A brief daily summary of what is important in cyber security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually about 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter?
https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372
VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968
Unifi Security Advisory Bulletin 043
https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7
Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability.
https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability
Atlassian Security Bulletin - October 15 2024
https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html
OneDev Arbitrary file reading for unauthenticated user
https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489
10/23/2024 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, October 22nd, 2024
A Network Nerd's Take on Emergency Preparedness
https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356
HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133
https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/
Fortinet releases patches for undisclosed critical FortiManager vulnerability
https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/
ScienceLogic Vulnerability
https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6
https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm
10/22/2024 • 6 minutes, 26 seconds
ISC StormCast for Monday, October 21st, 2024
Microsoft 365: Partially incomplete log data due to monitoring agent issue
https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/
End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem
https://brokencloudstorage.info/paper.pdf
ESET Branded Malware
https://x.com/ESETresearch/status/1847192384448172387
Synology Update
https://www.synology.com/en-us/security/advisory/Synology_SA_24_17
Spring Framework Update CVe-2024-38819 CVE-2024-38820
https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published
Grafana Security Release CVE-2024-9264
https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/
10/21/2024 • 5 minutes, 42 seconds
ISC StormCast for Friday, October 18th, 2024
Scanning Activity from Subnet 15.184.0.0/16.
https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362
Gatekeeper Bypass
/unit42.paloaltonetworks.com/gatekeeper-bypass-macos/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2024.html
Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy
SAP Vulnerability
https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/
Dept. of Commerce Sites Advertising Medication
https://x.com/tliston/status/1833542884047654984
10/18/2024 • 5 minutes, 52 seconds
ISC StormCast for Thursday, October 17th, 2024
The Top 10 Not So Common SSH Usernames and Passwords
https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360
CISA Product Security Bad Practices
https://www.cisa.gov/resources-tools/resources/product-security-bad-practices
Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594
https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119
Solarwinds Hardcoded Password Exploited CVE-2024-28987
https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/
Bypassing noexec and executing arbitrary binaries
https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries
Workshop Website:
https://www.sansapi.com/
https://www.sansapi.com/docs
10/17/2024 • 5 minutes, 38 seconds
ISC StormCast for Wednesday, October 16th, 2024
Angular-base64-upload Demo Script Exploited
https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354
Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage
http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf
EDRSilencer
https://github.com/netero1010/EDRSilencer
Synchronizing Passkeys
https://fidoalliance.org/specifications-credential-exchange-specifications/
10/16/2024 • 6 minutes, 44 seconds
ISC StormCast for Tuesday, October 15th, 2024
Phishing Page Delivered Through a Blob URL
https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350
Fortinet Fortigate CVE 2024-23113 deep dive
https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/
This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands
https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/
10/15/2024 • 5 minutes, 43 seconds
ISC StormCast for Monday, October 14th, 2024
Windows PPTP and L2TP Deprecation
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956
BIG-IP LTM Systems Unencrypted Cookie Exploitation
https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/
10/14/2024 • 5 minutes, 56 seconds
ISC StormCast for Friday, October 11th, 2024
GPTHoney: A new class of honeypot
https://isc.sans.edu/diary/GPTHoney%3A%20A%20new%20class%20of%20honeypot%20%5BGuest%20Diary%5D/31342
Palo Alto Expedition: From N-Day to Full Compromise
https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/
Firefox 0-Day
https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/
GitLab Vulnerabilities Patched
https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/
10/11/2024 • 5 minutes, 8 seconds
ISC StormCast for Thursday, October 10th, 2024
From Perfctl to InfoStealer
https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334
Wazuh Abused by Miner Campaign
https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/
USB Sticks Still Bridge Airgaps
https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/
Fortigate Vulnerability now being exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-23113
10/10/2024 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, October 9th, 2024
Microsoft Patch Tuesday - October 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
The Disappearance of an Internet Domain
https://every.to/p/the-disappearance-of-an-internet-domain
10/9/2024 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, October 8th, 2024
macOS Sequoia: System/Network Admins, Hold On!
https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms
Apple iTunes PoC
https://github.com/mbog14/CVE-2024-44193
Attackers used ISP's Wiretap System to Spy on Users
https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835
https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/
10/8/2024 • 5 minutes, 36 seconds
ISC StormCast for Monday, October 7th, 2024
Survey of CUPS exploit URLs
https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326
Exposed LDAP Servers
https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit
Exploiting Visual Studio via Dump Files
https://ynwarcs.github.io/exploiting-vs-dump-files
Apple Security Updates
https://support.apple.com/en-us/100100
Free API Security Workshop
https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/
10/7/2024 • 5 minutes, 34 seconds
ISC StormCast for Friday, October 4th, 2024
Kickstart Your DShield Honeypot
https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320
CreanaKeeper Use of Cloud Services
https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/
Pixel Addressing Vulnerabilities in Cellular Modems
https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html
Optigo Spectra Vulnerabilities
https://claroty.com/team82/disclosure-dashboard/cve-2024-41925
https://claroty.com/team82/disclosure-dashboard/cve-2024-45367
10/4/2024 • 5 minutes, 53 seconds
ISC StormCast for Thursday, October 3rd, 2024
Security Related Docker Containers
https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318
CUPS DDoS Attack
https://www.akamai.com/blog/security-research/october-cups-ddos-threat
Draytek Vulnerabilities
https://www.forescout.com/resources/draybreak-draytek-research/
SANS Munich (free Community Night Tuesday October 15th)
https://www.sans.org/cyber-security-training-events/munich-october-2024/
10/3/2024 • 6 minutes, 35 seconds
ISC StormCast for Wednesday, October 2nd, 2024
Hurricane Helene Aftermath - Cyber Security Awareness Month
https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314
Zimbra - Remote Command Execution (CVE-2024-45519)
https://blog.projectdiscovery.io/zimbra-remote-code-execution/
Enhancing the security of Microsoft Edge extensions with the new Publish API
https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/
CVE-2024-36435 Deep-Dive: The Year s Most Critical BMC Security Flaw
https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw
10/2/2024 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, October 1st, 2024
Tool Update: mac-robber.py, le-hex-to-ip.py
https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310
Ransomware Attacks Expanding to Hybrid Cloud Environments
https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/
Update on Recall Security and Privacy Architecture
https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/
Detecting Ransomware in Windows Event Logs
https://blogs.jpcert.or.jp/en/2024/09/windows.html
Progress WhatsUp Gold Update
https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview
Singapore Class
https://jbu.me/singapore
10/1/2024 • 6 minutes, 16 seconds
ISC StormCast for Monday, September 30th, 2024
CUPS Vulnerability
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
PHP Updates
https://www.php.net/ChangeLog-8.php#8.1.30
DNS And Big Chinese Firewall
https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall
https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175
HPE Aruba Networking Vulnerabilities
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US
9/30/2024 • 7 minutes
ISC StormCast for Friday, September 27th, 2024
Patch for Critical CUPS vulnerability: Don't Panic
https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302
9/27/2024 • 6 minutes, 53 seconds
ISC StormCast for Thursday, September 26th, 2024
DNS Reflection Update and Corrupted DNS Requests
https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
9/26/2024 • 7 minutes, 1 second
ISC StormCast for Thursday, September 26th, 2024
DNS Reflection Update and Corrupted DNS Requests
https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296
CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability
https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987
Watchguard Unauthenticated and Unencrypted SSO Protocol
https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/
https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014
Infostealers Overcome Chrome's App Bound Encryption
https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/
9/26/2024 • 7 minutes, 1 second
ISC StormCast for Wednesday, September 25th, 2024
Exploitation of RAISECOM Gateway Devices CVE-2024-7120
https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
9/25/2024 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, September 25th, 2024
Exploitation of RAISECOM Gateway Devices CVE-2024-7120
https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292
Cellopoint Vulnerability CVE-2024-9043
https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html
Cisco Smart Licensing Vulnerability Details
https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html
Ivanti Virtual Traffic Manager Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
GNU Linux Systems Possible Critical Vulnerability
https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/
9/25/2024 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, September 24th, 2024
Phishing Links With @ Sign
https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043
9/24/2024 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, September 24th, 2024
Phishing Links With @ Sign
https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288
Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning
https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/
Microchip ASF tinydhcp Vulnerability
https://kb.cert.org/vuls/id/138043
9/24/2024 • 5 minutes, 33 seconds
ISC StormCast for Monday, September 23rd, 2024
Windows Server Update Services Deprecation
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
9/23/2024 • 5 minutes, 13 seconds
ISC StormCast for Monday, September 23rd, 2024
Windows Server Update Services Deprecation
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436
Windows Server 2025 Hotpatches
https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296
Google Suggests Not Using WHOIS for Certificate Validation
https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html
Versa Director Vulnerability
https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9
Apache Hugegraph Vulnerability Exploited
https://nvd.nist.gov/vuln/detail/CVE-2024-27348
9/23/2024 • 5 minutes, 13 seconds
ISC StormCast for Friday, September 20th, 2024
Fake GitHub Site Targeting Developers
https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
9/20/2024 • 7 minutes, 35 seconds
ISC StormCast for Friday, September 20th, 2024
Fake GitHub Site Targeting Developers
https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282
Ivanti CSA 4.6 Advisory
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US
German Police Deanonymizes Tor User
https://blog.torproject.org/tor-is-still-safe/
Ever wonder how crooks get the credentials to unlock stolen phones?
https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/
9/20/2024 • 7 minutes, 35 seconds
ISC StormCast for Thursday, September 19th, 2024
Python Infostealer Patching Windows Exodus App
https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
9/19/2024 • 4 minutes, 13 seconds
ISC StormCast for Thursday, September 19th, 2024
Python Infostealer Patching Windows Exodus App
https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276
Service Now Knoledge Bases Data Exposures
https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/
Gitlab Patch
https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/
Aruba Patch
https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US
9/19/2024 • 4 minutes, 13 seconds
ISC StormCast for Wednesday, September 18th, 2024
23:59, Time to Exfiltrate!
https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
9/18/2024 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, September 18th, 2024
23:59, Time to Exfiltrate!
https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272
Critical VMWare VCenter Vulnerability
https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/
Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS
https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b
Google Adds Latest Post Quantum Encryption Standard to Chrome
https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html
9/18/2024 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, September 17th, 2024
Managing PE Files with Overlays
https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
9/17/2024 • 5 minutes, 14 seconds
ISC StormCast for Tuesday, September 17th, 2024
Managing PE Files with Overlays
https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/
Apple Updates
https://support.apple.com/en-us/100100
Ivanti EOL Cloud Service Appliances
https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance
Microsoft Revises September Update
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461
DLink Vulnerabilities
https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html
https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html
https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html
9/17/2024 • 5 minutes, 14 seconds
ISC StormCast for Monday, September 16th, 2024
Finding Honeypot Clusters Using DBSCAN
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342
9/16/2024 • 6 minutes, 3 seconds
ISC StormCast for Monday, September 16th, 2024
Finding Honeypot Clusters Using DBSCAN
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194
Auto IT Credential Flusher
https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US
https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/
File Sender Vulnerability
https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/
Docker Patches
https://docs.docker.com/desktop/release-notes/#4342
9/16/2024 • 6 minutes, 3 seconds
ISC StormCast for Friday, September 13th, 2024
Compromise of old hostname .mobi whois server
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
9/13/2024 • 5 minutes, 13 seconds
ISC StormCast for Friday, September 13th, 2024
Compromise of old hostname .mobi whois server
https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/
Microsoft Reconsidering Security Tool API
https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/
Microsoft implents PQC in SymCrypt
https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780
GitLab Patch
https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job
9/13/2024 • 5 minutes, 13 seconds
ISC StormCast for Wednesday, September 11th, 2024
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
9/11/2024 • 6 minutes
ISC StormCast for Wednesday, September 11th, 2024
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Ivanti Patches
https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US
Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
9/9/2024 • 6 minutes, 15 seconds
ISC StormCast for Monday, September 9th, 2024
Password Cracking Energy: More Details
https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242
Python Notpad ++
https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240
Fake LinkedIn Job Ads
https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/
Android Crypto Passphrase Stealer with OCR
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/
Sextortion Scam Now use Your Chating Spouses Name as a Lure
https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/
9/9/2024 • 6 minutes, 15 seconds
ISC StormCast for Friday, September 6th, 2024
Enrichment Data: Keeping it Fresh
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
9/6/2024 • 6 minutes, 4 seconds
ISC StormCast for Friday, September 6th, 2024
Enrichment Data: Keeping it Fresh
https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236
Veeam Update
https://www.veeam.com/kb4649
New OFBiz Vulnerabilities
https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/
Cisco Smart License Manager Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw
Wireshark 4.4: Converting Display Filters to BPF Capture Filters
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
9/3/2024 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, September 3rd, 2024
Wireshark 4.4: Converting Display Filters to BPF Capture Filters
https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224
GitHub Comments Used to Spread Malware
https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/
Voldemort Malware Curses Orgs Using Global Tax Authorities
https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities
Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents
https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/
9/3/2024 • 5 minutes, 41 seconds
ISC StormCast for Friday, August 30th, 2024
Live Patching DLLs with Python
https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
8/30/2024 • 14 minutes, 1 second
ISC StormCast for Friday, August 30th, 2024
Live Patching DLLs with Python
https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218
Global Protect Phishing
https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html
BlackByte Ransomware Update
https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/
The Risks Lurking in Publicly Exposed GenAI Development Services
https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services
Finding Lateral Movement of Adversaries Through the Noise of Systems Administration
https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/
YouTube Channel: https://www.youtube.com/c/CyberAttackDefense
8/30/2024 • 14 minutes, 1 second
ISC StormCast for Thursday, August 29th, 2024
Vega-Lite With Kibana To Parse and Display IP Activity Over Time
https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011
8/29/2024 • 5 minutes, 49 seconds
ISC StormCast for Thursday, August 29th, 2024
Vega-Lite With Kibana To Parse and Display IP Activity Over Time
https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210
Attack tool update impairs Windows computers
https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/
Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a
Confluence Vulnerabilty Exploited for Crypto Miners
https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html
Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials
https://www.fortra.com/security/advisories/product-security/fi-2024-011
8/29/2024 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, August 28th, 2024
Why is Python so Popular to Infect Windows Hosts
https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347
8/28/2024 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, August 28th, 2024
Why is Python so Popular to Infect Windows Hosts
https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208
OFBiz Vulnerability Update
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
https://nvd.nist.gov/vuln/detail/CVE-2024-38856
Versa Directory Vulnerability Exploited
https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/
Google Chrome Vulnerability Exploited
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
SGX Key Leak
https://x.com/_markel___/status/1828112469010596347
8/28/2024 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, August 27th, 2024
From Highly Obfuscated Batch File to XWorm and Redline
https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992
8/27/2024 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, August 27th, 2024
From Highly Obfuscated Batch File to XWorm and Redline
https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204
CVE-2024-38063 Windows IPv6 Issue PoC Exploit
https://github.com/ynwarcs/CVE-2024-38063
Not a vulnerability
https://github.com/juwenyi/CVE-2024-42992
8/27/2024 • 5 minutes, 34 seconds
ISC StormCast for Monday, August 26th, 2024
Pandas Erros: What encoding are my logs in?
https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
8/26/2024 • 5 minutes, 34 seconds
ISC StormCast for Monday, August 26th, 2024
Pandas Erros: What encoding are my logs in?
https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200
Crowdstrike Performance Issues
https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/
CopyBara Malware
https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015
8/26/2024 • 5 minutes, 34 seconds
ISC StormCast for Friday, August 23rd, 2024
OpenAI Scans Honeypots
https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
8/23/2024 • 15 minutes, 20 seconds
ISC StormCast for Friday, August 23rd, 2024
OpenAI Scans Honeypots
https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196
Broken Linux Boot Partitions after August Microsoft Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc
Google Fixes Chrome 0-day
https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html
Cisco Zero Day Exploited (now Patched)
https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/
Solar Winds Helpdesk Backdoor
https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2
Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross)
https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/
8/23/2024 • 15 minutes, 20 seconds
ISC StormCast for Thursday, August 22nd, 2024
Mapping Threats wiht DNSTwist and the Internet Storm Center
https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
8/22/2024 • 7 minutes, 5 seconds
ISC StormCast for Thursday, August 22nd, 2024
Mapping Threats wiht DNSTwist and the Internet Storm Center
https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188
Slack AI Prompt Injection
https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private
Phishing in PWA Applications
https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/
QNAP Ransomware Security Center
https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection
8/22/2024 • 7 minutes, 5 seconds
ISC StormCast for Wednesday, August 21st, 2024
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108
8/21/2024 • 4 minutes, 54 seconds
ISC StormCast for Wednesday, August 21st, 2024
Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability
https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186
Microsoft August Update Prevents Linux from Booting
https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354
PHP CGI Vulnerability Exploited CVE-2024-4577
https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns
F5 Updates
https://my.f5.com/manage/s/article/K000140111
https://my.f5.com/manage/s/article/K000140108
8/21/2024 • 4 minutes, 54 seconds
ISC StormCast for Tuesday, August 20th, 2024
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python
https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ
8/20/2024 • 7 minutes, 12 seconds
ISC StormCast for Tuesday, August 20th, 2024
Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python
https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182
How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions
https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/
Digital Wallet Security Loophole
https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt
Microsoft IPv6 Vulnerability CVE-2024-38063
https://x.com/f4rmpoet/status/1825472703223992323
YouTube Video (going live 10am ET)
https://www.youtube.com/watch?v=miBb1llFOYQ
8/20/2024 • 7 minutes, 12 seconds
ISC StormCast for Monday, August 19th, 2024
Summarizing Web Honeypot Logs
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf
8/19/2024 • 6 minutes, 6 seconds
ISC StormCast for Monday, August 19th, 2024
Summarizing Web Honeypot Logs
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%207%20minutes%20and%204%20steps%20to%20a%20quick%20win%3A%20A%20write-up%20on%20custom%20tools/31170
Large Scale Cloud Extortion Operation
https://unit42.paloaltonetworks.com/large-scale-cloud-extortion-operation/
Chrome Redacting Credit Cards and Passwords when you share Android Screens
https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/
Google Products Targeted by Search Ad Scammers
https://www.malwarebytes.com/blog/scams/2024/08/dozens-of-google-products-targeted-by-scammers-via-malicious-search-ads
MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicyles
https://www.usenix.org/system/files/woot24-motallebighomi.pdf
8/19/2024 • 6 minutes, 6 seconds
ISC StormCast for Friday, August 16th, 2024
Wireshark 4.4.0 rc 1 Custom Columns
https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/
8/16/2024 • 17 minutes, 23 seconds
ISC StormCast for Friday, August 16th, 2024
Wireshark 4.4.0 rc 1 Custom Columns
https://isc.sans.edu/diary/Wireshark%204.4.0rc1%27s%20Custom%20Columns/31174
Github Repo Artifact Leak Tokens
https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/
BitLocker Security Feature Bypass Vulnerability
https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-38058
Solarwindws Hotfix
https://support.solarwinds.com/SuccessCenter/s/article/WHD-12-8-3-Hotfix-1
Ed Skoudis, Paul Maurer: The Code of Honor
https://cybercodeofhonor.com/
Microsoft August 2024 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164
NIST Finalizes Post Quantum Encryption Standards
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Zabbix Network Monitoring Updates
https://support.zabbix.com/browse/ZBX-25016
https://support.zabbix.com/browse/ZBX-25013
(and others)
8/14/2024 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, August 14th, 2024
Microsoft August 2024 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202024%20Patch%20Tuesday/31164
NIST Finalizes Post Quantum Encryption Standards
https://www.nist.gov/news-events/news/2024/08/nist-releases-first-3-finalized-post-quantum-encryption-standards
Zabbix Network Monitoring Updates
https://support.zabbix.com/browse/ZBX-25016
https://support.zabbix.com/browse/ZBX-25013
(and others)
8/14/2024 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, August 13th, 2024
QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share
https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
Chrome, Edge users beset by malicious extensions that can t be easily removed
https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/
AMD Guest Memory Vulnerabilities
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
8/13/2024 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, August 13th, 2024
QuickShell: Sharing is Caring about an RCE Attack Chain on Quick Share
https://www.safebreach.com/blog/rce-attack-chain-on-quick-share
Chrome, Edge users beset by malicious extensions that can t be easily removed
https://www.helpnetsecurity.com/2024/08/12/chrome-edge-malicious-browser-extensions/
AMD Guest Memory Vulnerabilities
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7014.html
8/13/2024 • 5 minutes, 31 seconds
ISC StormCast for Monday, August 12th, 2024
CORS/SameOrigin Video
https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html
GL-Inet Patches
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/
Microsoft Office Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
8/12/2024 • 5 minutes, 51 seconds
ISC StormCast for Monday, August 12th, 2024
CORS/SameOrigin Video
https://isc.sans.edu/forums/diary/Video%3A%20Same%20Origin%2C%20CORS%2C%20DNS%20Rebinding%20and%20Localhost/31158/
Splitting the email atom: exploiting parsers to bypass access controls
https://portswigger.net/research/splitting-the-email-atom#parser-discrepancies
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
https://blog.orange.tw/2024/08/confusion-attacks-en.html
GL-Inet Patches
https://www.gl-inet.com/security-updates/security-advisories-vulnerabilities-and-cves-aug-1-2024/
Microsoft Office Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-38200
0.0.0.0 Day Exploiting Localhost APIs from the Browser
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Apple Hardens Gatekeeper
https://developer.apple.com/news/?id=saqachfa
Downgrade Attacks Using Windows Updates
https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
8/8/2024 • 6 minutes, 20 seconds
ISC StormCast for Thursday, August 8th, 2024
0.0.0.0 Day Exploiting Localhost APIs from the Browser
https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser
Apple Hardens Gatekeeper
https://developer.apple.com/news/?id=saqachfa
Downgrade Attacks Using Windows Updates
https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/
8/8/2024 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, August 7th, 2024
A Survey of Scans For GeoServer Vulnerabilities
https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148
Crowdstrike Root Cause Analysis
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Kibana Vulnerability
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Android August 2024 Bulletin
https://source.android.com/docs/security/bulletin/2024-08-01
Ubiquity Amplication Attack Vulnerability Update
https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
8/7/2024 • 5 minutes, 58 seconds
ISC StormCast for Wednesday, August 7th, 2024
A Survey of Scans For GeoServer Vulnerabilities
https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148
Crowdstrike Root Cause Analysis
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
Kibana Vulnerability
https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424
Android August 2024 Bulletin
https://source.android.com/docs/security/bulletin/2024-08-01
Ubiquity Amplication Attack Vulnerability Update
https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/
8/7/2024 • 5 minutes, 58 seconds
ISC StormCast for Tuesday, August 6th, 2024
Script Obfuscation Using Multiple Instances of the Same Function
https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144
Disclosure of key technical details of CrowdStrike's large-scale blue screen
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
New OFBiz Vulnerability
https://issues.apache.org/jira/browse/OFBIZ-13128
https://www.youtube.com/watch?v=J_IxCBjd4Pw
Roundcube XSS Vulnerabilities
https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
8/6/2024 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, August 6th, 2024
Script Obfuscation Using Multiple Instances of the Same Function
https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144
Disclosure of key technical details of CrowdStrike's large-scale blue screen
https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ
New OFBiz Vulnerability
https://issues.apache.org/jira/browse/OFBIZ-13128
https://www.youtube.com/watch?v=J_IxCBjd4Pw
Roundcube XSS Vulnerabilities
https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/
8/6/2024 • 6 minutes, 21 seconds
ISC StormCast for Monday, August 5th, 2024
Current Secure Boot Certifiate Authority Expires in 2026
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a
8/5/2024 • 6 minutes, 21 seconds
ISC StormCast for Monday, August 5th, 2024
Current Secure Boot Certifiate Authority Expires in 2026
https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140
OOXML Spreadsheets Protected by Verifier Hashes
https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072
StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms
https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/
DARPA TRACTOR Program for Translating C to Rust
https://www.darpa.mil/news-events/2024-07-31a
8/5/2024 • 6 minutes, 21 seconds
ISC StormCast for Friday, August 2nd, 2024
Tracking Proxy Scans with IPv4.Games
https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
Threat Actor Impersonates Google via Fake Ad For Authenticator
https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
Who Knew? Domain Hijacking is so easy
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
8/2/2024 • 6 minutes, 13 seconds
ISC StormCast for Friday, August 2nd, 2024
Tracking Proxy Scans with IPv4.Games
https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136
Threat Actor Impersonates Google via Fake Ad For Authenticator
https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator
Who Knew? Domain Hijacking is so easy
https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/
8/2/2024 • 6 minutes, 13 seconds
ISC StormCast for Thursday, August 1st, 2024
Increased Activity Against Apache OFBiz CVS-2024-32113
https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132
Digicert Certificate Revocation Incident
https://www.digicert.com/support/certificate-revocation-incident
Microsoft Azure Outage
https://azure.status.microsoft/en-us/status/history/
Improving Security of Chrome Cookies
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
8/1/2024 • 6 minutes, 33 seconds
ISC StormCast for Thursday, August 1st, 2024
Increased Activity Against Apache OFBiz CVS-2024-32113
https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132
Digicert Certificate Revocation Incident
https://www.digicert.com/support/certificate-revocation-incident
Microsoft Azure Outage
https://azure.status.microsoft/en-us/status/history/
Improving Security of Chrome Cookies
https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html
8/1/2024 • 6 minutes, 33 seconds
ISC StormCast for Wednesday, July 31st, 2024
Apple Updates Everything: July 2024 Edition
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128
VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Weak VoWiFi Encryption CVE-2024-22064
https://idw-online.de/en/news837652
7/31/2024 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, July 31st, 2024
Apple Updates Everything: July 2024 Edition
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128
VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085
https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/
Weak VoWiFi Encryption CVE-2024-22064
https://idw-online.de/en/news837652
ExelaStealer Delivered "From Russia With Love"
https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
7/29/2024 • 6 minutes, 3 seconds
ISC StormCast for Monday, July 29th, 2024
ExelaStealer Delivered "From Russia With Love"
https://isc.sans.edu/diary/31118
Create Your Own BSOD: NotMyFault
https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120
PKFail Vulnerability
https://pk.fail/
CrowdStrike Recovery
https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/
7/29/2024 • 6 minutes, 3 seconds
ISC StormCast for Friday, July 26th, 2024
X-Worm Hidden With Process Hollowing
https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112
Anyone Can Access Deleted and Private Repo Data on GitHub
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Google Chrome Scanning Encrypted Files
https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
7/26/2024 • 5 minutes, 54 seconds
ISC StormCast for Friday, July 26th, 2024
X-Worm Hidden With Process Hollowing
https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112
Anyone Can Access Deleted and Private Repo Data on GitHub
https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github
Google Chrome Scanning Encrypted Files
https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/
7/26/2024 • 5 minutes, 54 seconds
ISC StormCast for Thursday, July 25th, 2024
"Mouse Logger" Malicious Python Script
https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106
Crowdstrike Preliminary Post Incident Review
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
7/25/2024 • 5 minutes, 32 seconds
ISC StormCast for Thursday, July 25th, 2024
"Mouse Logger" Malicious Python Script
https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106
Crowdstrike Preliminary Post Incident Review
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
How a North Korean Fake IT Worker Tried to Infiltrate Us
https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us
7/25/2024 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, July 24th, 2024
New Exploit Variation Against D-Link NAS Devices
https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102
APKs Masquerading as Videos on Telegram
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Goodbye Attackers can Bypass Windows Hello Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
Let's Encrypt Intends to End OCSP Service
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
Google Third-Party Cookies are hanging around
https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
7/24/2024 • 6 minutes, 23 seconds
ISC StormCast for Wednesday, July 24th, 2024
New Exploit Variation Against D-Link NAS Devices
https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102
APKs Masquerading as Videos on Telegram
https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/
Goodbye Attackers can Bypass Windows Hello Strong Authentication
https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication
Let's Encrypt Intends to End OCSP Service
https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html
Google Third-Party Cookies are hanging around
https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/
Widespread Windows Crashes Due to Crowdstrike Updates
https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
7/22/2024 • 8 minutes, 38 seconds
ISC StormCast for Monday, July 22nd, 2024
Widespread Windows Crashes Due to Crowdstrike Updates
https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094
https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/
https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/
https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959
7/22/2024 • 8 minutes, 38 seconds
ISC StormCast for Friday, July 19th, 2024
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2024.html
Exchange Online Implementing Inbound SMTP DANE with DNSSEC
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257
VPN Port Shadowing Vulnerability
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
7/19/2024 • 5 minutes, 38 seconds
ISC StormCast for Friday, July 19th, 2024
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2024.html
Exchange Online Implementing Inbound SMTP DANE with DNSSEC
https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257
VPN Port Shadowing Vulnerability
https://petsymposium.org/popets/2024/popets-2024-0070.pdf
7/19/2024 • 5 minutes, 38 seconds
ISC StormCast for Thursday, July 18th, 2024
Who You Gonna Call: Androx Gh0st Busters!
