk
https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/
OS X Malware Adds Proxy To Intercept HTTPS
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
OVH Vulnerability Put Servers at Risk
https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
ISC StormCast for Friday, April 28th 2017
28 april 2017 |
6 min
VISA IP Block Hijacked By Russian ISP
https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/
Antminer "Checking" DoS Vulnerability
http://www.antbleed.com
Symantec Offers Audits To Stave Off Google's CA Blacklisting
https://www.symantec.com/connect/blogs/symantec-ca-proposal
NoMX Security E-Mail Appliance Pentest
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
vendor response: www.nomx.com
SANS Defending Web Applications
https://www.sans.org/dev522
https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/
Antminer "Checking" DoS Vulnerability
http://www.antbleed.com
Symantec Offers Audits To Stave Off Google's CA Blacklisting
https://www.symantec.com/connect/blogs/symantec-ca-proposal
NoMX Security E-Mail Appliance Pentest
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
vendor response: www.nomx.com
SANS Defending Web Applications
https://www.sans.org/dev522
ISC StormCast for Thursday, April 27th 2017
27 april 2017 |
6 min
Bots Disrupts US ISP
https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
ISC StormCast for Wednesday, April 26th 2017
26 april 2017 |
6 min
CAA Records and Certificate Issuance
https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
ISC StormCast for Tuesday, April 25th 2017
25 april 2017 |
5 min
Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
ISC StormCast for Monday, April 24th 2017
24 april 2017 |
5 min
Increase in Port 81 Traffic
https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
ISC StormCast for Friday, April 21st 2017
20 april 2017 |
6 min
Detecting Covert DNS Channels
https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
ISC StormCast for Thursday, April 20th 2017
20 april 2017 |
6 min
Hunting and Analyzing Malicious Excel Files
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
ISC StormCast for Wednesday, April 19th 2017
19 april 2017 |
6 min
Details about how to exploit CVE-2017-0199
https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html
User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html
User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
ISC StormCast for Tuesday, April 18th 2017
18 april 2017 |
7 min
Detecting IDN Phishing Domains
https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
ISC StormCast for Monday, April 17th 2017
17 april 2017 |
6 min
Detecting SMB Cover Channel "Doublepulsar"
https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/
ETERNALBLUE: Windows SMBv1 Exploit
https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
https://isc.sans.edu/forums/diary/Detecting+SMB+Covert+Channel+Double+Pulsar/22312/
ETERNALBLUE: Windows SMBv1 Exploit
https://isc.sans.edu/forums/diary/ETERNALBLUE+Windows+SMBv1+Exploit+Patched/22304/
ISC StormCast for Friday, April 14th 2017
14 april 2017 |
6 min
Packet Captures Filtered By Process
https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
ISC StormCast for Thursday, April 13th 2017
13 april 2017 |
6 min
Mole Ransomware Delivered via Fake USPS E-Mails
https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
Identifying HTTPS-Protected Netflix Videos in Real-Time
https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf
SMS Messages Used to Control Oven
https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/
Android Hardening TLS Use
https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
Identifying HTTPS-Protected Netflix Videos in Real-Time
https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf
SMS Messages Used to Control Oven
https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/
Android Hardening TLS Use
https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
ISC StormCast for Wednesday, April 12th 2017
12 april 2017 |
300 min
MSFT/Adobe Patch Tuesday
https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
Solaris 0-Day
https://twitter.com/hackerfantastic/status/851555538597011460
OWASP Top 10 Update
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
Solaris 0-Day
https://twitter.com/hackerfantastic/status/851555538597011460
OWASP Top 10 Update
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
ISC StormCast for Tuesday, April 11th 2017
11 april 2017 |
300 min
TPLink Modem Responds With Admin Password to SMS
http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/
Fake Google Map Weblinks
https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/
Apple Fixes Apple Music For Android
http://seclists.org/bugtraq/2017/Apr/26
Dalles Sirens Hacked via Wireless Attacks
http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/
NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel
https://t.co/FvSSwhtUH7
http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/
Fake Google Map Weblinks
https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/
Apple Fixes Apple Music For Android
http://seclists.org/bugtraq/2017/Apr/26
Dalles Sirens Hacked via Wireless Attacks
http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/
NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel
https://t.co/FvSSwhtUH7
ISC StormCast for Monday, April 10th 2017
10 april 2017 |
300 min
Domain Whitelisting with Alexa and Umbrella Lists (and update)
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/
SANS Security West (San Diego)
https://www.sans.org/event/sans-security-west-2017
Dallas Tornado Sirens Hacked
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318
Shadowbroker Files
https://github.com/x0rz/EQGRP
Word Vulnerability
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/
SANS Security West (San Diego)
https://www.sans.org/event/sans-security-west-2017
Dallas Tornado Sirens Hacked
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318
Shadowbroker Files
https://github.com/x0rz/EQGRP
Word Vulnerability
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
ISC StormCast for Friday, April 7th 2017
7 april 2017 |
6 min
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf
Cisco Aironet Default Credentials
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
Intercepting Two-Factor Authentication
https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/
QNAP NAS Vulnerabilities
https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf
Cisco Aironet Default Credentials
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170405-ame
Intercepting Two-Factor Authentication
https://breakdev.org/evilginx-advanced-phishing-with-two-factor-authentication-bypass/
QNAP NAS Vulnerabilities
https://sintonen.fi/advisories/qnap-qts-multiple-rce-vulnerabilities.txt
ISC StormCast for Thursday, April 6th 2017
6 april 2017 |
6 min
Whitelists: The Holy Grail of Attackers
https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/
Java Struts2 Vulnerability Used To Install Ransomware
https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/
Brazilian Bank Looses Control Over Domains
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Google Android April Patch Day
https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary
Radware Observes "BrickerBot" Destroying Devices
https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
Struts2 Vulnerability Webcast
https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/
Java Struts2 Vulnerability Used To Install Ransomware
https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/
Brazilian Bank Looses Control Over Domains
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Google Android April Patch Day
https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary
Radware Observes "BrickerBot" Destroying Devices
https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
Struts2 Vulnerability Webcast
https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
ISC StormCast for Wednesday, April 5th 2017
5 april 2017 |
6 min
Exploiting Broadcom's Wi-Fi Stack
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Covert Channel Between Virtual Machines Via CPU Cache
https://cmaurice.fr/pdf/ndss17_maurice.pdf
40 Vulnerabilities in Samsung Tizen
https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Covert Channel Between Virtual Machines Via CPU Cache
https://cmaurice.fr/pdf/ndss17_maurice.pdf
40 Vulnerabilities in Samsung Tizen
https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
ISC StormCast for Tuesday, April 4th 2017
4 april 2017 |
6 min
Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution
https://support.apple.com/en-us/HT207688
Practical Use of SHA1 Collisions: ISO Images
https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/
Microsoft Defender False Positive
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A
Cracking Weak Session Secrets
https://martinfowler.com/articles/session-secret.html
Skype Malvertising Advertises Fake Flash Players
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
https://support.apple.com/en-us/HT207688
Practical Use of SHA1 Collisions: ISO Images
https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/
Microsoft Defender False Positive
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A
Cracking Weak Session Secrets
https://martinfowler.com/articles/session-secret.html
Skype Malvertising Advertises Fake Flash Players
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
ISC StormCast for Monday, April 3rd 2017
3 april 2017 |
6 min
Google Discovers More LastPass Vulnerabilities;
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6
Attacking KeePass
https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass
https://github.com/HarmJ0y/KeeThief
Bypassing Cylance
http://www.blackhillsinfosec.com/?p=5792
Mimi Penguin: Extracting Credentials From Memory on Linux Tools
https://github.com/huntergregal/mimipenguin
Windows 2003 / IIS 6 Exploit
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
https://github.com/rapid7/metasploit-framework/pull/8162
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6
Attacking KeePass
https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass
https://github.com/HarmJ0y/KeeThief
Bypassing Cylance
http://www.blackhillsinfosec.com/?p=5792
Mimi Penguin: Extracting Credentials From Memory on Linux Tools
https://github.com/huntergregal/mimipenguin
Windows 2003 / IIS 6 Exploit
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
https://github.com/rapid7/metasploit-framework/pull/8162
ISC StormCast for Friday, March 31st 2017
31 mars 2017 |
6 min
Diverting built-in features for the bad
https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/
Fake Job Offers to GitHub Developers Include Malware
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/
Drones With Lasers!
https://arxiv.org/pdf/1703.07751.pdf
https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/
Fake Job Offers to GitHub Developers Include Malware
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/
Drones With Lasers!
https://arxiv.org/pdf/1703.07751.pdf
ISC StormCast for Thursday, March 30th 2017
30 mars 2017 |
5 min
Logical and Physical Security Correlation
https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/
Recent Mirai DDoS Attacks
https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html
Crusader Injects Fake Support Phone Numbers into Websites
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
VMWare Closes Pwn2Own Guest Escape Vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
Apple iCloud for Windows Update
https://support.apple.com/de-de/HT207607
https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/
Recent Mirai DDoS Attacks
https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html
Crusader Injects Fake Support Phone Numbers into Websites
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
VMWare Closes Pwn2Own Guest Escape Vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
Apple iCloud for Windows Update
https://support.apple.com/de-de/HT207607
ISC StormCast for Wednesday, March 29th 2017
29 mars 2017 |
5 min
New Exploit Variant for Recent Struts2 Vulnerability
https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
PoC Exploit for iBook ePub Javascript Vulnerability
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Microsoft Docs.com Leak
https://twitter.com/gossithedog/status/845446263244050434
Symantec SSL CA tool
https://www.renditioninfosec.com/socapps/sslcheck/index.php
https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
PoC Exploit for iBook ePub Javascript Vulnerability
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Microsoft Docs.com Leak
https://twitter.com/gossithedog/status/845446263244050434
Symantec SSL CA tool
https://www.renditioninfosec.com/socapps/sslcheck/index.php
ISC StormCast for Tuesday, March 28th 2017
28 mars 2017 |
7 min
Apple Updates
https://support.apple.com/en-us/HT201222
IIS 6 / Windows Server 2003 Exploit
https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py
Symantec SSL Update
https://www.symantec.com/connect/blogs/message-our-ca-customers
https://support.apple.com/en-us/HT201222
IIS 6 / Windows Server 2003 Exploit
https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py
Symantec SSL Update
https://www.symantec.com/connect/blogs/message-our-ca-customers
ISC StormCast for Monday, March 27th 2017
27 mars 2017 |
7 min
Google Announces Removal of Symantec CAs for Extended Validation
https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
Spoofing Referrer in Microsoft Edge
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
Smart TV Compromise Via Broadcast Signals
https://www.youtube.com/watch?v=bOJ_8QHX6OA
Defending Web Applications Class
https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
Spoofing Referrer in Microsoft Edge
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
Smart TV Compromise Via Broadcast Signals
https://www.youtube.com/watch?v=bOJ_8QHX6OA
Defending Web Applications Class
https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
ISC StormCast for Friday, March 24th 2017
24 mars 2017 |
7 min
"Swearing Trojan" Uses Fake BTSs To Spread Malware
http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/
Lastpass Updates ClickJacking Exploit (Again)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2
Application Verifier "Bug"
https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf
http://blog.checkpoint.com/2017/03/21/swearing-trojan-continues-rage-even-authors-arrest/
Lastpass Updates ClickJacking Exploit (Again)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1188&desc=2
Application Verifier "Bug"
https://github.com/ionescu007/HookingNirvana/blob/master/Esoteric%20Hooks.pdf
ISC StormCast for Thursday, March 23rd 2017
23 mars 2017 |
6 min
Criminals Threaten to Erase Millions of iCloud Conntected Apple devices
https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus
Siemens Control Systems Affected by Fake Firmware
https://dragos.com/blog/mimics/
GitHub Used for C&C
http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/
Adium IM Vulnerable to Older libpurple Issue
http://seclists.org/fulldisclosure/2017/Mar/57
https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus
Siemens Control Systems Affected by Fake Firmware
https://dragos.com/blog/mimics/
GitHub Used for C&C
http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/
Adium IM Vulnerable to Older libpurple Issue
http://seclists.org/fulldisclosure/2017/Mar/57
ISC StormCast for Wednesday, March 22nd 2017
22 mars 2017 |
5 min
Password Encrypted Word File Delivers Malware
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
Critical LastPass Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1209
Nest Camera Bluetooth Vulnerability
https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
Critical LastPass Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1209
Nest Camera Bluetooth Vulnerability
https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
ISC StormCast for Tuesday, March 21st 2017
21 mars 2017 |
6 min
CISCO Releases Advisory With Details Regarding CMP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!)
https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three
Git Moving Away From SHA1 (likely to SHA3)
https://news.ycombinator.com/item?id=13906804
Proxy Security
https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/
https://www.us-cert.gov/ncas/alerts/TA17-075A
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!)
https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three
Git Moving Away From SHA1 (likely to SHA3)
https://news.ycombinator.com/item?id=13906804
Proxy Security
https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/
https://www.us-cert.gov/ncas/alerts/TA17-075A
ISC StormCast for Monday, March 20th 2017
20 mars 2017 |
6 min
An Example of a Multiple States Dropper
https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/
Real-World Wiretaping Attacks Against ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Authenticating Against MySQL Server Using a Hashed Password
https://github.com/cyrus-and/mysql-unsha1
https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/
Real-World Wiretaping Attacks Against ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Authenticating Against MySQL Server Using a Hashed Password
https://github.com/cyrus-and/mysql-unsha1
ISC StormCast for Friday, March 17th 2017
17 mars 2017 |
6 min
Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Proton Mac OS RAT
https://www.cybersixgill.com/proton-a-new-mac-os-rat/
Linux Kernel n_hdlc Privilege Escalation
http://seclists.org/oss-sec/2017/q1/569
VMWare Copy/Paste Exploit Fixed
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Proton Mac OS RAT
https://www.cybersixgill.com/proton-a-new-mac-os-rat/
Linux Kernel n_hdlc Privilege Escalation
http://seclists.org/oss-sec/2017/q1/569
VMWare Copy/Paste Exploit Fixed
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
ISC StormCast for Thursday, March 16th 2017
16 mars 2017 |
7 min
Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts
https://twitter.com/thecounter
Telegram and WhatsApp Image Vulnerability
http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
RSA Panel Webcast
https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
https://twitter.com/thecounter
Telegram and WhatsApp Image Vulnerability
http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
RSA Panel Webcast
https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
ISC StormCast for Wednesday, March 15th 2017
15 mars 2017 |
6 min
Microsoft's Double Patch Tuesday
https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/
https://isc.sans.edu/forums/diary/February+and+March+Microsoft+Patch+Tuesday/22185/
ISC StormCast for Tuesday, March 14th 2017
14 mars 2017 |
6 min
Creating SHA3 Hashes with sigs.py
https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/
Canada Revenue Agency Website Attacked / Down over Struts2
http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591
Webkit Exploit Adobted to Nintendo Switch
https://www.youtube.com/watch?v=xkdPjbaLngE
Analysis of Outdated Javascript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Github Enterprise SAML Authentication Bypass
http://www.economyofmechanism.com/github-saml
https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/
Canada Revenue Agency Website Attacked / Down over Struts2
http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591
Webkit Exploit Adobted to Nintendo Switch
https://www.youtube.com/watch?v=xkdPjbaLngE
Analysis of Outdated Javascript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Github Enterprise SAML Authentication Bypass
http://www.economyofmechanism.com/github-saml
ISC StormCast for Monday, March 13th 2017
13 mars 2017 |
7 min
Issues With Out Of Date Geo Location Databases
https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/
Recovering Mobile Device PINs via Thermal Images
http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf
Unmasking Randomized MAC Addresses
https://arxiv.org/abs/1703.02874v1
Mobile Phone Supply Chain Attacks
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/
Recovering Mobile Device PINs via Thermal Images
http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf
Unmasking Randomized MAC Addresses
https://arxiv.org/abs/1703.02874v1
Mobile Phone Supply Chain Attacks
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
ISC StormCast for Friday, March 10th 2017
10 mars 2017 |
5 min
Struts 2 Update
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/
Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/
Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/
Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/
Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847
ISC StormCast for Thursday, March 9th 2017
9 mars 2017 |
6 min
Security Researches Target Nintendo Switch
https://twitter.com/qlutoo
https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be
Dockerscan
https://github.com/cr0hn/dockerscan
1 in 5 Websites still rely on SHA-1 Based Certificates
http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/
Not All Malware Samples Are Complex
https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
Struts Vulnerability Included in Metasploit
https://github.com/rapid7/metasploit-framework/issues/8064
https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
https://twitter.com/qlutoo
https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be
Dockerscan
https://github.com/cr0hn/dockerscan
1 in 5 Websites still rely on SHA-1 Based Certificates
http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/
Not All Malware Samples Are Complex
https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
Struts Vulnerability Included in Metasploit
https://github.com/rapid7/metasploit-framework/issues/8064
https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
ISC StormCast for Wednesday, March 8th 2017
8 mars 2017 |
7 min
CIA Leak (note that link lead directly to leaked documents)
https://wikileaks.com/ciav7p1/
From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
WordPress Update
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reading Secret Keys From SGX Enclaves
https://arxiv.org/abs/1702.08719
https://wikileaks.com/ciav7p1/
From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
WordPress Update
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reading Secret Keys From SGX Enclaves
https://arxiv.org/abs/1702.08719
ISC StormCast for Tuesday, March 7th 2017
7 mars 2017 |
6 min
Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up
https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/
Post Mortem on 911 DDoS Attack
https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972
Nextcloud/Owncloud Scanner
https://scan.nextcloud.com
Western Digital MyCloud Vulnerability
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/
Post Mortem on 911 DDoS Attack
https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972
Nextcloud/Owncloud Scanner
https://scan.nextcloud.com
Western Digital MyCloud Vulnerability
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
ISC StormCast for Monday, March 6th 2017
6 mars 2017 |
6 min
How Your Pictures Affect Your Website Reputation
https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/
De-Obuscating Padded Code
https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/
FoxIT PDF Reader Vulnerability
https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
Applying SHA1 Shatter Attack To Bittorent
https://biterrant.io
Gargoyle Memory Scanning Evasion
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html
Attacking Synergy Clients
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/
De-Obuscating Padded Code
https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/
FoxIT PDF Reader Vulnerability
https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
Applying SHA1 Shatter Attack To Bittorent
https://biterrant.io
Gargoyle Memory Scanning Evasion
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html
Attacking Synergy Clients
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
ISC StormCast for Friday, March 3rd 2017
3 mars 2017 |
5 min
Business E-Mail Compromise and Sender Policy Framework Typos (SPF)
https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/
Android Developers Infected With Malware Publishing Malicious Apps
http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/
DBLTek GoIP Backdoor
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Decrypting Findzip/Patcher Ransomware
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/
Android Developers Infected With Malware Publishing Malicious Apps
http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/
DBLTek GoIP Backdoor
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Decrypting Findzip/Patcher Ransomware
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
ISC StormCast for Thursday, March 2nd 2017
2 mars 2017 |
6 min
LDAP and STARTTLS
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/
Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/
Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/
Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/
Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
ISC StormCast for Wednesday, March 1st 2017
1 mars 2017 |
5 min
Amazon Cloud IPv4 Reuse Leads to Stray Requests
https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129
Amazon S3 Outage
https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/
CloudPets Leaks Recordings
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
ESET Antivirus Vulnerability Puts Macs at Risk
http://seclists.org/fulldisclosure/2017/Feb/68
Analysis of a Simple PHP Backdoor
https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129
Amazon S3 Outage
https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/
CloudPets Leaks Recordings
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
ESET Antivirus Vulnerability Puts Macs at Risk
http://seclists.org/fulldisclosure/2017/Feb/68
Analysis of a Simple PHP Backdoor
https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
ISC StormCast for Tuesday, February 28th 2017
28 februari 2017 |
6 min
Google Chrome TLS 1.3 Update Causes Issues With Bluecoat
https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Windows 10 Will Implmenet "Gatekeeper" Like Technology
https://twitter.com/vitorgrs/status/835674417602637824
Google Releases E2EMail Chrome Plugin
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
Decrypting SCOM "RunAs" Credentials