https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086
Cisco Smart Software Manager Vulnerability CVE-2024-20419
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Microsoft Introducing Checkpoint Updates
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552
GeoServer Patches
https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
7/18/2024 • 6 minutes, 4 seconds
ISC StormCast for Thursday, July 18th, 2024
Who You Gonna Call: Androx Gh0st Busters!
https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086
Cisco Smart Software Manager Vulnerability CVE-2024-20419
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy
Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH
Microsoft Introducing Checkpoint Updates
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552
GeoServer Patches
https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv
7/18/2024 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, July 17th, 2024
Reply Chain Phishing With a Twist
https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084
Claroty TP-Link and Synology IP Camera Exploits
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
Cosmic Sting Hits Adobe Commerce Stores
https://sansec.io/research/cosmicsting-hitting-major-stores
7/17/2024 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, July 17th, 2024
Reply Chain Phishing With a Twist
https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084
Claroty TP-Link and Synology IP Camera Exploits
https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera
https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase
Cosmic Sting Hits Adobe Commerce Stores
https://sansec.io/research/cosmicsting-hitting-major-stores
7/17/2024 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, July 16th, 2024
Protected OOXML Spreadsheets
https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070
Leaked PyPi Secret Token Revealed in Binary
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
Microsoft 365 Defender Affected by June Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
7/16/2024 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, July 16th, 2024
Protected OOXML Spreadsheets
https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070
Leaked PyPi Secret Token Revealed in Binary
https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/
Microsoft 365 Defender Affected by June Update
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted
7/16/2024 • 5 minutes, 59 seconds
ISC StormCast for Monday, July 15th, 2024
16-Bit Hash Collisions in XLS Spreadsheets
https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
7/15/2024 • 6 minutes, 30 seconds
ISC StormCast for Monday, July 15th, 2024
16-Bit Hash Collisions in XLS Spreadsheets
https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066
Attacks against the "Nette" PHP framework CVE-2020-15227
https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/
Squarespace Hijacked Domains
https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf
Finding Honeypot Data Clusters Using DBSCAN Part 1
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050
Second RegreSSHion Like OpenSSH Vulnerability
https://lwn.net/ml/all/[email protected]/
Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py
Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236
OpenVPN Updates
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
7/11/2024 • 5 minutes, 33 seconds
ISC StormCast for Thursday, July 11th, 2024
Finding Honeypot Data Clusters Using DBSCAN Part 1
https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050
Second RegreSSHion Like OpenSSH Vulnerability
https://lwn.net/ml/all/[email protected]/
Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112
https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/
SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023
https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py
Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236
https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236
OpenVPN Updates
https://openvpn.net/security-advisory/ovpnx-vulnerability-cve-2024-27903-cve-2024-27459-cve-2024-24974/
7/11/2024 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, July 10th, 2024
Microsoft Patch Tuesday July 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
RADIUS protocol susceptible to forgery attacks
https://kb.cert.org/vuls/id/456537
https://www.inkbridgenetworks.com/blastradius/faq
7/10/2024 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, July 10th, 2024
Microsoft Patch Tuesday July 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
RADIUS protocol susceptible to forgery attacks
https://kb.cert.org/vuls/id/456537
https://www.inkbridgenetworks.com/blastradius/faq
7/10/2024 • 6 minutes, 25 seconds
ISC StormCast for Tuesday, July 9th, 2024
Kunai: Keep an Eye on your Linux Hosts Activity
https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054
Decryptor for DoNex Ransomware
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve)
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Exim Bypass Attachment Inspection
https://bugs.exim.org/show_bug.cgi?id=3099#c4
Toshiba/Sharp Printer vulnerabilities
https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
7/9/2024 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, July 9th, 2024
Kunai: Keep an Eye on your Linux Hosts Activity
https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054
Decryptor for DoNex Ransomware
https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/
Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve)
https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server
Exim Bypass Attachment Inspection
https://bugs.exim.org/show_bug.cgi?id=3099#c4
Toshiba/Sharp Printer vulnerabilities
https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html
https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html
What Setting Live Traps For Cybercriminals Taught Me About Security
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
6/28/2024 • 7 minutes, 29 seconds
ISC StormCast for Friday, June 28th, 2024
What Setting Live Traps For Cybercriminals Taught Me About Security
https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038
TeamViewer Compromise
https://www.teamviewer.com/en-us/resources/trust-center/statement/
Fortra File Catalyst Vulnerability and PoC
https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0
https://www.tenable.com/security/research/tra-2024-25
GitLab Critical Update
https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/
When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI
https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/
TCP Latency Sidechannel
https://www.snailload.com/snailload.pdf
Microsoft Management Console for Intial Access and Evasion
https://www.elastic.co/security-labs/grimresource
Wyze Camera Vulnerabilities
https://forums.wyze.com/t/security-advisory/289256
6/26/2024 • 6 minutes, 23 seconds
ISC StormCast for Wednesday, June 26th, 2024
TCP Latency Sidechannel
https://www.snailload.com/snailload.pdf
Microsoft Management Console for Intial Access and Evasion
https://www.elastic.co/security-labs/grimresource
Wyze Camera Vulnerabilities
https://forums.wyze.com/t/security-advisory/289256
Sysinternals Process Monitor Version 4 Released
https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
6/24/2024 • 7 minutes, 6 seconds
ISC StormCast for Monday, June 24th, 2024
Sysinternals Process Monitor Version 4 Released
https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026
Kaspersky Sanctions
https://home.treasury.gov/news/press-releases/jy2420
Phoenix UEFI Buffer Overflow Affects Wide Range of Systems
https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/
Ghostscript Update
https://ghostscript.readthedocs.io/en/gs10.03.1/News.html
js2py vulnerability
https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape
6/24/2024 • 7 minutes, 6 seconds
ISC StormCast for Friday, June 21st, 2024
No Excuses: Free Tools to Help Secure Authentication in Ubuntu
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
6/21/2024 • 5 minutes, 9 seconds
ISC StormCast for Friday, June 21st, 2024
No Excuses: Free Tools to Help Secure Authentication in Ubuntu
https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024
Handling BOM MIME Files
https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022
Atlasiun Confluence Data Center and Server Vuln
https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html
Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes
https://modzero.com/en/blog/beyond_the_at_symbol/
VMWare Patches
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453
6/21/2024 • 5 minutes, 9 seconds
ISC StormCast for Tuesday, June 18th, 2024
New NetSupport Campaign Deleivered Through MSIX Packages
https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
6/18/2024 • 4 minutes, 47 seconds
ISC StormCast for Tuesday, June 18th, 2024
New NetSupport Campaign Deleivered Through MSIX Packages
https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018
D-Link Router Backdoor
https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html
https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398
iTerm2 Vulnerablity
https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html
NextCloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
6/18/2024 • 4 minutes, 47 seconds
ISC StormCast for Monday, June 17th, 2024
Overview of My Tools That Handle JSON Data
https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
6/17/2024 • 5 minutes, 26 seconds
ISC StormCast for Monday, June 17th, 2024
Overview of My Tools That Handle JSON Data
https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012
Python Serialization and "Sleepy Pickle"
https://x.com/MarkBaggett/status/1801732554740969561
Detecting Headless Chrome
https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024
Detecting Malicious VS Code Extensions
https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1
ASUS Router Critical Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
6/17/2024 • 5 minutes, 26 seconds
ISC StormCast for Friday, June 14th, 2024
The Art of JQ and Command-Line Fu
https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
6/14/2024 • 5 minutes, 34 seconds
ISC StormCast for Friday, June 14th, 2024
The Art of JQ and Command-Line Fu
https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006
Microsoft Outlook Vulnerablity Details
https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability
Keeping our Outlook Personal Email Users Safe
https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184
Exploiting ML models with pickle file attacks
https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/
6/14/2024 • 5 minutes, 34 seconds
ISC StormCast for Thursday, June 13th, 2024
MSMQ Packets
https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
6/13/2024 • 5 minutes, 20 seconds
ISC StormCast for Thursday, June 13th, 2024
MSMQ Packets
https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004
Adobe Updates
https://helpx.adobe.com/security/products/magento/apsb24-40.html
Black Basta Exploited CVE-2024-26169 Prior to Patch
https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day
Pixel Phone 0-Day Patched
https://source.android.com/docs/security/bulletin/pixel/2024-06-01
6/13/2024 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, June 12th, 2024
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
6/12/2024 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, June 12th, 2024
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000
JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability
https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/
Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855
https://www.veeam.com/kb4585
Precor Threadmill Vulnerablity
https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/
6/12/2024 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, June 11th, 2024
Veeam Exploit CVE-2024-29849
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ
6/11/2024 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, June 11th, 2024
Veeam Exploit CVE-2024-29849
https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/
SORBS Shutdown
https://www.theregister.com/2024/06/07/sorbs_closed/
Rogue Cell Tower Shut Down in London
https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/
Malicious Comfyui Modules
https://www.youtube.com/watch?v=ntwGHjBCbeQ
Malicious Python Script with a "Best Before" Date
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
6/7/2024 • 6 minutes, 11 seconds
ISC StormCast for Friday, June 7th, 2024
Malicious Python Script with a "Best Before" Date
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20%22Best%20Before%22%20Date/30988
FBI Obtained 7,000 LockBit Ransomware Keys
https://www.fbi.gov/news/speeches/fbi-cyber-assistant-director-bryan-vorndran-s-remarks-at-the-2024-boston-conference-on-cyber-security
Apple Guarantees 5 Years of Security Updates
https://www.androidauthority.com/iphone-software-support-commitment-3449135/
FCC Proposes New Rule for Security Routing
https://www.fcc.gov/document/fcc-proposes-internet-routing-security-reporting-requirements
6/7/2024 • 6 minutes, 11 seconds
ISC StormCast for Thursday, June 6th, 2024
WatchGuard VPN Brutefording
https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
6/6/2024 • 6 minutes, 28 seconds
ISC StormCast for Thursday, June 6th, 2024
WatchGuard VPN Brutefording
https://isc.sans.edu/diary/Brute%20Force%20Attacks%20Against%20Watchguard%20VPN%20Endpoints/30984
TotalRecall Tool To Extract Data from Microsoft Recall
https://github.com/xaitax/TotalRecall
WebEx Flaw
https://www.helpnetsecurity.com/2024/06/05/cisco-webex-cloud-vulnerability/
https://netzbegruenung.de/blog/netzbegruenung-findet-schwachstellen-auch-im-cisco-webex-clouddienst-behoerden-und-unternehmen-in-ganz-europa-betroffen/ (in german)
6/6/2024 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, June 5th, 2024
No Defender Yes Defender
https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980
Fake Job Ads Lead to Stolen Crypto Currency
https://www.ic3.gov/Media/Y2024/PSA240604
Zyxel NAS Vulnerabilities
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
6/5/2024 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, June 5th, 2024
No Defender Yes Defender
https://isc.sans.edu/diary/No-Defender%2C%20Yes-Defender/30980
Fake Job Ads Lead to Stolen Crypto Currency
https://www.ic3.gov/Media/Y2024/PSA240604
Zyxel NAS Vulnerabilities
https://outpost24.com/blog/zyxel-nas-critical-vulnerabilities/
6/5/2024 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, June 4th, 2024
A Wireshark Lua Dissector for Fixed Field Length Protocols
https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
6/4/2024 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, June 4th, 2024
A Wireshark Lua Dissector for Fixed Field Length Protocols
https://isc.sans.edu/diary/A%20Wireshark%20Lua%20Dissector%20for%20Fixed%20Field%20Length%20Protocols/30976
COX Cable Modem Admin API Weakness
https://samcurry.net/hacking-millions-of-modems
Malicous Stack Overflow Answers
https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-helpful-stack-overflow-users-to-push-malware/
Atlasian Confluence Data Center and SErver Remote Code Execution Vuln CVE-2024-21683
https://blog.sonicwall.com/en-us/2024/05/confluence-data-center-and-server-remote-code-execution-vulnerability/
6/4/2024 • 5 minutes, 33 seconds
ISC StormCast for Monday, June 3rd, 2024
K1w1 Infostealer Uses gofile.io for Exfiltration
https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure
6/3/2024 • 5 minutes, 38 seconds
ISC StormCast for Monday, June 3rd, 2024
K1w1 Infostealer Uses gofile.io for Exfiltration
https://isc.sans.edu/diary/%22K1w1%22%20InfoStealer%20Uses%20gofile.io%20for%20Exfiltration/30972
Kaspersky Linux Malware Scanner
https://www.kaspersky.com/blog/kvrt-for-linux/51375/
Snowflake Incident
https://www.helpnetsecurity.com/2024/06/01/snowflake-breach-data-theft/
HuggingFace Space Secrets Leak
https://huggingface.co/blog/space-secrets-disclosure
6/3/2024 • 5 minutes, 38 seconds
ISC StormCast for Friday, May 31st, 2024
Feeding MISP with OSSEC
https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
5/31/2024 • 15 minutes, 24 seconds
ISC StormCast for Friday, May 31st, 2024
Feeding MISP with OSSEC
https://isc.sans.edu/diary/Feeding%20MISP%20with%20OSSEC/30968
Checkpoint VPN
https://labs.watchtowr.com/check-point-wrong-check-point-cve-2024-24919/
The Pumpkin Eclipse
https://blog.lumen.com/the-pumpkin-eclipse/
Michael Dunking: Detecting Cypher Injection with Open-Source Network Intrusion Detection
https://www.sans.edu/cyber-research/detecting-cypher-injection-with-open-source-network-intrusion-detection/
5/31/2024 • 15 minutes, 24 seconds
ISC StormCast for Thursday, May 30th, 2024
Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs
https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg
5/30/2024 • 5 minutes, 33 seconds
ISC StormCast for Thursday, May 30th, 2024
Is that It? Finding the Unknown: Correlations Between Honeypot Logs and PCAPs
https://isc.sans.edu/diary/Is%20that%20It%3F%20%20Finding%20the%20Unknown%3A%20Correlations%20Between%20Honeypot%20Logs%20%26%20PCAPs%20%5BGuest%20Diary%5D/30962
Checkpoint 0-Day
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture
Okta warns of Credential Stuffing Against Customer Identity Cloud
https://sec.okta.com/articles/2024/05/detecting-cross-origin-authentication-credential-stuffing-attacks
Brute Forcing Old Bitcoin Wallet Password
https://www.youtube.com/watch?v=o5IySpAkThg
5/30/2024 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, May 29th, 2024
Preventing SQL Injection with Python
https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei
5/29/2024 • 4 minutes, 44 seconds
ISC StormCast for Wednesday, May 29th, 2024
Preventing SQL Injection with Python
https://www.youtube.com/watch?v=1cQy9N1Xndk
PoC Exploit for CVE-2024-23108 in Fortinet FortiSIEM
https://www.horizon3.ai/attack-research/cve-2024-23108-fortinet-fortisiem-2nd-order-command-injection-deep-dive/
ShrinkLocker: Turning BitLocker into ransomware
https://securelist.com/ransomware-abuses-bitlocker/112643/
iconv buffer overflow PoC 2024-2961
https://github.com/ambionics/cnext-exploits/
PoC for Apple Priv. Escalation bug CVE-2024-27842
https://github.com/wangtielei/POCs/tree/main/CVE-2024-27842
https://x.com/WangTielei
5/29/2024 • 4 minutes, 44 seconds
ISC StormCast for Tuesday, May 28th, 2024
Files with TGZ Extension used as malspam attachements
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522
5/28/2024 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, May 28th, 2024
Files with TGZ Extension used as malspam attachements
https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958
Google 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html
Google Stops Trusting Globaltrust CA
https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ
Checkpoint warns of password bruteforcing
https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint&eid=guvrs&advisory=1
SEC522: Defending Web Applications
isc.sans.edu/j/sec522
5/28/2024 • 6 minutes, 5 seconds
ISC StormCast for Friday, May 24th, 2024
Analysis of 'redtail' file uploads to ISC Honeypot
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
5/24/2024 • 7 minutes, 15 seconds
ISC StormCast for Friday, May 24th, 2024
Analysis of 'redtail' file uploads to ISC Honeypot
https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950
Veeam Vulnerablity
https://www.veeam.com/kb4581
C-Root Server Lost Touch With Peers
https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/
Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-additional-security-hardening-and-CVE-fixed?language=en_US
Justice AV Solutions Software Backdoor
https://www.rapid7.com/blog/post/2024/05/23/cve-2024-4978-backdoored-justice-av-solutions-viewer-software-used-in-apparent-supply-chain-attack/
5/24/2024 • 7 minutes, 15 seconds
ISC StormCast for Thursday, May 23rd, 2024
NMAP Scanning Without Scanning - The ipinfo API
https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
5/23/2024 • 9 minutes, 15 seconds
ISC StormCast for Thursday, May 23rd, 2024
NMAP Scanning Without Scanning - The ipinfo API
https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948
Why Your WiFi Router Doubles As An Apple Airtag
https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551
https://account.microsoft.com/privacy/location-services-opt-out
https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d05b89e33c
https://www.computerworld.com/article/1484722/here-s-how-to-opt-out-of-google-s-wi-fi-snooping.html
https://www.privacy.org.nz/publications/commissioner-inquiries/google-s-collection-of-wifi-information-during-street-view-filming/
5/23/2024 • 9 minutes, 15 seconds
ISC StormCast for Wednesday, May 22nd, 2024
Scanning without Scanning with nmap
https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944
iTerm2 Vulnerablities
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
GitHub Enterprise Vulnerablity CVE-2024-4985
https://nvd.nist.gov/vuln/detail/CVE-2024-4985
BitBucket Pipelines Leaking Secrets
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
Microsoft Recall Privacy
https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
5/22/2024 • 6 minutes, 39 seconds
ISC StormCast for Wednesday, May 22nd, 2024
Scanning without Scanning with nmap
https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944
iTerm2 Vulnerablities
https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html
GitHub Enterprise Vulnerablity CVE-2024-4985
https://nvd.nist.gov/vuln/detail/CVE-2024-4985
BitBucket Pipelines Leaking Secrets
https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets
Microsoft Recall Privacy
https://www.microsoft.com/en-us/windows/copilot-plus-pcs?r=1#faq1
5/22/2024 • 6 minutes, 39 seconds
ISC StormCast for Tuesday, May 21st, 2024
Analyzing MSG Files
https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940
Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Git Vulnerability CVE-2024-32002 PoC
https://amalmurali.me/posts/git-rce/
Google Chrome CVE-2024-4947 PoC
https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
5/21/2024 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, May 21st, 2024
Analyzing MSG Files
https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940
Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323
https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323
Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992
https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/
Git Vulnerability CVE-2024-32002 PoC
https://amalmurali.me/posts/git-rce/
Google Chrome CVE-2024-4947 PoC
https://buptsb.github.io/blog/post/CVE-2024-4947-%20v8%20incorrect%20AccessInfo%20for%20module%20namespace%20object%20causes%20Maglev%20type%20confusion.html
5/21/2024 • 5 minutes, 48 seconds
ISC StormCast for Monday, May 20th, 2024
Another PDF Streams Example: Extracting JPEGs
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc
Dlink Vulnerabilities Exploited
https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog
Ivanti PoC Exploit CVE 2024-22026
https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
5/20/2024 • 6 minutes, 22 seconds
ISC StormCast for Monday, May 20th, 2024
Another PDF Streams Example: Extracting JPEGs
https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924
QNAP QTS QNAPping At the Wheel
https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/
May 2024 Security Update Problems with Windows 2019
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc
Dlink Vulnerabilities Exploited
https://www.cisa.gov/news-events/alerts/2024/05/16/cisa-adds-three-known-exploited-vulnerabilities-catalog
Ivanti PoC Exploit CVE 2024-22026
https://www.redlinecybersecurity.com/blog/exploiting-cve-2024-22026-rooting-ivanti-epmm-mobileiron-core
5/20/2024 • 6 minutes, 22 seconds
ISC StormCast for Friday, May 17th, 2024
Why yq? Adventurs in XML
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Android Theft Protection Improvement
https://blog.google/products/android/android-theft-protection/
Critical Git Update
https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
5/17/2024 • 5 minutes, 21 seconds
ISC StormCast for Friday, May 17th, 2024
Why yq? Adventurs in XML
https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930
Black Basta Uses Quick Assist
https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/
Various Chrome 0-Day Vulnerabilities
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html
Android Theft Protection Improvement
https://blog.google/products/android/android-theft-protection/
Critical Git Update
https://github.blog/2024-05-14-securing-git-addressing-5-new-vulnerabilities/
5/17/2024 • 5 minutes, 21 seconds
ISC StormCast for Thursday, May 16th, 2024
Got MFA? If not, now is the time!
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
5/16/2024 • 5 minutes, 31 seconds
ISC StormCast for Thursday, May 16th, 2024
Got MFA? If not, now is the time!
https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926
SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424
https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf
FIDO2 MitM Session Hijacking
https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background
5/16/2024 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, May 15th, 2024
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
Revoking Vulnerability Windows Boot Managers
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
5/15/2024 • 7 minutes, 33 seconds
ISC StormCast for Wednesday, May 15th, 2024
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920
Detecting Bluetooth Trackers
https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb24-29.html
VMWare Updates
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280
Revoking Vulnerability Windows Boot Managers
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/revoking-vulnerable-windows-boot-managers/ba-p/4121735
5/15/2024 • 7 minutes, 33 seconds
ISC StormCast for Tuesday, May 14th, 2024
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
5/14/2024 • 6 minutes, 16 seconds
ISC StormCast for Tuesday, May 14th, 2024
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916
Juniper OpenSSH Update
https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US
Malicious Go Binary Delivered via Steganography in PyPi
https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/
5/14/2024 • 6 minutes, 16 seconds
ISC StormCast for Monday, May 13th, 2024
DNS Suffixes on Windows
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Solarwinds ARM Vulnerablities
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
5/13/2024 • 5 minutes, 35 seconds
ISC StormCast for Monday, May 13th, 2024
DNS Suffixes on Windows
https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912
Black Basta Ransomware Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a
Possible Exploitation of Arcserve Unified Data Protection Vuln
https://digital.nhs.uk/cyber-alerts/2024/cc-4487
Chrome Patches 0-Day
https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html
Solarwinds ARM Vulnerablities
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-4_release_notes.htm
5/13/2024 • 5 minutes, 35 seconds
ISC StormCast for Friday, May 10th, 2024
Analyzing PDF Streams
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
5/10/2024 • 5 minutes, 53 seconds
ISC StormCast for Friday, May 10th, 2024
Analyzing PDF Streams
https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908
F5 Next Central Manager Vulnerabilities
https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/
Veeam Patches
https://www.veeam.com/kb4441
https://www.veeam.com/kb4509
Citrix Hypervisor Security Update CVE-2024-31497
https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497
Detecting XFinity/Comcast DNS Spoofing
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533
5/8/2024 • 8 minutes, 13 seconds
ISC StormCast for Wednesday, May 8th, 2024
Detecting XFinity/Comcast DNS Spoofing
https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898
Weblogic PoC CVE-2024-21006
https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/
https://github.com/momika233/CVE-2024-21006
PDF.js React PDF Vulnerablity
https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/
Tinyproxy Response
https://github.com/tinyproxy/tinyproxy/issues/533
5/8/2024 • 8 minutes, 13 seconds
ISC StormCast for Tuesday, May 7th, 2024
DHCP Based VPN Routing Leaks
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
5/7/2024 • 6 minutes, 27 seconds
ISC StormCast for Tuesday, May 7th, 2024
DHCP Based VPN Routing Leaks
https://www.leviathansecurity.com/blog/tunnelvision
Mullvad VPN DNS Traffic Leak
https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android
Tiny Proxy Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889
5/7/2024 • 6 minutes, 27 seconds
ISC StormCast for Monday, May 6th, 2024
DNS Debugging with nslookup
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/
5/6/2024 • 5 minutes, 32 seconds
ISC StormCast for Monday, May 6th, 2024
DNS Debugging with nslookup
https://isc.sans.edu/diary/nslookups+Debug+Options/30894/
Microsoft Plans DNS Lockdown
https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366
Microsoft Graph API Abuse
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats
SANSFIRE SEC522 Defending Web Applications
https://www.sans.org/cyber-security-training-events/sansfire-2024/
5/6/2024 • 5 minutes, 32 seconds
ISC StormCast for Friday, May 3rd, 2024
https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
5/3/2024 • 5 minutes, 33 seconds
ISC StormCast for Friday, May 3rd, 2024
https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890
Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796
Buffer Overflow Vulnerabilities in ArubaOS
https://www.arubanetworks.com/support-services/security-bulletins/
The Cuttlefish Malware
https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/
5/3/2024 • 5 minutes, 33 seconds
ISC StormCast for Thursday, May 2nd, 2024
Linux Trojan - Xorddos with Filename eyshcjdmzg
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912
5/2/2024 • 6 minutes, 51 seconds
ISC StormCast for Thursday, May 2nd, 2024
Linux Trojan - Xorddos with Filename eyshcjdmzg
https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880
AWS S3 Denial of Wallet Amplification Attack
https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1
https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d
EU iOS Safari Allows User Tracking
https://www.mysk.blog/2024/04/28/safari-tracking/
BentoML Critical Deserialization Vuln CVE-2024-2912
https://nvd.nist.gov/vuln/detail/CVE-2024-2912
5/2/2024 • 6 minutes, 51 seconds
ISC StormCast for Wednesday, May 1st, 2024
Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
5/1/2024 • 6 minutes, 38 seconds
ISC StormCast for Wednesday, May 1st, 2024
Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474
https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884
R-Bitrary Code Execution: Vulnearbility in R's Deserialization
https://hiddenlayer.com/research/r-bitrary-code-execution/
Coordinated Docker Hub Attacks using Malicious Repositories
https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-repositories-spread-malware-and-phishing-scams/
NVMe-oF/TCP Vulnerabilities
https://www.cyberark.com/resources/threat-research-blog/your-nvme-had-been-syzed-fuzzing-nvme-of-tcp-driver-for-linux-with-syzkaller
5/1/2024 • 6 minutes, 38 seconds
ISC StormCast for Tuesday, April 30th, 2024
DLink NAS Exploit Variation
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316
4/30/2024 • 6 minutes, 55 seconds
ISC StormCast for Tuesday, April 30th, 2024
DLink NAS Exploit Variation
https://www.qnap.com/en/security-advisory/qsa-24-09
Muddling Meerkat DNS Abuse
https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/
Android TV Data Leakage
https://www.youtube.com/watch?v=QiyBXXO8QpA
https://www.404media.co/android-tvs-can-expose-user-email-inboxes/
SEC522: SANSFIRE
https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/
SEC522 Demo (requires free account):
https://www.sans.org/ondemand/get-demo/316
4/30/2024 • 6 minutes, 55 seconds
ISC StormCast for Monday, April 29th, 2024
Okta warns of increase in credential stuffing
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
4/29/2024 • 6 minutes, 36 seconds
ISC StormCast for Monday, April 29th, 2024
Okta warns of increase in credential stuffing
https://sec.okta.com/blockanonymizers
Fake payment cards used by Police in Japan
https://twitter.com/vxunderground/status/1783522097425211887
Phishing Campaigns Targeting USPS
https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic
Chrome 124 Breaks TLS Handshake
https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/
4/29/2024 • 6 minutes, 36 seconds
ISC StormCast for Friday, April 26th, 2024
Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
4/26/2024 • 20 minutes, 28 seconds
ISC StormCast for Friday, April 26th, 2024
Does it matter if iptables isn't running on my honeypot?
https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/
Unplugging PlugX: Singholing the PlugX USB worm botnet
https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/
pfSense Updates
https://docs.netgate.com/advisories/index.html
GitLab Updates
https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/
Matthew Alan Vorhees: Prevention Strategies for Modern Living Off the Land Usage
https://www.sans.edu/cyber-research/prevention-strategies-modern-living-off-land-usage/
4/26/2024 • 20 minutes, 28 seconds
ISC StormCast for Thursday, April 25th, 2024
API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/
4/25/2024 • 6 minutes, 9 seconds
ISC StormCast for Thursday, April 25th, 2024
API Rug Pull - The NIST NVD Database and API
https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868
Cisco Patches Vulnerabilities and Discovers Arcane Backdoor
https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/
Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/
MySQL2: Dangers of User-Defined Database Connections
https://blog.slonser.info/posts/mysql2-attacker-configuration/
Netgear Nighthawk Vulnerabilities
https://jvn.jp/en/vu/JVNVU91883072/
4/25/2024 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, April 24th, 2024
Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
4/24/2024 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, April 24th, 2024
Struts2 devmode Still a Problem Ten Years Later
https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/
Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028
https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/
April 2024 Exchange Server Hotfix Update
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-april-2024-exchange-server-hotfix-updates/ba-p/4120536
CVE-2024-2389: Command Injection Vulnerability in Progress Flowmon
https://rhinosecuritylabs.com/research/cve-2024-2389-in-progress-flowmon/
GuptiMiner: Hijacking Antivirus Updates for Distributing Backdoors and Casual Mining
https://decoded.avast.io/janrubin/guptiminer-hijacking-antivirus-updates-for-distributing-backdoors-and-casual-mining/
4/24/2024 • 6 minutes, 22 seconds
ISC StormCast for Tuesday, April 23rd, 2024
Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
4/23/2024 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, April 23rd, 2024
Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years
https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860
Evil XDR: Turning an XDR into an Offensive Tool
https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware
GitLab Comment Bug
https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
SEC522 Demo: https://www.sans.org/ondemand/get-demo/316
4/23/2024 • 6 minutes, 5 seconds
ISC StormCast for Monday, April 22nd, 2024
The CVE's They are A-Changing
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400
4/22/2024 • 5 minutes, 36 seconds
ISC StormCast for Monday, April 22nd, 2024
The CVE's They are A-Changing
https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850
CrushFTP 0-Day Vulnerability
https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update
https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/
GitHub Comment Bug Used to Distribute Malware
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
YubiKey Manager Privilege Escalation
https://www.yubico.com/support/security-advisories/ysa-2024-01/
Palo Alto Networks GlobalProtect Update
https://security.paloaltonetworks.com/CVE-2024-3400
BatBadBut: You can't securely execute commands on Windows
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
4/12/2024 • 6 minutes, 11 seconds
ISC StormCast for Friday, April 12th, 2024
BatBadBut: You can't securely execute commands on Windows
https://flatt.tech/research/posts/batbadbut-you-cant-securely-execute-commands-on-windows/
FortiClient Linux Remote Code Execution
https://www.fortiguard.com/psirt/FG-IR-23-087
Apple Threat Notifications and Protecting Against Mercenary Spyware
https://support.apple.com/en-us/102174
New Technique to Trick Developers Detected in an Open Source Supply Chain Attack
https://checkmarx.com/blog/new-technique-to-trick-developers-detected-in-an-open-source-supply-chain-attack/
4/12/2024 • 6 minutes, 11 seconds
ISC StormCast for Thursday, April 11th, 2024
Rust Command API code execution vulnerability CVE-2024-24576
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
4/11/2024 • 5 minutes, 59 seconds
ISC StormCast for Thursday, April 11th, 2024
Rust Command API code execution vulnerability CVE-2024-24576
https://blog.rust-lang.org/2024/04/09/cve-2024-24576.html
Adobe Updates: Magento Adobe Commerce CVE-2024-20759 CVE-2024-20758
https://helpx.adobe.com/security/products/magento/apsb24-18.html
https://helpx.adobe.com/security.html
Fortinet FortiOS And FortiProxy Vulnerability CVE-2023-41677
https://www.fortiguard.com/psirt/FG-IR-23-493
Smoke and Screen Mirrors Signed Backdoor CVE-2024-26234
https://news.sophos.com/en-us/2024/04/09/smoke-and-screen-mirrors-a-strange-signed-backdoor/
4/11/2024 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, April 10th, 2024
Microsoft Patches
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
4/10/2024 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, April 10th, 2024
Microsoft Patches
https://isc.sans.edu/forums/diary/April%202024%20Microsoft%20Patch%20Tuesday%20Summary/30822/
D-Link NAS Backdoor
https://github.com/netsecfish/dlink
LG SmartTV Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-lg-webos/
4/10/2024 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, April 9th, 2024
A Use Case for Adding Threat Hunting to Your Security Operations Team.
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
4/9/2024 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, April 9th, 2024
A Use Case for Adding Threat Hunting to Your Security Operations Team.
https://isc.sans.edu/diary/30816
Notepad++ Parasite Site
https://notepad-plus-plus.org/news/help-to-take-down-parasite-site/
Hugging Face Pickle File Vulnerablities
https://huggingface.co/blog/hugging-face-wiz-security-blog
Google Considers V8 Sandbox no longer experimental
https://v8.dev/blog/sandbox
4/9/2024 • 5 minutes, 59 seconds
ISC StormCast for Monday, April 8th, 2024
Heartbleed 10th Anniversary
https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215
SANS London April Evening Talk
https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
4/8/2024 • 5 minutes, 29 seconds
ISC StormCast for Monday, April 8th, 2024
Heartbleed 10th Anniversary
https://heartbleed.com/
Possible Libarchive Backdoor Vulnerability
https://github.com/libarchive/libarchive/pull/1609
Magento XML Backdoor
https://sansec.io/research/magento-xml-backdoor
Google Public DNS's approach to fight against cache poisoning attacks
https://security.googleblog.com/2024/03/google-public-dnss-approach-to-fight.html
Remote code execution (RCE)vulnerability in Brocade Fabric OS (CVE-2023-3454)
https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/23215
SANS London April Evening Talk
https://sans.zoom.us/webinar/register/WN_ZLLnQKCCQCywLGm-CM4xQg#/registration
4/8/2024 • 5 minutes, 29 seconds
ISC StormCast for Friday, April 5th, 2024
Slicing up DoNex with Binary Ninja
https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
4/5/2024 • 15 minutes, 11 seconds
ISC StormCast for Friday, April 5th, 2024
Slicing up DoNex with Binary Ninja
https://isc.sans.edu/diary/Slicing%20up%20DoNex%20with%20Binary%20Ninja/30812
HTTP/2 Continuation Flood
https://nowotarski.info/http2-continuation-flood-technical-details/
Dangers of CSS in HTML Email
https://lutrasecurity.com/en/articles/kobold-letters/
Dan Mazzella: Infostealers in Automotive Headunits
https://www.sans.edu/cyber-research/exploring-infostealer-malware-techniques-automotive-head-units/
4/5/2024 • 15 minutes, 11 seconds
ISC StormCast for Thursday, April 4th, 2024
Playing with xzbot: Some things you can learn from SSH traffic
https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Google Pixel Zero Day
https://source.android.com/docs/security/bulletin/pixel/2024-04-01
4/4/2024 • 6 minutes, 2 seconds
ISC StormCast for Thursday, April 4th, 2024
Playing with xzbot: Some things you can learn from SSH traffic
https://isc.sans.edu/forums/diary/Some%20things%20you%20can%20learn%20from%20SSH%20traffic/30808/
Google Proposes Device Bound Session Credentials (DBSC)
https://blog.chromium.org/2024/04/fighting-cookie-theft-using-device.html
Four More Ivanti Vulnerabilities
https://forums.ivanti.com/s/article/SA-CVE-2024-21894-Heap-Overflow-CVE-2024-22052-Null-Pointer-Dereference-CVE-2024-22053-Heap-Overflow-and-CVE-2024-22023-XML-entity-expansion-or-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US
Google Pixel Zero Day
https://source.android.com/docs/security/bulletin/pixel/2024-04-01
4/4/2024 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, April 3rd, 2024
Chrome Incognito Mode Settlement
https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Apache Pulsar Vulnerability
https://pulsar.apache.org/security/CVE-2024-29834/
Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST
https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
4/3/2024 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, April 3rd, 2024
Chrome Incognito Mode Settlement
https://www.wired.com/story/google-chrome-incognito-mode-data-deletion-settlement/
Google E-Mail Sender Guidelines FAQ
https://support.google.com/a/answer/14229414?hl=en&fl=1&sjid=2270464422796374445-NC
Cisco Updates and VPN Best Practices
https://www.cisco.com/c/en/us/support/docs/security/secure-firewall-threat-defense/221806-password-spray-attacks-impacting-custome.html
https://sec.cloudapps.cisco.com/security/center/publicationListing.x
Apache Pulsar Vulnerability
https://pulsar.apache.org/security/CVE-2024-29834/
Progress Flowmon Network Monitoring Tool Vulnerability CVE-2024-2389
https://support.kemptechnologies.com/hc/en-us/articles/24878235038733-CVE-2024-2389-Flowmon-critical-security-vulnerability
Wait Just an Infosec Episode with Bojan Zdrnja: Thursday April 4th 2024 10:00 EDST
https://isc.sans.edu/j/xzutils (link will redirect once episode is live)
4/3/2024 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, April 2nd, 2024
The amazingly scary xz sshd backdoor
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
4/2/2024 • 7 minutes, 9 seconds
ISC StormCast for Tuesday, April 2nd, 2024
The amazingly scary xz sshd backdoor
https://isc.sans.edu/diary/The%20amazingly%20scary%20xz%20sshd%20backdoor/30802
The xz-utils backdoor in security advisories by national CSIRTs
https://isc.sans.edu/diary/The+xzutils+backdoor+in+security+advisories+by+national+CSIRTs/30800
Checking CSV Files
https://isc.sans.edu/diary/Checking%20CSV%20Files/30796
Infostealers Pose Threat to macOS
https://www.jamf.com/blog/infostealers-pose-threat-to-macos/
4/2/2024 • 7 minutes, 9 seconds
ISC StormCast for Monday, April 1st, 2024
xz-utils Backdoor CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engineering Attempts to Include Backdoor in Distros
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
https://news.ycombinator.com/item?id=39866275
Github Repo (now disabled)
https://github.com/tukaani-project/xz
Statements from Distributions
https://www.kali.org/blog/about-the-xz-backdoor/
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://access.redhat.com/security/cve/CVE-2024-3094
https://bugs.gentoo.org/928134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
4/1/2024 • 7 minutes, 37 seconds
ISC StormCast for Monday, April 1st, 2024
xz-utils Backdoor CVE-2024-3094
https://www.openwall.com/lists/oss-security/2024/03/29/4
https://tukaani.org/xz-backdoor/
https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
Backdoor reverse analysis
https://bsky.app/profile/did:plc:x2nsupeeo52oznrmplwapppl/post/3kowjkx2njy2b
YARA Rule
https://github.com/byinarie/CVE-2024-3094-info/blob/main/CVE-2024-3094.yar
Social Engineering Attempts to Include Backdoor in Distros
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1067708
https://news.ycombinator.com/item?id=39866275
Github Repo (now disabled)
https://github.com/tukaani-project/xz
Statements from Distributions
https://www.kali.org/blog/about-the-xz-backdoor/
https://archlinux.org/news/the-xz-package-has-been-backdoored/
https://access.redhat.com/security/cve/CVE-2024-3094
https://bugs.gentoo.org/928134
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1068024
4/1/2024 • 7 minutes, 37 seconds
ISC StormCast for Friday, March 29th, 2024
From JavaScript to AsyncRAT
https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788
TeamCity Patches
https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980
https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/
Google Zero Day Report
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
3/29/2024 • 5 minutes, 36 seconds
ISC StormCast for Friday, March 29th, 2024
From JavaScript to AsyncRAT
https://isc.sans.edu/diary/From%20JavaScript%20to%20AsyncRAT/30788
TeamCity Patches
https://www.jetbrains.com/privacy-security/issues-fixed/?product=TeamCity&version=2024.03
Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980
https://trust.okta.com/security-advisories/okta-verify-windows-auto-update-arbitrary-code-execution-cve-2024-0980/
Google Zero Day Report
https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf
3/29/2024 • 5 minutes, 36 seconds
ISC StormCast for Thursday, March 28th, 2024
Scans for Apache OfBiz
https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent "MFA Bombing" Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
3/28/2024 • 5 minutes, 20 seconds
ISC StormCast for Thursday, March 28th, 2024
Scans for Apache OfBiz
https://isc.sans.edu/diary/Scans%20for%20Apache%20OfBiz/30784
Wall-Escape (CVE-2024-28085)
https://people.rit.edu/sjf5462/6831711781/wall_2_27_2024.txt
Recent "MFA Bombing" Attacks Targeting Apple Users
https://krebsonsecurity.com/2024/03/recent-mfa-bombing-attacks-targeting-apple-users/
3/28/2024 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, March 27th, 2024
New tool: linux-pkgs.sh
https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
3/27/2024 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, March 27th, 2024
New tool: linux-pkgs.sh
https://isc.sans.edu/forums/diary/New%20tool%3A%20linux-pkgs.sh/30774/
Suspicious NuGet package grabs data from industrial systems
https://www.reversinglabs.com/blog/suspicious-nuget-package-grabs-data-from-industrial-systems
Preventing Cross Service UDP Loops in QUIC
https://bughunters.google.com/blog/5960150648750080/preventing-cross-service-udp-loops-in-quic
ShadowRay Attacks AI Workloads Actively Exploited in the Wild
https://www.oligo.security/blog/shadowray-attack-ai-workloads-actively-exploited-in-the-wild
TheMoon Malware Infects 6,000 ASUS Routers in 72 Hours for Proxy Service
https://www.bleepingcomputer.com/news/security/themoon-malware-infects-6-000-asus-routers-in-72-hours-for-proxy-service/
3/27/2024 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, March 26th, 2024
Tool updates: le-hex-to-ip.py and sigs.py
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/
3/26/2024 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, March 26th, 2024
Tool updates: le-hex-to-ip.py and sigs.py
https://isc.sans.edu/diary/Tool%20updates%3A%20le-hex-to-ip.py%20and%20sigs.py/30772
Apple Updates for MacOS, iOS/iPadOS, visionOS;
https://isc.sans.edu/diary/Apple%20Updates%20for%20MacOS%2C%20iOS%20iPadOS%20and%20visionOS/30778
Fake Python Infrastructure
https://checkmarx.com/blog/over-170k-users-affected-by-attack-using-fake-python-infrastructure/
OpenVPN Update
https://openvpn.net/community-downloads/
3/26/2024 • 6 minutes, 2 seconds
ISC StormCast for Monday, March 25th, 2024
1768.py's Experimental Mode
https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
3/25/2024 • 5 minutes, 31 seconds
ISC StormCast for Monday, March 25th, 2024
1768.py's Experimental Mode
https://isc.sans.edu/diary/1768.py%27s%20Experimental%20Mode/30770
CISCP Advisory on Application-Layer Loop DoS
https://docs.google.com/document/d/1KByZzrdwQhrXGPPCf9tUzERZyRzg0xOpGbWoDURZxTI/edit
Fixes for Windows Server LSASS Memory Leak
https://www.catalog.update.microsoft.com/Search.aspx?q=2024-03%20Cumulative%20Update
3/25/2024 • 5 minutes, 31 seconds
ISC StormCast for Friday, March 22nd, 2024
Geofeed
https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
3/22/2024 • 6 minutes, 24 seconds
ISC StormCast for Friday, March 22nd, 2024
Geofeed
https://isc.sans.edu/forums/diary/Whois%20%22geofeed%22%20Data/30766/
Apple Updates
https://support.apple.com/en-us/HT201222
Apple Bug
https://gofetch.fail/
GitHub Copilot AutoFix
https://github.blog/2024-03-20-found-means-fixed-introducing-code-scanning-autofix-powered-by-github-copilot-and-codeql/
Fortinet PoC
https://www.horizon3.ai/attack-research/attack-blogs/cve-2023-48788-fortinet-forticlientems-sql-injection-deep-dive/
Ivanti Standalone Sentry
https://forums.ivanti.com/s/article/KB-CVE-2023-41724-Remote-Code-Execution-for-Ivanti-Standalone-Sentry?language=en_US
3/22/2024 • 6 minutes, 24 seconds
ISC StormCast for Thursday, March 21st, 2024
Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability
https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
3/21/2024 • 5 minutes, 56 seconds
ISC StormCast for Thursday, March 21st, 2024
Scans for the Fortinet FortiOS CVE-2024-21762 Vulnerability
https://isc.sans.edu/diary/Scans%20for%20Fortinet%20FortiOS%20and%20the%20CVE-2024-21762%20vulnerability/30762
Microsoft Reminder: It is Tax Season (at least in the US)
https://www.theregister.com/2024/03/20/its_tax_season_and_scammers/
Abusing DHCP Administrators Group for Privilege Escalation in Windows Domains;
https://www.akamai.com/blog/security-research/abusing-dhcp-administrators-group-for-privilege-escalation-in-windows-domains
3/21/2024 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, March 20th, 2024
Attacker Hunting Firewalls
https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
3/20/2024 • 5 minutes, 25 seconds
ISC StormCast for Wednesday, March 20th, 2024
Attacker Hunting Firewalls
https://isc.sans.edu/diary/Attacker%20Hunting%20Firewalls/30758
Fortigate Vulnerability Exploit Available
https://github.com/h4x0r-dz/CVE-2024-21762
IC3 Annual Report 2023
https://www.ic3.gov/Media/PDF/AnnualReport/2023_IC3Report.pdf
Issues with macOS 14.4 Update
https://www.macrumors.com/2024/03/18/do-not-update-macos-sonoma-14-4/
3/20/2024 • 5 minutes, 25 seconds
ISC StormCast for Tuesday, March 19th, 2024
Microsoft announced deprecation of 1024 bit RSA Keys
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
3/19/2024 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, March 19th, 2024
Microsoft announced deprecation of 1024 bit RSA Keys
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features#deprecated-features
Chrome Real-Time Safe Browsing Protection
https://blog.google/products/chrome/google-chrome-safe-browsing-real-time/
Fortra FileCatalyst Vulnerability CVE-2024-25153
https://www.fortra.com/security/advisory/fi-2024-002
Spring Security CVE-2024-22257
https://spring.io/security/cve-2024-22257/
TrendNet TWEW-827DRU Router Vulnerability CVE-2024-28353 CVE-2024-28354
https://warp-desk-89d.notion.site/TEW-827DRU-5c40fb20572148f0b00f329d69273791
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744
Fortinet New Vulnerabilities
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Fortinet Updates
https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/
Arcserve UDP Vulnerability and PoC
https://www.tenable.com/security/research/tra-2024-07
Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
3/15/2024 • 20 minutes, 37 seconds
ISC StormCast for Friday, March 15th, 2024
Increase in the number of phishing messages pointing to IPFS and to R2 buckets
https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744
Fortinet New Vulnerabilities
https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/
Fortinet Updates
https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/
Arcserve UDP Vulnerability and PoC
https://www.tenable.com/security/research/tra-2024-07
Michael Holcomb: Mode Matters: Monitoring PLCs for Detecting Potential ICS/OT Incidents
https://www.sans.edu/cyber-research/mode-matters-monitoring-plcs-for-detecting-potential-ics-ot-incidents/
3/15/2024 • 20 minutes, 37 seconds
ISC StormCast for Thursday, March 14th, 2024
Using ChatGPT to Deofuscate Malicious Scripts
https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740
Critical Fortinet Vulnerabilities
https://fortiguard.fortinet.com/psirt
Adobe Security Bulletins
https://helpx.adobe.com/security/security-bulletin.html
Kubernetes Local Volumes Command Injection Vulnerability
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
3/14/2024 • 5 minutes, 28 seconds
ISC StormCast for Thursday, March 14th, 2024
Using ChatGPT to Deofuscate Malicious Scripts
https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740
Critical Fortinet Vulnerabilities
https://fortiguard.fortinet.com/psirt
Adobe Security Bulletins
https://helpx.adobe.com/security/security-bulletin.html
Kubernetes Local Volumes Command Injection Vulnerability
https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
3/14/2024 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, March 13th, 2024
Microsoft Patch Tuesday March 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736
Death Knell of NVD
https://resilientcyber.substack.com/p/death-knell-of-the-nvd
Unrestricted file upload vulnerability in ManageEngine Desktop Central
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central
Siemens Fire Protection System Updates
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
3/13/2024 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, March 13th, 2024
Microsoft Patch Tuesday March 2024
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736
Death Knell of NVD
https://resilientcyber.substack.com/p/death-knell-of-the-nvd
Unrestricted file upload vulnerability in ManageEngine Desktop Central
https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central
Siemens Fire Protection System Updates
https://cert-portal.siemens.com/productcert/html/ssa-225840.html
3/13/2024 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, March 12th, 2024
What happens when you accidentially leak your AWS API Keys
https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730
How Crypto Imposters are using Calendly to infect Macs with Malware
https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/
https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Misconfiguration Manager: Overlooked and Overprivileged
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
3/12/2024 • 6 minutes, 17 seconds
ISC StormCast for Tuesday, March 12th, 2024
What happens when you accidentially leak your AWS API Keys
https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730
How Crypto Imposters are using Calendly to infect Macs with Malware
https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/
https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/
Misconfiguration Manager: Overlooked and Overprivileged
https://posts.specterops.io/misconfiguration-manager-overlooked-and-overprivileged-70983b8f350d
3/12/2024 • 6 minutes, 17 seconds
ISC StormCast for Monday, March 11th, 2024
Attack Wrangles Thousands of Web Users into a Password Cracking Botnet
https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet
Cisco VPN Client Vuln
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Fortinet Vulnerability Exploited
https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls
pgAdmin Path Traversal
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
Font Vulnerabilities
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
QNAP Flaws
https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
3/11/2024 • 7 minutes, 17 seconds
ISC StormCast for Monday, March 11th, 2024
Attack Wrangles Thousands of Web Users into a Password Cracking Botnet
https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet
Cisco VPN Client Vuln
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7
Fortinet Vulnerability Exploited
https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls
pgAdmin Path Traversal
https://www.shielder.com/advisories/pgadmin-path-traversal_leads_to_unsafe_deserialization_and_rce/
Font Vulnerabilities
https://www.canva.dev/blog/engineering/fonts-are-still-a-helvetica-of-a-problem/
QNAP Flaws
https://securityonline.info/cve-2024-21899-cvss-9-8-critical-qnap-flaw-opens-door-to-hackers/
Scanning and Abusing the QUIC Protocol
https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720
Google Chrome Update
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Spinning YARN
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
Teamcity Exploited
https://twitter.com/leak_ix/status/1765460190621581347
3/7/2024 • 6 minutes, 6 seconds
ISC StormCast for Thursday, March 7th, 2024