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Windows 10 Will Implmenet "Gatekeeper" Like Technology
https://twitter.com/vitorgrs/status/835674417602637824
Google Releases E2EMail Chrome Plugin
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
Decrypting SCOM "RunAs" Credentials
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
ISC StormCast for Monday, February 27th 2017
27 februari 2017 |
5 min
Cloudflare Leaks Data
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
IE/Edge Denial of Service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2
"Dynamite Phishing"
https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/
Google Credentials Problems
https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
IE/Edge Denial of Service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2
"Dynamite Phishing"
https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/
Google Credentials Problems
https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
ISC StormCast for Friday, February 24th 2017
24 februari 2017 |
6 min
Researchers Find SHA1 Collision
https://shattered.io/static/shattered.pdf
Arrest Made in Deutsche Telekom DSL Modem Attack
https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
https://shattered.io/static/shattered.pdf
Arrest Made in Deutsche Telekom DSL Modem Attack
https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
ISC StormCast for Thursday, February 23rd 2017
23 februari 2017 |
5 min
User Centric Mobile Device Security With Stethoscope
http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html
Fingerprinting Firefox With Intermediate Certificates
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
JudasDNS Attack DNS Proxy
https://github.com/mandatoryprogrammer/JudasDNS
http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html
Fingerprinting Firefox With Intermediate Certificates
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
JudasDNS Attack DNS Proxy
https://github.com/mandatoryprogrammer/JudasDNS
ISC StormCast for Wednesday, February 22nd 2017
22 februari 2017 |
5 min
Microsoft Releases Flash Patch From Skipped February Update
https://technet.microsoft.com/en-us/library/security/MS17-005
Investigating Off-Premise Wireless Behaviour
https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/
"Bugdrop" Steals Large Amount of Audio
https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
https://technet.microsoft.com/en-us/library/security/MS17-005
Investigating Off-Premise Wireless Behaviour
https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/
"Bugdrop" Steals Large Amount of Audio
https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
ISC StormCast for Tuesday, February 21st 2017
21 februari 2017 |
6 min
Hardening Postfix Against FTP Relay Attacks
https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/
Kaspersky Examins Mobile Car Apps
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Cars "Remember" Prior Owners
http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/
Xen Project Reconsidering Vulnerability Disclosure Policy
https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/
Stagefright Vulnerability had minimal affect on Android Security
https://www.rsaconference.com/speakers/adrian_ludwig
https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/
Kaspersky Examins Mobile Car Apps
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Cars "Remember" Prior Owners
http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/
Xen Project Reconsidering Vulnerability Disclosure Policy
https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/
Stagefright Vulnerability had minimal affect on Android Security
https://www.rsaconference.com/speakers/adrian_ludwig
ISC StormCast for Monday, February 20th 2017
20 februari 2017 |
5 min
RTRBK: Router, Switch, Firewall Backups in Powershell
https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/
Windows EMF Imge 0-Day Memory Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
Brazillian Traffic Ticket Malspam
https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
Using XXE To Send E-Mail
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/
Windows EMF Imge 0-Day Memory Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
Brazillian Traffic Ticket Malspam
https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
Using XXE To Send E-Mail
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
ISC StormCast for Friday, February 17th 2017
17 februari 2017 |
7 min
AVM Private Key Leak Puts Cable Modems At Risk
https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/
OpenSSL Update
https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/
Microsoft Update Delayed
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
ANC Attack ASLR Bypass
https://www.vusec.net/projects/anc/
https://isc.sans.edu/forums/diary/AVM+Private+Key+Leak+Puts+Cable+Modems+Worldwide+At+Risk/22076/
OpenSSL Update
https://isc.sans.edu/forums/diary/OpenSSL+110e+Update+No+need+to+panic+openssl/22074/
Microsoft Update Delayed
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
ANC Attack ASLR Bypass
https://www.vusec.net/projects/anc/
ISC StormCast for Thursday, February 16th 2017
16 februari 2017 |
5 min
How Was Your Stay At The Hotel La Playa
https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069
XAgent OS X Malware
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Conference Phone Compromise
https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069
XAgent OS X Malware
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Conference Phone Compromise
https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
ISC StormCast for Wednesday, February 15th 2017
15 februari 2017 |
6 min
Microsoft Cancels Patch Tuesday
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Adobe Update For Flash
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
WebSephere Update
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
Operation Kingphish
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk
Hacking Node-Serialize
http://blog.websecurify.com/2017/02/hacking-node-serialize.html
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Adobe Update For Flash
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
WebSephere Update
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
Operation Kingphish
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk
Hacking Node-Serialize
http://blog.websecurify.com/2017/02/hacking-node-serialize.html
ISC StormCast for Tuesday, February 14th 2017
14 februari 2017 |
5 min
New Tool: Packettotal.com
http://www.packettotal.com
What Not To Decrypt When Intercepting SSL
https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/
webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
Simple Static Malware Analyzer
https://github.com/secrary/SSMA
Critical Firefox for Android Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
Ubuntu ntfs-3g Privilege Escalation
https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Microsoft Patch Tuesday Changes
http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
http://www.packettotal.com
What Not To Decrypt When Intercepting SSL
https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/
webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
Simple Static Malware Analyzer
https://github.com/secrary/SSMA
Critical Firefox for Android Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
Ubuntu ntfs-3g Privilege Escalation
https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Microsoft Patch Tuesday Changes
http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
ISC StormCast for Monday, February 13th 2017
13 februari 2017 |
6 min
Vulnerabilities in Samsung KNOX
https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Auditing MongoDB Configurations
https://github.com/stampery/mongoaudit
Reversing Javascript
https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/
Wordpress REST API Flaw Widely Exploited
https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
Cryptographically Secure PHP Development
https://paragonie.com/blog/2017/02/cryptographically-secure-php-development
DEV522 Web Application Security Essentials
https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Auditing MongoDB Configurations
https://github.com/stampery/mongoaudit
Reversing Javascript
https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/
Wordpress REST API Flaw Widely Exploited
https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
Cryptographically Secure PHP Development
https://paragonie.com/blog/2017/02/cryptographically-secure-php-development
DEV522 Web Application Security Essentials
https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
ISC StormCast for Friday, February 10th 2017
10 februari 2017 |
6 min
F5 Big IP Ticketbleed Vulnerability
https://filippo.io/Ticketbleed/
CryptoShield Ransomware from Rig EK
https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/
Hancitor/Pony Malspam
https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
Apple Retaining Old Browser History Data
https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769
Brute Forcing LUKS Passwords
https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
https://filippo.io/Ticketbleed/
CryptoShield Ransomware from Rig EK
https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/
Hancitor/Pony Malspam
https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
Apple Retaining Old Browser History Data
https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769
Brute Forcing LUKS Passwords
https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
ISC StormCast for Thursday, February 9th 2017
9 februari 2017 |
6 min
Cloud Metadata URLs
https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/
Intel Atom C2000 Chip Failures
http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/
More W-2 Scams, Now Combined With Wire Transfer Scams
https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/
Macro Malware Coming to MacOS
https://objective-see.com/blog/blog_0x17.html
https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/
Intel Atom C2000 Chip Failures
http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/
More W-2 Scams, Now Combined With Wire Transfer Scams
https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/
Macro Malware Coming to MacOS
https://objective-see.com/blog/blog_0x17.html
ISC StormCast for Wednesday, February 8th 2017
8 februari 2017 |
7 min
Using Emojis as Passwords
https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/
Popular iOS Applications Not Using TLS
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e
Web Bluetooth Security Model
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h
E-Mail Spoofing in GMail
https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/
Popular iOS Applications Not Using TLS
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e
Web Bluetooth Security Model
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h
E-Mail Spoofing in GMail
https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
ISC StormCast for Tuesday, February 7th 2017
7 februari 2017 |
6 min
Malicous or Not? Help Me Decide
https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/
OpenBSD Http Server DoS Vulnerability
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Bypassing Tor Browser Via Windows DRM
https://www.myhackerhouse.com/windows_drm_vs_torbrowser/
Freedom Hosting II Compromise
https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/
OpenBSD Http Server DoS Vulnerability
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Bypassing Tor Browser Via Windows DRM
https://www.myhackerhouse.com/windows_drm_vs_torbrowser/
Freedom Hosting II Compromise
https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
ISC StormCast for Monday, February 6th 2017
6 februari 2017 |
5 min
Base64 Encoded Malware Samples on Pastebin
https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/
Cisco Recaling Meraki Access Points over Fatal Hardware Flaw
http://www.cisco.com/c/en/us/support/web/clock-signal.html
SQL Injection Vulnerability in McAfee e Policy Orchastrator
https://kc.mcafee.com/corporate/index?page=content&id=SB10187
Update from Microsoft on SMB 3 Vulnerability
https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/
Malicious Files Sent via Whatsapp to Target Indian Military
http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/
Cisco Recaling Meraki Access Points over Fatal Hardware Flaw
http://www.cisco.com/c/en/us/support/web/clock-signal.html
SQL Injection Vulnerability in McAfee e Policy Orchastrator
https://kc.mcafee.com/corporate/index?page=content&id=SB10187
Update from Microsoft on SMB 3 Vulnerability
https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/
Malicious Files Sent via Whatsapp to Target Indian Military
http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
ISC StormCast for Friday, February 3rd 2017
3 februari 2017 |
5 min
SMB 3 0-Day DoS Exploit
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/
WordPress Update Silently Fixes Security Flaw
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Webroot Update Patches BSOD Flaw
https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1
Google Adds Support for Mandatory Two-Factor Authentication to G-Suite
https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html
Cisco Prime Home Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/
WordPress Update Silently Fixes Security Flaw
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Webroot Update Patches BSOD Flaw
https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1
Google Adds Support for Mandatory Two-Factor Authentication to G-Suite
https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html
Cisco Prime Home Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
ISC StormCast for Thursday, February 2nd 2017
2 februari 2017 |
5 min
Multiple Vulnerabilites in tcpdump
https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
Quick Analysis of Data Left Available by Attackers
https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/
Securing The Human Ouch! Newsletter
https://securingthehuman.sans.org/ouch/
Redis CSRF Vulnerability Exploit
https://github.com/dxa4481/whatsinmyredis
https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
Quick Analysis of Data Left Available by Attackers
https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/
Securing The Human Ouch! Newsletter
https://securingthehuman.sans.org/ouch/
Redis CSRF Vulnerability Exploit
https://github.com/dxa4481/whatsinmyredis
ISC StormCast for Wednesday, February 1st 2017
1 februari 2017 |
6 min
Fileless UAC Bypass Used to Drop Keybase Malware
https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/
Apple Removes Activation Lock Test Tool After Abuse
https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/
Multiple Vulnerabilities in tcpdump
https://www.debian.org/security/2017/dsa-3775
Postscript Printer Vulnerabilities
http://seclists.org/fulldisclosure/2017/Jan/89
Stop Disabling SELinux
https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/
Apple Removes Activation Lock Test Tool After Abuse
https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/
Multiple Vulnerabilities in tcpdump
https://www.debian.org/security/2017/dsa-3775
Postscript Printer Vulnerabilities
http://seclists.org/fulldisclosure/2017/Jan/89
Stop Disabling SELinux
https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
ISC StormCast for Tuesday, January 31st 2017
31 januari 2017 |
7 min
py2exe Decompiling Part 2
https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/
Telemarketer Leaks Call Recordings
https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files
Facebook Introduces Delegated Recovery Protocol
https://github.com/facebookincubator/DelegatedRecovery/
https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt
Another Cisco WebEx Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Cryptkeeper Does Not Correctly Encrypt Folders
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/
Telemarketer Leaks Call Recordings
https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files
Facebook Introduces Delegated Recovery Protocol
https://github.com/facebookincubator/DelegatedRecovery/
https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt
Another Cisco WebEx Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Cryptkeeper Does Not Correctly Encrypt Folders
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
ISC StormCast for Monday, January 30th 2017
30 januari 2017 |
7 min
Port 5358 Scans for Devices
https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/
OpenSSH Vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/26/2
Ransomware Hits Traffic Cameras in DC
https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html
Hotel Hit By Ransomware
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
Not So Private Android VPNs
http://www.icir.org/vern/papers/vpn-apps-imc16.pdf
Google Starting its own Certificate Authority
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/
OpenSSH Vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/26/2
Ransomware Hits Traffic Cameras in DC
https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html
Hotel Hit By Ransomware
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
Not So Private Android VPNs
http://www.icir.org/vern/papers/vpn-apps-imc16.pdf
Google Starting its own Certificate Authority
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
ISC StormCast for Friday, January 27th 2017
27 januari 2017 |
6 min
IOCs: Risks of False Positive Floods
https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/
Android Ransomware in Google Play Store
http://blog.checkpoint.com/2017/01/24/charger-malware/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html#y2017
Facebook To Implement U2F (FIDO) Login
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
WebEx Update
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/
Android Ransomware in Google Play Store
http://blog.checkpoint.com/2017/01/24/charger-malware/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html#y2017
Facebook To Implement U2F (FIDO) Login
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
WebEx Update
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
ISC StormCast for Thursday, January 26th 2017
26 januari 2017 |
6 min
Cisco WebEx Remains Vulnerable. Other Browsers Affected
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Malicious SVG Files Fund in the Wild
https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/
W2 Scams Hitting Again
http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html
XXE Entity Vulnerability in Uber
https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Firefox 51 Released
https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Malicious SVG Files Fund in the Wild
https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/
W2 Scams Hitting Again
http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html
XXE Entity Vulnerability in Uber
https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Firefox 51 Released
https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
ISC StormCast for Wednesday, January 25th 2017
25 januari 2017 |
5 min
Cisco Releases Patch for Chrome Webex Plugin
https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/
Companies Fall For Fake Ransomware
https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/
systemd priviledge escalation vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/24/4
nginx update released
http://nginx.org/en/CHANGES
https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/
Companies Fall For Fake Ransomware
https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/
systemd priviledge escalation vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/24/4
nginx update released
http://nginx.org/en/CHANGES
ISC StormCast for Tuesday, January 24th 2017
24 januari 2017 |
6 min
Experimenting With IPv6 Fragments
https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00
Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00
Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
ISC StormCast for Monday, January 23rd 2017
23 januari 2017 |
6 min
Sage 2.0 Ransomware
https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/
Starwars Twitter Botner
https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf
Symantec Messes Up SSL Certificates Again
https://www.mail-archive.com/[email protected]/msg05455.html
Github CSP Experiences
https://githubengineering.com/githubs-post-csp-journey/
Podcast Survey
https://www.surveymonkey.com/r/sbn2017
https://isc.sans.edu/forums/diary/Sage+20+Ransomware/21959/
Starwars Twitter Botner
https://regmedia.co.uk/2017/01/20/starwarsbotnet.pdf
Symantec Messes Up SSL Certificates Again
https://www.mail-archive.com/[email protected]/msg05455.html
Github CSP Experiences
https://githubengineering.com/githubs-post-csp-journey/
Podcast Survey
https://www.surveymonkey.com/r/sbn2017
ISC StormCast for Friday, January 20th 2017
19 januari 2017 |
6 min
Open Hadoop Instances Are At Risk
http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html
Upcoming SHA-1 Deadlines
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
Google "Verify Apps" Algorithm
https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/
Practical JSONP Injection
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Necurs Decline Huring Loky Distribution
http://blog.talosintel.com/2017/01/locky-struggles.html
http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html
Upcoming SHA-1 Deadlines
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
Google "Verify Apps" Algorithm
https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/
Practical JSONP Injection
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Necurs Decline Huring Loky Distribution
http://blog.talosintel.com/2017/01/locky-struggles.html
ISC StormCast for Thursday, January 19th 2017
18 januari 2017 |
6 min
US-Cert Considers Netbios/SMBv1 Harmfull
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
IPv6 Atomic Fragments Can Lead to DDoS Attack
https://tools.ietf.org/html/rfc8021
Facebook Was Affectd by ImageTragick Flaw
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Malwarebytes Identifies Old Mac Backdoor
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
IPv6 Atomic Fragments Can Lead to DDoS Attack
https://tools.ietf.org/html/rfc8021
Facebook Was Affectd by ImageTragick Flaw
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Malwarebytes Identifies Old Mac Backdoor
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
ISC StormCast for Wednesday, January 18th 2017
17 januari 2017 |
5 min
domain_stats.py: A Web API For SEIM Phishing Hunts;
https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/
Mutiple RCE in ZyXEL/Billion/True Online Routers
http://seclists.org/fulldisclosure/2017/Jan/40
Dovecot Passes Security Audit
https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf
Dutch Web Developers Left Backdoors Behind
http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
Mobile Applications Contain Secrets
https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/
Mutiple RCE in ZyXEL/Billion/True Online Routers
http://seclists.org/fulldisclosure/2017/Jan/40
Dovecot Passes Security Audit
https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf
Dutch Web Developers Left Backdoors Behind
http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
Mobile Applications Contain Secrets
https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
ISC StormCast for Tuesday, January 17th 2017
16 januari 2017 |
5 min
Whitelisting File Extensions in Apache
https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/
Wordpress 4.7.1 Updates PHPMailer
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Tricky Phishing Attacks Harvesting Google Passwords
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
More Refined Browser Fingerprinting Via GPU Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/
Wordpress 4.7.1 Updates PHPMailer
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Tricky Phishing Attacks Harvesting Google Passwords
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
More Refined Browser Fingerprinting Via GPU Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
ISC StormCast for Monday, January 16th 2017
15 januari 2017 |
7 min
Backup Files Are Good if They are Outside Your Web Servers Document Root
https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp Backdoor Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp Backdoor Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
ISC StormCast for Friday, January 13th 2017
13 januari 2017 |
6 min
System Resources Utilization Monitor #SRUM
https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going Dark
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going Dark
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
ISC StormCast for Thursday, January 12th 2017
12 januari 2017 |
6 min
Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail
https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
ISC StormCast for Wednesday, January 11th 2017
11 januari 2017 |
6 min
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 "MapTable" Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 "MapTable" Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
ISC StormCast for Tuesday, January 10th 2017
9 januari 2017 |
6 min
Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities
https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
ISC StormCast for Monday, January 9th 2017
9 januari 2017 |
6 min
Careful With Security Tools That Submit Files to Virustotal
https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/
Vulnerable Security Tools Can Be Used Against You
https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/
Elaborate Ransomware Attacks
http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17
E-Mail and iTunes Popup Extortion
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/
Vulnerable Security Tools Can Be Used Against You
https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/
Elaborate Ransomware Attacks
http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17
E-Mail and iTunes Popup Extortion
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
ISC StormCast for Friday, January 6th 2017
6 januari 2017 |
6 min
Google.com.br DNS Hijack
https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho
Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts.