Scanning and Abusing the QUIC Protocol
https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720
Google Chrome Update
https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html
Spinning YARN
https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/
Teamcity Exploited
https://twitter.com/leak_ix/status/1765460190621581347
3/7/2024 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, March 6th, 2024
iOS/iPadOS Updates with Zero Day Fixes
https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
3/6/2024 • 6 minutes, 40 seconds
ISC StormCast for Wednesday, March 6th, 2024
iOS/iPadOS Updates with Zero Day Fixes
https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716
Why Your Firewall Will Kill You
https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/
QEMU Tunnel
https://securelist.com/network-tunneling-with-qemu/111803/
VMware Vulnerabilities Patched
https://www.vmware.com/security/advisories/VMSA-2024-0006.html
3/6/2024 • 6 minutes, 40 seconds
ISC StormCast for Tuesday, March 5th, 2024
Capturing DShield Packets with a LAN Tap
https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708
Additional Critical Security Issues Affecting Teamcity
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
GitHub Push Protection Now On By Default
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Android Updates
https://source.android.com/docs/security/bulletin/2024-03-01
Linksys E-2000 Vulnerablity
https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
3/5/2024 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, March 5th, 2024
Capturing DShield Packets with a LAN Tap
https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708
Additional Critical Security Issues Affecting Teamcity
https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/
GitHub Push Protection Now On By Default
https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/
Android Updates
https://source.android.com/docs/security/bulletin/2024-03-01
Linksys E-2000 Vulnerablity
https://warp-desk-89d.notion.site/Linksys-E-2000-efcd532d8dcf4710a4af13fca131a5b8
3/5/2024 • 5 minutes, 40 seconds
ISC StormCast for Monday, March 4th, 2024
Scanning for Confluence CVE-2022-26134
https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
Silver SAML: Golden SAML in the Cloud
https://www.semperis.com/blog/meet-silver-saml/
3/4/2024 • 5 minutes, 28 seconds
ISC StormCast for Monday, March 4th, 2024
Scanning for Confluence CVE-2022-26134
https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704
Exploiting CSP Wildcards for Google Domains
https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google
Silver SAML: Golden SAML in the Cloud
https://www.semperis.com/blog/meet-silver-saml/
3/4/2024 • 5 minutes, 28 seconds
ISC StormCast for Friday, March 1st, 2024
Dissecting DarkGate: Module Malware Delivery and Persistence as a Service
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700
Ivanti Incident Response Update
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Github Flooded with Infected Repos
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack
Security Flaws in NoName Doorbell Cameras
https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
3/1/2024 • 6 minutes, 27 seconds
ISC StormCast for Friday, March 1st, 2024
Dissecting DarkGate: Module Malware Delivery and Persistence as a Service
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700
Ivanti Incident Response Update
https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b
Github Flooded with Infected Repos
https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack
Security Flaws in NoName Doorbell Cameras
https://www.consumerreports.org/home-garden/home-security-cameras/video-doorbells-sold-by-major-retailers-have-security-flaws-a2579288796/
3/1/2024 • 6 minutes, 27 seconds
ISC StormCast for Thursday, February 29th, 2024
Exploit Attempts for Unknown Password Reset Vulnerability
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698
StopRansomware: Updated ALPHV Blackcat Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
GlobalBlock Service To Prevent Trademark abuse
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
2/29/2024 • 5 minutes, 37 seconds
ISC StormCast for Thursday, February 29th, 2024
Exploit Attempts for Unknown Password Reset Vulnerability
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698
StopRansomware: Updated ALPHV Blackcat Advisory
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a
GlobalBlock Service To Prevent Trademark abuse
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
2/29/2024 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, February 28th, 2024
Take Downs and the Rest of Us: Do they matter?
https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694
Joint Cybersecurity Advisory
https://www.ic3.gov/Media/News/2024/240227.pdf
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
2/28/2024 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, February 28th, 2024
Take Downs and the Rest of Us: Do they matter?
https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694
Joint Cybersecurity Advisory
https://www.ic3.gov/Media/News/2024/240227.pdf
SVR Cyber Actors Adapt Tactics for Initial Cloud Access
https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access
Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor
https://jfrog.com/blog/data-scientists-targeted-by-malicious-hugging-face-ml-models-with-silent-backdoor/
2/28/2024 • 6 minutes, 13 seconds
ISC StormCast for Tuesday, February 27th, 2024
Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot
https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688
New WiFi Authentication Vulnerabilities Discovered
https://www.top10vpn.com/research/wifi-vulnerabilities/
Subdomain Takeover Spam
https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
2/27/2024 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, February 27th, 2024
Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot
https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688
New WiFi Authentication Vulnerabilities Discovered
https://www.top10vpn.com/research/wifi-vulnerabilities/
Subdomain Takeover Spam
https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
2/27/2024 • 6 minutes, 21 seconds
ISC StormCast for Monday, February 26th, 2024
Update MGLNDD * Scans
https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
2/26/2024 • 5 minutes, 48 seconds
ISC StormCast for Monday, February 26th, 2024
Update MGLNDD * Scans
https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/
Simple Anti-Sandbox Technique: Where's the Mouse
https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684
Security Vulnerabilities in Apex Code Could Leak Salesforce Data
https://www.varonis.com/blog/apex-code-vulnerabilities
IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320
https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-manager/
Linux Kernel TLS Vulnerability CVE-2024-26582
https://lore.kernel.org/linux-cve-announce/2024022139-spruce-prelude-c358@gregkh/
2/26/2024 • 5 minutes, 48 seconds
ISC StormCast for Friday, February 23rd, 2024
Friend, Foe or Something In Between
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake
2/23/2024 • 5 minutes, 51 seconds
ISC StormCast for Friday, February 23rd, 2024
Friend, Foe or Something In Between
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670
Large AT&T Wireless Network Outage
https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680
Connect Wise Screenconnect Userd by LockBit
https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/
SSH Snake Abused in the Wild
https://github.com/MegaManSec/SSH-Snake
2/23/2024 • 5 minutes, 51 seconds
ISC StormCast for Thursday, February 22nd, 2024
Phishing Pages Hosted on Archive.org
https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/
ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
iMessage with PQ3
https://security.apple.com/blog/imessage-pq3/
2/22/2024 • 6 minutes, 32 seconds
ISC StormCast for Thursday, February 22nd, 2024
Phishing Pages Hosted on Archive.org
https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/
ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708)
https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass
iMessage with PQ3
https://security.apple.com/blog/imessage-pq3/
Old Mirai New Exploits
https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
2/21/2024 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, February 20th, 2024
Old Mirai New Exploits
https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
2/20/2024 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, February 20th, 2024
Old Mirai New Exploits
https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658
KeyTrap PoC Exploit
https://github.com/knqyf263/CVE-2023-50387
Google Open Sources Magika File ID System
https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html
Exploiting Unsynchronised Clocks
https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
USPS Anchors Snowballing Smishing Campaigns
https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/
Linux Issuing CVEs
http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
Analyzing Pulse Secure Firmware and Bypassing Integrity Checking
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques
https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
2/16/2024 • 13 minutes, 11 seconds
ISC StormCast for Friday, February 16th, 2024
USPS Anchors Snowballing Smishing Campaigns
https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/
Linux Issuing CVEs
http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/
Analyzing Pulse Secure Firmware and Bypassing Integrity Checking
https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/
Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques
https://www.sans.edu/cyber-research/detecting-rogue-ethernet-switches-using-layer-1-techniques/
2/16/2024 • 13 minutes, 11 seconds
ISC StormCast for Thursday, February 15th, 2024
Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648
Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
The Risks of the Monikerlink Bug in Microsoft Outlook
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
AMD Patches
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
2/15/2024 • 5 minutes, 44 seconds
ISC StormCast for Thursday, February 15th, 2024
Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting
https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648
Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System
https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/
The Risks of the Monikerlink Bug in Microsoft Outlook
https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in-microsoft-outlook-and-the-big-picture/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
AMD Patches
https://www.amd.com/en/resources/product-security/bulletin/amd-sb-7009.html
2/15/2024 • 5 minutes, 44 seconds
ISC StormCast for Wednesday, February 14th, 2024
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646
DNSSEC DoS Vulnerability CVE-2023-50387
https://www.presseportal.de/pm/173495/5713546
Zoom Desktop Client Vuln
https://www.zoom.com/en/trust/security-bulletin
QNAP Vulnerablity
https://www.qnap.com/de-de/security-advisory/qsa-23-57
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
2/14/2024 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, February 14th, 2024
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646
DNSSEC DoS Vulnerability CVE-2023-50387
https://www.presseportal.de/pm/173495/5713546
Zoom Desktop Client Vuln
https://www.zoom.com/en/trust/security-bulletin
QNAP Vulnerablity
https://www.qnap.com/de-de/security-advisory/qsa-23-57
https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
2/14/2024 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, February 13th, 2024
Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai
https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642
Senior Executives Targeted in Ongoing Azure Account Takeover
https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
CISA Parners With OpenSSF To Secure Software Repositories
https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package
PostgreSQL Vulnerability
https://www.postgresql.org/support/security/CVE-2024-0985/
Microsoft Defender Bypass via Comma
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
2/13/2024 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, February 13th, 2024
Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai
https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642
Senior Executives Targeted in Ongoing Azure Account Takeover
https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover
CISA Parners With OpenSSF To Secure Software Repositories
https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-securing-software-repositories-working-group-release-principles-package
PostgreSQL Vulnerability
https://www.postgresql.org/support/security/CVE-2024-0985/
Microsoft Defender Bypass via Comma
https://hyp3rlinx.altervista.org/advisories/MICROSOFT_WINDOWS_DEFENDER_TROJAN.WIN32.POWESSERE.G_MITIGATION_BYPASS_PART2.txt
2/13/2024 • 5 minutes, 33 seconds
ISC StormCast for Monday, February 12th, 2024
MSIX With Heaviliy Obfuscated PowerShell Script
https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636
Too Many Honeypots
https://vulncheck.com/blog/too-many-honeypots
ClamAV Command Injection Vulnerability CVE-2024-20328
https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/
ExpressVPN DNS Leaks
https://www.expressvpn.com/blog/windows-app-dns-requests/
2/12/2024 • 5 minutes, 50 seconds
ISC StormCast for Monday, February 12th, 2024
MSIX With Heaviliy Obfuscated PowerShell Script
https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636
Too Many Honeypots
https://vulncheck.com/blog/too-many-honeypots
ClamAV Command Injection Vulnerability CVE-2024-20328
https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/
ExpressVPN DNS Leaks
https://www.expressvpn.com/blog/windows-app-dns-requests/
2/12/2024 • 5 minutes, 50 seconds
ISC StormCast for Friday, February 9th, 2024
A Python MP3 Player With Builtin Keylogger Capability
https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632
Fake LastPass App in Apple App Store
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Ivanti XXE Vulnerability
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
FortiOS sslvpnd vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-015
2/9/2024 • 5 minutes, 46 seconds
ISC StormCast for Friday, February 9th, 2024
A Python MP3 Player With Builtin Keylogger Capability
https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632
Fake LastPass App in Apple App Store
https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/
Ivanti XXE Vulnerability
https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure
FortiOS sslvpnd vulnerability
https://www.fortiguard.com/psirt/FG-IR-24-015
2/9/2024 • 5 minutes, 46 seconds
ISC StormCast for Thursday, February 8th, 2024
Anybody knows what this URL is about? Maybe Balena API request?
https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/
Critical shim vulnerability and patch
https://github.com/rhboot/shim/releases/tag/15.8
Volt Typhoon Lessons Learned
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
2/8/2024 • 5 minutes, 29 seconds
ISC StormCast for Thursday, February 8th, 2024
Anybody knows what this URL is about? Maybe Balena API request?
https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/
Critical shim vulnerability and patch
https://github.com/rhboot/shim/releases/tag/15.8
Volt Typhoon Lessons Learned
https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
2/8/2024 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, February 7th, 2024
Computer viruses are celebrating their 40th birthday (well, 54th, really)
https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
Resume Looters
https://www.group-ib.com/blog/resumelooters/
Facebook Advertising Spreads Novel Malware Variant
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
2/7/2024 • 6 minutes, 36 seconds
ISC StormCast for Wednesday, February 7th, 2024
Computer viruses are celebrating their 40th birthday (well, 54th, really)
https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624
Three million malware-infected smart toothbrushes used in Swiss DDoS attacks
https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages
Critical Security Issue Affecting TeamCity On-Premises CVE-2024-23917
https://blog.jetbrains.com/teamcity/2024/02/critical-security-issue-affecting-teamcity-on-premises-cve-2024-23917/
Resume Looters
https://www.group-ib.com/blog/resumelooters/
Facebook Advertising Spreads Novel Malware Variant
https://www.trustwave.com/hubfs/Web/Library/Documents_pdf/FaceBook_Ad_Spreads_Novel_Malware.pdf
2/7/2024 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, February 6th, 2024
Public Information and Email Spam
https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/
Anydesk Update
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf
Ivanti POC For CVE-2024-21893
https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
Deepfake Exploits
https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage
https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
2/6/2024 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, February 6th, 2024
Public Information and Email Spam
https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/
Anydesk Update
https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/
https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf
Ivanti POC For CVE-2024-21893
https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis
Deepfake Exploits
https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage
https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/
What is a Top Level Domain
https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/
Updated CISA Ivanti Policy
https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
Cloudflare Publishes Breach Details
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Vision Pro Update
https://support.apple.com/en-us/HT214070
2/2/2024 • 7 minutes, 3 seconds
ISC StormCast for Friday, February 2nd, 2024
What is a Top Level Domain
https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/
Updated CISA Ivanti Policy
https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure
Cloudflare Publishes Breach Details
https://blog.cloudflare.com/thanksgiving-2023-security-incident
Vision Pro Update
https://support.apple.com/en-us/HT214070
2/2/2024 • 7 minutes, 3 seconds
ISC StormCast for Thursday, February 1st, 2024
The Fun and Dangers of Top Level Domains (TLDs)
https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608
Ivanti Releases Patches and New Vulnerabilities
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
glibc syslog() vulnerablity
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
modsecurity WAF bypass
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
2/1/2024 • 5 minutes, 53 seconds
ISC StormCast for Thursday, February 1st, 2024
The Fun and Dangers of Top Level Domains (TLDs)
https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608
Ivanti Releases Patches and New Vulnerabilities
https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US
glibc syslog() vulnerablity
https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt
modsecurity WAF bypass
https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30
2/1/2024 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, January 31st, 2024
What did I say to make you stop talking to me
https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604
Identification of a top-level domain for private use
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Juniper Patches Patching
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/
Chat GPT Leaking Conversations Again
https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
1/31/2024 • 6 minutes, 50 seconds
ISC StormCast for Wednesday, January 31st, 2024
What did I say to make you stop talking to me
https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604
Identification of a top-level domain for private use
https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf
Juniper Patches Patching
https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US
https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/
Chat GPT Leaking Conversations Again
https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/
1/31/2024 • 6 minutes, 50 seconds
ISC StormCast for Tuesday, January 30th, 2024
Exploit Flare Up Against Older Atlassian Confluence Vulnerability
https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600
Malicious Python Packages install Infostealer
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Linux ICMPv6 Router Adv. RCE
https://access.redhat.com/security/cve/cve-2023-6200
1/30/2024 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, January 30th, 2024
Exploit Flare Up Against Older Atlassian Confluence Vulnerability
https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600
Malicious Python Packages install Infostealer
https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi
Linux ICMPv6 Router Adv. RCE
https://access.redhat.com/security/cve/cve-2023-6200
1/30/2024 • 5 minutes, 41 seconds
ISC StormCast for Monday, January 29th, 2024
A Batch File With Multiple Payloads
https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592
fritz.box domain used to advertise NFTs
https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html
Jenkins CVE-2024-23897 PoC
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263
Malicious Google Ads Target Chinese Users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
1/29/2024 • 7 minutes, 2 seconds
ISC StormCast for Monday, January 29th, 2024
A Batch File With Multiple Payloads
https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592
fritz.box domain used to advertise NFTs
https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html
Jenkins CVE-2024-23897 PoC
https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263
Malicious Google Ads Target Chinese Users
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users
1/29/2024 • 7 minutes, 2 seconds
ISC StormCast for Friday, January 26th, 2024
Fecebook AdsManager Targeted by a Python Infostealer
https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590
Privacy Concerns about Apple Push Notifications
https://twitter.com/mysk_co/status/1750502700112916504
https://www.youtube.com/watch?v=4ZPTjGG9t7s
Inside a Global Phone Spy Tool Monitoring Billions
https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
1/26/2024 • 6 minutes, 27 seconds
ISC StormCast for Friday, January 26th, 2024
Fecebook AdsManager Targeted by a Python Infostealer
https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590
Privacy Concerns about Apple Push Notifications
https://twitter.com/mysk_co/status/1750502700112916504
https://www.youtube.com/watch?v=4ZPTjGG9t7s
Inside a Global Phone Spy Tool Monitoring Billions
https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
1/26/2024 • 6 minutes, 27 seconds
ISC StormCast for Thursday, January 25th, 2024
How Bad User Interfaces Make Security Tools Harmful
https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586
Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Automotive Pwn2Own
https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule
Android Keystroke Injection Vulnerability Exploit
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
CVE-2024-0769 D-Link DIR-859
https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/
SANS.edu Dean's List
https://www.sans.edu/students/awards
1/25/2024 • 5 minutes, 29 seconds
ISC StormCast for Thursday, January 25th, 2024
How Bad User Interfaces Make Security Tools Harmful
https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586
Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production
https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/
Automotive Pwn2Own
https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule
Android Keystroke Injection Vulnerability Exploit
https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/
CVE-2024-0769 D-Link DIR-859
https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/
SANS.edu Dean's List
https://www.sans.edu/students/awards
1/25/2024 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, January 24th, 2024
Update on Atlassian Exploit Activity
https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/
POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Baracuda Web Application Firewall
https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/
GitGot: GitHub leveraged by cybercriminals to store stolen data
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
1/24/2024 • 5 minutes, 42 seconds
ISC StormCast for Wednesday, January 24th, 2024
Update on Atlassian Exploit Activity
https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/
POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204
https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/
Baracuda Web Application Firewall
https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/
GitGot: GitHub leveraged by cybercriminals to store stolen data
https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data
More Scans for Ivanti Connect "Secure" VPN. Exploits Public
https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568
Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attacks against Exposed Databases
https://twitter.com/fasterthanlime/status/1741935393413402739
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
1/19/2024 • 6 minutes, 38 seconds
ISC StormCast for Friday, January 19th, 2024
More Scans for Ivanti Connect "Secure" VPN. Exploits Public
https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568
Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Attacks against Exposed Databases
https://twitter.com/fasterthanlime/status/1741935393413402739
Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes
https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes
1/19/2024 • 6 minutes, 38 seconds
ISC StormCast for Thursday, January 18th, 2024
Number Usage in Passwords
https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540
A Lightweight Method to Detect Potential iOS Malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
1/18/2024 • 6 minutes, 45 seconds
ISC StormCast for Thursday, January 18th, 2024
Number Usage in Passwords
https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540
A Lightweight Method to Detect Potential iOS Malware
https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/
CISA and FBI Release Known IOCs Associated with Androxgh0st Malware
https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
One File, Two Payloads
https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558
Ivanti Vulnerability Updates
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
NVidia DGX H100 and A100 Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
GitLab Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
1/16/2024 • 6 minutes
ISC StormCast for Tuesday, January 16th, 2024
One File, Two Payloads
https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558
Ivanti Vulnerability Updates
https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/
NVidia DGX H100 and A100 Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/5510
GitLab Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2023-7028
1/16/2024 • 6 minutes
ISC StormCast for Friday, January 12th, 2024
Timeline to Remove DSA Support in OpenSSH
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
ManageEngine ADSelfService Plus Patch CVE-2024-0252
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
Atomic Stealer for Mac Update
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
1/12/2024 • 5 minutes, 48 seconds
ISC StormCast for Friday, January 12th, 2024
Timeline to Remove DSA Support in OpenSSH
https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html
Juniper Patches
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
ManageEngine ADSelfService Plus Patch CVE-2024-0252
https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html
Atomic Stealer for Mac Update
https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version
Microsoft January 2024 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/
Adobe Vulnerabilities
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html
CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/
Network Connected Wrenches Used in Factories can be hacked
https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
1/10/2024 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, January 10th, 2024
Microsoft January 2024 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/
Adobe Vulnerabilities
https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html
CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/
Network Connected Wrenches Used in Factories can be hacked
https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/
1/10/2024 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, January 9th, 2024
What is That User Agent
https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536
KyberSlash Vulnerability
https://kyberslash.cr.yp.to/faq.html
Netfilter DoS Vulnerability CVE-2024-0193
https://access.redhat.com/security/cve/CVE-2024-0193
Cacti Vulnerability
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
1/9/2024 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, January 9th, 2024
What is That User Agent
https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536
KyberSlash Vulnerability
https://kyberslash.cr.yp.to/faq.html
Netfilter DoS Vulnerability CVE-2024-0193
https://access.redhat.com/security/cve/CVE-2024-0193
Cacti Vulnerability
https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
1/9/2024 • 6 minutes, 5 seconds
ISC StormCast for Monday, January 8th, 2024
Netstat But Better and in PowerShell
https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
1/8/2024 • 5 minutes, 8 seconds
ISC StormCast for Monday, January 8th, 2024
Netstat But Better and in PowerShell
https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532
Double Phishing Submission
https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534
Suspicious Prometei Botnet Activity
https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538
Spectral Blur Mac Malware
https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html
Google Malware Abusing API is Standard Token Theft not an API Issue
https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/
Interesting large and small malspam attachments from 2023
https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524
Orange Spain RIPE Account Compromise
https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/
Bitwarden Heist
https://blog.redteam-pentesting.de/2024/bitwarden-heist/
Apple iOS PoC Exploits
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
1/4/2024 • 6 minutes, 26 seconds
ISC StormCast for Thursday, January 4th, 2024
Interesting large and small malspam attachments from 2023
https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524
Orange Spain RIPE Account Compromise
https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/
Bitwarden Heist
https://blog.redteam-pentesting.de/2024/bitwarden-heist/
Apple iOS PoC Exploits
https://github.com/felix-pb/kfd/blob/main/writeups/smith.md
https://github.com/felix-pb/kfd/blob/main/writeups/landa.md
1/4/2024 • 6 minutes, 26 seconds
ISC StormCast for Wednesday, January 3rd, 2024
Fingerprinting SSH Identification Strings
https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520
Google OAUTH2 Exploited by Malware
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
TsuKing DNS Amplification
https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
1/3/2024 • 8 minutes, 46 seconds
ISC StormCast for Wednesday, January 3rd, 2024
Fingerprinting SSH Identification Strings
https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520
Google OAUTH2 Exploited by Malware
https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking
TsuKing DNS Amplification
https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf
1/3/2024 • 8 minutes, 46 seconds
ISC StormCast for Tuesday, January 2nd, 2024
Shall We Play a Game
https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
1/2/2024 • 6 minutes, 10 seconds
ISC StormCast for Tuesday, January 2nd, 2024
Shall We Play a Game
https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510
Mailtrap.io Exfiltration
https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512
Pi Hole Docker
https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/
Mirai Update
https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514
Barracuda 0-Day Vulnerability
https://www.barracuda.com/company/legal/esg-vulnerability
Apache OFBiz 0-Day Exploited against Atlassian (and possibly others)
https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
1/2/2024 • 6 minutes, 10 seconds
ISC StormCast for Friday, December 22nd, 2023
Securing Web Servers
https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504
Chrome 0-Day (last one for the year?)
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Note that there will be no daily stormcast for the rest of the year. Returning January 2nd
SANS Cloud Defender 2024
https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
12/22/2023 • 4 minutes, 48 seconds
ISC StormCast for Friday, December 22nd, 2023
Securing Web Servers
https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504
Chrome 0-Day (last one for the year?)
https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html
Note that there will be no daily stormcast for the rest of the year. Returning January 2nd
SANS Cloud Defender 2024
https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/
12/22/2023 • 4 minutes, 48 seconds
ISC StormCast for Thursday, December 21st, 2023
Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518)
https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502
Fake F5 BigIP Update
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Google OAUTH Problems
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Remembering Adrien de Beaupre
https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
12/21/2023 • 7 minutes, 16 seconds
ISC StormCast for Thursday, December 21st, 2023
Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518)
https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502
Fake F5 BigIP Update
https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/
Google OAUTH Problems
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Remembering Adrien de Beaupre
https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php
12/21/2023 • 7 minutes, 16 seconds
ISC StormCast for Wednesday, December 20th, 2023
What are they looking for? Scans for OpenID Connect Configuration
https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498
Terrapin Attack Against SSH
https://terrapin-attack.com/TerrapinAttack.pdf
ALPHV/Blackcat Ransomware Disrupted and Decryptor Available
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
12/20/2023 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, December 20th, 2023
What are they looking for? Scans for OpenID Connect Configuration
https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498
Terrapin Attack Against SSH
https://terrapin-attack.com/TerrapinAttack.pdf
ALPHV/Blackcat Ransomware Disrupted and Decryptor Available
https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant
12/20/2023 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, December 19th, 2023
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Ledger Supply Chain Attack
https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
December Windows 11 Patch Breacks Wi-Fi Connectivity
https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
12/19/2023 • 6 minutes, 10 seconds
ISC StormCast for Tuesday, December 19th, 2023
SMTP Smuggling - Spoofing E-Mails Worldwide
https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/
Ledger Supply Chain Attack
https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit
December Windows 11 Patch Breacks Wi-Fi Connectivity
https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/
12/19/2023 • 6 minutes, 10 seconds
ISC StormCast for Monday, December 18th, 2023
An Example of a RocketMQ Exploit Scanner
https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack
12/18/2023 • 10 minutes, 19 seconds
ISC StormCast for Monday, December 18th, 2023
An Example of a RocketMQ Exploit Scanner
https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492
C# Payload Phoning to a Cobalt Strike Server
https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490
3CX SQL Injection Vulnerability
https://www.3cx.com/blog/news/sql-database-integration/
QNAP Viostor 0-Day Vulnerablity
https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched
PFSense Vulnerability
https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/
SANS Holiday Hack Challenge
https://sans.org/holidayhack
12/18/2023 • 10 minutes, 19 seconds
ISC StormCast for Friday, December 15th, 2023
T-shooting Terraform for DShield Honeypot in Azure
https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484
Ubiquity Unifi Cameras Visible in Wrong Account
https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7
Zoom Vulnerabilities and VISS
https://viss.zoom.com/specifications
https://www.zoom.com/en/trust/security-bulletin/
Squid Denial of Service Vulnerability
https://www.zoom.com/en/trust/security-bulletin/
12/15/2023 • 5 minutes, 23 seconds
ISC StormCast for Friday, December 15th, 2023
T-shooting Terraform for DShield Honeypot in Azure
https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484
Ubiquity Unifi Cameras Visible in Wrong Account
https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7
Zoom Vulnerabilities and VISS
https://viss.zoom.com/specifications
https://www.zoom.com/en/trust/security-bulletin/
Squid Denial of Service Vulnerability
https://github.com/squid-cache/squid/security/advisories/GHSA-wgq4-4cfg-c4x3
12/15/2023 • 5 minutes, 23 seconds
ISC StormCast for Thursday, December 14th, 2023
Malicious Python Script with a TCL/TK GUI
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
TeamCity Exploited
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Sophos Firewall Exploit for EOL Devices CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
12/14/2023 • 5 minutes, 9 seconds
ISC StormCast for Thursday, December 14th, 2023
Malicious Python Script with a TCL/TK GUI
https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
TeamCity Exploited
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a
Sophos Firewall Exploit for EOL Devices CVE-2022-3236
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
12/14/2023 • 5 minutes, 9 seconds
ISC StormCast for Wednesday, December 13th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480
Microsoft Warns of Malicious OAUTH Applications
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Apache Struts2 Exploit CVE-2023-50164
https://xz.aliyun.com/t/13172
12/13/2023 • 6 minutes, 3 seconds
ISC StormCast for Wednesday, December 13th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480
Microsoft Warns of Malicious OAUTH Applications
https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/
Apache Struts2 Exploit CVE-2023-50164
https://xz.aliyun.com/t/13172
12/13/2023 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, December 12th, 2023
What is Sitemap.xml and Why a Pentester Should Care
https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
12/12/2023 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, December 12th, 2023
What is Sitemap.xml and Why a Pentester Should Care
https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/
Android Password Manager Auto Spill
https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf
12/12/2023 • 5 minutes, 35 seconds
ISC StormCast for Monday, December 11th, 2023
IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
12/11/2023 • 6 minutes, 15 seconds
ISC StormCast for Monday, December 11th, 2023
IPv4 Mapped IPv6 Addresses
https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466
Honeypots From the Skeptical Beginner to the Tactical Enthusiast
https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468
Bluetooth Weakness CVE-2023-45866
https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Syrus 4 IoT Gateway Vulnerability CVE-2023-6248
https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/
Microsoft Edge Vulnerability CVE-2023-35618
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023
12/11/2023 • 6 minutes, 15 seconds
ISC StormCast for Friday, December 8th, 2023
5G Vulnerabilities
https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
12/8/2023 • 6 minutes, 14 seconds
ISC StormCast for Friday, December 8th, 2023
5G Vulnerabilities
https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462
Revealing the hidden Risks of QR Codes
https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458
Window 10 End of Support
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414
Apache Struts 2 Vulnerability CVE-2023-50164
https://cwiki.apache.org/confluence/display/WW/S2-066
12/8/2023 • 6 minutes, 14 seconds
ISC StormCast for Thursday, December 7th, 2023
Whose packet is is anyway: a new RFC for attribution of internet probes
https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/
MLFlow Vulnerability
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://mlflow.org/category/news/index.html
Abusing STS Tokens
https://redcanary.com/blog/aws-sts/
Atlasian Vulnerabilities
https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html
Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
12/7/2023 • 5 minutes, 50 seconds
ISC StormCast for Thursday, December 7th, 2023
Whose packet is is anyway: a new RFC for attribution of internet probes
https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/
MLFlow Vulnerability
https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security
https://mlflow.org/category/news/index.html
Abusing STS Tokens
https://redcanary.com/blog/aws-sts/
Atlasian Vulnerabilities
https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html
Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
Zarya Hacktivists: More than just Sharepoint
https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450
ICANN Registration Data Request Service (RDRS)
https://rdrs.icann.org/
Android Updates
https://source.android.com/docs/security/bulletin/2023-12-01
GitLab Patches
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
12/5/2023 • 6 minutes
ISC StormCast for Tuesday, December 5th, 2023
Zarya Hacktivists: More than just Sharepoint
https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450
ICANN Registration Data Request Service (RDRS)
https://rdrs.icann.org/
Android Updates
https://source.android.com/docs/security/bulletin/2023-12-01
GitLab Patches
https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/
12/5/2023 • 6 minutes
ISC StormCast for Monday, December 4th, 2023
UEFI Exploit via Boot Image
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html
Fake Phishing Scan Tricks Users into Installing Backdoor Plugin
https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/
Qlik Sense Exploited by Cactus Ransomware
https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
https://www.praetorian.com/blog/qlik-sense-technical-exploit/
VMWare Vulnerability Patched
https://www.vmware.com/security/advisories/VMSA-2023-0026.html
12/4/2023 • 6 minutes, 1 second
ISC StormCast for Monday, December 4th, 2023
UEFI Exploit via Boot Image
https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html
Fake Phishing Scan Tricks Users into Installing Backdoor Plugin
https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/
Qlik Sense Exploited by Cactus Ransomware
https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/
https://www.praetorian.com/blog/qlik-sense-technical-exploit/
VMWare Vulnerability Patched
https://www.vmware.com/security/advisories/VMSA-2023-0026.html
12/4/2023 • 6 minutes, 1 second
ISC StormCast for Friday, December 1st, 2023
Apple Updates
https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/
12/1/2023 • 5 minutes, 35 seconds
ISC StormCast for Friday, December 1st, 2023
Apple Updates
https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444
Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today
https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/
Zyxel Vulnerabilities
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products
Solarwinds Update
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3
DNS Looking Glass
https://isc.sans.edu/tools/dnslookup/
12/1/2023 • 5 minutes, 35 seconds
ISC StormCast for Thursday, November 30th, 2023
Decoding the Patterns: Analzying DShield Honeypot Activity
https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428
Arcserve Unified Data Protection Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2023-37
Hikvision Vulnerabilities
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Assessing Prompt Injection Risks in 200+ Custom GPTs
https://arxiv.org/pdf/2311.11538.pdf
11/30/2023 • 5 minutes, 31 seconds
ISC StormCast for Thursday, November 30th, 2023
Decoding the Patterns: Analzying DShield Honeypot Activity
https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428
Arcserve Unified Data Protection Multiple Vulnerabilities
https://www.tenable.com/security/research/tra-2023-37
Hikvision Vulnerabilities
https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/
Assessing Prompt Injection Risks in 200+ Custom GPTs
https://arxiv.org/pdf/2311.11538.pdf
11/30/2023 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, November 29th, 2023
Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357
https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436
Microsoft Deprecates Microsoft Defender Application Guard for Office
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
Synology Vulnerability
https://www.synology.com/en-global/security/advisory/Synology_SA_23_16
Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
11/29/2023 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, November 29th, 2023
Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357
https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436
Microsoft Deprecates Microsoft Defender Application Guard for Office
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
Synology Vulnerability
https://www.synology.com/en-global/security/advisory/Synology_SA_23_16
Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589
https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr
11/29/2023 • 5 minutes, 36 seconds
ISC StormCast for Tuesday, November 28th, 2023
Scans for ownCloud Vulnerability (CVE-2023-49103)
https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432
Windows Hello Fingerprint Reader Weakness
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
11/28/2023 • 6 minutes, 37 seconds
ISC StormCast for Tuesday, November 28th, 2023
Scans for ownCloud Vulnerability (CVE-2023-49103)
https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432
Windows Hello Fingerprint Reader Weakness
https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/
11/28/2023 • 6 minutes, 37 seconds
ISC StormCast for Monday, November 27th, 2023
DShield Birthday
https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
11/27/2023 • 6 minutes, 1 second
ISC StormCast for Monday, November 27th, 2023
DShield Birthday
https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420
Mirai uses CVE-2023-1389
https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418
More Mirai Vulnerabilities
https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days
Analyzing OVA Files
https://isc.sans.edu/diary/OVA%20Files/30424
Static Code Injections in OpenCart (CVE-2023-47444)
https://github.com/opencart/opencart/issues/12947
Holiday Hackchallenge
https://www.sans.org/mlp/holiday-hack-challenge-2023/
11/27/2023 • 6 minutes, 1 second
ISC StormCast for Friday, November 17th, 2023
Beyond -n: Optimizign tcpdump performance
https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
11/17/2023 • 15 minutes, 24 seconds
ISC StormCast for Friday, November 17th, 2023
Beyond -n: Optimizign tcpdump performance
https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/
Zimbra 0-day used to target international government organizations
https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/
FortiSIEM OS command injection in Report Server
https://www.fortiguard.com/psirt/FG-IR-23-135
AI Exploit Collection
https://github.com/protectai/ai-exploits
CrushFTP Remote Code Execution
https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/
Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More
https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
11/15/2023 • 7 minutes, 10 seconds
ISC StormCast for Wednesday, November 15th, 2023
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
Intel CPU Glitch State Patch
https://lock.cmpxchg8b.com/reptar.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html
11/15/2023 • 7 minutes, 10 seconds
ISC StormCast for Tuesday, November 14th, 2023
Noticing command control channels by reviewing DNS protocols
https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
11/14/2023 • 5 minutes, 4 seconds
ISC StormCast for Tuesday, November 14th, 2023
Noticing command control channels by reviewing DNS protocols
https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
Juniper Vulnerabilities Exploited
https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US
11/14/2023 • 5 minutes, 4 seconds
ISC StormCast for Monday, November 13th, 2023
Routers Targeted for Gafgyt Botnet
https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
11/13/2023 • 5 minutes, 46 seconds
ISC StormCast for Monday, November 13th, 2023
Routers Targeted for Gafgyt Botnet
https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/
ScreenConnect used to Attack Healthcare
https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack
Fake Skills Assessment Portals Associated with Sapphire Sleet
https://twitter.com/MsftSecIntel/status/1722316019920728437
OpenVPN Access Server Vulnerabilities
https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/
11/13/2023 • 5 minutes, 46 seconds
ISC StormCast for Friday, November 10th, 2023
Visual Examples of Code Injection
https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
11/10/2023 • 5 minutes, 25 seconds
ISC StormCast for Friday, November 10th, 2023
Visual Examples of Code Injection
https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388
SysAid Exploited by Cl0p Ransomware (CVE-2023-47246)
https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification
WS_FTP Server Update CVE-2023-42659
https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023
Malvertiser copies PC news site to delivery infostealer
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer
pyArrow/Apache Arrow Vulnerability
https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n
11/10/2023 • 5 minutes, 25 seconds
ISC StormCast for Thursday, November 9th, 2023
Example of a Phishing Campaing Project File
https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384
Cryptomining with Microsoft Azure Automation Services
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
Windows 11 Insider Changing Firewall Behaviour
https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/
CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
11/9/2023 • 5 minutes, 21 seconds
ISC StormCast for Thursday, November 9th, 2023
Example of a Phishing Campaing Project File
https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384
Cryptomining with Microsoft Azure Automation Services
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
Windows 11 Insider Changing Firewall Behaviour
https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/
CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List
https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog
11/9/2023 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, November 8th, 2023
What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380
BlueNoroff macOS Malware
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
11/8/2023 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, November 8th, 2023
What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR)
https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380
BlueNoroff macOS Malware
https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/
Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130
New Microsoft Exchange Zero Days
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
StripedFly: Perennially Flying under the Radar
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Send My: Sending Data over Apple's Find My Network
https://github.com/positive-security/send-my
11/6/2023 • 7 minutes, 7 seconds
ISC StormCast for Monday, November 6th, 2023
New Microsoft Exchange Zero Days
https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/
StripedFly: Perennially Flying under the Radar
https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/
Send My: Sending Data over Apple's Find My Network
https://github.com/positive-security/send-my
11/6/2023 • 7 minutes, 7 seconds
ISC StormCast for Friday, November 3rd, 2023
Quick Tip for Artificially Inflated PE Files
https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370
Apache ActiveMQ Flaw Exploited
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
Critical Firepower Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
11/3/2023 • 5 minutes, 22 seconds
ISC StormCast for Friday, November 3rd, 2023
Quick Tip for Artificially Inflated PE Files
https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370
Apache ActiveMQ Flaw Exploited
https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt
https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/
Critical Firepower Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN
Dozens of npm Packages Caught Attempting to Deploy Reverse Shell
https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/
11/3/2023 • 5 minutes, 22 seconds
ISC StormCast for Thursday, November 2nd, 2023
Malware Dropped Through a ZPAQ Archive
https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/
CVSS 4.0 Now Official
https://www.first.org/cvss/v4-0/index.html
MOZI Botnet Killswitch
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
URL Shorteners in .us
https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/
Impersonating Slack Users
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
11/2/2023 • 5 minutes, 43 seconds
ISC StormCast for Thursday, November 2nd, 2023
Malware Dropped Through a ZPAQ Archive
https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/
CVSS 4.0 Now Official
https://www.first.org/cvss/v4-0/index.html
MOZI Botnet Killswitch
https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/
URL Shorteners in .us
https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/
Impersonating Slack Users
https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html
11/2/2023 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, November 1st, 2023
Multiple Layers of Anti-Sandboxing Techniques
https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362
CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Malvertisement Promotes Malicious PyCharm Version
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
11/1/2023 • 4 minutes, 11 seconds
ISC StormCast for Wednesday, November 1st, 2023
Multiple Layers of Anti-Sandboxing Techniques
https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362
CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server
https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html
Malvertisement Promotes Malicious PyCharm Version
https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza
Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174
https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/
11/1/2023 • 4 minutes, 11 seconds
ISC StormCast for Tuesday, October 31st, 2023
Flying under the Radar: The Privacy Impact of Mulicast DNS
https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/
Kubernetes ingress-nginx vulnerability
https://github.com/kubernetes/ingress-nginx/issues/10571
Google Chrome HTTPS Upgrade
https://github.com/dadrian/https-upgrade/blob/main/explainer.md
Wordpad POC CVE-2023-36563
https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
10/31/2023 • 6 minutes, 14 seconds
ISC StormCast for Tuesday, October 31st, 2023
Flying under the Radar: The Privacy Impact of Mulicast DNS
https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/
Kubernetes ingress-nginx vulnerability
https://github.com/kubernetes/ingress-nginx/issues/10571
Google Chrome HTTPS Upgrade
https://github.com/dadrian/https-upgrade/blob/main/explainer.md
Wordpad POC CVE-2023-36563
https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/
10/31/2023 • 6 minutes, 14 seconds
ISC StormCast for Monday, October 30th, 2023
Size Matters for Many Security Controls
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
10/30/2023 • 6 minutes, 7 seconds
ISC StormCast for Monday, October 30th, 2023
Size Matters for Many Security Controls
https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352
Spam or Phishing? Looking for Credentials and Passwords
https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354
iOS Leaks MAC Address
https://www.youtube.com/watch?v=T3XABxNogTA
Zero Day Initiative Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results
https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results
https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results
Microsoft Octo Tempest Writeup
https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/
Apple Updates
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
10/26/2023 • 6 minutes, 6 seconds
ISC StormCast for Thursday, October 26th, 2023
Apple Updates
https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20Releases%20iOS%2017.1%2C%20MacOS%2014.1%20and%20updates%20for%20older%20versions%20fixing%20exploited%20vulnerability/30344
Confluence Server Scans CVE-2023-22515
https://isc.sans.edu/diary/30342
Critical VMVware vCenter Patch CVE-2023-34048
https://www.vmware.com/security/advisories/VMSA-2023-0023.html
10/26/2023 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, October 25th, 2023
Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google
https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
10/25/2023 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, October 25th, 2023
Samsung Messages and Samsung Wallet briefly marked as 'harmful' by Google
https://9to5google.com/2023/10/23/samsung-messages-wallet-harmful-app-google/
OAuth Hijacking
https://salt.security/blog/oh-auth-abusing-oauth-to-take-over-millions-of-accounts
Microsoft Exchange Server CVe-2023-36745 PoC
https://n1k0la-t.github.io/2023/10/24/Microsoft-Exchange-Server-CVE-2023-36745/
Citrix Bleed PoC CVe-2023-4966
https://www.assetnote.io/resources/research/citrix-bleed-leaking-session-tokens-with-cve-2023-4966
VMWare VRealize Exploit CVE-2023-34051 CVE0-2023-34052
https://www.vmware.com/security/advisories/VMSA-2023-0021.html
10/25/2023 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, October 24th, 2023
Apple TV IPv6 DoS
https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
10/24/2023 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, October 24th, 2023
Apple TV IPv6 DoS
https://isc.sans.edu/diary/How%20an%20AppleTV%20may%20take%20down%20your%20%28%23IPv6%29%20network/30336
Squid Patches
https://github.com/squid-cache/squid/security/advisories
Critical Citrix Update
https://www.netscaler.com/blog/news/cve-2023-4966-critical-security-update-now-available-for-netscaler-adc-and-netscaler-gateway/
Cisco Vulnerablity Updates CVE-2023-20198
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxe-webui-privesc-j22SaA4z
10/24/2023 • 6 minutes, 24 seconds
ISC StormCast for Monday, October 23rd, 2023
base64dump.py Handles More Encodings Than Just BASE64
https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
10/23/2023 • 6 minutes, 39 seconds
ISC StormCast for Monday, October 23rd, 2023
base64dump.py Handles More Encodings Than Just BASE64
https://isc.sans.edu/diary/base64dump.py%20Handles%20More%20Encodings%20Than%20Just%20BASE64/30332
Stealing OAuth Tokens via Open Redirects
https://eval.blog/research/microsoft-account-token-leaks-in-harvest/
VMWare Patches
https://www.vmware.com/security/advisories.html
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-1_release_notes.htm
Changes to SMS Delivery and How it Effects MFA and Phishing
https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320
Fake Traffic Tickets with QR Code
https://twitter.com/polizeiberlin/status/1713867011837567411
Synology NAS DSM Account Takeover: Not Random Randomnumbers
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Milesight Routers CVe-2023-43261
https://github.com/win3zz/CVE-2023-43261
10/18/2023 • 6 minutes, 46 seconds
ISC StormCast for Wednesday, October 18th, 2023
Changes to SMS Delivery and How it Effects MFA and Phishing
https://isc.sans.edu/diary/Changes%20to%20SMS%20Delivery%20and%20How%20it%20Effects%20MFA%20and%20Phishing/30320
Fake Traffic Tickets with QR Code
https://twitter.com/polizeiberlin/status/1713867011837567411
Synology NAS DSM Account Takeover: Not Random Randomnumbers
https://claroty.com/team82/research/synology-nas-dsm-account-takeover-when-random-is-not-secure
Milesight Routers CVe-2023-43261
https://github.com/win3zz/CVE-2023-43261
10/18/2023 • 6 minutes, 46 seconds
ISC StormCast for Tuesday, October 17th, 2023
Are Typos Still relevant As An Indicator of Phishing
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
10/17/2023 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, October 17th, 2023
Are Typos Still relevant As An Indicator of Phishing
https://isc.sans.edu/diary/Are+typos+still+relevant+as+an+indicator+of+phishing/30316
Active Exploitation of Cisco ISO XE Software Web Management User Interface Vuln
https://blog.talosintelligence.com/active-exploitation-of-cisco-ios-xe-software/
Mail traffic to cancelled domain names
https://www.sidn.nl/en/nl-domain-name/mail-traffic-to-cancelled-domain-names
SAMBA Update
https://www.samba.org/samba/history/security.html
10/17/2023 • 5 minutes, 28 seconds
ISC StormCast for Monday, October 16th, 2023
What's Normal: Odd Mac Addresses
https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/
Domain Name Used as Password Captured by DShield Sensor
https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/
PoC Exploit for CVE-2023-41993
https://github.com/po6ix/POC-for-CVE-2023-41993
AvosLocker Ransomware Details
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
DarkGate Spreading via Skype and Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
10/16/2023 • 5 minutes, 25 seconds
ISC StormCast for Monday, October 16th, 2023
What's Normal: Odd Mac Addresses
https://isc.sans.edu/forums/diary/What's%20Normal%3A%20MAC%20Addresses/30310/
Domain Name Used as Password Captured by DShield Sensor
https://isc.sans.edu/forums/diary/Domain%20Name%20Used%20as%20Password%20Captured%20by%20DShield%20Sensor/30312/
PoC Exploit for CVE-2023-41993
https://github.com/po6ix/POC-for-CVE-2023-41993
AvosLocker Ransomware Details
https://www.cisa.gov/sites/default/files/2023-10/aa23-284a-joint-csa-stopransomware-avoslocker-ransomware-update.pdf
DarkGate Spreading via Skype and Teams
https://www.trendmicro.com/en_ph/research/23/j/darkgate-opens-organizations-for-attack-via-skype-teams.html
10/16/2023 • 5 minutes, 25 seconds
ISC StormCast for Friday, October 13th, 2023
SeroXen RAT in Typosquatted NuGet Packages
https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/
Hexadecimal IP Addresses
https://asec.ahnlab.com/en/57635/
Juniper Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
Unpatched Squid Vulnerabilities
https://joshua.hu/squid-security-audit-35-0days-45-exploits
BSIDES Jacksonville
https://bsidesjax.org
10/13/2023 • 6 minutes, 13 seconds
ISC StormCast for Friday, October 13th, 2023
SeroXen RAT in Typosquatted NuGet Packages
https://blog.phylum.io/phylum-discovers-seroxen-rat-in-typosquatted-nuget-package/
Hexadecimal IP Addresses
https://asec.ahnlab.com/en/57635/
Juniper Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories]
Unpatched Squid Vulnerabilities
https://joshua.hu/squid-security-audit-35-0days-45-exploits
BSIDES Jacksonville
https://bsidesjax.org
10/13/2023 • 6 minutes, 13 seconds
ISC StormCast for Thursday, October 12th, 2023
CVE-2023-22515 Activately Exploited
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
curl SOCKS5 oversized hostname vulnerability CVe-2023-38545
https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304
Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608
https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog
Google Makes Passkey the Default
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
VBScript Deprecated from Windows
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
10/12/2023 • 5 minutes, 28 seconds
ISC StormCast for Thursday, October 12th, 2023
CVE-2023-22515 Activately Exploited
https://confluence.atlassian.com/security/cve-2023-22515-privilege-escalation-vulnerability-in-confluence-data-center-and-server-1295682276.html
curl SOCKS5 oversized hostname vulnerability CVe-2023-38545
https://isc.sans.edu/diary/CVE-2023-38545%3A%20curl%20SOCKS5%20oversized%20hostname%20vulnerability.%20How%20bad%20is%20it%3F/30304
Adobe Acrobat Vulnerablity Actively Exploited CVE-2023-21608
https://www.cisa.gov/news-events/alerts/2023/10/10/cisa-adds-five-known-vulnerabilities-catalog
Google Makes Passkey the Default
https://blog.google/technology/safety-security/passkeys-default-google-accounts/
VBScript Deprecated from Windows
https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features
10/12/2023 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, October 11th, 2023
http2 rapid reset
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
microsoft patch tuesday
https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
10/11/2023 • 7 minutes, 55 seconds
ISC StormCast for Wednesday, October 11th, 2023
http2 rapid reset
https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
microsoft patch tuesday
https://isc.sans.edu/diary/October%202023%20Microsoft%20Patch%20Tuesday%20Summary/30300
10/11/2023 • 7 minutes, 55 seconds
ISC StormCast for Tuesday, October 10th, 2023
ZIP's DOSTIME and DOSDATE Formats
https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296
New Magecart Campaign Abusing 404 Pages
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Sophos Effected by Exim Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln
Turn OFF This WatchGuard Feature: GuardLapse
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
10/10/2023 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, October 10th, 2023
ZIP's DOSTIME and DOSDATE Formats
https://isc.sans.edu/diary/ZIP%27s%20DOSTIME%20%26%20DOSDATE%20Formats/30296
New Magecart Campaign Abusing 404 Pages
https://www.akamai.com/blog/security-research/magecart-new-technique-404-pages-skimmer
Sophos Effected by Exim Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20231005-exim-vuln
Turn OFF This WatchGuard Feature: GuardLapse
https://projectblack.io/blog/turn-off-this-watchguard-feature-guardlapse/
Normal Connections
https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Apple Patches
https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280
Looney Tunables Linux Privilege Escalation
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
Atlasian Confluence Server Vulnerability
https://jira.atlassian.com/browse/CONFSERVER-92475
10/5/2023 • 5 minutes, 30 seconds
ISC StormCast for Thursday, October 5th, 2023
Normal Connections
https://isc.sans.edu/diary/Whats+Normal+Connection+Sizes/30278/
Apple Patches
https://isc.sans.edu/diary/Apple%20fixes%20vulnerabilities%20in%20iOS%20and%20iPadOS./30280
Looney Tunables Linux Privilege Escalation
https://blog.qualys.com/vulnerabilities-threat-research/2023/10/03/cve-2023-4911-looney-tunables-local-privilege-escalation-in-the-glibcs-ld-so
Atlasian Confluence Server Vulnerability
https://jira.atlassian.com/browse/CONFSERVER-92475
10/5/2023 • 5 minutes, 30 seconds
ISC StormCast for Wednesday, October 4th, 2023
Are Local LLMs Useful in Incident Response?