https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German)
Ransomware Adding DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Old Malware Returning in Targeted Attacks
https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho
Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts.
https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German)
Ransomware Adding DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Old Malware Returning in Targeted Attacks
https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
ISC StormCast for Thursday, January 5th 2017
5 januari 2017 |
5 min
GRE Packets May Be Related To Linux Kernel Bug
http://www.openwall.com/lists/oss-security/2016/10/13/11
Insecure MongoDB Instances Hit By Fake Ransomware
https://twitter.com/0xDUDE
Android Security Update
https://source.android.com/security/bulletin/2017-01-01.html
Identifying WordPress Websites on Local Networks
https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
http://www.openwall.com/lists/oss-security/2016/10/13/11
Insecure MongoDB Instances Hit By Fake Ransomware
https://twitter.com/0xDUDE
Android Security Update
https://source.android.com/security/bulletin/2017-01-01.html
Identifying WordPress Websites on Local Networks
https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
ISC StormCast for Wednesday, January 4th 2017
3 januari 2017 |
5 min
Removing "Ransom Ware" From Android Based LG TVs
https://www.youtube.com/watch?v=0WZ4uLFTHEE
libpng Patches 30 Year Old Bug
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
Kaspersky Antivirus SSL Interception Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Thunderbird Update Fixes Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
https://www.youtube.com/watch?v=0WZ4uLFTHEE
libpng Patches 30 Year Old Bug
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
Kaspersky Antivirus SSL Interception Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Thunderbird Update Fixes Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
ISC StormCast for Tuesday, January 3rd 2017
3 januari 2017 |
5 min
AT&T 2G Network Shutdown
https://www.att.com/esupport/article.html#!/wireless/KM1084805
Leap Second
https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/
Thunderbird Patch
https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html
iMessage Crash
https://vincedes3.com/crash-message-app-iphone/
Truffle Hog
https://github.com/dxa4481/truffleHog
https://www.att.com/esupport/article.html#!/wireless/KM1084805
Leap Second
https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/
Thunderbird Patch
https://www.heise.de/security/meldung/Thunderbird-Mozilla-schliesst-mit-Sicherheitsupdate-kritische-Luecken-3583472.html
iMessage Crash
https://vincedes3.com/crash-message-app-iphone/
Truffle Hog
https://github.com/dxa4481/truffleHog
ISC StormCast for Friday, December 30th 2016
30 december 2016 |
4 min
Protocol 47 (GRE) Traffic
https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
US Cert Releases "Grizzly Steppe" Report
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Android Malware Changes Router DNS Settings
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
US Cert Releases "Grizzly Steppe" Report
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Android Malware Changes Router DNS Settings
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
ISC StormCast for Thursday, December 29th 2016
29 december 2016 |
5 min
More PHPMailer Issues. Update Again
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
CCC Talk: Lockpicking in the IoT
https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot
CCC Talk: IPv6 Scanning
https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
CCC Talk: Lockpicking in the IoT
https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot
CCC Talk: IPv6 Scanning
https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
ISC StormCast for Wednesday, December 28th 2016
28 december 2016 |
6 min
Using Daemonlogger as a Software Tap
https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/
CCC Conference
https://events.ccc.de/congress/2016/wiki/Main_Page
PHPMailer Exploit Released
https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt
Patch For Exim Mail Server
https://exim.org/static/doc/CVE-2016-9963.txt
Signal Uses Domain Fronting To Evade Censor Ship
https://whispersystems.org/blog/doodles-stickers-censorship/
https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/
CCC Conference
https://events.ccc.de/congress/2016/wiki/Main_Page
PHPMailer Exploit Released
https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt
Patch For Exim Mail Server
https://exim.org/static/doc/CVE-2016-9963.txt
Signal Uses Domain Fronting To Evade Censor Ship
https://whispersystems.org/blog/doodles-stickers-censorship/
ISC StormCast for Tuesday, December 27th 2016
27 december 2016 |
6 min
Criticial RCE Flaw in PHPMailer
https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/
Malware Delays Execution with "Ping"
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
Apple Extends TLS Deadline
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/
Malware Delays Execution with "Ping"
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
Apple Extends TLS Deadline
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
ISC StormCast for Thursday, December 22nd 2016
21 december 2016 |
5 min
Mirai Trying Various Telnet Alternatives
https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/
Ukraining Power Outages
http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers
OurMine Hacks Netflix and Other Twitter Accounts
http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter
Methbot Generating Millions of Dollars With Click Fraud
http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/
Ukraining Power Outages
http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers
OurMine Hacks Netflix and Other Twitter Accounts
http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter
Methbot Generating Millions of Dollars With Click Fraud
http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
ISC StormCast for Wednesday, December 21st 2016
21 december 2016 |
5 min
vSphere Data Protection Known SSH Key
http://www.vmware.com/security/advisories/VMSA-2016-0024.html
nmap Update
https://nmap.org/download.html
SCCM Software Metering
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
CryptXXX Version 3 Decryptor Available
https://noransom.kaspersky.com
Airline Inflight Entertainment System Hack
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
http://www.vmware.com/security/advisories/VMSA-2016-0024.html
nmap Update
https://nmap.org/download.html
SCCM Software Metering
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
CryptXXX Version 3 Decryptor Available
https://noransom.kaspersky.com
Airline Inflight Entertainment System Hack
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
ISC StormCast for Tuesday, December 20th 2016
20 december 2016 |
4 min
Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor
https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/
OpenSSH update
https://www.openssh.com/releasenotes.html#7.4
Google Releases Tool to Audit Crypto Libraries
https://security.googleblog.com/2016/12/project-wycheproof.html
Escaping A Restricted Shell
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/
OpenSSH update
https://www.openssh.com/releasenotes.html#7.4
Google Releases Tool to Audit Crypto Libraries
https://security.googleblog.com/2016/12/project-wycheproof.html
Escaping A Restricted Shell
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
ISC StormCast for Monday, December 19th 2016
19 december 2016 |
6 min
Verizon Webmail XSS Exploit
https://randywestergren.com/persistent-xss-verizons-webmail-client/
Blocking Powershell Connections via Windows Firewall
https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/
Exploit Kits Delivering Cerber Ransomware
https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
More Security Companies joining "No More Ransom"
https://www.nomoreransom.org
IT Contractor Trying to Take Over Radio Station
https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf
Holiday Safe Computing Tips
https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
https://randywestergren.com/persistent-xss-verizons-webmail-client/
Blocking Powershell Connections via Windows Firewall
https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/
Exploit Kits Delivering Cerber Ransomware
https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
More Security Companies joining "No More Ransom"
https://www.nomoreransom.org
IT Contractor Trying to Take Over Radio Station
https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf
Holiday Safe Computing Tips
https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
ISC StormCast for Friday, December 16th 2016
16 december 2016 |
5 min
Domain Cops Malware Analysis
https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
OS X Filevault Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
QEMU/Xen Vulnerability
http://xenbits.xen.org/xsa/advisory-199.html
DNS Changer Attacking Home Routers
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
OS X Filevault Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
QEMU/Xen Vulnerability
http://xenbits.xen.org/xsa/advisory-199.html
DNS Changer Attacking Home Routers
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
ISC StormCast for Thursday, December 15th 2016
15 december 2016 |
5 min
Malicious JavaScript Bypasses UAC
https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/
Skype Unauthorized API Access Blocked
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0
Facebook Anounces Certificate Transparency Monitoring Tool
https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165
Another Tor Browser (and Firefox) Bug Fixed
https://blog.torproject.org/blog/tor-browser-608-released
Cheap Android Phones Arrive With Malware Preinstalled
https://news.drweb.com/show/?i=10345&lng=en
Exploit for Nagios
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/
Skype Unauthorized API Access Blocked
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0
Facebook Anounces Certificate Transparency Monitoring Tool
https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165
Another Tor Browser (and Firefox) Bug Fixed
https://blog.torproject.org/blog/tor-browser-608-released
Cheap Android Phones Arrive With Malware Preinstalled
https://news.drweb.com/show/?i=10345&lng=en
Exploit for Nagios
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
ISC StormCast for Wednesday, December 14th 2016
14 december 2016 |
5 min
Microsoft Patch Tuesday + Adobe Flash
https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
Apple Updates
https://support.apple.com/en-us/HT201222
More Netgear Products Vulnerable; Beta Patch Available
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
iOS Profile Vulnerability PoC Available
https://cxsecurity.com/issue/WLB-2016110046
https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
Apple Updates
https://support.apple.com/en-us/HT201222
More Netgear Products Vulnerable; Beta Patch Available
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
iOS Profile Vulnerability PoC Available
https://cxsecurity.com/issue/WLB-2016110046
ISC StormCast for Tuesday, December 13th 2016
13 december 2016 |
6 min
Apple Releases Patches for iOS/WatchOS and tvOS
https://support.apple.com/en-us/HT201222
Windows 8/10 Update Causing DHCP Problems
https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992
McAfee VirusScan Enterprise for Linux Vulnerabilities
https://nation.state.actor/mcafee.html
Snowball Marketing for Ransomware
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Europol Arrests DDoS Miscreants
http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/
5 Questions to Ask you IoT Vendor
https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
https://support.apple.com/en-us/HT201222
Windows 8/10 Update Causing DHCP Problems
https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992
McAfee VirusScan Enterprise for Linux Vulnerabilities
https://nation.state.actor/mcafee.html
Snowball Marketing for Ransomware
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Europol Arrests DDoS Miscreants
http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/
5 Questions to Ask you IoT Vendor
https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
ISC StormCast for Monday, December 12th 2016
11 december 2016 |
6 min
Malware Uses NTP to Prevent Reverse Analsys
https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/
PwC ACE Tool For SAP Introduces Security Vulnerability into SAP
http://seclists.org/fulldisclosure/2016/Dec/33
Steganography Used to Hide Exploits in Images
https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/
Netgear R7000 and R6400 Aribtrary Command Execution
http://www.kb.cert.org/vuls/id/582384
Holiday Hack Challenge
https://holidayhackchallenge.com
https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/
PwC ACE Tool For SAP Introduces Security Vulnerability into SAP
http://seclists.org/fulldisclosure/2016/Dec/33
Steganography Used to Hide Exploits in Images
https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/
Netgear R7000 and R6400 Aribtrary Command Execution
http://www.kb.cert.org/vuls/id/582384
Holiday Hack Challenge
https://holidayhackchallenge.com
ISC StormCast for Friday, December 9th 2016
9 december 2016 |
6 min
Domaincops Malware
https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/
Yahoo Mail Persistent XSS
https://klikki.fi/adv/yahoo2.html
Trend Office Scan False Positives
https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/
Linux Privilege Escalation due ot af_packet.c race condition
http://seclists.org/oss-sec/2016/q4/607
https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/
Yahoo Mail Persistent XSS
https://klikki.fi/adv/yahoo2.html
Trend Office Scan False Positives
https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/
Linux Privilege Escalation due ot af_packet.c race condition
http://seclists.org/oss-sec/2016/q4/607
ISC StormCast for Thursday, December 8th 2016
8 december 2016 |
6 min
Attackers are using AV Exclusion Lists to Bypass AV
http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
Android Update Patches "Dirty Cow"
https://source.android.com/security/bulletin/2016-12-01.html
"Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails
https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html
Firefox Cross Domain Cookie Vulnerability
https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
Android Update Patches "Dirty Cow"
https://source.android.com/security/bulletin/2016-12-01.html
"Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails
https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html
Firefox Cross Domain Cookie Vulnerability
https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
ISC StormCast for Wednesday, December 7th 2016
7 december 2016 |
7 min
Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
ISC StormCast for Tuesday, December 6th 2016
6 december 2016 |
6 min
Video Walk Through: Analysing Hancitor Malicious Document
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
ISC StormCast for Monday, December 5th 2016
4 december 2016 |
5 min
CSP Bypass with Polyglot Images
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
ISC StormCast for Friday, December 2nd 2016
2 december 2016 |
5 min
Open Source Tool "Beamgun" Fights Rogue USB Devices on Windows
https://github.com/JLospinoso/beamgun
"Shamoon" Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP "KCOM" Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
https://github.com/JLospinoso/beamgun
"Shamoon" Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP "KCOM" Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
ISC StormCast for Thursday, December 1st 2016
30 november 2016 |
6 min
Mozilla Patches Firefox 0-Day (Exploit already avaiable!)
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer "Resurgance" ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer "Resurgance" ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
ISC StormCast for Wednesday, November 30th 2016
29 november 2016 |
6 min
Mirai/TR-069 Update: Deutsche Telekom Routers May have been DDoSed by Traffic Volume, not Exploit
https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/
Bitlocker Encrypted Drives Exposed During System Upgrade
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Software-Only Defenses Against Rowhammer
https://arxiv.org/abs/1611.08396
https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/
Bitlocker Encrypted Drives Exposed During System Upgrade
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Software-Only Defenses Against Rowhammer
https://arxiv.org/abs/1611.08396
ISC StormCast for Tuesday, November 29th 2016
29 november 2016 |
6 min
Mirai Variant Scanning Port 5555 and 7547 For TR-069/SOAP Vulnerability
https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Paypal OAuth Vulnerability
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Paypal OAuth Vulnerability
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
ISC StormCast for Monday, November 28th 2016
28 november 2016 |
6 min
Extracting Shellcode from Javascript
https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/
Using Scapy to Test CozyDuke Snort Signatures
https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/
Malicious JPEG Spreading via Facebook
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/
San Francisco Public Transport ("MUNI") hit by Ransomware
http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/
Tesla Smartphone App Vulnerability
https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/
Using Scapy to Test CozyDuke Snort Signatures
https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/
Malicious JPEG Spreading via Facebook
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/
San Francisco Public Transport ("MUNI") hit by Ransomware
http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/
Tesla Smartphone App Vulnerability
https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
ISC StormCast for Wednesday, November 23rd 2016
23 november 2016 |
7 min
WordPress RCE Via Fake Updates
http://www.openwall.com/lists/oss-security/2016/11/21/3
Turning Speakers into Microphones
http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf
5 Second Video iOS Crash
http://www.cultofmac.com/455215/455215/
"Stubby" Implements Encrypted DNS
http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
http://www.openwall.com/lists/oss-security/2016/11/21/3
Turning Speakers into Microphones
http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf
5 Second Video iOS Crash
http://www.cultofmac.com/455215/455215/
"Stubby" Implements Encrypted DNS
http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
ISC StormCast for Tuesday, November 22nd 2016
21 november 2016 |
5 min
Encrypted ZIP File With Comments
https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/
Siemens Surveilance Cameras Use Static Default Password
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01
NTP Single Packet DoS Vulnerablity
http://dumpco.re/cve-2016-7434/
Windows 10 Does Not Provide the Same Protections as EMET
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/
Siemens Surveilance Cameras Use Static Default Password
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01
NTP Single Packet DoS Vulnerablity
http://dumpco.re/cve-2016-7434/
Windows 10 Does Not Provide the Same Protections as EMET
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
ISC StormCast for Monday, November 21st 2016
21 november 2016 |
6 min
Converting Timestamps with Epocalypse
https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/
SIP Disabled on Some Macbook Pros
http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/
Spoofing Microsoft.com E-Mails with Outlook.com
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Various High Profile Twitter Accounts Hijacked By Spammers
https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/
Dyn Attack Caused by Single Angry Playstation User
http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/
SIP Disabled on Some Macbook Pros
http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/
Spoofing Microsoft.com E-Mails with Outlook.com
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Various High Profile Twitter Accounts Hijacked By Spammers
https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/
Dyn Attack Caused by Single Angry Playstation User
http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
ISC StormCast for Friday, November 18th 2016
18 november 2016 |
6 min
Phishers Protect Phishing Sites from Security Researchers
https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/
Fedora / Chrome Automatic Downloads and Code Execution
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Volutility Version 1.0 Released
https://techanarchy.net/2016/11/volutility-version-1-0-release/
iOS Synchronizing Call Logs via iCloud
http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/
Fedora / Chrome Automatic Downloads and Code Execution
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Volutility Version 1.0 Released
https://techanarchy.net/2016/11/volutility-version-1-0-release/
iOS Synchronizing Call Logs via iCloud
http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
ISC StormCast for Thursday, November 17th 2016
17 november 2016 |
6 min
Russian Malspam Distributing Troldesh Ransomware
https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
Poisontap Exploits USB Ethernet Adapters
https://samy.pl/poisontap/
Symantec Patches Untrusted DLL Loading Vulnerability
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00
VMWare Patches VM Escape Vulnerablity
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Some Android Phones Leak Data To China
http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
Jacksonville ISC2 Meeting
https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
Poisontap Exploits USB Ethernet Adapters
https://samy.pl/poisontap/
Symantec Patches Untrusted DLL Loading Vulnerability
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00
VMWare Patches VM Escape Vulnerablity
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Some Android Phones Leak Data To China
http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
Jacksonville ISC2 Meeting
https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
ISC StormCast for Wednesday, November 16th 2016
16 november 2016 |
6 min
Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems
http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/
Shazam Keeps Microphone Turned on Even While not "Listening"
https://objective-see.com/blog/blog_0x13.html
nginx Privilege Escalation Vulnerability (Debian Only)
http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/
Shazam Keeps Microphone Turned on Even While not "Listening"
https://objective-see.com/blog/blog_0x13.html
nginx Privilege Escalation Vulnerability (Debian Only)
http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
ISC StormCast for Tuesday, November 15th 2016
15 november 2016 |
5 min
Indictment for the theft of FIFA Game Coins
https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf
Crysis Ransomware Master Encryption Key Released
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Adult Friend Finder Breached
https://www.leakedsource.com/blog/friendfinder
Lightbulb Web Application Firewall Auditing Framework
http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf
Crysis Ransomware Master Encryption Key Released
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Adult Friend Finder Breached
https://www.leakedsource.com/blog/friendfinder
Lightbulb Web Application Firewall Auditing Framework
http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
ISC StormCast for Monday, November 14th 2016
14 november 2016 |
5 min
EMET Will Defeat Shell Code Executing Inside Word
https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/
Bitcoin Miners Distributed via FTP Exploits
https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/
5 Russian Banks Suffer DoS Attack
https://www.rt.com/news/366172-russian-banks-ddos-attack/
Wifi May Reveal Mobile Phone Passwords
http://dl.acm.org/citation.cfm?id=2978397
https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/
Bitcoin Miners Distributed via FTP Exploits
https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/
5 Russian Banks Suffer DoS Attack
https://www.rt.com/news/366172-russian-banks-ddos-attack/
Wifi May Reveal Mobile Phone Passwords
http://dl.acm.org/citation.cfm?id=2978397
ISC StormCast for Friday, November 11th 2016
11 november 2016 |
6 min
ICMP Unreachable DoS Attacks
https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
OpenSSL 1.1.0 Patch
https://www.openssl.org/news/secadv/20161110.txt
OWASP ModSecurity Core Rule Set Version 3.0.0 Release
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
OpenSSL 1.1.0 Patch
https://www.openssl.org/news/secadv/20161110.txt
OWASP ModSecurity Core Rule Set Version 3.0.0 Release
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
ISC StormCast for Thursday, November 10th 2016
9 november 2016 |
5 min
DoS Attack Turns off Heat for More then a Week
http://www.hs.fi/kotimaa/a1478495966653 (finish only)
DLink HNAP Vulnerability
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
PoC Exploits Available for Two MSFT Vulnerabilities
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html
Hue Lightbulb Exploit/Worm
http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
http://www.hs.fi/kotimaa/a1478495966653 (finish only)
DLink HNAP Vulnerability
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
PoC Exploits Available for Two MSFT Vulnerabilities
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html
Hue Lightbulb Exploit/Worm
http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
ISC StormCast for Wednesday, November 9th 2016
8 november 2016 |
7 min
ISC StormCast for Tuesday, November 8th 2016
8 november 2016 |
6 min
Tesco Bank Limits Online Banking After Online Criminal Activity
https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599
Belkin WeMo Devices Used To Attack Mobile Devices
https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640
Fake Retail Apps Flooding Apple App Store
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0
Netflix Password Recovery via Phone Call Vulnerability
https://slashcrypto.org/2016/11/07/Netflix/
Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic
https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599
Belkin WeMo Devices Used To Attack Mobile Devices
https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640
Fake Retail Apps Flooding Apple App Store
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0
Netflix Password Recovery via Phone Call Vulnerability
https://slashcrypto.org/2016/11/07/Netflix/
Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic
https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
ISC StormCast for Monday, November 7th 2016
7 november 2016 |
6 min
Hancitor Maldoc Bypasses Application Whitelisting
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/
Microsoft Extends EMET Support Deadline
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Wifi Based IMSI Catcher
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/
Microsoft Extends EMET Support Deadline
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Wifi Based IMSI Catcher
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
ISC StormCast for Friday, November 4th 2016
3 november 2016 |
7 min
Reconstruct Binaries Sent via Telnet
https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/
Wix.com DOM Based XSS
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
DNS Based Mail Security
https://nccoe.nist.gov/projects/building_blocks/secured_email
Web of Trust Plugin Released Anonymized User Data
https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/
Wix.com DOM Based XSS
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
DNS Based Mail Security
https://nccoe.nist.gov/projects/building_blocks/secured_email
Web of Trust Plugin Released Anonymized User Data
https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
ISC StormCast for Thursday, November 3rd 2016
3 november 2016 |
6 min
Exchange Web Service Two-Factor Authentication Bypass
http://www.blackhillsinfosec.com/?p=5396
Barracuda DoS Disrupts Mail Delivery
http://status.barracuda.com
Targobank Looses Account Data After Maintenance
http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only)
Ouch! Security Awareness Newsletter
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
http://www.blackhillsinfosec.com/?p=5396
Barracuda DoS Disrupts Mail Delivery
http://status.barracuda.com
Targobank Looses Account Data After Maintenance
http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only)
Ouch! Security Awareness Newsletter
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
ISC StormCast for Wednesday, November 2nd 2016
2 november 2016 |
6 min
Malvertising On Google AdWords Targeting macOS Users
http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Microsoft Response to Google Privilege Escalation Disclosure
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Memcached Remote Code Execution Vulnerabilities
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
SAP Vulnerability Details Released
https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Microsoft Response to Google Privilege Escalation Disclosure
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Memcached Remote Code Execution Vulnerabilities
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
SAP Vulnerability Details Released
https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
ISC StormCast for Tuesday, November 1st 2016
1 november 2016 |
6 min
snapshot.ps1 DFIR Capture
https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/
Predicting Domain Reputation
http://www.icir.org/vern/papers/predator-ccs16.pdf
Mozilla Removing Battery Status API For Privacy Reasons
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Windows Privilege Escalation 0-day Actively Exploited
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/
Predicting Domain Reputation
http://www.icir.org/vern/papers/predator-ccs16.pdf
Mozilla Removing Battery Status API For Privacy Reasons
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Windows Privilege Escalation 0-day Actively Exploited
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
ISC StormCast for Monday, October 31st 2016
31 oktober 2016 |
7 min
Volatility Bot: Automated Memory Analysis
https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/
911 System Fragility Exposed in Accidental DoS Attacks
https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf
Vulnerability in Mirai Botnet
https://www.invincealabs.com/blog/2016/10/killing-mirai/
XNU Kernel (iOS/macOS) task_t Privildge Escalation
https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/
911 System Fragility Exposed in Accidental DoS Attacks
https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf
Vulnerability in Mirai Botnet
https://www.invincealabs.com/blog/2016/10/killing-mirai/
XNU Kernel (iOS/macOS) task_t Privildge Escalation
https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
ISC StormCast for Friday, October 28th 2016
27 oktober 2016 |
7 min
Small Changes to Ransomware E-Mails May Fool Some Mail Filters
https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/
Microsoft / Google Release Browser Updates to Address Flash Vulnerablity
https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
https://googlechromereleases.blogspot.com
Social Media "Support" Phishing
https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
Path Traversal Vulnerablity in gnu tar
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Podcast Survey
https://dshield.typeform.com/to/lVgHr5
https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/
Microsoft / Google Release Browser Updates to Address Flash Vulnerablity
https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
https://googlechromereleases.blogspot.com
Social Media "Support" Phishing
https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
Path Traversal Vulnerablity in gnu tar
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Podcast Survey
https://dshield.typeform.com/to/lVgHr5
ISC StormCast for Thursday, October 27th 2016
26 oktober 2016 |
6 min
Adobe Releases Emergency Patch For Flash
https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/
Mobile Pwn2Own Writeup
http://blog.trendmicro.com/results-mobile-pwn2own-2016/
Mozilla Will Stick With Blacklisting Startcom/WoSign
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Joomla Exploit Released
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar
Google Spreadsheet Vulnerability
https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/
Mobile Pwn2Own Writeup
http://blog.trendmicro.com/results-mobile-pwn2own-2016/
Mozilla Will Stick With Blacklisting Startcom/WoSign
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Joomla Exploit Released
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar
Google Spreadsheet Vulnerability
https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
ISC StormCast for Wednesday, October 26th 2016
26 oktober 2016 |
5 min
Joomla Fixes Two Critical Vulnerablities;
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
Letsencrypt Domain Verification Problem
https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/
New Locky Variants: Pumpkin Locky
http://blog.talosintel.com/2016/10/pumpkin-locky.html
Pagers still in use for Critical Infrastructure
http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
Letsencrypt Domain Verification Problem
https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/
New Locky Variants: Pumpkin Locky
http://blog.talosintel.com/2016/10/pumpkin-locky.html
Pagers still in use for Critical Infrastructure
http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
ISC StormCast for Tuesday, October 25th 2016
25 oktober 2016 |
7 min
Updates For iOS, MacOS, Safari
https://support.apple.com/en-us/HT201222
LTE Intercept Vulnerability
http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/
Rowhammer Exploit Demonstrated Against Android
https://www.vusec.net/projects/drammer/
https://support.apple.com/en-us/HT201222
LTE Intercept Vulnerability
http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/
Rowhammer Exploit Demonstrated Against Android
https://www.vusec.net/projects/drammer/
ISC StormCast for Monday, October 24th 2016
23 oktober 2016 |
7 min
ISC Briefing: Large DDoS Attack Against Dyn
https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/
TCP Port 4786: Cisco Memory Leak Vulnerability
https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/
Dirty Cow PoC Exploits Available
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/
TCP Port 4786: Cisco Memory Leak Vulnerability
https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/
Dirty Cow PoC Exploits Available
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
ISC StormCast for Friday, October 21st 2016
20 oktober 2016 |
6 min
NanoCore RAT Malspam Update
https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/
Dirty Cow Privilege Escalation Flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
Lexmark Markvision Enterprise Application Vulnerability
https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/
WebRTC Security Overview
https://webrtc-security.github.io
UPnP Scanner
https://www.tenable.com/blog/do-you-know-where-your-upnp-is
https://isc.sans.edu/forums/diary/Malspam+delivers+NanoCore+RAT/21615/
Dirty Cow Privilege Escalation Flaw
https://bugzilla.redhat.com/show_bug.cgi?id=1384344#c13
Lexmark Markvision Enterprise Application Vulnerability
https://www.digitaldefense.com/blog-zero-day-lexmark-markvision/
WebRTC Security Overview
https://webrtc-security.github.io
UPnP Scanner
https://www.tenable.com/blog/do-you-know-where-your-upnp-is
ISC StormCast for Thursday, October 20th 2016
19 oktober 2016 |
6 min
Spam Delivered Via .ICS Files
https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
Comodo OCR Errors Leads to SSL Certificate Verification Issues
https://heise.de/-3354229 (german only)
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Images Used to Exfiltrate CC Numbers From Web Stores
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
Comodo OCR Errors Leads to SSL Certificate Verification Issues
https://heise.de/-3354229 (german only)
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Images Used to Exfiltrate CC Numbers From Web Stores
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
ISC StormCast for Wednesday, October 19th 2016
19 oktober 2016 |
7 min
SSL Client Hellos Soliciting SSH Banners from HAProxy
https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/
Dyre is Back as Trickbot
http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
How Stolen iPhones Are Unlocked
https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/
Dyre is Back as Trickbot
http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
How Stolen iPhones Are Unlocked
https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
ISC StormCast for Tuesday, October 18th 2016
17 oktober 2016 |
5 min
Mozilla Users Reach 50% Https
https://twitter.com/0xjosh/status/786971412959420424/photo/1
Retrieving LastPass Passwords From Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
Yahoo MITM Due To Weak Crossdomain.xml Configuration
https://github.com/JordanMilne/YMail-Pineapple
https://twitter.com/0xjosh/status/786971412959420424/photo/1
Retrieving LastPass Passwords From Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
Yahoo MITM Due To Weak Crossdomain.xml Configuration
https://github.com/JordanMilne/YMail-Pineapple
ISC StormCast for Monday, October 17th 2016
16 oktober 2016 |
6 min
PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber
https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/
Decoder.xls to Decode Word Malicious Macro
https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/
Auditing SSH Servers
https://github.com/arthepsy/ssh-audit
How Not To User HTML Purifier
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/
Decoder.xls to Decode Word Malicious Macro
https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/
Auditing SSH Servers
https://github.com/arthepsy/ssh-audit
How Not To User HTML Purifier
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
ISC StormCast for Friday, October 14th 2016
14 oktober 2016 |
6 min
Mount Docker Filesystems with docker-mount.py
https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/
Global Sign OCSP Mess Up Invalidates Countless Certs
https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0
Cisco Releases LockyDump
http://blog.talosintel.com/2016/10/lockydump.html
Google Updates Chrome
https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html
DXXD Ransomware Infected un-mapped Shares
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/
Global Sign OCSP Mess Up Invalidates Countless Certs
https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0
Cisco Releases LockyDump
http://blog.talosintel.com/2016/10/lockydump.html
Google Updates Chrome
https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html
DXXD Ransomware Infected un-mapped Shares
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
ISC StormCast for Thursday, October 13th 2016
12 oktober 2016 |
6 min
WiFi Still Remains a Good Attack Vector
https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/
AVTECH IP Camera Vulnerabilities
http://seclists.org/bugtraq/2016/Oct/26
SAP Patches 3 Year Old Bug in P4
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
1024 bit DSA Keys Factored
https://eprint.iacr.org/2016/961.pdf
https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/
AVTECH IP Camera Vulnerabilities
http://seclists.org/bugtraq/2016/Oct/26
SAP Patches 3 Year Old Bug in P4
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
1024 bit DSA Keys Factored
https://eprint.iacr.org/2016/961.pdf
ISC StormCast for Wednesday, October 12th 2016
11 oktober 2016 |
6 min
Microsoft and Adobe Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/
Review of Browsers SSL Failures
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n
New Malware Targeting SWIFT Users
http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/
Review of Browsers SSL Failures
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n
New Malware Targeting SWIFT Users
http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
ISC StormCast for Tuesday, October 11th 2016
11 oktober 2016 |
3 min
Radare's Rehash Utility CAn calculate File Entropy
https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/
Spoofing IPs Still works
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
EU Commission Plants IoT Labeling
http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/
Spoofing IPs Still works
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
EU Commission Plants IoT Labeling
http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
ISC StormCast for Monday, October 10th 2016
9 oktober 2016 |
5 min
First Hurricane Matthew Phish Impersonating Stripe
https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/
Samsung Galaxy S6 "KNOXOut" Vulnerability
http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf
Windows 10 Anniversary Edition Improves IE 10 XSS Protection
http://mksben.l0.cm/2016/10/xss-via-referrer.html
https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/
Samsung Galaxy S6 "KNOXOut" Vulnerability
http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf
Windows 10 Anniversary Edition Improves IE 10 XSS Protection
http://mksben.l0.cm/2016/10/xss-via-referrer.html
ISC StormCast for Friday, October 7th 2016
7 oktober 2016 |
6 min
More Honeypot Fun
https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/
OS X Webcam Exploit
https://objective-see.com/products/oversight.html
iOS 10 Private Browsing
https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/
Hacked Steam Accounts Used to Spread Malware
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Please Report Any Hurricane Matthew Related Malware/Scams
https://isc.sans.edu/contact.html
https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/
OS X Webcam Exploit
https://objective-see.com/products/oversight.html
iOS 10 Private Browsing
https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/
Hacked Steam Accounts Used to Spread Malware
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Please Report Any Hurricane Matthew Related Malware/Scams
https://isc.sans.edu/contact.html
ISC StormCast for Thursday, October 6th 2016
6 oktober 2016 |
6 min
Securing the Human Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf
"Security Fatigue"
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
"Selfi Pay" Facial Recognition
http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/
"MarsJoke" Ransomware Decrypted
https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf
"Security Fatigue"
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
"Selfi Pay" Facial Recognition
http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/
"MarsJoke" Ransomware Decrypted
https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
ISC StormCast for Wednesday, October 5th 2016
5 oktober 2016 |
6 min
SSL Requests to Non-SSL Web Servers
https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/
Insulin Pump Vulnerablities
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
SSH Konami Codes
http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences
Cyber Security Awareness Month
https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/
OpenJPEG Flaw
http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html
https://isc.sans.edu/forums/diary/SSL+Requests+to+nonSSL+HTTP+Servers/21551/
Insulin Pump Vulnerablities
https://community.rapid7.com/community/infosec/blog/2016/10/04/r7-2016-07-multiple-vulnerabilities-in-animas-onetouch-ping-insulin-pump
SSH Konami Codes
http://pen-testing.sans.org/blog/2015/11/10/protected-using-the-ssh-konami-code-ssh-control-sequences
Cyber Security Awareness Month
https://securingthehuman.sans.org/blog/2016/10/02/week01-kicking-off-ncsam/
OpenJPEG Flaw
http://blog.talosintel.com/2016/09/vulnerability-spotlight-jpeg2000.html
ISC StormCast for Tuesday, October 4th 2016
4 oktober 2016 |
6 min
Password Buddies
https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/
iMessage Data Leakage
http://rsmck.co.uk/blog/imessage-preview/
Exploiting HP Thin Client
http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/
iMessage Data Leakage
http://rsmck.co.uk/blog/imessage-preview/
Exploiting HP Thin Client
http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
ISC StormCast for Monday, October 3rd 2016
3 oktober 2016 |
6 min
The Short Life of a Vulnerable DVR Connected to the Internet
https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/
Another Day, Another Malicious Behaviour
https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/
Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation
https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw
Apple Joins Mozilla In Distrusting WoSign
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI
"Footprints" Browser Extension Demonstrate Unmasking User's Idendity
https://footprints.stanford.edu
https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/