https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274
Pytorch Vulnerability
https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
BING Reads Captchas
https://twitter.com/literallydenis/status/1708283962399846459
Evilproxy vs. Microsoft 365
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
10/4/2023 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, October 4th, 2023
Are Local LLMs Useful in Incident Response?
https://isc.sans.edu/diary/Are%20Local%20LLMs%20Useful%20in%20Incident%20Response%3F/30274
Pytorch Vulnerability
https://github.com/advisories/GHSA-4mqg-h5jf-j9m7
BING Reads Captchas
https://twitter.com/literallydenis/status/1708283962399846459
Evilproxy vs. Microsoft 365
https://www.menlosecurity.com/blog/evilproxy-phishing-attack-strikes-indeed/
10/4/2023 • 5 minutes, 36 seconds
ISC StormCast for Tuesday, October 3rd, 2023
Friendly Reminder: ZIP Metadata is Not Encrypted
https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268
EXIM New Version Released
https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Bing AI Serves Malicous Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Google Announces Robots.txt Ad-Restrictions
https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
10/3/2023 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, October 3rd, 2023
Friendly Reminder: ZIP Metadata is Not Encrypted
https://isc.sans.edu/diary/Friendly%20Reminder%3A%20ZIP%20Metadata%20is%20Not%20Encrypted/30268
EXIM New Version Released
https://www.exim.org/static/doc/security/CVE-2023-zdi.txt
Mail GPU Kernel Driver Allows Improper GPU Memory Processing Operations
https://developer.arm.com/Arm%20Security%20Center/Mali%20GPU%20Driver%20Vulnerabilities
Bing AI Serves Malicous Ads
https://www.malwarebytes.com/blog/threat-intelligence/2023/09/malicious-ad-served-inside-bing-ai-chatbot
Google Announces Robots.txt Ad-Restrictions
https://developers.google.com/search/docs/crawling-indexing/overview-google-crawlers#adsbot-mobile-web-android
10/3/2023 • 5 minutes, 41 seconds
ISC StormCast for Monday, October 2nd, 2023
Analyzing MIME Files: a Quick Tip
https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
10/2/2023 • 5 minutes, 9 seconds
ISC StormCast for Monday, October 2nd, 2023
Analyzing MIME Files: a Quick Tip
https://isc.sans.edu/diary/Analyzing%20MIME%20Files%3A%20a%20Quick%20Tip/30266
Infostealers Looking for Password Files
https://isc.sans.edu/diary/Are+You+Still+Storing+Passwords+In+Plain+Text+Files/30262/
Simple Netcat Backdoor
https://isc.sans.edu/diary/Simple+Netcat+Backdoor+in+Python+Script/30264/
EXIM Response to the ZDI Release
https://exim.org/static/doc/security/CVE-2023-zdi.txt
Exploit for WS_FTP Vulnerability
https://www.assetnote.io/resources/research/rce-in-progress-ws-ftp-ad-hoc-via-iis-http-modules-cve-2023-40044
10/2/2023 • 5 minutes, 9 seconds
ISC StormCast for Friday, September 29th, 2023
IPv4 Addresses in Little Endian Decimal Format
https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256
Chrome Update fixes 0-day Vulnerability
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Unpatched EXIM Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
WS_FTP Vulnerabilities
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
9/29/2023 • 4 minutes, 46 seconds
ISC StormCast for Friday, September 29th, 2023
IPv4 Addresses in Little Endian Decimal Format
https://isc.sans.edu/diary/IPv4%20Addresses%20in%20Little%20Endian%20Decimal%20Format/30256
Chrome Update fixes 0-day Vulnerability
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop_27.html
Unpatched EXIM Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-23-1469/
WS_FTP Vulnerabilities
https://community.progress.com/s/article/WS-FTP-Server-Critical-Vulnerability-September-2023
A new spint on the ZeroFont phishing technique
https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248
macOS Sonoma Updates
https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
9/27/2023 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, September 27th, 2023
A new spint on the ZeroFont phishing technique
https://isc.sans.edu/diary/A%20new%20spin%20on%20the%20ZeroFont%20phishing%20technique/30248
macOS Sonoma Updates
https://isc.sans.edu/diary/Apple%20Releases%20MacOS%20Sonoma%20Including%20Numerous%20Security%20Patches/30252
9/27/2023 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
NPM systeminformation flaw
https://systeminformation.io/security.html
Team City Authentication Bypass
https://twitter.com/ptswarm/status/1706223917008834748
9/26/2023 • 5 minutes, 6 seconds
ISC StormCast for Tuesday, September 26th, 2023
LuaJIT Malware
https://www.sentinelone.com/labs/sandman-apt-a-mystery-group-targeting-telcos-with-a-luajit-toolkit/
NPM systeminformation flaw
https://systeminformation.io/security.html
Team City Authentication Bypass
https://twitter.com/ptswarm/status/1706223917008834748
9/26/2023 • 5 minutes, 6 seconds
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants
https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
BSides JAX October 14th
https://www.bsidesjax.org/
tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
9/25/2023 • 7 minutes, 8 seconds
ISC StormCast for Monday, September 25th, 2023
Scanning for Laravel - a PHP Framework for Web Artisants
https://isc.sans.edu/forums/diary/Scanning%20for%20Laravel%20-%20a%20PHP%20Framework%20for%20Web%20Artisants/30242/
Fake CVE-2023-40477 Proof of Concept Leads to VenomRAT
https://unit42.paloaltonetworks.com/fake-cve-2023-40477-poc-hides-venomrat/
Unmasking a Sophistiacted Phishing Campaign That Targets Hotel Guests
https://www.akamai.com/blog/security-research/sophisticated-phishing-campaign-targeting-hospitality
BSides JAX October 14th
https://www.bsidesjax.org/
tickets: https://www.eventbrite.com/e/bsides-jacksonville-2023-registration-566463807497?aff=oddtdtcreator
9/25/2023 • 7 minutes, 8 seconds
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days
https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
9/22/2023 • 6 minutes, 3 seconds
ISC StormCast for Friday, September 22nd, 2023
Apple Patches Three 0-Days
https://isc.sans.edu/diary/Apple+Patches+Three+New+0Day+Vulnerabilities+Affecting+iOSiPadOSwatchOSmacOS/30238
WebP Vulnerability
https://blog.isosceles.com/the-webp-0day/
MOVEit Transfer Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-Service-Pack-September-2023
Improved Passkey Support in Windows 11
https://www.microsoft.com/en-us/security/blog/2023/09/21/new-microsoft-security-tools-to-protect-families-and-businesses/
Internet Wide Multi VPN Search from Single /24 Network
https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
9/19/2023 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, September 19th, 2023
Internet Wide Multi VPN Search from Single /24 Network
https://isc.sans.edu/diary/Internet%20Wide%20Multi%20VPN%20Search%20From%20Single%20%2024%20Network/30226
iOS/iPadOS/tvOS/WatchOS Updates
https://support.apple.com/en-us/HT201222
Juniper Vuln Details/Exploit CVE-2023-36845
https://vulncheck.com/blog/juniper-cve-2023-36845
9/19/2023 • 5 minutes, 26 seconds
ISC StormCast for Monday, September 18th, 2023
When MFA isn't actually MFA
https://retool.com/blog/mfa-isnt-mfa/
QNAP Patches
https://www.qnap.com/en/security-advisories?ref=security_advisory_details
Chrome able to use Apple Keychain Passkeys
https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/
Fortinet XSS
https://fortiguard.fortinet.com/psirt/FG-IR-23-106
vBulletin XSS
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
9/18/2023 • 5 minutes, 47 seconds
ISC StormCast for Monday, September 18th, 2023
When MFA isn't actually MFA
https://retool.com/blog/mfa-isnt-mfa/
QNAP Patches
https://www.qnap.com/en/security-advisories?ref=security_advisory_details
Chrome able to use Apple Keychain Passkeys
https://9to5google.com/2023/09/14/chrome-118-icloud-passkey/
Fortinet XSS
https://fortiguard.fortinet.com/psirt/FG-IR-23-106
vBulletin XSS
https://gist.github.com/GiongfNef/8fe658dce4c7fcf3a7b4e6387e50141c
9/18/2023 • 5 minutes, 47 seconds
ISC StormCast for Friday, September 15th, 2023
DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G
https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216
Uncursing the ncurses memory corruption vulnerabilities
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
Arbitrary code execution via Windows Themes (CVE-2023-38146)
https://exploits.forsale/themebleed/
3AM Ransomware used if LockBit Fails
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
9/15/2023 • 5 minutes, 37 seconds
ISC StormCast for Friday, September 15th, 2023
DShield and eqmu Sitting in a Tree: L-O-G-G-I-N-G
https://isc.sans.edu/diary/DShield%20and%20qemu%20Sitting%20in%20a%20Tree%3A%20L-O-G-G-I-N-G/30216
Uncursing the ncurses memory corruption vulnerabilities
https://www.microsoft.com/en-us/security/blog/2023/09/14/uncursing-the-ncurses-memory-corruption-vulnerabilities-found-in-library/
Arbitrary code execution via Windows Themes (CVE-2023-38146)
https://exploits.forsale/themebleed/
3AM Ransomware used if LockBit Fails
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/3am-ransomware-lockbit
9/15/2023 • 5 minutes, 37 seconds
ISC StormCast for Thursday, September 14th, 2023
Backdoored Free DownloadManager
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
9/14/2023 • 5 minutes, 42 seconds
ISC StormCast for Thursday, September 14th, 2023
Backdoored Free DownloadManager
https://securelist.com/backdoored-free-download-manager-linux-malware/110465/
Foxit PDF Reader Updates
https://www.foxit.com/support/security-bulletins.html
macOS MetaStealer: New Family of Obfuscated Go Infostealers
https://www.sentinelone.com/blog/macos-metastealer-new-family-of-obfuscated-go-infostealers-spread-in-targeted-attacks/
Windows 11 to Support Blocking SMB NTLM Hashes
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-ntlm-blocking-now-supported-in-windows-insider/ba-p/3916206
9/14/2023 • 5 minutes, 42 seconds
ISC StormCast for Wednesday, September 13th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
9/13/2023 • 5 minutes, 58 seconds
ISC StormCast for Wednesday, September 13th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20September%202023%20Patch%20Tuesday/30214
OpenSSL 1.1.1 End of Life
https://www.openssl.org/blog/blog/2023/09/11/eol-111/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
9/13/2023 • 5 minutes, 58 seconds
ISC StormCast for Tuesday, September 12th, 2023
Apple Patches Older Operating Systems
https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
9/12/2023 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, September 12th, 2023
Apple Patches Older Operating Systems
https://isc.sans.edu/diary/Apple%20fixes%200-Day%20Vulnerability%20in%20Older%20Operating%20Systems/30210
Wi-Fi Enabled Practical Keystroke Eavesdropping
https://arxiv.org/pdf/2309.03492.pdf
Phishing via Google Looker Studio
https://blog.checkpoint.com/security/phishing-via-google-looker-studio
HPE One View Authentication Bypass
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04530en_us
9/12/2023 • 5 minutes, 52 seconds
ISC StormCast for Monday, September 11th, 2023
Augmenting Honeypot Logs
https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
9/11/2023 • 6 minutes, 50 seconds
ISC StormCast for Monday, September 11th, 2023
Augmenting Honeypot Logs
https://isc.sans.edu/diary/%3FAnyone%20get%20the%20ASN%20of%20the%20Truck%20that%20Hit%20Me%3F!%3F%3A%20Creating%20a%20PowerShell%20Function%20to%20Make%203rd%20Party%20API%20Calls%20for%20Extending%20Honeypot%20Information%20%5BGuest%20Diary%5D/30204
More details about Apple 0-day
https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Remote Access VPN Unauthorized Access Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ravpn-auth-8LyfCkeC#fs
Odd Password Solution
https://notpickard.com/@rdp/111009868239846779
9/11/2023 • 6 minutes, 50 seconds
ISC StormCast for Friday, September 8th, 2023
Apple Patches 0-Days
https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
9/8/2023 • 5 minutes, 7 seconds
ISC StormCast for Friday, September 8th, 2023
Apple Patches 0-Days
https://isc.sans.edu/diary/30200
https://support.apple.com/en-us/HT201222
iOS Fleezeware/Scareware
https://isc.sans.edu/diary/Fleezeware%20Scareware%20Advertised%20via%20Facebook%20Tags%3B%20Available%20in%20Apple%20App%20Store/30198
Aruba Vulnerabilities
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-014.txt
TP Link Vulnerabilities
https://jvn.jp/en/vu/JVNVU99392903/
9/8/2023 • 5 minutes, 7 seconds
ISC StormCast for Thursday, September 7th, 2023
Security Related DNS Records
https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194
Microsoft Reveleas Details about Key Loss
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
September Android Updates
https://source.android.com/docs/security/bulletin/2023-09-01
Google Chrome Update
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Atlas VPN Tunnel Termination Vulnerability
https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
9/7/2023 • 5 minutes, 43 seconds
ISC StormCast for Thursday, September 7th, 2023
Security Related DNS Records
https://isc.sans.edu/diary/Security%20Relevant%20DNS%20Records/30194
Microsoft Reveleas Details about Key Loss
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
September Android Updates
https://source.android.com/docs/security/bulletin/2023-09-01
Google Chrome Update
https://chromereleases.googleblog.com/2023/09/stable-channel-update-for-desktop.html
Atlas VPN Tunnel Termination Vulnerability
https://www.reddit.com/r/cybersecurity/comments/167f16e/atlasvpn_linux_client_103_remote_disconnect/
9/7/2023 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, September 6th, 2023
Common Usernames Submitted to Honeypots
https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188
TPM LUKS Bypass
https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Cross Tenant Impersonation Prevention and Detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
9/6/2023 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, September 6th, 2023
Common Usernames Submitted to Honeypots
https://isc.sans.edu/diary/Common%20usernames%20submitted%20to%20honeypots/30188
TPM LUKS Bypass
https://pulsesecurity.co.nz/advisories/tpm-luks-bypass
Cross Tenant Impersonation Prevention and Detection
https://sec.okta.com/articles/2023/08/cross-tenant-impersonation-prevention-and-detection
9/6/2023 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, September 5th, 2023
What is the Origin of Passwords Submitted to Honeypots
https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186
VMware Aria Operations for Networks Hardcoded Keys 2023-34039
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
https://github.com/sinsinology/CVE-2023-34039/
Windows will Disable TLS 1.0/1.1
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
9/5/2023 • 6 minutes, 17 seconds
ISC StormCast for Tuesday, September 5th, 2023
What is the Origin of Passwords Submitted to Honeypots
https://isc.sans.edu/diary/What%20is%20the%20origin%20of%20passwords%20submitted%20to%20honeypots%3F/30182
Creating a YARA Rule to Detect Obfuscated Strings
https://isc.sans.edu/diary/Creating%20a%20YARA%20Rule%20to%20Detect%20Obfuscated%20Strings/30186
VMware Aria Operations for Networks Hardcoded Keys 2023-34039
https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-34039/
https://github.com/sinsinology/CVE-2023-34039/
Windows will Disable TLS 1.0/1.1
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center
9/5/2023 • 6 minutes, 17 seconds
ISC StormCast for Friday, September 1st, 2023
The low, low cost of (committing) cybercrime
https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/
Unpinnable Github Actions
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Exploitation of Cisco ASA SSL VPNs
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
Splunk Vulnerabilities
https://advisory.splunk.com/advisories
Top Level Domain Issues
https://blog.talosintelligence.com/whats-in-a-name/
9/1/2023 • 6 minutes, 20 seconds
ISC StormCast for Friday, September 1st, 2023
The low, low cost of (committing) cybercrime
https://isc.sans.edu/forums/diary/The%20low%2C%20low%20cost%20of%20%28committing%29%20cybercrime/30176/
Unpinnable Github Actions
https://www.paloaltonetworks.com/blog/prisma-cloud/unpinnable-actions-github-security/
Exploitation of Cisco ASA SSL VPNs
https://www.rapid7.com/blog/post/2023/08/29/under-siege-rapid7-observed-exploitation-of-cisco-asa-ssl-vpns/
Splunk Vulnerabilities
https://advisory.splunk.com/advisories
Top Level Domain Issues
https://blog.talosintelligence.com/whats-in-a-name/
9/1/2023 • 6 minutes, 20 seconds
ISC StormCast for Thursday, August 31st, 2023
Home Office/Small Business Hurricane Prep
https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166
Notepad++ Vulnerabilities
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
7-Zip Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
BGP Error Handling Issues
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
8/31/2023 • 5 minutes, 34 seconds
ISC StormCast for Thursday, August 31st, 2023
Home Office/Small Business Hurricane Prep
https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166
Notepad++ Vulnerabilities
https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/
7-Zip Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1164/
BGP Error Handling Issues
https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling
8/31/2023 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites
https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170
PDF/ActiveMime Polyglot Maldocs
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/
RocketMQ Vulnerability Exploited
https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability
ManageEngine Vulnerabilty
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
8/30/2023 • 6 minutes, 3 seconds
ISC StormCast for Wednesday, August 30th, 2023
Survival Time for Web Sites
https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170
PDF/ActiveMime Polyglot Maldocs
https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html
https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/
RocketMQ Vulnerability Exploited
https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability
ManageEngine Vulnerabilty
https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html
8/30/2023 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831)
https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164
Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847
https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Microsoft Will Enabled Extended Protection for Exchange Server by Default
https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849
Rust Malware Stages on Crates.io
https://blog.phylum.io/rust-malware-staged-on-crates-io/
SANS Community Night London Signup
https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
8/29/2023 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, August 29th, 2023
Analysis of RAR Exploit Files (CVE-2023-38831)
https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164
Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847
https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/
Microsoft Will Enabled Extended Protection for Exchange Server by Default
https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849
Rust Malware Stages on Crates.io
https://blog.phylum.io/rust-malware-staged-on-crates-io/
SANS Community Night London Signup
https://www.sans.org/mlp/community-night-cloud-security-london-september-2023
8/29/2023 • 6 minutes, 31 seconds
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications
https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158
macOS: Who is Behind This Network Connection?