Another Day, Another Malicious Behaviour
https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/
Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation
https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw
Apple Joins Mozilla In Distrusting WoSign
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI
"Footprints" Browser Extension Demonstrate Unmasking User's Idendity
https://footprints.stanford.edu
ISC StormCast for Friday, September 30th 2016
30 september 2016 |
5 min
Turning the lights off with SNMP
https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/
Yahoo! Anwers Used in Command and Control Networks
http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Dlink Router Includes Stupid Simple UDP Backdoor
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Hikvision XXE Vulnerability
https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/
Yahoo! Anwers Used in Command and Control Networks
http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Dlink Router Includes Stupid Simple UDP Backdoor
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Hikvision XXE Vulnerability
https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
ISC StormCast for Thursday, September 29th 2016
28 september 2016 |
5 min
Rig Exploit Kit Used to Spread Locky Ransomware
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/
Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/
Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511
BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html
Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/
Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/
Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511
BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html
Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
ISC StormCast for Wednesday, September 28th 2016
28 september 2016 |
5 min
Back in Time Memory Forensics
https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/
Cameras Responsible For Large DDoS Attacks
https://twitter.com/olesovhcom/status/779297257199964160
Google Releases CSP Support Tools
https://csp-evaluator.withgoogle.com
https://chrome.google.com/webstore/detail/csp-mitigator
Microsoft Launches "fuzzing-as-a-service"
https://www.microsoft.com/en-us/springfield/
https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/
Cameras Responsible For Large DDoS Attacks
https://twitter.com/olesovhcom/status/779297257199964160
Google Releases CSP Support Tools
https://csp-evaluator.withgoogle.com
https://chrome.google.com/webstore/detail/csp-mitigator
Microsoft Launches "fuzzing-as-a-service"
https://www.microsoft.com/en-us/springfield/
ISC StormCast for Tuesday, September 27th 2016
26 september 2016 |
6 min
Decompiling P-Code
https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/
Lenovo To Add FIDO Compliant Fingerprint Reader
http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/
More Details On Simpler Password Hasing in iOS 10
https://twitter.com/thorsheim/status/779207177416351744
Mozilla to Remove WoSign and StartCom From Trusted List
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/
Lenovo To Add FIDO Compliant Fingerprint Reader
http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/
More Details On Simpler Password Hasing in iOS 10
https://twitter.com/thorsheim/status/779207177416351744
Mozilla to Remove WoSign and StartCom From Trusted List
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
ISC StormCast for Monday, September 26th 2016
26 september 2016 |
6 min
Analyzing Malicious .PUB files
https://isc.sans.edu/forums/diary/PUB+Analysis/21517/
iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/
IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127
97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
https://isc.sans.edu/forums/diary/PUB+Analysis/21517/
iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/
IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127
97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
ISC StormCast for Friday, September 23rd 2016
22 september 2016 |
5 min
OpenSSL Security Update
https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/
ATM Skimmer Prototypes To Collect Fingerprints
https://securelist.com/files/2016/09/16_09_en.pdf
Yahoo! Breach Leaks 500M User's Data
https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/
ATM Skimmer Prototypes To Collect Fingerprints
https://securelist.com/files/2016/09/16_09_en.pdf
Yahoo! Breach Leaks 500M User's Data
https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
ISC StormCast for Thursday, September 22nd 2016
21 september 2016 |
6 min
Those never-ending waves of Locky Malspam
https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/
Windows Anti Malware Scan Interface (AMSI)
http://www.labofapenetrationtester.com/2016/09/amsi.html
Cloudflare Intorducing SSL Re-Write
https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/
Australian Police Warns of Malicious USB Sticks
https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/
Windows Anti Malware Scan Interface (AMSI)
http://www.labofapenetrationtester.com/2016/09/amsi.html
Cloudflare Intorducing SSL Re-Write
https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/
Australian Police Warns of Malicious USB Sticks
https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
ISC StormCast for Wednesday, September 21st 2016
21 september 2016 |
5 min
MacOS Sierra and Safari 10 Released
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
BackConnect BGP Hijacks
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
Metasploit Vulnerablity
https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
BackConnect BGP Hijacks
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
Metasploit Vulnerablity
https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
ISC StormCast for Tuesday, September 20th 2016
20 september 2016 |
6 min
Taking Over Facebook Pages
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Exchange Auto-Discovery Vulnerability
http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/
Spyware Apps Targeting Travelers Removed From Goolge App Store
https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
Firefox Will Patch HSTS Vulnerability
https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/
OpenSSL Patch Pre-Announcement
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Exchange Auto-Discovery Vulnerability
http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/
Spyware Apps Targeting Travelers Removed From Goolge App Store
https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
Firefox Will Patch HSTS Vulnerability
https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/
OpenSSL Patch Pre-Announcement
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
ISC StormCast for Monday, September 19th 2016
19 september 2016 |
7 min
Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Intercepting OS X Passwords
https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/
Vulnerabilities Introduced By Converting 32 Bit to 64 Bit
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
HSTS Preload Database and Webservices
https://hstspreload.com
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Intercepting OS X Passwords
https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/
Vulnerabilities Introduced By Converting 32 Bit to 64 Bit
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
HSTS Preload Database and Webservices
https://hstspreload.com
ISC StormCast for Friday, September 16th 2016
16 september 2016 |
6 min
Locky Ransomware Updates
https://blog.avira.com/locky-ransomware-goes-autopilot/
https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground
https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/
Critical Update For Cisco WebEx Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Dualtoy Malware Attacks iOS and Android
http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/
Certificate Pinning Issue in Firefox/Tor Browser
https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
https://blog.avira.com/locky-ransomware-goes-autopilot/
https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground
https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/
Critical Update For Cisco WebEx Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Dualtoy Malware Attacks iOS and Android
http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/
Certificate Pinning Issue in Firefox/Tor Browser
https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
ISC StormCast for Thursday, September 15th 2016
15 september 2016 |
5 min
Exploit Attempts for Drupal RESTWS Module Vulnerablity
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/
Google France XSS Vulnerability
https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/
Pokemon Go Continues to Lead to Malware
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
VMWare Update Fixes Escape Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/
Google France XSS Vulnerability
https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/
Pokemon Go Continues to Lead to Malware
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
VMWare Update Fixes Escape Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
ISC StormCast for Wednesday, September 14th 2016
14 september 2016 |
9 min
Microsoft Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13
Adobe Air Patches
https://helpx.adobe.com/security/products/air/apsb16-31.html
iOS 10 Update
https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13
Adobe Air Patches
https://helpx.adobe.com/security/products/air/apsb16-31.html
iOS 10 Update
https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
ISC StormCast for Tuesday, September 13th 2016
13 september 2016 |
6 min
If it's Free, YOU are the Product
https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/
Weak MySQL Configurations Can Lead To Privilege Escalation
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Full Disk Encryption Ransomware
https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/
Weak MySQL Configurations Can Lead To Privilege Escalation
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Full Disk Encryption Ransomware
https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
ISC StormCast for Monday, September 12th 2016
12 september 2016 |
6 min
Upgrading Security to MacOS Sierra
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
PCI PIN Transation Security / Point of Interaction Update
https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf
IMAPS Scans
https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
PCI PIN Transation Security / Point of Interaction Update
https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf
IMAPS Scans
https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
ISC StormCast for Friday, September 9th 2016
8 september 2016 |
7 min
Spikes in SNMP Traffic: Looking for PCAPs
https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/
New Version of Wireshark Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
XEN Hypervisor Vulnerabilities
https://xenbits.xen.org/xsa/
Google Moving Ahead With HTTP Phaseout
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Old Windows Media Player DRM Feature Still Used To Install Malware
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
SEC503 Intrusion Detection in Depth Online Training
https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/
New Version of Wireshark Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
XEN Hypervisor Vulnerabilities
https://xenbits.xen.org/xsa/
Google Moving Ahead With HTTP Phaseout
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Old Windows Media Player DRM Feature Still Used To Install Malware
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
SEC503 Intrusion Detection in Depth Online Training
https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
ISC StormCast for Thursday, September 8th 2016
8 september 2016 |
6 min
DShield Blocklist Update
https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/
Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities
http://www.kb.cert.org/vuls/id/724487
Rapid7 Published NSM Vulnerabilities
http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/
OPM Breached by Two Different Attackers
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/
Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities
http://www.kb.cert.org/vuls/id/724487
Rapid7 Published NSM Vulnerabilities
http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/
OPM Breached by Two Different Attackers
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
ISC StormCast for Wednesday, September 7th 2016
6 september 2016 |
6 min
Google September Android Security Update
https://source.android.com/security/bulletin/2016-09-01.html
Hard Coded Password / Key Issue Gets Worse
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Snagging Credentials From Locked Machines (Windows and OS X)
https://room362.com/post/2016/snagging-creds-from-locked-machines/
https://source.android.com/security/bulletin/2016-09-01.html
Hard Coded Password / Key Issue Gets Worse
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Snagging Credentials From Locked Machines (Windows and OS X)
https://room362.com/post/2016/snagging-creds-from-locked-machines/
ISC StormCast for Tuesday, September 6th 2016
6 september 2016 |
5 min
Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities
https://support.apple.com/en-us/HT201222
Malware Delivered via ".pub" Files
https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/
Sophos Anti Virus False Positive Causes Blue Screen of Death
https://community.sophos.com/kb/en-us/125000
Adobe Reviving Flash for Linux
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
Google Patches Nexuse 5X Vulnerability
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
https://support.apple.com/en-us/HT201222
Malware Delivered via ".pub" Files
https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/
Sophos Anti Virus False Positive Causes Blue Screen of Death
https://community.sophos.com/kb/en-us/125000
Adobe Reviving Flash for Linux
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
Google Patches Nexuse 5X Vulnerability
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
ISC StormCast for Friday, September 2nd 2016
1 september 2016 |
5 min
Malware Using Maxmind For Geolocation
https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/
Content Security Policy of Limited Use in Real World
https://research.google.com/pubs/pub45542.html
CryptWare Bitlocker Enhancement Vulnerability
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt
Google Releases Chrome 53
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/
Content Security Policy of Limited Use in Real World
https://research.google.com/pubs/pub45542.html
CryptWare Bitlocker Enhancement Vulnerability
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt
Google Releases Chrome 53
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
ISC StormCast for Thursday, September 1st 2016
1 september 2016 |
5 min
Abobe ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
OS X Bittorrent Client Transmission Backdoored
http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit
https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
Vulnerable REDIS Instances Used by Fake Ransomware
https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
OS X Bittorrent Client Transmission Backdoored
http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit
https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
Vulnerable REDIS Instances Used by Fake Ransomware
https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
ISC StormCast for Wednesday, August 31st 2016
31 augusti 2016 |
5 min
Today's Locky Variant Arrives as a Windows Script File
https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/
OneLogin Breached and Secure Notes Lost
https://www.onelogin.com/blog/august-2016-incident
USB Memory Stick Can Be Used to Exfiltrate Data Wireless
http://cyber.bgu.ac.il/t/USBee.pdf
Jail Break App in Apple's App Store
https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/
OneLogin Breached and Secure Notes Lost
https://www.onelogin.com/blog/august-2016-incident
USB Memory Stick Can Be Used to Exfiltrate Data Wireless
http://cyber.bgu.ac.il/t/USBee.pdf
Jail Break App in Apple's App Store
https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
ISC StormCast for Tuesday, August 30th 2016
30 augusti 2016 |
6 min
CA WoSign Law Validation Policy
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
FBI Warns Of Vulnerabilities in State Election Websites
https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed
Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
Bank ATMs Compromised via Malicious EMV Chip
https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
FBI Warns Of Vulnerabilities in State Election Websites
https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed
Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
Bank ATMs Compromised via Malicious EMV Chip
https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
ISC StormCast for Monday, August 29th 2016
29 augusti 2016 |
6 min
Spam with Obfuscated Javascript
https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/
Another Day - Another Ransomware Sample
https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/
OpenSSL Update
https://www.openssl.org/news/openssl-1.1.0-notes.html
Opera Sync Server Breached
https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/
Fake Windows Update Delivers Ransomware
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
Dropbox Resets Old Passwords After Data Leak
https://www.dropbox.com/help/9257?oref=e
https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/
Another Day - Another Ransomware Sample
https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/
OpenSSL Update
https://www.openssl.org/news/openssl-1.1.0-notes.html
Opera Sync Server Breached
https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/
Fake Windows Update Delivers Ransomware
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
Dropbox Resets Old Passwords After Data Leak
https://www.dropbox.com/help/9257?oref=e
ISC StormCast for Friday, August 26th 2016
25 augusti 2016 |
6 min
Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Nginx DNS Resolver Issue (Windows Only)
http://blog.zorinaq.com/nginx-resolver-vulns/
Wifi Signals Can Be Used for Keystroke Sniffing
https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Nginx DNS Resolver Issue (Windows Only)
http://blog.zorinaq.com/nginx-resolver-vulns/
Wifi Signals Can Be Used for Keystroke Sniffing
https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
ISC StormCast for Thursday, August 25th 2016
24 augusti 2016 |
6 min
Juniper/Cisco Updates Regarding #NSA Exploits
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Wildfire Ransomware Takedown and Key Recovery
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/
"Sandscout" tool to exploit iOS Sandbox Vulnerabilities
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German)
Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn)
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Wildfire Ransomware Takedown and Key Recovery
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/
"Sandscout" tool to exploit iOS Sandbox Vulnerabilities
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German)
Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn)
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
ISC StormCast for Wednesday, August 24th 2016
24 augusti 2016 |
5 min
Voicemail Message Notification Deliver Ransomware
https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/
Updates Microsoft Word Bulletin
https://support.microsoft.com/en-us/kb/3179163
Multiple BTS Software Vulnerabilities
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/
Popular HTTP Proxies Vulnerable to Cache Poisoning
https://hostoftroubles.com
https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/
Updates Microsoft Word Bulletin
https://support.microsoft.com/en-us/kb/3179163
Multiple BTS Software Vulnerabilities
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/
Popular HTTP Proxies Vulnerable to Cache Poisoning
https://hostoftroubles.com
ISC StormCast for Tuesday, August 23rd 2016
23 augusti 2016 |
5 min
Multiple Vulnerabilities in BHU Router
http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html
Smart Socket Vulnerability
https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/
Smart Security Cameras are Spying on You
http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e
Veracrypt 1.18a With Limited UEFI Support
https://veracrypt.codeplex.com/releases/view/625477
http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html
Smart Socket Vulnerability
https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/
Smart Security Cameras are Spying on You
http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e
Veracrypt 1.18a With Limited UEFI Support
https://veracrypt.codeplex.com/releases/view/625477
ISC StormCast for Monday, August 22nd 2016
22 augusti 2016 |
5 min
GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316)
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Wikileaks Leaked E-Mail Includes Malware
https://github.com/bontchev/wlscrape/blob/master/malware.md
Android Vulnerable to TCP Connection Hijack
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/
Cerber Ransomware Decryption Tool No Longer Operational
https://www.cerberdecrypt.com/RansomwareDecryptionTool/
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Wikileaks Leaked E-Mail Includes Malware
https://github.com/bontchev/wlscrape/blob/master/malware.md
Android Vulnerable to TCP Connection Hijack
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/
Cerber Ransomware Decryption Tool No Longer Operational
https://www.cerberdecrypt.com/RansomwareDecryptionTool/
ISC StormCast for Friday, August 19th 2016
18 augusti 2016 |
7 min
One Compromised Site - 2 Exploit Campaigns
https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/
Shadow Broker Leak Vendor Responses
https://blogs.cisco.com/security/shadow-brokers
http://fortiguard.com/advisory/FG-IR-16-023
Google Releases OS X Whitelisting Application
https://github.com/google/santa/wiki
https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/
Shadow Broker Leak Vendor Responses
https://blogs.cisco.com/security/shadow-brokers
http://fortiguard.com/advisory/FG-IR-16-023
Google Releases OS X Whitelisting Application
https://github.com/google/santa/wiki
ISC StormCast for Thursday, August 18th 2016
17 augusti 2016 |
6 min
522 Error Code For the Win
https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/
Short PGP Keys Abused in the Wild
https://news.ycombinator.com/item?id=12296974
HTTP "FalseConnect" Vulnerability
http://www.kb.cert.org/vuls/id/905344
https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/
Short PGP Keys Abused in the Wild
https://news.ycombinator.com/item?id=12296974
HTTP "FalseConnect" Vulnerability
http://www.kb.cert.org/vuls/id/905344
ISC StormCast for Wednesday, August 17th 2016
16 augusti 2016 |
6 min
Cryptoanalysis of a Fully Homomorphic Encryption Scheme
http://eprint.iacr.org/2016/775.pdf
Recreating Android App Displays from Memory
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf
Various Router Exploits Released
https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
http://eprint.iacr.org/2016/775.pdf
Recreating Android App Displays from Memory
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf
Various Router Exploits Released
https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
ISC StormCast for Tuesday, August 16th 2016
15 augusti 2016 |
6 min
Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Updated Group Policies To Block Macros in Office 2013
https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/
Bypassing Application Whitelisting using WinDbg
http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
Bypassing UAC without writing to disk
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Updated Group Policies To Block Macros in Office 2013
https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/
Bypassing Application Whitelisting using WinDbg
http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
Bypassing UAC without writing to disk
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
ISC StormCast for Monday, August 15th 2016
14 augusti 2016 |
6 min
Most Android Devices Protected From Quadrooter By Default
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
Dangers of IP Geolocation
https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/
Microsoft Secure Boot Key Bypass
https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
Dangers of IP Geolocation
https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/
Microsoft Secure Boot Key Bypass
https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
ISC StormCast for Friday, August 12th 2016
11 augusti 2016 |
10 min
Bling Spoofing of TCP Connections CVE-2016-5696
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Fingerprinting TLS Using TShark
https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/
Forensics Artifcats on iOS Messaging Apps
https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/
Vulnerable VW Remote Keyless Unlock
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Fingerprinting TLS Using TShark
https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/
Forensics Artifcats on iOS Messaging Apps
https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/
Vulnerable VW Remote Keyless Unlock
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
ISC StormCast for Wednesday, August 10th 2016
10 augusti 2016 |
5 min
MSFT Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/
Adobe Patch for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html
Avast Anti Virus Conflict With Windows 10 Anniversary Update
https://forum.avast.com/index.php?topic=189403.0
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/
Adobe Patch for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html
Avast Anti Virus Conflict With Windows 10 Anniversary Update
https://forum.avast.com/index.php?topic=189403.0
ISC StormCast for Tuesday, August 9th 2016
8 augusti 2016 |
6 min
Using File Entropy to Identify "Ransomwared" Files
https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/
Bypassing Windows Digital Signatures
https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
Quadrooter Android Vulnerability
http://blog.checkpoint.com/2016/08/07/quadrooter/
Defcon Slides Online
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/
Philips Hue Exploit (Video)
http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/
Bypassing Windows Digital Signatures
https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
Quadrooter Android Vulnerability
http://blog.checkpoint.com/2016/08/07/quadrooter/
Defcon Slides Online
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/
Philips Hue Exploit (Video)
http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
ISC StormCast for Monday, August 8th 2016
8 augusti 2016 |
6 min
Analyzing Malicious RTF Files
https://isc.sans.edu/forums/diary/rtfdump/21347/
Monitors Vulnerable To Remote Code Execution
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels
Brute Forcing Encrypted Hard drive Protections
https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
What is Using Your Webcam
http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
https://isc.sans.edu/forums/diary/rtfdump/21347/
Monitors Vulnerable To Remote Code Execution
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels
Brute Forcing Encrypted Hard drive Protections
https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
What is Using Your Webcam
http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
ISC StormCast for Friday, August 5th 2016
5 augusti 2016 |
7 min
Surge in Scans for Netis Router
https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/
iPhone Thieves Use Targeted Phishing
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk
NUUO/ReadyNAS Video Recorder Vulnerabilities
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt
mixed-blend-mode Browser History Leak
https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/
iPhone Thieves Use Targeted Phishing
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk
NUUO/ReadyNAS Video Recorder Vulnerabilities
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt
mixed-blend-mode Browser History Leak
https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
ISC StormCast for Thursday, August 4th 2016
4 augusti 2016 |
6 min
The Dark Side of Certificate Transparency
https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/
Ouch Security Awareness Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
HTTP/2 Vulnerabilities
http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/
Ouch Security Awareness Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
HTTP/2 Vulnerabilities
http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
ISC StormCast for Wednesday, August 3rd 2016
3 augusti 2016 |
6 min
Windows 10 Aniversary Update Feedback
https://kc.mcafee.com/corporate/index?page=content&id=KB87536
Android Updates
https://source.android.com/security/bulletin/2016-08-01.html
Unlocking Murder Victim Phone With Printed Fingerprint
http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/
signout.live.com remote code execution vulnerability
http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
Edge/IE Still Leak NTLM Credentials (since 1997!)
hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
https://kc.mcafee.com/corporate/index?page=content&id=KB87536
Android Updates
https://source.android.com/security/bulletin/2016-08-01.html
Unlocking Murder Victim Phone With Printed Fingerprint
http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/
signout.live.com remote code execution vulnerability
http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
Edge/IE Still Leak NTLM Credentials (since 1997!)
hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
ISC StormCast for Tuesday, August 2nd 2016
2 augusti 2016 |
6 min
Are You Getting I-CANNED?
https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/
Windows 10 Anniversary Edition
https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/
Pangu Jailbreak Leading To Compromised Accounts?
https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/
https://twitter.com/PanguTeam/status/759729314577342468
SANS Boston "Security Impact of IPv6"
https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/
Windows 10 Anniversary Edition
https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/
Pangu Jailbreak Leading To Compromised Accounts?
https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/
https://twitter.com/PanguTeam/status/759729314577342468
SANS Boston "Security Impact of IPv6"
https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
ISC StormCast for Monday, August 1st 2016
31 juli 2016 |
6 min
rtfobj Update
https://isc.sans.edu/forums/diary/rtfobj/21317/
Comodo SSL Certificates Mixup
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
SwiftKey Keyboard May Leak Private Data to Other Users
https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/
New Version of OPNSense Released
https://forum.opnsense.org/index.php?topic=3428.0
WhatsApp Does Not Delete All Chats
http://www.zdziarski.com/blog/?p=6143
https://isc.sans.edu/forums/diary/rtfobj/21317/
Comodo SSL Certificates Mixup
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
SwiftKey Keyboard May Leak Private Data to Other Users
https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/
New Version of OPNSense Released
https://forum.opnsense.org/index.php?topic=3428.0
WhatsApp Does Not Delete All Chats
http://www.zdziarski.com/blog/?p=6143
ISC StormCast for Friday, July 29th 2016
29 juli 2016 |
6 min
Verifying SSL/TLS Certificates Manually
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/
LastPass Security Updates
https://blog.lastpass.com/2016/07/lastpass-security-updates.html/
Android Linux Kernel Defenses
https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html
Update to ISC Suspicious Domain List
https://isc.sans.edu/suspicious_domains.html
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/
LastPass Security Updates
https://blog.lastpass.com/2016/07/lastpass-security-updates.html/
Android Linux Kernel Defenses
https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html
Update to ISC Suspicious Domain List
https://isc.sans.edu/suspicious_domains.html
ISC StormCast for Thursday, July 28th 2016
28 juli 2016 |
6 min
Linux Bot Analysis
https://isc.sans.edu/forums/diary/Analyze+of+a+Linux+botnet+client+source+code/21305/
Critical XEN PV Guests Vulnerability
https://isc.sans.edu/forums/diary/Critical+Xen+PV+guests+vulnerabilities/21307/
LastPass Vulnerability
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
Chimera Ransomware Keys Leaked
https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/
Fiat/Chrysler Software Recall
http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected?preview=true
Defending Web Applications Security Essentials (DEV522) in Vegas!
https://www.sans.org/event/network-security-2016/course/defending-web-applications-security-essentials
https://isc.sans.edu/forums/diary/Analyze+of+a+Linux+botnet+client+source+code/21305/
Critical XEN PV Guests Vulnerability
https://isc.sans.edu/forums/diary/Critical+Xen+PV+guests+vulnerabilities/21307/
LastPass Vulnerability
https://labs.detectify.com/2016/07/27/how-i-made-lastpass-give-me-all-your-passwords/
Chimera Ransomware Keys Leaked
https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/
Fiat/Chrysler Software Recall
http://www.thecarconnection.com/news/1105198_2015-chrysler-200-jeep-renegade-2014-2015-jeep-cherokee-recalled-410000-vehicles-affected?preview=true
Defending Web Applications Security Essentials (DEV522) in Vegas!
https://www.sans.org/event/network-security-2016/course/defending-web-applications-security-essentials
ISC StormCast for Wednesday, July 27th 2016
27 juli 2016 |
6 min
DNS Cmd and Ctrl via AAAA Records
https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/
Microsoft Authenticator
https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/
WPAD May Leak HTTPS URLs
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
HOnions: Tor Servers To Discover Snooping Tor Nodes
https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/
Microsoft Authenticator
https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/
WPAD May Leak HTTPS URLs
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
HOnions: Tor Servers To Discover Snooping Tor Nodes
https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
ISC StormCast for Tuesday, July 26th 2016
26 juli 2016 |
5 min
Python Malware - Part 4
https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/
Powerware Decrypter
https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py
No More Ransomware
https://www.nomoreransom.org
Pangu iOS 9.3.3 Jailbrake
http://en.pangu.io
Safe Skies TSA Keys Duplicated
http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/
Powerware Decrypter
https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py
No More Ransomware
https://www.nomoreransom.org
Pangu iOS 9.3.3 Jailbrake
http://en.pangu.io
Safe Skies TSA Keys Duplicated
http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
ISC StormCast for Monday, July 25th 2016
25 juli 2016 |
6 min
NIST Digital Authentication Guide Preview
https://github.com/usnistgov/800-63-3
Powerware Ransomware Spoofing Locky
http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/
SAP HANA Security Advisory
http://www.onapsis.com/research/security-advisories
Pokemon Go Forensics
https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
https://github.com/usnistgov/800-63-3
Powerware Ransomware Spoofing Locky
http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/
SAP HANA Security Advisory
http://www.onapsis.com/research/security-advisories
Pokemon Go Forensics
https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
ISC StormCast for Friday, July 22nd 2016
22 juli 2016 |
5 min
A Practice ntds.dit File For Hash Extraction and Password Cracking
https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/
Mozilla Further Reducing Flash Content
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Little Snitch Update
https://www.obdev.at/products/littlesnitch/releasenotes.html
PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability)
http://php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/
Mozilla Further Reducing Flash Content
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Little Snitch Update
https://www.obdev.at/products/littlesnitch/releasenotes.html
PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability)
http://php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
ISC StormCast for Thursday, July 21st 2016
21 juli 2016 |
5 min
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DNS Root Key Rotation
http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf
Anti-Malware Codehooking Vulnerabilities
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
More Details Regaring Apple's Image I/O Vulnerablity
http://www.talosintelligence.com/reports/TALOS-2016-0171/
Hidden Backdoor in Dell Security Software
https://www.digitaldefense.com/ddi-six-discoveries/
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DNS Root Key Rotation
http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf
Anti-Malware Codehooking Vulnerabilities
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
More Details Regaring Apple's Image I/O Vulnerablity
http://www.talosintelligence.com/reports/TALOS-2016-0171/
Hidden Backdoor in Dell Security Software
https://www.digitaldefense.com/ddi-six-discoveries/
ISC StormCast for Wednesday, July 20th 2016
20 juli 2016 |
5 min
Objective Systems ASN1C Compiler Creates Vulnerable Code
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
Office Maldoc Analysis
https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/
Defeating GMail's Malicious Macro Signatures
https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
https://github.com/programa-stic/security-advisories/tree/master/ObjSys/CVE-2016-5080
Office Maldoc Analysis
https://isc.sans.edu/forums/diary/Office+Maldoc+Lets+Focus+on+the+VBA+Macros+Later/21275/
Defeating GMail's Malicious Macro Signatures
https://warroom.securestate.com/bypassing-gmails-malicious-macro-signatures/
ISC StormCast for Tuesday, July 19th 2016
19 juli 2016 |
6 min
httpoxy Vulnerability
https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Toll Number Calling via Two Factor Authentication
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Toll Number Calling via Two Factor Authentication
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
ISC StormCast for Monday, July 18th 2016
18 juli 2016 |
6 min
More Python Malware
Critical Juniper Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
MS16-053 Included in Neutrino Exploit Kit
https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html
SSH Username Disclosure
http://seclists.org/fulldisclosure/2016/Jul/51
Critical Juniper Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
MS16-053 Included in Neutrino Exploit Kit
https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html
SSH Username Disclosure
http://seclists.org/fulldisclosure/2016/Jul/51
ISC StormCast for Friday, July 15th 2016
15 juli 2016 |
5 min
The Power of Web Shells
https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/
Airtel India Intercepting Cloudflare Traffic
https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6
WordPress SEO Pack Plugin Persistent Cross Site Scripting
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
Github Releases synsanity SYN Flood Defense
http://githubengineering.com/syn-flood-mitigation-with-synsanity/
MS16-094 Prevents Booting Linux On Microsoft Surface
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/
Airtel India Intercepting Cloudflare Traffic
https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6
WordPress SEO Pack Plugin Persistent Cross Site Scripting
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
Github Releases synsanity SYN Flood Defense
http://githubengineering.com/syn-flood-mitigation-with-synsanity/
MS16-094 Prevents Booting Linux On Microsoft Surface
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
ISC StormCast for Thursday, July 14th 2016
14 juli 2016 |
5 min
Hunting for Malicious Files with MISP + OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/
Drupal: Patch released today to fix a highly critical RCE in contributed modules
https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/
Riffle anonymity network trying to compete with tor
http://people.csail.mit.edu/devadas/pubs/riffle.pdf
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/
Drupal: Patch released today to fix a highly critical RCE in contributed modules
https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/
Riffle anonymity network trying to compete with tor
http://people.csail.mit.edu/devadas/pubs/riffle.pdf
ISC StormCast for Wednesday, July 13th 2016
13 juli 2016 |
8 min
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/
"Ranscam" Ransom Ware Deleted Data
http://blog.talosintel.com/2016/07/ranscam.html
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/
"Ranscam" Ransom Ware Deleted Data
http://blog.talosintel.com/2016/07/ranscam.html
ISC StormCast for Tuesday, July 12th 2016
12 juli 2016 |
6 min
Hiding in White Text: Word Documents with Embedded Payloads
https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/
Pokemon Go Requests "Full Access" to iOS User's Google Account
http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk
Hacking Siri With Barely Audible Voice Commands
https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf
iOS Users Locked Out of Devices by Ransom Attacks
http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html
Contact Form For Feedback
https://isc.sans.edu/contact.html
https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/
Pokemon Go Requests "Full Access" to iOS User's Google Account
http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk
Hacking Siri With Barely Audible Voice Commands
https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf
iOS Users Locked Out of Devices by Ransom Attacks
http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html
Contact Form For Feedback
https://isc.sans.edu/contact.html
ISC StormCast for Monday, July 11th 2016
11 juli 2016 |
5 min
Pentesters (and Attackers) Love Internet Connected Security Cameras!
https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/
Lessons Learned From Industrial Control Systems
https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/
BMW Portal Insecurity
http://www.vulnerability-lab.com/get_content.php?id=1736
http://www.vulnerability-lab.com/get_content.php?id=1737
Pokemon Go App Used To Rob Users
https://regmedia.co.uk/2016/07/10/34798567498753.pdf
Facebook Messenger End-to-End Encryption
http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/
Lessons Learned From Industrial Control Systems
https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/
BMW Portal Insecurity
http://www.vulnerability-lab.com/get_content.php?id=1736
http://www.vulnerability-lab.com/get_content.php?id=1737
Pokemon Go App Used To Rob Users
https://regmedia.co.uk/2016/07/10/34798567498753.pdf
Facebook Messenger End-to-End Encryption
http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
ISC StormCast for Friday, July 8th 2016
7 juli 2016 |
5 min
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/
OUCH Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016
Discovering Malware in TLS Traffic
http://arxiv.org/abs/1607.01639
TP-Link Uses tplinklogin.net Domain
http://thehackernews.com/2016/07/tp-link-router-setting.html
https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/
OUCH Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016
Discovering Malware in TLS Traffic
http://arxiv.org/abs/1607.01639
TP-Link Uses tplinklogin.net Domain
http://thehackernews.com/2016/07/tp-link-router-setting.html
ISC StormCast for Thursday, July 7th 2016
7 juli 2016 |
5 min
CryptXXX Update
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/
Symantec Patches On the Way (but not fast)
https://twitter.com/taviso?lang=en
Android Adware/Malware
https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
HP Updates Comware and VCX Routers
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351
Tracking Devices With Randomized Wifi MAC Addresses
http://papers.mathyvanhoef.com/asiaccs2016.pdf
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/
Symantec Patches On the Way (but not fast)
https://twitter.com/taviso?lang=en
Android Adware/Malware
https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
HP Updates Comware and VCX Routers
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351
Tracking Devices With Randomized Wifi MAC Addresses
http://papers.mathyvanhoef.com/asiaccs2016.pdf
ISC StormCast for Wednesday, July 6th 2016
6 juli 2016 |
6 min
Apache Fixes Critical HTTP/2 TLS Authentication Flaw
https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/
Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability
https://twitter.com/al3xtjames
UK Police Data Breaches
https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf
Mac Malware Uses Tor For C&C
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
Front Door Intercom Backdoor
http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf
wget arbitrary command line execution with redirects
https://blogs.securiteam.com/index.php/archives/2701
https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/
Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability
https://twitter.com/al3xtjames
UK Police Data Breaches
https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf
Mac Malware Uses Tor For C&C
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
Front Door Intercom Backdoor
http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf
wget arbitrary command line execution with redirects
https://blogs.securiteam.com/index.php/archives/2701
ISC StormCast for Tuesday, July 5th 2016
5 juli 2016 |
5 min
Change in patterns for the pseudoDarkleech Campaign
https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/
Thinkpad SMS Arbitrary Code Execution Exploit
https://github.com/Cr4sh/ThinkPwn
SQLLite Temp File Vulnerability
http://seclists.org/fulldisclosure/2016/Jul/0
AVG Publishes Mulit-Ransomware Decryption Tool
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Euro 2016 App Leaks User's Data
http://wandera.com/downloads/Euro_Paper.pdf
https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/
Thinkpad SMS Arbitrary Code Execution Exploit
https://github.com/Cr4sh/ThinkPwn
SQLLite Temp File Vulnerability
http://seclists.org/fulldisclosure/2016/Jul/0
AVG Publishes Mulit-Ransomware Decryption Tool
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Euro 2016 App Leaks User's Data
http://wandera.com/downloads/Euro_Paper.pdf
ISC StormCast for Friday, July 1st 2016
1 juli 2016 |
6 min
Phishing Campaign with Blurred Images
https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/
FoxIT Patches PDF Reader Security Flaws
https://www.foxitsoftware.com/support/security-bulletins.php#content-2016
Vulnerabilities in StartCom's API
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Hummer Trojan Leads Android Malware
http://www.cmcm.com/blog/en/security/2016-06-29/995.html
https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/
FoxIT Patches PDF Reader Security Flaws
https://www.foxitsoftware.com/support/security-bulletins.php#content-2016
Vulnerabilities in StartCom's API
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Hummer Trojan Leads Android Malware
http://www.cmcm.com/blog/en/security/2016-06-29/995.html
ISC StormCast for Thursday, June 30th 2016
30 juni 2016 |
5 min
Critical Symantec AV Vulnerabilities
http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
Google "My Activity"
https://myactivity.google.com/myactivity
Hashcat/OCLHashcat 3.0 Released
https://hashcat.net/forum/thread-5559.html
Lenovo Thinkpad Firmware Reverse Analysis
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Linux Privilege Escalation Vulnerabilities
http://www.openwall.com/lists/oss-security/2016/06/24/5
http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
Google "My Activity"
https://myactivity.google.com/myactivity
Hashcat/OCLHashcat 3.0 Released
https://hashcat.net/forum/thread-5559.html
Lenovo Thinkpad Firmware Reverse Analysis
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Linux Privilege Escalation Vulnerabilities
http://www.openwall.com/lists/oss-security/2016/06/24/5
ISC StormCast for Wednesday, June 29th 2016
29 juni 2016 |
4 min
Odd User-Agents
https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/
ZimbraCrypt Ransomware
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
Hard Drives Still Not Wiped Before Selling Them on EBay
http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study
PhotoLogin Option For LogmeOnce
https://www.logmeonce.com/photologin/
https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/
ZimbraCrypt Ransomware
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
Hard Drives Still Not Wiped Before Selling Them on EBay
http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study
PhotoLogin Option For LogmeOnce
https://www.logmeonce.com/photologin/
ISC StormCast for Tuesday, June 28th 2016
28 juni 2016 |
6 min
Recent Fake DDOS Threats by "Armada Collective"
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
IRS Discontinues e-Filing Pins
https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin
CCTV Cameras Still A Major Threat
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
IRS Discontinues e-Filing Pins
https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin
CCTV Cameras Still A Major Threat
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
ISC StormCast for Monday, June 27th 2016
27 juni 2016 |
6 min
"Bart" Ransomware
https://isc.sans.edu/forums/diary/Bart+a+new+Ransomware/21195/
Swagger Vulnerablity
https://community.rapid7.com/community/infosec/blog/2016/06/23/r7-2016-06-remote-code-execution-via-swagger-parameter-injection-cve-2016-5641
"Enriched" Voter Database Leak
https://mackeeper.com/blog/post/239-another-us-voter-database-leak
https://isc.sans.edu/forums/diary/Bart+a+new+Ransomware/21195/
Swagger Vulnerablity
https://community.rapid7.com/community/infosec/blog/2016/06/23/r7-2016-06-remote-code-execution-via-swagger-parameter-injection-cve-2016-5641
"Enriched" Voter Database Leak
https://mackeeper.com/blog/post/239-another-us-voter-database-leak
ISC StormCast for Friday, June 24th 2016
24 juni 2016 |
5 min
Uber Vulnerabliity Summary
https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/
Apple Intentially Left Kernel Decrypted
https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/
Wordpress Fixes Various Critical Vulnerabilities
https://codex.wordpress.org/Version_4.5.3
Let's Encrypt Reaching 5 Million Issued Certificates
https://letsencrypt.org/2016/06/22/https-progress-june-2016.html
Necurs Botnet is Back
https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/
Apple Intentially Left Kernel Decrypted
https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/
Wordpress Fixes Various Critical Vulnerabilities
https://codex.wordpress.org/Version_4.5.3
Let's Encrypt Reaching 5 Million Issued Certificates
https://letsencrypt.org/2016/06/22/https-progress-june-2016.html
Necurs Botnet is Back
https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
ISC StormCast for Thursday, June 23rd 2016
23 juni 2016 |
5 min
Deobfuscating Java Code
https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/
iOS 10 Beta Not Encrypted To Aid Bug Hunters
https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/
Microsoft Updates SEAL
http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf
Cisco Releases Pidgin Vulnerabilities
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html
Libarchive vulnerabilities
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/
iOS 10 Beta Not Encrypted To Aid Bug Hunters
https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/
Microsoft Updates SEAL
http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf
Cisco Releases Pidgin Vulnerabilities
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html
Libarchive vulnerabilities
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
ISC StormCast for Wednesday, June 22nd 2016
22 juni 2016 |