https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160
CVE-2020-19909 Is Everything that is Wrong with CVEs
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Windows Certificate Confusion
https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/
NPM E-Mail Validator Package Malware
https://blog.phylum.io/npm-emails-validator-package-malware/
8/28/2023 • 6 minutes, 37 seconds
ISC StormCast for Monday, August 28th, 2023
Python Malware Using Postgresql for C2 Communications
https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158
macOS: Who is Behind This Network Connection?
https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160
CVE-2020-19909 Is Everything that is Wrong with CVEs
https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/
Windows Certificate Confusion
https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/
NPM E-Mail Validator Package Malware
https://blog.phylum.io/npm-emails-validator-package-malware/
8/28/2023 • 6 minutes, 37 seconds
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT
https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152
FBI Warns of Persistent Barracuda Backdoors
https://www.ic3.gov/Media/News/2023/230823.pdf
Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035
https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware
https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
8/25/2023 • 5 minutes, 52 seconds
ISC StormCast for Friday, August 25th, 2023
How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT
https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152
FBI Warns of Persistent Barracuda Backdoors
https://www.ic3.gov/Media/News/2023/230823.pdf
Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035
https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/
Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware
https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware
Fernet Encryption in Malware
https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/
Malware Triage With Inotify Tools
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Adobe Coldfusion Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Openfire Admin Console Vulnerability Exploited
https://vulncheck.com/blog/openfire-cve-2023-32315
XLoader Mac Malware Updates
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
8/23/2023 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, August 23rd, 2023
Fernet Encryption in Malware
https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/
Malware Triage With Inotify Tools
https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/
Adobe Coldfusion Exploited
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Openfire Admin Console Vulnerability Exploited
https://vulncheck.com/blog/openfire-cve-2023-32315
XLoader Mac Malware Updates
https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/
8/23/2023 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation
https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Exchange Server Security Update Re-Release
https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025
Ivanti Sentry Vulnerability Exploited
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
DUO Security Outage
https://status.duo.com/incidents/rw7g0q7ztj8f
mTLS Vulnerabilities
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
8/22/2023 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, August 22nd, 2023
SystemBC Scans and ProxyNation
https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138
https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware
Exchange Server Security Update Re-Release
https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025
Ivanti Sentry Vulnerability Exploited
https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US
DUO Security Outage
https://status.duo.com/incidents/rw7g0q7ztj8f
mTLS Vulnerabilities
https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/
8/22/2023 • 6 minutes, 7 seconds
ISC StormCast for Monday, August 21st, 2023
From a Zalando Phish to a RAT
https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136
RARLAB WinRAR Recovery Volume Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Hotmail SPF Record Error Leads to spam false positives
https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
Google Chrome to Warn Users of Malicious Extensions
https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
8/21/2023 • 5 minutes, 35 seconds
ISC StormCast for Monday, August 21st, 2023
From a Zalando Phish to a RAT
https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136
RARLAB WinRAR Recovery Volume Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-23-1152/
Hotmail SPF Record Error Leads to spam false positives
https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector
https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/
Google Chrome to Warn Users of Malicious Extensions
https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/
8/21/2023 • 5 minutes, 35 seconds
ISC StormCast for Friday, August 18th, 2023
Command Line Parsing - Are These Really Unique Strings?
https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126
iOS 16 Fake Airplane Mode
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
LinkedIn Attacks
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Robot Vacuum Privacy Issues
https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf
https://dontvacuum.me/
8/18/2023 • 5 minutes, 44 seconds
ISC StormCast for Friday, August 18th, 2023
Command Line Parsing - Are These Really Unique Strings?
https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126
iOS 16 Fake Airplane Mode
https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/
LinkedIn Attacks
https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/
Robot Vacuum Privacy Issues
https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf
https://dontvacuum.me/
8/18/2023 • 5 minutes, 44 seconds
ISC StormCast for Thursday, August 17th, 2023
PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks
https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
Windows Random Time Issues
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Energy Company Targeted in QR Code Campaign
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
New Citrix Scanner from Mandiant
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
8/17/2023 • 6 minutes, 40 seconds
ISC StormCast for Thursday, August 17th, 2023
PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks
https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks
Windows Random Time Issues
https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/
Energy Company Targeted in QR Code Campaign
https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/
New Citrix Scanner from Mandiant
https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner
PDFiD False Positives Revisited
https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122
CVE-2023-32019 Fix Enabled by Default;
https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
CyberPower and Dataprobe Vulnerabilities
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Ford WiFi Driver Vulnerability
https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
8/15/2023 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, August 15th, 2023
PDFiD False Positives Revisited
https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122
CVE-2023-32019 Fix Enabled by Default;
https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
CyberPower and Dataprobe Vulnerabilities
https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html
Ford WiFi Driver Vulnerability
https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F
8/15/2023 • 5 minutes, 51 seconds
ISC StormCast for Monday, August 14th, 2023
Show Me All Your Windows
https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116
Zero Touch Pwn
https://blog.syss.com/posts/zero-touch-pwn/
Maginot DNS Spoofing Attack
https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
8/14/2023 • 5 minutes, 30 seconds
ISC StormCast for Monday, August 14th, 2023
Show Me All Your Windows
https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116
Zero Touch Pwn
https://blog.syss.com/posts/zero-touch-pwn/
Maginot DNS Spoofing Attack
https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang
8/14/2023 • 5 minutes, 30 seconds
ISC StormCast for Friday, August 11th, 2023
Some things never change, such as SQL Authentication "Encryption"
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
8/11/2023 • 6 minutes, 1 second
ISC StormCast for Friday, August 11th, 2023
Some things never change, such as SQL Authentication "Encryption"
https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112
Defender Pretender: When Windows Defender Updates Become a Security Risk
https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706
Dell Compellent Hardcoded Key
https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities
Vulnerabilities in Sogou Keyboard
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
8/11/2023 • 6 minutes, 1 second
ISC StormCast for Thursday, August 10th, 2023
Tunnelcrack VPN Vulnerability
https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Mozilla VPN Vulnerablity
https://www.openwall.com/lists/oss-security/2023/08/03/1
Non English Exchange Server Patch Issues
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true
VSCode Token Security
https://cycode.com/blog/exposing-vscode-secrets/
Weekly Updates for Google Chrome
https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
8/10/2023 • 6 minutes, 14 seconds
ISC StormCast for Thursday, August 10th, 2023
Tunnelcrack VPN Vulnerability
https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf
Mozilla VPN Vulnerablity
https://www.openwall.com/lists/oss-security/2023/08/03/1
Non English Exchange Server Patch Issues
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true
VSCode Token Security
https://cycode.com/blog/exposing-vscode-secrets/
Weekly Updates for Google Chrome
https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html
8/10/2023 • 6 minutes, 14 seconds
ISC StormCast for Wednesday, August 9th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
8/9/2023 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, August 9th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
8/9/2023 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, August 8th, 2023
Update: Researchers Scanning the Internet
https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102
Malicious OpenBullet Configuration Files
https://www.kasada.io/threat-intel-openbullet-malware/
Abusing Cloudflare Tunnels
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
8/8/2023 • 6 minutes, 27 seconds
ISC StormCast for Tuesday, August 8th, 2023
Update: Researchers Scanning the Internet
https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102
Malicious OpenBullet Configuration Files
https://www.kasada.io/threat-intel-openbullet-malware/
Abusing Cloudflare Tunnels
https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/
8/8/2023 • 6 minutes, 27 seconds
ISC StormCast for Monday, August 7th, 2023
Are Leaked Credential Dumps Used by Attackers?
https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098
New PaperCut RCE Vulnerability
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/
Microsoft Publishes Token theft Playbook
https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
8/7/2023 • 5 minutes, 16 seconds
ISC StormCast for Monday, August 7th, 2023
Are Leaked Credential Dumps Used by Attackers?
https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098
New PaperCut RCE Vulnerability
https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/
Microsoft mitigates Power Platform Custom Code information disclosure vulnerability
https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/
Microsoft Publishes Token theft Playbook
https://learn.microsoft.com/en-us/security/operations/token-theft-playbook
8/7/2023 • 5 minutes, 16 seconds
ISC StormCast for Friday, August 4th, 2023
From small LNK to large malicious BAT file with zero VT score
https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094
Social Engineering via Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
Automating the Search for LOLBAS
https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/
Sneaky Versioning Used to Bypass Scanners
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt
Mitel Patches
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
8/4/2023 • 5 minutes, 35 seconds
ISC StormCast for Friday, August 4th, 2023
From small LNK to large malicious BAT file with zero VT score
https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094
Social Engineering via Microsoft Teams
https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/
Automating the Search for LOLBAS
https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/
Sneaky Versioning Used to Bypass Scanners
https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt
Mitel Patches
https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008
8/4/2023 • 5 minutes, 35 seconds
ISC StormCast for Thursday, August 3rd, 2023
Zeek and Defender Endpoint
https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088
New Ivanti MobileIron Core Vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Salesforce Phishing
https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
8/3/2023 • 6 minutes, 8 seconds
ISC StormCast for Thursday, August 3rd, 2023
Zeek and Defender Endpoint
https://isc.sans.edu/diary/Zeek%20and%20Defender%20Endpoint/30088
New Ivanti MobileIron Core Vulnerability
https://forums.ivanti.com/s/article/CVE-2023-35082-Remote-Unauthenticated-API-Access-Vulnerability-in-MobileIron-Core-11-2-and-older?language=en_US
Salesforce Phishing
https://labs.guard.io/phishforce-vulnerability-uncovered-in-salesforces-email-services-exploited-for-phishing-32024ad4b5fa
Abusing the Amazon Web Services SSM Agent as a Remote Access Trojan
https://www.mitiga.io/blog/abusing-the-amazon-web-services-ssm-agent-as-a-remote-access-trojan
8/3/2023 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, August 2nd, 2023
DNS Over HTTPS Summary
https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084
Malware Infects Airgapped Networks
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
Google Deleting Inactive Accounts
https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1
Google AMP Service Used for Phishing
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
8/2/2023 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, August 2nd, 2023
DNS Over HTTPS Summary
https://isc.sans.edu/diary/Summary%20of%20DNS%20over%20HTTPS%20requests%20against%20our%20honeypots./30084
Malware Infects Airgapped Networks
https://usa.kaspersky.com/about/press-releases/2023_kaspersky-uncovers-malware-for-targeted-data-exfiltration-from-air-gapped-environments
Google Deleting Inactive Accounts
https://support.google.com/accounts/answer/12418290?visit_id=638264210155158507-1346504535&p=inactive_account_policy_blog&rd=1
Google AMP Service Used for Phishing
https://cofense.com/blog/google-amp-the-newest-of-evasive-phishing-tactic/
8/2/2023 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, August 1st, 2023
Ivanti End Point Manager 2nd Zero Day
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
New Redis Malware Uses Unknown Initial Access Vector
https://www.cadosecurity.com/redis-p2pinfect/
https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Google Android 0-Day Summary
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
Wiping Sensitive Data from Printers
https://psirt.canon/advisory-information/cp2023-003/
8/1/2023 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, August 1st, 2023
Ivanti End Point Manager 2nd Zero Day
https://forums.ivanti.com/s/article/CVE-2023-35081-Arbitrary-File-Write?language=en_US
New Redis Malware Uses Unknown Initial Access Vector
https://www.cadosecurity.com/redis-p2pinfect/
https://unit42.paloaltonetworks.com/peer-to-peer-worm-p2pinfect/
Google Android 0-Day Summary
https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
Wiping Sensitive Data from Printers
https://psirt.canon/advisory-information/cp2023-003/
8/1/2023 • 5 minutes, 51 seconds
ISC StormCast for Monday, July 31st, 2023
USPS Phishing Scam Targeting iOS Users
https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
7/31/2023 • 5 minutes, 19 seconds
ISC StormCast for Monday, July 31st, 2023
USPS Phishing Scam Targeting iOS Users
https://isc.sans.edu/forums/diary/USPS+Phishing+Scam+Targeting+iOS+Users/30078/
Do Attackers Pay More Attention to IPv6
https://isc.sans.edu/diary/Do%20Attackers%20Pay%20More%20Attention%20to%20IPv6%3F/30076
Shell Code in Images
https://isc.sans.edu/diary/ShellCode%20Hidden%20with%20Steganography/30074
Ivanti Mobileiron Exploit Public
https://github.com/vchan-in/CVE-2023-35078-Exploit-POC/blob/main/cve_2023_35078_poc.py
7/31/2023 • 5 minutes, 19 seconds
ISC StormCast for Friday, July 28th, 2023
Ubuntu OverlayFS Vulnerability
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
CISA Warns of Insecure Direct Option Reference Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Sophos UTM Patch
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
7/28/2023 • 5 minutes, 47 seconds
ISC StormCast for Friday, July 28th, 2023
Ubuntu OverlayFS Vulnerability
https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
CISA Warns of Insecure Direct Option Reference Vulnerabilities
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-208a
Sophos UTM Patch
https://docs.sophos.com/releasenotes/index.html?productGroupID=nsg&productID=utm&versionID=9.7
Aruba Patches
https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-009.txt
7/28/2023 • 5 minutes, 47 seconds
ISC StormCast for Thursday, July 27th, 2023
Suspicious IP Addresses Avoided By Malware Samples
https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068
Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
PySecDB: Security Commit Dataset in Python
https://github.com/SunLab-GMU/PySecDB
MacOS Infostealer
https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
7/27/2023 • 5 minutes, 58 seconds
ISC StormCast for Thursday, July 27th, 2023
Suspicious IP Addresses Avoided By Malware Samples
https://isc.sans.edu/diary/Suspicious%20IP%20Addresses%20Avoided%20by%20Malware%20Samples/30068
Messaging Layer Security (MLS) Protocol
https://datatracker.ietf.org/doc/html/rfc9420
PySecDB: Security Commit Dataset in Python
https://github.com/SunLab-GMU/PySecDB
MacOS Infostealer
https://www.sentinelone.com/blog/apple-crimeware-massive-rust-infostealer-campaign-aiming-for-macos-sonoma-ahead-of-public-release/
Apple Updates
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/
https://support.apple.com/en-us/HT201222
Parsing Data with jq
https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060
TETRA Radio Backdoor
https://www.wired.com/story/tetra-radio-encryption-backdoor/
7/25/2023 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, July 25th, 2023
Apple Updates
https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20%28again%29/30062/
https://support.apple.com/en-us/HT201222
Parsing Data with jq
https://isc.sans.edu/diary/JQ%3A%20Another%20Tool%20We%20Thought%20We%20Knew/30060
TETRA Radio Backdoor
https://www.wired.com/story/tetra-radio-encryption-backdoor/
7/25/2023 • 6 minutes, 6 seconds
ISC StormCast for Monday, July 24th, 2023
Shodan's API for the (Recon) Win!
https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050
Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
https://www.theregister.com/2023/07/21/microsoft_key_skeleton/
Okta Logs Decoded
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
Threat Actors Exploiting Citrix CVE-2023-3519
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
https://github.com/securekomodo/citrixInspector
7/24/2023 • 6 minutes, 13 seconds
ISC StormCast for Monday, July 24th, 2023
Shodan's API for the (Recon) Win!
https://isc.sans.edu/diary/Shodan%27s%20API%20For%20The%20%28Recon%29%20Win!/30050
Stolen Microsoft Key May Have Opened Up a lot more than US Government E-Mail Inboxes
https://www.wiz.io/blog/storm-0558-compromised-microsoft-key-enables-authentication-of-countless-micr
https://www.theregister.com/2023/07/21/microsoft_key_skeleton/
Okta Logs Decoded
https://www.rezonate.io/blog/okta-logs-decoded-unveiling-identity-threats-through-threat-hunting/
Threat Actors Exploiting Citrix CVE-2023-3519
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-201a
https://github.com/securekomodo/citrixInspector
7/24/2023 • 6 minutes, 13 seconds
ISC StormCast for Friday, July 21st, 2023
Deobfuscation of Malware Delivered Through a .bat File
https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048
Citrix CVE-2023-3519 Indicators of Compromise
https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/
ssh-agent vulnerability
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern
https://spring.io/security/cve-2023-34034
American Megatrends (AMI) MegaRAC BMC Vulnerabilities
https://eclypsium.com/research/bmcc-lights-out-forever/
7/21/2023 • 3 minutes, 31 seconds
ISC StormCast for Friday, July 21st, 2023
Deobfuscation of Malware Delivered Through a .bat File
https://isc.sans.edu/diary/Deobfuscation%20of%20Malware%20Delivered%20Through%20a%20.bat%20File/30048
Citrix CVE-2023-3519 Indicators of Compromise
https://www.deyda.net/index.php/en/2023/07/19/checklist-for-citrix-adc-cve-2023-3519/
ssh-agent vulnerability
https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
Spring Security: WebFlux Security Bypass with Un-Prefixed Double Wildcard Pattern
https://spring.io/security/cve-2023-34034
American Megatrends (AMI) MegaRAC BMC Vulnerabilities
https://eclypsium.com/research/bmcc-lights-out-forever/
7/21/2023 • 3 minutes, 31 seconds
ISC StormCast for Thursday, July 20th, 2023
Citrix ADC Vulneraiblity CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/
HAM Radio Enigma Machine Challenge
https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2023.html
Microsoft Expanding Cloud Logging
https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
7/20/2023 • 3 minutes, 10 seconds
ISC StormCast for Thursday, July 20th, 2023
Citrix ADC Vulneraiblity CVE-2023-3519, CVE-2023-3466, CVE-2023-3467
https://isc.sans.edu/forums/diary/Citrix%20ADC%20Vulnerability%20CVE-2023-3519%2C%203466%20and%203467%20-%20Patch%20Now!/30044/
HAM Radio Enigma Machine Challenge
https://isc.sans.edu/diary/HAM%20Radio%20%2B%20Enigma%20Machine%20Challenge/30042
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2023.html
Microsoft Expanding Cloud Logging
https://www.microsoft.com/en-us/security/blog/2023/07/19/expanding-cloud-logging-to-give-customers-deeper-security-visibility/
7/20/2023 • 3 minutes, 10 seconds
ISC StormCast for Wednesday, July 19th, 2023
Exploit Attempts for "Stagil navigation for Jira Menus & Themes"
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038
Citrix Vulnerabilities
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Google Cloud Build Service Vulnerability
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
7/19/2023 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, July 19th, 2023
Exploit Attempts for "Stagil navigation for Jira Menus & Themes"
https://isc.sans.edu/diary/Exploit%20Attempts%20for%20%22Stagil%20navigation%20for%20Jira%20Menus%20%26%20Themes%22%20CVE-2023-26255%20and%20CVE-2023-26256/30038
Citrix Vulnerabilities
https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
Google Cloud Build Service Vulnerability
https://orca.security/resources/blog/bad-build-google-cloud-build-potential-supply-chain-attack-vulnerability
Microsoft Driver Certs Details
https://blog.talosintelligence.com/old-certificate-new-signature/
Threads App Lures
https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/
First Releases CVSS 4.0 Preview
https://www.first.org/cvss/
7/17/2023 • 7 minutes, 9 seconds
ISC StormCast for Monday, July 17th, 2023
Microsoft Driver Certs Details
https://blog.talosintelligence.com/old-certificate-new-signature/
Threads App Lures
https://www.helpnetsecurity.com/2023/07/14/threads-app-lure/
First Releases CVSS 4.0 Preview
https://www.first.org/cvss/
7/17/2023 • 7 minutes, 9 seconds
ISC StormCast for Friday, July 14th, 2023
DShield Honeypot Maintenance and Data Retention
https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
PoC Exploit: Fake Proof of Concept with Backdoor Malware
https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
GhostScript CVE-2023-36664 PoC Exploit
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
7/14/2023 • 5 minutes, 37 seconds
ISC StormCast for Friday, July 14th, 2023
DShield Honeypot Maintenance and Data Retention
https://isc.sans.edu/diary/DShield%20Honeypot%20Maintenance%20and%20Data%20Retention/30024
Enhanced Monitoring to Detect APT Activity Targeting Outlook Online
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-193a
PoC Exploit: Fake Proof of Concept with Backdoor Malware
https://www.uptycs.com/blog/new-poc-exploit-backdoor-malware
GhostScript CVE-2023-36664 PoC Exploit
https://www.kroll.com/en/insights/publications/cyber/ghostscript-cve-2023-36664-remote-code-execution-vulnerability
7/14/2023 • 5 minutes, 37 seconds
ISC StormCast for Thursday, July 13th, 2023
Apple Re-Releases Rapid Security Update for iOS/MacOS
https://support.apple.com/HT201224
Loader Activity For Formbook "QM18"
https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020
Adobe Patches
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
FortiOS/FortiProxy Stack Based Overflow
https://www.fortiguard.com/psirt/FG-IR-23-183
Citrix Secure Access Client for Ubuntu
https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
Sonicwall Updates
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
7/13/2023 • 6 minutes, 9 seconds
ISC StormCast for Thursday, July 13th, 2023
Apple Re-Releases Rapid Security Update for iOS/MacOS
https://support.apple.com/HT201224
Loader Activity For Formbook "QM18"
https://isc.sans.edu/diary/Loader%20activity%20for%20Formbook%20%22QM18%22/30020
Adobe Patches
https://helpx.adobe.com/security/products/coldfusion/apsb23-40.html
FortiOS/FortiProxy Stack Based Overflow
https://www.fortiguard.com/psirt/FG-IR-23-183
Citrix Secure Access Client for Ubuntu
https://support.citrix.com/article/CTX564169/citrix-secure-access-client-for-ubuntu-security-bulletin-for-cve202324492
Sonicwall Updates
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0010
7/13/2023 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, July 12th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/
https://blog.talosintelligence.com/old-certificate-new-signature/
Apple Withdraws Rapid Security Response Update
https://support.apple.com/en-us/HT213827
7/12/2023 • 6 minutes, 33 seconds
ISC StormCast for Wednesday, July 12th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/July%202023%20Microsoft%20Patch%20Update/30018/
https://blog.talosintelligence.com/old-certificate-new-signature/
Apple Withdraws Rapid Security Response Update
https://support.apple.com/en-us/HT213827
7/12/2023 • 6 minutes, 33 seconds
ISC StormCast for Tuesday, July 11th, 2023
Apple Rapid Security Update Patches Three Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012
Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/
Mozilla Restricting Extensions on Quarantined Domains
https://support.mozilla.org/en-US/kb/quarantined-domains
https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
https://lapcatsoftware.com/articles/2023/7/1.html
7/11/2023 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, July 11th, 2023
Apple Rapid Security Update Patches Three Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Rapid%20Security%20Update%20Patches%20Three%20Exploited%20Vulnerabilities/30012
Ubiquity Edgerouter and AirCube miniupnpd Heap Overflow
https://ssd-disclosure.com/ssd-advisory-edgerouters-and-aircube-miniupnpd-heap-overflow/
Mozilla Restricting Extensions on Quarantined Domains
https://support.mozilla.org/en-US/kb/quarantined-domains
https://www.mozilla.org/en-US/firefox/115.0/releasenotes/
https://lapcatsoftware.com/articles/2023/7/1.html
7/11/2023 • 5 minutes, 43 seconds
ISC StormCast for Monday, July 10th, 2023
DSSuite Didier Toolbox Cokcer Image Update
https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
7/10/2023 • 4 minutes, 16 seconds
ISC StormCast for Monday, July 10th, 2023
DSSuite Didier Toolbox Cokcer Image Update
https://isc.sans.edu/diary/DSSuite%20%28Didier%27s%20Toolbox%29%20Docker%20Image%20Update/30008
More MoveIT Flaws and new Service Pack
https://community.progress.com/s/article/MOVEit-Transfer-2020-1-Service-Pack-July-2023
Cisco Nexus 9000 Flaw
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-cloudsec-enc-Vs5Wn2sX
7/10/2023 • 4 minutes, 16 seconds
ISC StormCast for Friday, July 7th, 2023
IDS Comparisons with DShield Honeypot Data
https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002
Truebot Exploits Netwrix Auditor
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Stackrot Linux Priviledge Escalation Vulnerability
https://www.openwall.com/lists/oss-security/2023/07/05/1
TeamsPhisher Exploit
https://github.com/Octoberfest7/TeamsPhisher
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2023-0015.html
7/7/2023 • 5 minutes, 52 seconds
ISC StormCast for Friday, July 7th, 2023
IDS Comparisons with DShield Honeypot Data
https://isc.sans.edu/diary/IDS%20Comparisons%20with%20DShield%20Honeypot%20Data/30002
Truebot Exploits Netwrix Auditor
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-187a
Stackrot Linux Priviledge Escalation Vulnerability
https://www.openwall.com/lists/oss-security/2023/07/05/1
TeamsPhisher Exploit
https://github.com/Octoberfest7/TeamsPhisher
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2023-0015.html
7/7/2023 • 5 minutes, 52 seconds
ISC StormCast for Thursday, July 6th, 2023
DShield pfSense Client Update
https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
7/6/2023 • 6 minutes, 57 seconds
ISC StormCast for Thursday, July 6th, 2023
DShield pfSense Client Update
https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994
Exposed Industrial Control Systems
https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000
Analysis Method for Custom Encoding
https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946
SNAPPY: Detecting Rogue WiFi Access Points
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/
RUSTBUCKET Mac Malware
https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket
7/6/2023 • 6 minutes, 57 seconds
ISC StormCast for Friday, June 30th, 2023
GuLoader or BatLoader/Modiloader infection fro Remcos RAT
https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990
CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
Sysmon Update
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36
Drone Security and Fault Injection Attacks
https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
6/30/2023 • 6 minutes, 42 seconds
ISC StormCast for Friday, June 30th, 2023
GuLoader or BatLoader/Modiloader infection fro Remcos RAT
https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990
CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup
https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/
Sysmon Update
https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon
https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36
Drone Security and Fault Injection Attacks
https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html
6/30/2023 • 6 minutes, 42 seconds
ISC StormCast for Thursday, June 29th, 2023
Kazkhastan: The world's last SSLv2 Super Power
https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988
npm manifest issues
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
6/29/2023 • 5 minutes, 39 seconds
ISC StormCast for Thursday, June 29th, 2023
Kazkhastan: The world's last SSLv2 Super Power
https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988
npm manifest issues
https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem
Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution
https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution
6/29/2023 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, June 28th, 2023
The Importance of Malware Triage
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://dl.acm.org/doi/abs/10.1145/3579371.3589063
Dell BIOS Updates
https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability
Google Chrome Update
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
6/28/2023 • 5 minutes, 10 seconds
ISC StormCast for Wednesday, June 28th, 2023
The Importance of Malware Triage
https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/
RowPress: Amplifying Read Disturbance in Modern DRAM Chips
https://dl.acm.org/doi/abs/10.1145/3579371.3589063
Dell BIOS Updates
https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability
Google Chrome Update
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html
6/28/2023 • 5 minutes, 10 seconds
ISC StormCast for Tuesday, June 27th, 2023
BlackLotus Mitigation Guide
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