5 min
Apple Airport (and Time Capsule) Update
https://support.apple.com/en-us/HT201222
StartCom Adding API For Free SSL Certificates
https://support.apple.com/en-us/HT201222
BitCoin Phishing With Typo Squatting Domains
http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html
Google Attempting to Simplify 2 Factor Authentication
http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
https://support.apple.com/en-us/HT201222
StartCom Adding API For Free SSL Certificates
https://support.apple.com/en-us/HT201222
BitCoin Phishing With Typo Squatting Domains
http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html
Google Attempting to Simplify 2 Factor Authentication
http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
ISC StormCast for Tuesday, June 21st 2016
21 juni 2016 |
5 min
Fake SWIFT Payment Notices Used in Malicious E-Mail Campaign
https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/
RedHat Fixes Various OpenSSL Integer Overflows
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
JavaScript Ransom Ware
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
Triada/Horde Mobile Malware Updates
http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/
RedHat Fixes Various OpenSSL Integer Overflows
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
JavaScript Ransom Ware
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
Triada/Horde Mobile Malware Updates
http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
ISC StormCast for Monday, June 20th 2016
19 juni 2016 |
5 min
Avoiding Javascript Malware
https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/
LogMeIn Joining Other Sites in Proactively Resetting Passwords
https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/
Kaspersky Publishes Details Around Recent Flash Vulnerability
https://securelist.com/blog/research/75100/operation-daybreak/
CSRF Vulnerability in Democratic Party Donation Platform
http://rajk.me/actblue/#intro
https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/
LogMeIn Joining Other Sites in Proactively Resetting Passwords
https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/
Kaspersky Publishes Details Around Recent Flash Vulnerability
https://securelist.com/blog/research/75100/operation-daybreak/
CSRF Vulnerability in Democratic Party Donation Platform
http://rajk.me/actblue/#intro
ISC StormCast for Friday, June 17th 2016
17 juni 2016 |
5 min
Adobe Patches Critiical Flash Vulnerability
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Teamviewer Users May be Compromised by Trojaned Client
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
Siemens ICS Equipment Transmits Credentials Over the Network
https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02
GitHub Resets User Accounts Compromissed In 3rd Party Incident
https://github.com/blog/2190-github-security-update-reused-password-attack
HTTP Header Injection in Python urllib
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Teamviewer Users May be Compromised by Trojaned Client
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
Siemens ICS Equipment Transmits Credentials Over the Network
https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02
GitHub Resets User Accounts Compromissed In 3rd Party Incident
https://github.com/blog/2190-github-security-update-reused-password-attack
HTTP Header Injection in Python urllib
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
ISC StormCast for Thursday, June 16th 2016
16 juni 2016 |
5 min
Group Policy Issues After Applying MS16-072 (KB3159398)
https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP
Apple Will Reject Apps Using HTTP
https://developer.apple.com/videos/play/wwdc2016/706/
Rising AntiVirus Includes Malware (article only in german)
http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html
SAP Patch
https://erpscan.com/press-center/blog/sap-security-notes-june-2016/
Breached RDP Servers For Rent
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP
Apple Will Reject Apps Using HTTP
https://developer.apple.com/videos/play/wwdc2016/706/
Rising AntiVirus Includes Malware (article only in german)
http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html
SAP Patch
https://erpscan.com/press-center/blog/sap-security-notes-june-2016/
Breached RDP Servers For Rent
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
ISC StormCast for Wednesday, June 15th 2016
15 juni 2016 |
8 min
Microsoft Updates
https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14
Adobe Updates (Incl. active exploitation of Flash Vuln.)
https://helpx.adobe.com/security.html
https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14
Adobe Updates (Incl. active exploitation of Flash Vuln.)
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, June 14th 2016
14 juni 2016 |
5 min
Flocker Ransomware Locks TVs
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
Samsung Updates Software Update Software
http://seclists.org/fulldisclosure/2016/Jun/21
Lets Encrypt Messes Up Notification E-mail, Leaks Addresses
https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867
ClamAV Fuzzing Finds Bugs in 7z Unpacking Code
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
Samsung Updates Software Update Software
http://seclists.org/fulldisclosure/2016/Jun/21
Lets Encrypt Messes Up Notification E-mail, Leaks Addresses
https://community.letsencrypt.org/t/email-address-disclosures-preliminary-report-june-11-2016/16867
ClamAV Fuzzing Finds Bugs in 7z Unpacking Code
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/
ISC StormCast for Monday, June 13th 2016
13 juni 2016 |
5 min
DNS Sinkhole 2.0 Released
https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/
Visual C Telemetry Library
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/
Crysis Ransomware
http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/
Intel Releases ROP Attack Protection
http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
EMC Fixes Data Domain Session ID Disclosure Vulnerability
https://auscert.org.au/render.html?it=35618
https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/
Visual C Telemetry Library
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/
Crysis Ransomware
http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/
Intel Releases ROP Attack Protection
http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
EMC Fixes Data Domain Session ID Disclosure Vulnerability
https://auscert.org.au/render.html?it=35618
ISC StormCast for Friday, June 10th 2016
10 juni 2016 |
5 min
Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched
http://blog.talosintel.com/2016/06/pdfium.html
Google Continues to Remove SSLv3 Support
http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html
Vibration Sensor Can Be Used As Microphone
http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf
Keypass Fixes Vulnerable Update Procedure
http://keepass.info/help/kb/sec_issues.html#updsig
http://blog.talosintel.com/2016/06/pdfium.html
Google Continues to Remove SSLv3 Support
http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html
Vibration Sensor Can Be Used As Microphone
http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf
Keypass Fixes Vulnerable Update Procedure
http://keepass.info/help/kb/sec_issues.html#updsig
ISC StormCast for Thursday, June 9th 2016
9 juni 2016 |
5 min
CryptXXX Switches From Angler to Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/
Android Flah Keyboard Uses Excessive Permissions
https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf
Firefox 47 Released
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47
D-Link Camera Vulnerable To Remote Exploit
http://blog.senr.io/blog/home-secure-home
BITS used to make malware more persistent
https://www.secureworks.com/blog/malware-lingers-with-bits
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/
Android Flah Keyboard Uses Excessive Permissions
https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf
Firefox 47 Released
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47
D-Link Camera Vulnerable To Remote Exploit
http://blog.senr.io/blog/home-secure-home
BITS used to make malware more persistent
https://www.secureworks.com/blog/malware-lingers-with-bits
ISC StormCast for Wednesday, June 8th 2016
7 juni 2016 |
6 min
Various Internet Sites Flag Password Reuse
http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/
Facebook Chat Vulnerability Patched
https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/
DNS Cookies: Making DNS More Security
https://www.rfc-editor.org/rfc/rfc7873.txt
http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/
Facebook Chat Vulnerability Patched
https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/
DNS Cookies: Making DNS More Security
https://www.rfc-editor.org/rfc/rfc7873.txt
ISC StormCast for Tuesday, June 7th 2016
7 juni 2016 |
5 min
LinkedIn Data Used to Personalize Malicious E-Mail
https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw
Android Patches
https://source.android.com/security/bulletin/2016-06-01.html
Mitsubishi Outlander Wifi Hack
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/
Using NTP to Calibrate Time Stamps in PCAP
https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/
BING Adds Malware Warning
https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw
Android Patches
https://source.android.com/security/bulletin/2016-06-01.html
Mitsubishi Outlander Wifi Hack
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/
Using NTP to Calibrate Time Stamps in PCAP
https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/
BING Adds Malware Warning
https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
ISC StormCast for Monday, June 6th 2016
5 juni 2016 |
5 min
A Recent MySQL Honeypot Compromise
https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/
Team Viewer Improves Security
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
Black Shades Ransomware
http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/
NTP Update
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/
Team Viewer Improves Security
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
Black Shades Ransomware
http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/
NTP Update
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
ISC StormCast for Friday, June 3rd 2016
3 juni 2016 |
5 min
Docker Containers Logging
https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/
Lenovo Suggests Uninstalling Accelerator Application
https://support.lenovo.com/us/en/product_security/len_6718
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
MongoDB Injection
http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/
Ouch! Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption
Detecting DNS Tunneling With Splunk
https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
Android AV Vulnerabilities
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/
Lenovo Suggests Uninstalling Accelerator Application
https://support.lenovo.com/us/en/product_security/len_6718
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
MongoDB Injection
http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/
Ouch! Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption
Detecting DNS Tunneling With Splunk
https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
Android AV Vulnerabilities
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
ISC StormCast for Thursday, June 2nd 2016
2 juni 2016 |
5 min
KeePass Insecure Update
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Possible TeamViewer Breach
http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
Windows 10 Exploit Offered For Sale
https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0
Intrusion Detection in Depth Minneapolis (July 18-23rd)
https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Possible TeamViewer Breach
http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
Windows 10 Exploit Offered For Sale
https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0
Intrusion Detection in Depth Minneapolis (July 18-23rd)
https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
ISC StormCast for Wednesday, June 1st 2016
31 maj 2016 |
6 min
Increase in Telnet Scans
https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/
Bloatware Introducing Security Flaws in Laptops
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
Exploit Released for Unpatchable SCADA Controller
https://www.exploit-db.com/exploits/37154/
Fail2Ban Adding IPv6 Support
https://www.slightfuture.com/security/fail2ban-ipv6
Critical LG Phone Security Flaws
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/
Bloatware Introducing Security Flaws in Laptops
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
Exploit Released for Unpatchable SCADA Controller
https://www.exploit-db.com/exploits/37154/
Fail2Ban Adding IPv6 Support
https://www.slightfuture.com/security/fail2ban-ipv6
Critical LG Phone Security Flaws
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
ISC StormCast for Tuesday, May 31st 2016
31 maj 2016 |
5 min
Hardcoded Password in Medical Software
https://www.kb.cert.org/vuls/id/482135
Google Chorme Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
PA DSS Update
https://www.pcisecuritystandards.org/document_library
JetPack WordPress Plugin XSS vulnerabilties
https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
Tor Browser Fingerprinting Site
https://tor.triop.se
Anti-Pastejacking Browser Plugin
https://github.com/rocketshipapps/hardenedpaste
https://www.kb.cert.org/vuls/id/482135
Google Chorme Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
PA DSS Update
https://www.pcisecuritystandards.org/document_library
JetPack WordPress Plugin XSS vulnerabilties
https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
Tor Browser Fingerprinting Site
https://tor.triop.se
Anti-Pastejacking Browser Plugin
https://github.com/rocketshipapps/hardenedpaste
ISC StormCast for Monday, May 30th 2016
30 maj 2016 |
4 min
Analysis of a Distributed Denial of Service Attack
https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/
Bluecoat CA
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
Google Requires Symantec CAs to Comply With Certificate Transparency
https://cabforum.org/pipermail/public/2016-May/007573.html
https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/
Bluecoat CA
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
Google Requires Symantec CAs to Comply With Certificate Transparency
https://cabforum.org/pipermail/public/2016-May/007573.html
ISC StormCast for Friday, May 27th 2016
27 maj 2016 |
5 min
Keeping an Eye on Tor Traffic
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/
Next Generation Tor Passed First Test
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
DDoS Prives Drop
https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html
Older Microsoft Office Vulnerabilities Still Used by "APT" Actors
https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/
Next Generation Tor Passed First Test
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
DDoS Prives Drop
https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html
Older Microsoft Office Vulnerabilities Still Used by "APT" Actors
https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
ISC StormCast for Thursday, May 26th 2016
26 maj 2016 |
5 min
DNS Covert Channel Used in Targeted Attacks
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
Genius Web Annotation Serivce Is Removing Security Headers
http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability
Canary Tokens For Windows Binaries
http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html
Cisco Patches IPv6 ND DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
Genius Web Annotation Serivce Is Removing Security Headers
http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability
Canary Tokens For Windows Binaries
http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html
Cisco Patches IPv6 ND DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
ISC StormCast for Wednesday, May 25th 2016
25 maj 2016 |
5 min
Verisign/US-Cert Warn of The Use of Local TLDs for WPAD
http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf
Proposal To Use TLS for DNS
https://www.rfc-editor.org/rfc/rfc7858.txt
Azure Blacklists Common Password
https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/
Google Attempts to Eliminate Passwords
http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf
Proposal To Use TLS for DNS
https://www.rfc-editor.org/rfc/rfc7858.txt
Azure Blacklists Common Password
https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/
Google Attempts to Eliminate Passwords
http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
ISC StormCast for Tuesday, May 24th 2016
24 maj 2016 |
5 min
Detailed Technical Report Released About Targeted Attack Against RUAG
https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/
New Variation of PastJacking Exploit Affecting vim
https://github.com/dxa4481/Pastejacking
Xen qemu Patch Released to Limit Log File Size
http://xenbits.xen.org/xsa/advisory-180.html
https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/
New Variation of PastJacking Exploit Affecting vim
https://github.com/dxa4481/Pastejacking
Xen qemu Patch Released to Limit Log File Size
http://xenbits.xen.org/xsa/advisory-180.html
ISC StormCast for Monday, May 23rd 2016
23 maj 2016 |
6 min
Missing MRU Registry Keys For Files Opened With Winzip
https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/
OWASP Asking for Top 10 Overhaul Input
https://twitter.com/wichers/status/733855223832272896
Google is Updating the Safe Browsing API
https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html
Facebook Sued Over Scanning Of Private Messages
https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf
Malware Stores Code in Macro UI Buttons
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/
SANSFIRE 2016
https://www.sans.org/event/sansfire-2016
https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/
OWASP Asking for Top 10 Overhaul Input
https://twitter.com/wichers/status/733855223832272896
Google is Updating the Safe Browsing API
https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html
Facebook Sued Over Scanning Of Private Messages
https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf
Malware Stores Code in Macro UI Buttons
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/
SANSFIRE 2016
https://www.sans.org/event/sansfire-2016
ISC StormCast for Friday, May 20th 2016
20 maj 2016 |
5 min
EITest Campaign Still Going Strong
https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/
Android Malware Affecting Google Pay Acceptance
http://www.theregister.co.uk/2016/05/19/android_pay_analysis/
OS 9.3 Restricts Use Of Fingerprint
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/
Android Malware Affecting Google Pay Acceptance
http://www.theregister.co.uk/2016/05/19/android_pay_analysis/
OS 9.3 Restricts Use Of Fingerprint
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
ISC StormCast for Thursday, May 19th 2016
19 maj 2016 |
5 min
Teslacrypt Shutting Down and Releasing Master Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
Office 365 Risks
https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/
LinkedIn Data Leaked From Past Breach
https://twitter.com/troyhunt/status/732838759390191617
Google Discontinuing SSLv3/RC4 Support for SMTP
http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
Office 365 Risks
https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/
LinkedIn Data Leaked From Past Breach
https://twitter.com/troyhunt/status/732838759390191617
Google Discontinuing SSLv3/RC4 Support for SMTP
http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
ISC StormCast for Wednesday, May 18th 2016
18 maj 2016 |
5 min
Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published
https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/
Symantec Antivirus Engine Malformed PE Header Parser Vulnerability
https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/
New CryptXXX Decryption Tool From Kaspersky
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
More Malware in Google Play Store
http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/
iPadPro Crashes After Updating to iOS 9.3.2
http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/
New Remote Code Execution in Magento E-Commerce Software
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/
Symantec Antivirus Engine Malformed PE Header Parser Vulnerability
https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/
New CryptXXX Decryption Tool From Kaspersky
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
More Malware in Google Play Store
http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/
iPadPro Crashes After Updating to iOS 9.3.2
http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/
New Remote Code Execution in Magento E-Commerce Software
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
ISC StormCast for Tuesday, May 17th 2016
17 maj 2016 |
7 min
419 Death Scams Still Going Around
https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/
Apple Updates
https://support.apple.com/en-us/HT201222
Flash Zero Day Details
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
Google "HTML5 By Default" Draft
https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/
Apple Updates
https://support.apple.com/en-us/HT201222
Flash Zero Day Details
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
Google "HTML5 By Default" Draft
https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
ISC StormCast for Monday, May 16th 2016
16 maj 2016 |
5 min
Python Malware
https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/
Ubiquity AirOS Worm
http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
Google Chrome Update
http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/
More Banks Affected By Fake SWIFT Transactions
http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0
Microsoft Releases Windows 10 Security Auditing And Monitoring Reference
https://www.microsoft.com/en-us/download/details.aspx?id=52630
https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/
Ubiquity AirOS Worm
http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
Google Chrome Update
http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/
More Banks Affected By Fake SWIFT Transactions
http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0
Microsoft Releases Windows 10 Security Auditing And Monitoring Reference
https://www.microsoft.com/en-us/download/details.aspx?id=52630
ISC StormCast for Friday, May 13th 2016
12 maj 2016 |
5 min
Adobe Flash Player Update Released
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Microsoft Excel Phishing
https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/
Squid Proxy Bug Allows For Cache Poisoning
http://bugs.squid-cache.org/show_bug.cgi?id=4501
Nation State Attackers May Exploit Firefox
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Microsoft Excel Phishing
https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/
Squid Proxy Bug Allows For Cache Poisoning
http://bugs.squid-cache.org/show_bug.cgi?id=4501
Nation State Attackers May Exploit Firefox
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
ISC StormCast for Thursday, May 12th 2016
12 maj 2016 |
5 min
Exploited Flash Vulnerablity Patched Only For Windows
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
SAP Vulnerabilities Exploited
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
Free Decryption Tool For CryptXXX No Longer Works
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Multiple 7-Zip Vulnerabilities
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Ransomware Overview
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
SAP Vulnerabilities Exploited
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
Free Decryption Tool For CryptXXX No Longer Works
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Multiple 7-Zip Vulnerabilities
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Ransomware Overview
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
ISC StormCast for Wednesday, May 11th 2016
11 maj 2016 |
8 min
Windows Patch Tuesday
https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
ISC StormCast for Tuesday, May 10th 2016
10 maj 2016 |
6 min
Network Forensics With DShell
https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/
Aruba Vulnerabilities (and Patches)
http://seclists.org/fulldisclosure/2016/May/19
Allwinner Android Device Debug Backdoor
http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
ImageTragick Flaw Being Exploited
https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/
Attacking JSON Web Tokens
https://www.notsosecure.com/crafting-way-json-web-tokens/
ASUS UEFI Red Screen Of Death Workaround
https://www.asus.com/support/FAQ/1016356/
https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/
Aruba Vulnerabilities (and Patches)
http://seclists.org/fulldisclosure/2016/May/19
Allwinner Android Device Debug Backdoor
http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
ImageTragick Flaw Being Exploited
https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/
Attacking JSON Web Tokens
https://www.notsosecure.com/crafting-way-json-web-tokens/
ASUS UEFI Red Screen Of Death Workaround
https://www.asus.com/support/FAQ/1016356/
ISC StormCast for Monday, May 9th 2016
9 maj 2016 |
5 min
A Quick Introduction To Linux Capabilities
https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/
Review of TLS Proxy Security Issues
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
Ransomware Claims to Donate Proceeds To Charity
https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/
Review of TLS Proxy Security Issues
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
Ransomware Claims to Donate Proceeds To Charity
https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
ISC StormCast for Friday, May 6th 2016
6 maj 2016 |
5 min
Large Number of Credentials Offered For Sale
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
Alphalocker: Affordable Ransom Ware
https://blog.cylance.com/an-introduction-to-alphalocker
JAKU Botnet
https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
Alphalocker: Affordable Ransom Ware
https://blog.cylance.com/an-introduction-to-alphalocker
JAKU Botnet
https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
ISC StormCast for Thursday, May 5th 2016
5 maj 2016 |
1 min
Malicious Ads Seens On CBS TV Stations
https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/
ImageMagick Vulnerability
https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/
Fake DDoS Threats Continue
http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/
Cisco Patches Tele Presence Equipment
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Cracking PeopleSoft PS_TOKEN with oclHashcat
http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/
ImageMagick Vulnerability
https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/
Fake DDoS Threats Continue
http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/
Cisco Patches Tele Presence Equipment
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Cracking PeopleSoft PS_TOKEN with oclHashcat
http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
ISC StormCast for Wednesday, May 4th 2016
4 maj 2016 |
2 min
OpenSSL Update Released
https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/
Gerber Exploit Kit Installed By Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/
Image Magick Vulnerablity
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
http://www.openwall.com/lists/oss-security/2016/05/03/18
Microsoft Will No Longer Consider SHA-1 Certificates As Secure
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/
Gerber Exploit Kit Installed By Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/
Image Magick Vulnerablity
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
http://www.openwall.com/lists/oss-security/2016/05/03/18
Microsoft Will No Longer Consider SHA-1 Certificates As Secure
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
ISC StormCast for Tuesday, May 3rd 2016
3 maj 2016 |
5 min
Fake Google Chrome Update Installs Malware on Android
https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update
Android May Security Bulletin
https://source.android.com/security/bulletin/2016-05-01.html
Google Chrome Update
https://source.android.com/security/bulletin/2016-05-01.html
Pwned List Got Pwned
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update
Android May Security Bulletin
https://source.android.com/security/bulletin/2016-05-01.html
Google Chrome Update
https://source.android.com/security/bulletin/2016-05-01.html
Pwned List Got Pwned
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
ISC StormCast for Monday, May 2nd 2016
2 maj 2016 |
6 min
ATM Jackpotting: Analysis of ATM APIs
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Reverse Engineering A ATM Machine Skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Bathroom Scale Vulnerability
https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/
Fake Mobile Payment Apps in Google Play Store
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Reverse Engineering A ATM Machine Skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Bathroom Scale Vulnerability
https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/
Fake Mobile Payment Apps in Google Play Store
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
ISC StormCast for Friday, April 29th 2016
29 april 2016 |
5 min
Powershell and DNS/DHCP
https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/
New Version of PCI Standard Released
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
NTP Patches
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/
New Version of PCI Standard Released
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
NTP Patches
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
ISC StormCast for Thursday, April 28th 2016
28 april 2016 |
5 min
SAML Federated Identity Vulnerability in Office 365
http://www.economyofmechanism.com/office365-authbypass.html
.AS Registry Vulnerable to Direct Object Reference
https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/
Driveby Exploit Used to Deliver Android Ransomware
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
CryptXXX Decrypt Tool
https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
http://www.economyofmechanism.com/office365-authbypass.html
.AS Registry Vulnerable to Direct Object Reference
https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/
Driveby Exploit Used to Deliver Android Ransomware
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
CryptXXX Decrypt Tool
https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
ISC StormCast for Wednesday, April 27th 2016
27 april 2016 |
5 min
OS X Memory Forensics
https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/
Facebook App Used to Delivery Facebook Phish
http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html
Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps
http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/
Tool To Replay RDP Sessions From pcaps
http://www.contextis.com/resources/blog/rdp-replay-code-release/
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST
RouterSploit Router Exploit Framework
https://github.com/reverse-shell/routersploit
https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/
Facebook App Used to Delivery Facebook Phish
http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html
Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps
http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/
Tool To Replay RDP Sessions From pcaps
http://www.contextis.com/resources/blog/rdp-replay-code-release/
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST
RouterSploit Router Exploit Framework
https://github.com/reverse-shell/routersploit
ISC StormCast for Tuesday, April 26th 2016
26 april 2016 |
5 min
Details From the Breach of the Central Bank of Bangladesh
http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html
Apple Image IO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Text Messages Used to Phish Apple IDs
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
Critical HP Data Protector Patch
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
Armada Collection (or imposter) Making Fake DDoS Threats
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html
Apple Image IO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Text Messages Used to Phish Apple IDs
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
Critical HP Data Protector Patch
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
Armada Collection (or imposter) Making Fake DDoS Threats
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
ISC StormCast for Monday, April 25th 2016
25 april 2016 |
5 min
Angler EK Used to Spread CryptXXX
https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/
Honeports Powershell Script
https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/
Online Credit Card Fraud Soars
http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/
How to Trick Traffic Sensors
https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/
Opera VPN Service Analysis
https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10
https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/
Honeports Powershell Script
https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/
Online Credit Card Fraud Soars
http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/
How to Trick Traffic Sensors
https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/
Opera VPN Service Analysis
https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10
https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
ISC StormCast for Friday, April 22nd 2016
22 april 2016 |
5 min
Accellion Secure File Transfer Vulnerability and Facebook Exploitation
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Application Whitelisting Bypass With regsvr32
http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
New NetworkManager Version Released
https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2
Opera Includes Free VPN
http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Application Whitelisting Bypass With regsvr32
http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
New NetworkManager Version Released
https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2
Opera Includes Free VPN
http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
ISC StormCast for Thursday, April 21st 2016
21 april 2016 |
5 min
Decoding Pseudo Darkleech
https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/
Tesla Crypt 4.1
https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain
RansomWhere Protects OS X Users from Ransware
https://objective-see.com/products/ransomwhere.html
Testing TLS Libraries With TLS Attackers
https://github.com/RUB-NDS/TLS-Attacker
https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/
Tesla Crypt 4.1
https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain
RansomWhere Protects OS X Users from Ransware
https://objective-see.com/products/ransomwhere.html
Testing TLS Libraries With TLS Attackers
https://github.com/RUB-NDS/TLS-Attacker
ISC StormCast for Wednesday, April 20th 2016
20 april 2016 |
7 min
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Flash Provides Top Targeted Vulnerabilties for 2015
https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf
Google Publishes Data About Safe Browsing Effectiveness
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf
Detecting curl pipes to bash
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Flash Provides Top Targeted Vulnerabilties for 2015
https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf
Google Publishes Data About Safe Browsing Effectiveness
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf
Detecting curl pipes to bash
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
ISC StormCast for Tuesday, April 19th 2016
19 april 2016 |
5 min
Retefer Banking Malware Appearing Again
https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/
Ransomware Switching Focus From Hospitals to Schools
http://blog.talosintel.com/2016/04/jboss-backdoor.html
git on OS X vulnerable
https://rachelbythebay.com/w/2016/04/17/unprotected/
https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/
Ransomware Switching Focus From Hospitals to Schools
http://blog.talosintel.com/2016/04/jboss-backdoor.html
git on OS X vulnerable
https://rachelbythebay.com/w/2016/04/17/unprotected/
ISC StormCast for Monday, April 18th 2016
18 april 2016 |
6 min
Implementing "bash_history" for cmd.exe
https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/
Mixed encoding in Malicious Documents
https://isc.sans.edu/forums/diary/VBS+VBE/20953/
Swedish Air Traffic Control Outage Result of Solar Flares
http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss
Why you should not require password changes
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
Bypassing Microsoft Edge XSS Filter
http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/
Mixed encoding in Malicious Documents
https://isc.sans.edu/forums/diary/VBS+VBE/20953/
Swedish Air Traffic Control Outage Result of Solar Flares
http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss
Why you should not require password changes
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
Bypassing Microsoft Edge XSS Filter
http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
ISC StormCast for Friday, April 15th 2016
15 april 2016 |
6 min
Doing HTTP Key Pinning Right
https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/
Apple Ceases Support for Quicktime on Windows
https://support.apple.com/HT205771
http://zerodayinitiative.com/advisories/ZDI-16-241/
VMWare Releases Patch for VMWare Client Plugin
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Identify Ransomware
https://id-ransomware.malwarehunterteam.com
Another Fake Flash Update For OS X
https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/
Chrome 50 Released
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
URL Shorteners Weaken Random URLs
http://arxiv.org/pdf/1604.02734v1.pdf
https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/
Apple Ceases Support for Quicktime on Windows
https://support.apple.com/HT205771
http://zerodayinitiative.com/advisories/ZDI-16-241/
VMWare Releases Patch for VMWare Client Plugin
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Identify Ransomware
https://id-ransomware.malwarehunterteam.com
Another Fake Flash Update For OS X
https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/
Chrome 50 Released
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
URL Shorteners Weaken Random URLs
http://arxiv.org/pdf/1604.02734v1.pdf
ISC StormCast for Thursday, April 14th 2016 - Part 2
14 april 2016 |
5 min
PFSense DShield Client Updated for PFSense Version 2.3
https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/
JigSaw Decryption Tool Released
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
Android Bluetooth Pairing Vulnerability
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf
Samsung Galaxy Phones Expose Modem via USB Port
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/
JigSaw Decryption Tool Released
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
Android Bluetooth Pairing Vulnerability
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf
Samsung Galaxy Phones Expose Modem via USB Port
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
ISC StormCast for Thursday, April 14th 2016
14 april 2016 |
7 min
ISC StormCast for Tuesday, April 12th 2016
12 april 2016 |
6 min
Petyz Ransomware Decrypted
https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/
Malware Creator Bribes Anti-Virus Vendors
http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/
User Will Plug in USB Drives They Find In The Parking Lot
https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find
Ruby Gems Replacement Vulnerability
http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/
Malware Creator Bribes Anti-Virus Vendors
http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/
User Will Plug in USB Drives They Find In The Parking Lot
https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find
Ruby Gems Replacement Vulnerability
http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
ISC StormCast for Sunday, April 10th 2016
10 april 2016 |
7 min
Flash Releases Pre-Announced Emergency Patch
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/
Wordpress Will Start Using SSL
https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/
iMessage Vulnerablitiy Allows Access To Chat History
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
Ubuntu on Windows 10: Not as Insecure as Some Think
http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html
Special Badlock Webcast
https://www.sans.org/webcasts/badlock-102107
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/
Wordpress Will Start Using SSL
https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/
iMessage Vulnerablitiy Allows Access To Chat History
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
Ubuntu on Windows 10: Not as Insecure as Some Think
http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html
Special Badlock Webcast
https://www.sans.org/webcasts/badlock-102107
ISC StormCast for Friday, April 8th 2016
8 april 2016 |
6 min
Google/Facebook CAPTCHA Broken Again
https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Updated FBI Damage Numbers For Business E-Mail Compromise
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
PowerWare / PoshCoder Ransomware Decryption
https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption
Leaking Information Via Browser XSS Filters
http://www.mbsd.jp/blog/20160407.html
https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Updated FBI Damage Numbers For Business E-Mail Compromise
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
PowerWare / PoshCoder Ransomware Decryption
https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption
Leaking Information Via Browser XSS Filters
http://www.mbsd.jp/blog/20160407.html
ISC StormCast for Thursday, April 7th 2016
7 april 2016 |
5 min
Cisco Security Advisory
https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
OSVDB Closes Down
https://blog.osvdb.org/2016/04/05/osvdb-fin/
Apple iOS Passcode Bypass Vulnerability
http://seclists.org/fulldisclosure/2016/Apr/19
Securing the Human: Ouch Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
OSVDB Closes Down
https://blog.osvdb.org/2016/04/05/osvdb-fin/
Apple iOS Passcode Bypass Vulnerability
http://seclists.org/fulldisclosure/2016/Apr/19
Securing the Human: Ouch Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
ISC StormCast for Wednesday, April 6th 2016
6 april 2016 |
6 min
New Microsoft Patches API
https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/
BadLock Webcast
https://www.sans.org/webcasts/badlock-102107
Microsoft Single Signon Vulnerable to Token Hijacking
https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/
Domino's Pizza Mobile App Payment Bypass
http://www.ifc0nfig.com/dominos-pizza-and-payments/
https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/
BadLock Webcast
https://www.sans.org/webcasts/badlock-102107
Microsoft Single Signon Vulnerable to Token Hijacking
https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/
Domino's Pizza Mobile App Payment Bypass
http://www.ifc0nfig.com/dominos-pizza-and-payments/
ISC StormCast for Tuesday, April 5th 2016
5 april 2016 |
5 min
Android Patch Monday
https://source.android.com/security/bulletin/2016-04-02.html
Jenkins Continous Integration Tool Leaks Anonymous Usage Data
https://jenkins.io/blog/2016/03/30/usage-statistics-privacy-advisory/
BREACH Attack Revived/Improved
audio: https://regmedia.co.uk/2016/04/04/podcast_beast_2_bhasia.mp3
slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf
https://source.android.com/security/bulletin/2016-04-02.html
Jenkins Continous Integration Tool Leaks Anonymous Usage Data
https://jenkins.io/blog/2016/03/30/usage-statistics-privacy-advisory/
BREACH Attack Revived/Improved
audio: https://regmedia.co.uk/2016/04/04/podcast_beast_2_bhasia.mp3
slides: https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf
ISC StormCast for Monday, April 4th 2016
4 april 2016 |
6 min
Tips for Stopping Ransomware
https://isc.sans.edu/forums/diary/Tips+for+Stopping+Ransomware/20903/
Vulnerability in Lhasa decompression library
http://blog.talosintel.com/2016/03/vulnerability-lhasa.html
How to Decrypt Kimcilware Encrypted Files
http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it
Fileless Malware
http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE- -A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
https://isc.sans.edu/forums/diary/Tips+for+Stopping+Ransomware/20903/
Vulnerability in Lhasa decompression library
http://blog.talosintel.com/2016/03/vulnerability-lhasa.html
How to Decrypt Kimcilware Encrypted Files
http://blog.fortinet.com/post/kimcilware-ransomware-how-to-decrypt-encrypted-files-and-who-is-behind-it
Fileless Malware
http://blog.airbuscybersecurity.com/post/2016/03/FILELESS-MALWARE- -A-BEHAVIOURAL-ANALYSIS-OF-KOVTER-PERSISTENCE
ISC StormCast for Friday, April 1st 2016
1 april 2016 |
6 min
Trend Micro Leaves Remote Debugger in Password Manager
https://bugs.chromium.org/p/project-zero/issues/detail?id=773&can=1&q=trend
Several Palo Alto Vulnerabilities
https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf
Bypassing The iOS Gatekeeper
https://www.checkpoint.com/resources/sidestepper-ios-vulnerability/iOS_Vulnerability_Report_160330_A.pdf
https://bugs.chromium.org/p/project-zero/issues/detail?id=773&can=1&q=trend
Several Palo Alto Vulnerabilities
https://www.troopers.de/media/filer_public/a5/4d/a54da07e-3780-4f83-b4ac-8c620666a60a/paloalto_troopers.pdf
Bypassing The iOS Gatekeeper
https://www.checkpoint.com/resources/sidestepper-ios-vulnerability/iOS_Vulnerability_Report_160330_A.pdf
00:00
-00:00
En liten tjänst av I'm With Friends. Finns även på engelska.