Camaro Dragon Infects USB Drives as well as Network Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Grafana Security Release
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
6/27/2023 • 5 minutes, 15 seconds
ISC StormCast for Tuesday, June 27th, 2023
BlackLotus Mitigation Guide
https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF
Camaro Dragon Infects USB Drives as well as Network Drives
https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/
Grafana Security Release
https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/
6/27/2023 • 5 minutes, 15 seconds
ISC StormCast for Monday, June 26th, 2023
Email Spam With Modiloader Attached
https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978
Word Document with an Online Attached Template
https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976
Quakbot Activity Obama271 Distrubution Tag
https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968
Microsoft Teams External Tenant Confusion
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Free Smart Watches
https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
6/26/2023 • 6 minutes, 56 seconds
ISC StormCast for Monday, June 26th, 2023
Email Spam With Modiloader Attached
https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978
Word Document with an Online Attached Template
https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976
Quakbot Activity Obama271 Distrubution Tag
https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968
Microsoft Teams External Tenant Confusion
https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/
Free Smart Watches
https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
6/26/2023 • 6 minutes, 56 seconds
ISC StormCast for Friday, June 23rd, 2023
Apple Updates Already Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972
Heap Buffer Overflow in VMWare VCenter
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
GitHub RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
6/23/2023 • 5 minutes, 26 seconds
ISC StormCast for Friday, June 23rd, 2023
Apple Updates Already Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972
Heap Buffer Overflow in VMWare VCenter
https://www.vmware.com/security/advisories/VMSA-2023-0014.html
GitHub RepoJacking
https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking
6/23/2023 • 5 minutes, 26 seconds
ISC StormCast for Thursday, June 22nd, 2023
Analyzing a YouTube Sponsorship Phishing E-Mail
https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966
Malicious Code Can Be Anywhere
https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964
Zyxel Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
Huawei Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en
Asus Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
VMWare Aria Vuln Exploited
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
6/22/2023 • 5 minutes, 41 seconds
ISC StormCast for Thursday, June 22nd, 2023
Analyzing a YouTube Sponsorship Phishing E-Mail
https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966
Malicious Code Can Be Anywhere
https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964
Zyxel Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products
Huawei Vulnerability
https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en
Asus Vulnerability
https://www.asus.com/content/asus-product-security-advisory/
VMWare Aria Vuln Exploited
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
6/22/2023 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, June 20th, 2023
Formbook From Possible ModiLoaeder (DBatLoader)
https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958
Brute-Force ZIP Password Cracking with zipdump.py
https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948
Malware Delivered Through .inf File
https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960
FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
6/20/2023 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, June 20th, 2023
Formbook From Possible ModiLoaeder (DBatLoader)
https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958
Brute-Force ZIP Password Cracking with zipdump.py
https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948
Malware Delivered Through .inf File
https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960
FortiNAC - Just a few more RCEs
https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
6/20/2023 • 5 minutes, 52 seconds
ISC StormCast for Friday, June 16th, 2023
Supervision and Verfication in Vulnerability Management
https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952
More MOVEit issues
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
Critical Citrix Sharefile Storagezones Controller
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Chromeloader Malware Update
https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/
Bignum NPM Package Compromise
https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
6/16/2023 • 5 minutes, 33 seconds
ISC StormCast for Friday, June 16th, 2023
Supervision and Verfication in Vulnerability Management
https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952
More MOVEit issues
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023
Critical Citrix Sharefile Storagezones Controller
https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489
Chromeloader Malware Update
https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/
Bignum NPM Package Compromise
https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers
6/16/2023 • 5 minutes, 33 seconds
ISC StormCast for Thursday, June 15th, 2023
Deobfuscating a VBS Script With Custom Encoding
https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940
Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann
How to Manage the Vulnerailbity Associated with CVE-2023-32019
https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
Fake Security Research GitHub Repos
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Fortigate Vuln Details
https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
6/15/2023 • 5 minutes, 56 seconds
ISC StormCast for Thursday, June 15th, 2023
Deobfuscating a VBS Script With Custom Encoding
https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940
Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures
https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann
How to Manage the Vulnerailbity Associated with CVE-2023-32019
https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080
Fake Security Research GitHub Repos
https://vulncheck.com/blog/fake-repos-deliver-malicious-implant
Fortigate Vuln Details
https://blog.lexfo.fr/xortigate-cve-2023-27997.html
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
6/15/2023 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, June 14th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/
VMWare 0-Day
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
6/14/2023 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, June 14th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/
VMWare 0-Day
https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass
https://www.vmware.com/security/advisories/VMSA-2023-0013.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
6/14/2023 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, June 13th, 2023
Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps
https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936
Fortinet Update CVE-2023-27997
https://www.fortiguard.com/psirt/FG-IR-23-097
Bitwarden Key Accessible By Low Privileged User
https://hackerone.com/reports/1874155
Western Digital SMART Flag Abuse
https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
6/13/2023 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, June 13th, 2023
Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps
https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936
Fortinet Update CVE-2023-27997
https://www.fortiguard.com/psirt/FG-IR-23-097
Bitwarden Key Accessible By Low Privileged User
https://hackerone.com/reports/1874155
Western Digital SMART Flag Abuse
https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
6/13/2023 • 5 minutes, 33 seconds
ISC StormCast for Monday, June 12th, 2023
Undetected PowerShell Backdoor Disduigsed as a Profiled File
https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930
DShield Honeypot Activity for May 2023
https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932
Second MOVEit Vulnerability
https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Fortinet Patches CVE-2023-27997
https://twitter.com/cfreal_/status/1667852157536616451
6/12/2023 • 5 minutes, 37 seconds
ISC StormCast for Monday, June 12th, 2023
Undetected PowerShell Backdoor Disduigsed as a Profiled File
https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930
DShield Honeypot Activity for May 2023
https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932
Second MOVEit Vulnerability
https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability
Fortinet Patches CVE-2023-27997
https://twitter.com/cfreal_/status/1667852157536616451
6/12/2023 • 5 minutes, 37 seconds
ISC StormCast for Friday, June 9th, 2023
Geoserver Scans
https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926
Barracuda Recommends Replacing Compromised Devices
https://www.barracuda.com/company/legal/esg-vulnerability
Google improves Chrome Password Manager
https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf
Minecraft Mods Include Malicious Code
https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/
Trend Micro Service Pack
https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
6/9/2023 • 5 minutes, 26 seconds
ISC StormCast for Friday, June 9th, 2023
Geoserver Scans
https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926
Barracuda Recommends Replacing Compromised Devices
https://www.barracuda.com/company/legal/esg-vulnerability
Google improves Chrome Password Manager
https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf
Minecraft Mods Include Malicious Code
https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/
Trend Micro Service Pack
https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html
6/9/2023 • 5 minutes, 26 seconds
ISC StormCast for Thursday, June 8th, 2023
DMARC in .co TLD
https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922
Three Vulnerabilities in VMWare Aria Operations for Networks
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
SpinOK Spyware SDK found in Android Apps
https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en
https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk
Cisco Anyconnect Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
RSA Webcast
https://www.rsaconference.com/library/webcast/149-sans-followup-2023
6/8/2023 • 5 minutes, 45 seconds
ISC StormCast for Thursday, June 8th, 2023
DMARC in .co TLD
https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922
Three Vulnerabilities in VMWare Aria Operations for Networks
https://www.vmware.com/security/advisories/VMSA-2023-0012.html
SpinOK Spyware SDK found in Android Apps
https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en
https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk
Cisco Anyconnect Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw
RSA Webcast
https://www.rsaconference.com/library/webcast/149-sans-followup-2023
6/8/2023 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, June 7th, 2023
Github Copilot vs Google: Which Code is More Secure
https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/
Android Update
https://source.android.com/docs/security/bulletin/2023-06-01
Chrome Updates
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
FBI Warns of Manipulated Photos and Videos For Sextortion
https://www.ic3.gov/Media/Y2023/PSA230605
6/7/2023 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, June 7th, 2023
Github Copilot vs Google: Which Code is More Secure
https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/
Android Update
https://source.android.com/docs/security/bulletin/2023-06-01
Chrome Updates
https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html
FBI Warns of Manipulated Photos and Videos For Sextortion
https://www.ic3.gov/Media/Y2023/PSA230605
Critical Vulnerability in MoveIT Transfer Actively Exploited
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Atomic Wallet Compromise
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
Magecart Update
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
6/5/2023 • 5 minutes, 56 seconds
ISC StormCast for Monday, June 5th, 2023
Critical Vulnerability in MoveIT Transfer Actively Exploited
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/
https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft
Atomic Wallet Compromise
https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/
Magecart Update
https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains
6/5/2023 • 5 minutes, 56 seconds
ISC StormCast for Friday, June 2nd, 2023
After 28 Years, SSLv2 is Still Not Gone
https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
6/2/2023 • 17 minutes, 9 seconds
ISC StormCast for Friday, June 2nd, 2023
After 28 Years, SSLv2 is Still Not Gone
https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/
Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware
https://securelist.com/operation-triangulation/109842/
MOVEit Transfer Criticial Vulnerability
https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023
Code Injection Vulnerablity in Reportlab Python Library
https://github.com/c53elyas/CVE-2023-33733
6/2/2023 • 17 minutes, 9 seconds
ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
6/1/2023 • 6 minutes, 51 seconds
ISC StormCast for Thursday, June 1st, 2023
Apache NiFi Attacks
https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900
Gigabyte App Center Backdoor;
https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/
Salesforce Ghost Sites
https://www.varonis.com/blog/salesforce-ghost-sites
CVE-2023-34152: Shell Command Injection in ImageMagick
https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/
6/1/2023 • 6 minutes, 51 seconds
ISC StormCast for Wednesday, May 31st, 2023
Malspam Pushes ModiLoader Infection for Remocs Rat
https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
5/31/2023 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, May 31st, 2023
Malspam Pushes ModiLoader Infection for Remocs Rat
https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896
MacOS SIP Bypass
https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/
OpenSSL Update
https://www.openssl.org/news/secadv/20230530.txt
Barracuda Email Security Gateway Applicance Vulnerability Details
https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists
Void Rabisu RomCom Backdoor
https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html
Nextcloud Vulnerability
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54
Zyxel NAS Vulnerability
https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/
Wait Just An Infosec: Higher Ed
https://www.youtube.com/watch?v=ufEuo-096yc&list=PLtgaAEEmVe6B2kqkE9KdgPJdtbqNiaiOn&index=8
5/31/2023 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, May 30th, 2023
Analyzing Office Documents Embedded Inside PowerPoint Files
https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
5/30/2023 • 5 minutes, 50 seconds
ISC StormCast for Tuesday, May 30th, 2023
Analyzing Office Documents Embedded Inside PowerPoint Files
https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894
DocuSign Themed Email Leads to Script-Based Infection
https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888
File Archiver In The Browser
https://mrd0x.com/file-archiver-in-the-browser/
Securing PyPI accounts via Two-Factor Authentication
https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/
Apache Casandra Vulnerabilities
https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5
MOXA MXsecurity Vulerabilities
https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities
More Data Enrichment for Cowrie Logs
https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
5/25/2023 • 5 minutes, 31 seconds
ISC StormCast for Thursday, May 25th, 2023
More Data Enrichment for Cowrie Logs
https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878
Volt Typhoon: Living of the Land
https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF
Android App Breaking Bad
https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/
Zyxel Updates
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls
Baracuda Email Security Gateway Vulnerability
https://status.barracuda.com/incidents/34kx82j5n4q9
Gitlab Patch
https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/
5/25/2023 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, May 24th, 2023
Apache Nifi Scans
https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
5/24/2023 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, May 24th, 2023
Apache Nifi Scans
https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/
Samsung Updates fix 0-Day
https://security.samsungmobile.com/securityUpdate.smsb
Lenovo All-In One Bricked by Windows Update
https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/
Dell VxRail Security Update
https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450
BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack
https://arxiv.org/pdf/2305.10791.pdf
Another Malicious HTA File Analysis - Part 3
https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
5/22/2023 • 5 minutes, 30 seconds
ISC StormCast for Monday, May 22nd, 2023
Another Malicious HTA File Analysis - Part 3
https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/
When the Phisher Messes Up With Encoding
https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864
PyPi Suspends New Users and Projects
https://status.python.org/incidents/qy2t9mjjcc7g
PGP Signatures on PyPi: Worse than useless
https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless
RATs found hiding in the npm attic
https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic
5/22/2023 • 5 minutes, 30 seconds
ISC StormCast for Friday, May 19th, 2023
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
5/19/2023 • 6 minutes, 51 seconds
ISC StormCast for Friday, May 19th, 2023
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860
A Quick Survey of .zip Domains
https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858
Dell NetWorker Security Update
https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt
KeePass 2.X Master Password Dumper
https://github.com/vdohney/keepass-password-dumper
5/19/2023 • 6 minutes, 51 seconds
ISC StormCast for Thursday, May 18th, 2023
Increase in Malicious RAR SFX Files
https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
5/18/2023 • 5 minutes, 47 seconds
ISC StormCast for Thursday, May 18th, 2023
Increase in Malicious RAR SFX Files
https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/
FriendlyName Buffer Overflow in Wemo Smartplug
https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/
Wago License Page Exploit
https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/
Routers Turned Into Proxies
https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/
5/18/2023 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, May 17th, 2023
Signals Defense With Faraday Bags
https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
5/17/2023 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, May 17th, 2023
Signals Defense With Faraday Bags
https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/
Microsoft Sharepoint Scans Password Protected Files
https://infosec.exchange/@threatresearch/110373860063222707#
Critical Sandbox Escape Vulnerability in VM2
https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5
Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors
https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/
5/17/2023 • 5 minutes, 36 seconds
ISC StormCast for Tuesday, May 16th, 2023
Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links
https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
5/16/2023 • 5 minutes, 19 seconds
ISC StormCast for Tuesday, May 16th, 2023
Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links
https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848
Intel Microcode Updates Do Not Patch Vulnerability
https://www.theregister.com/2023/05/15/intel_mystery_microcode/
Fake Trezor Hardware Crypto Wallet
https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/
TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited
https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild
Geolocating IPs is Harder Than You Think
https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
5/12/2023 • 6 minutes, 20 seconds
ISC StormCast for Friday, May 12th, 2023
Geolocating IPs is Harder Than You Think
https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834
Pre-Infected Mobile Phones
https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/
Dragos Breach
https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/
AndoryuBot Targets Ruckus Admin RCE Vulnerability
https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717
5/12/2023 • 6 minutes, 20 seconds
ISC StormCast for Thursday, May 11th, 2023
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2
https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828
Microsoft Patched Outlook (actually Windows) vulnerability again
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Law Enforcement and Intelligence Agencies Disable "Snake" Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Fake System Update Drop Malware
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
5/11/2023 • 5 minutes, 52 seconds
ISC StormCast for Thursday, May 11th, 2023
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2
https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828
Microsoft Patched Outlook (actually Windows) vulnerability again
https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api
Law Enforcement and Intelligence Agencies Disable "Snake" Malware
https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF
Fake System Update Drop Malware
https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader
5/11/2023 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, May 10th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826
GitHub "Push Protection" now out of Beta
https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
5/10/2023 • 5 minutes, 57 seconds
ISC StormCast for Wednesday, May 10th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826
GitHub "Push Protection" now out of Beta
https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
5/10/2023 • 5 minutes, 57 seconds
ISC StormCast for Tuesday, May 9th, 2023
QR Codes Used in Fake Parking Tickets and Surveys
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
Microsoft Edge Update
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
Facebook Sees More Fake ChatGPT
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/
CyberGhost VPN Vulnerability
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
5/9/2023 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, May 9th, 2023
QR Codes Used in Fake Parking Tickets and Surveys
https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/
Microsoft Edge Update
https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel
Facebook Sees More Fake ChatGPT
https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/
CyberGhost VPN Vulnerability
https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/
5/9/2023 • 6 minutes, 21 seconds
ISC StormCast for Monday, May 8th, 2023
Quickly Finding Encoded Payloads in Office Documents
https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1
https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/
Guildma is now Abusing Colorcpl.exe LOLBIN
https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/
Leaked MSI Keys
https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md
https://twitter.com/matrosov/status/1654560343295934464
PHP Packages Compromised
https://blog.packagist.com/packagist-org-maintainer-account-takeover/
5/8/2023 • 6 minutes, 2 seconds
ISC StormCast for Monday, May 8th, 2023
Quickly Finding Encoded Payloads in Office Documents
https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/
Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1
https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/
Guildma is now Abusing Colorcpl.exe LOLBIN
https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/
Leaked MSI Keys
https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md
https://twitter.com/matrosov/status/1654560343295934464
PHP Packages Compromised
https://blog.packagist.com/packagist-org-maintainer-account-takeover/
5/8/2023 • 6 minutes, 2 seconds
ISC StormCast for Friday, May 5th, 2023
Infostealer Embedded in a Word Document
https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810
Cisco SPA-112 Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
Fortinet May Updates
https://www.fortiguard.com/psirt?date=05-2023
PaperCut exploitation - A Different Path to Code Execution
https://vulncheck.com/blog/papercut-rce
5/5/2023 • 6 minutes
ISC StormCast for Friday, May 5th, 2023
Infostealer Embedded in a Word Document
https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810
Cisco SPA-112 Vulnerability
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW
Fortinet May Updates
https://www.fortiguard.com/psirt?date=05-2023
PaperCut exploitation - A Different Path to Code Execution
https://vulncheck.com/blog/papercut-rce
5/5/2023 • 6 minutes
ISC StormCast for Thursday, May 4th, 2023
Increased Number of Configuration File Scans
https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806
Google Enabling Passkeys
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Chrome to Drop Lock Icon from HTTPS
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Attack Against AMD TPM Implementation
https://arxiv.org/abs/2304.14717
5/4/2023 • 7 minutes, 37 seconds
ISC StormCast for Thursday, May 4th, 2023
Increased Number of Configuration File Scans
https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806
Google Enabling Passkeys
https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/
Chrome to Drop Lock Icon from HTTPS
https://blog.chromium.org/2023/05/an-update-on-lock-icon.html
Attack Against AMD TPM Implementation
https://arxiv.org/abs/2304.14717
Passive Analysis of a Phishing Attachment
https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798
Apple Rapid Security Response
https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/
Grafana Security Release
https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/
Illumina Vulnerability
https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
5/2/2023 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, May 2nd, 2023
Passive Analysis of a Phishing Attachment
https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798
Apple Rapid Security Response
https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/
Grafana Security Release
https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/
Illumina Vulnerability
https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks
5/2/2023 • 5 minutes, 40 seconds
ISC StormCast for Monday, May 1st, 2023
Quick IOC Scan With Docker
https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788
Dobfuscation Scripts When Encodings Help
https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792
Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram
https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/
Zyxel Firewall Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
5/1/2023 • 5 minutes, 26 seconds
ISC StormCast for Monday, May 1st, 2023
Quick IOC Scan With Docker
https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788
Dobfuscation Scripts When Encodings Help
https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792
Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency
https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/
Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram
https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/
Zyxel Firewall Vulnerability
https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls
5/1/2023 • 5 minutes, 26 seconds
ISC StormCast for Friday, April 28th, 2023
Ransomware Gang Exploiting Unpatches Veeam Backup Products
https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products
Google Authenticator Sync Encryption
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Keycloak Vulnerability
https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
4/28/2023 • 6 minutes, 15 seconds
ISC StormCast for Friday, April 28th, 2023
Ransomware Gang Exploiting Unpatches Veeam Backup Products
https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products
Google Authenticator Sync Encryption
https://security.googleblog.com/2023/04/google-authenticator-now-supports.html
Keycloak Vulnerability
https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true
4/28/2023 • 6 minutes, 15 seconds
ISC StormCast for Thursday, April 27th, 2023
Strolling Through Cyberspace and Hunting for Phishing Sites
https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780
RSA Panel: Five most dangerous new attack techniques
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
4/27/2023 • 5 minutes, 45 seconds
ISC StormCast for Thursday, April 27th, 2023
Strolling Through Cyberspace and Hunting for Phishing Sites
https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780
RSA Panel: Five most dangerous new attack techniques
https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques
SANS.edu Research Journal
https://www.sans.edu/cyber-security-research
4/27/2023 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, April 26th, 2023
Calculating CVSS Scores with ChatGPT
https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774
Amplifying SLP Traffic
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
Insecure Default Configuration in Apache Superset
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE;
PoC Exploit for Sophos Web Appliciance
https://github.com/W01fh4cker/CVE-2023-1671-POC
4/26/2023 • 6 minutes, 21 seconds
ISC StormCast for Wednesday, April 26th, 2023
Calculating CVSS Scores with ChatGPT
https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774
Amplifying SLP Traffic
https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp
Insecure Default Configuration in Apache Superset
https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE;
PoC Exploit for Sophos Web Appliciance
https://github.com/W01fh4cker/CVE-2023-1671-POC
4/26/2023 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, April 25th, 2023
Aukill EDR Killer Malware Abuses Process Explorer Driver
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
Papercut Vulnerability Deep Dive
https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm
Schneider Electric Update
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf
Virustotal Code Insight
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
4/25/2023 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, April 25th, 2023
Aukill EDR Killer Malware Abuses Process Explorer Driver
https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/
Papercut Vulnerability Deep Dive
https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise
Solarwinds Patches
https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm
Schneider Electric Update
https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf
Virustotal Code Insight
https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html
4/25/2023 • 6 minutes, 5 seconds
ISC StormCast for Monday, April 24th, 2023
Management of DMARC control for email impersonation fo domains in the .co TLD
https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/
X_Trader Supply Chain Attack Fallout
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Car Hacking with Old Nokia Phones
https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless
Dog Hunt Finding Decoy Dog Toolkit
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
4/24/2023 • 5 minutes, 45 seconds
ISC StormCast for Monday, April 24th, 2023
Management of DMARC control for email impersonation fo domains in the .co TLD
https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/
X_Trader Supply Chain Attack Fallout
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain
Car Hacking with Old Nokia Phones
https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless
Dog Hunt Finding Decoy Dog Toolkit
https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/
4/24/2023 • 5 minutes, 45 seconds
ISC StormCast for Friday, April 21st, 2023
Taking a Bite Out of Password Expiry Helpdesk Calls
https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758
3CX Software Supply Chain Compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Ghost Tokens
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
PyPi Trusted Publishers
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
4/21/2023 • 6 minutes, 35 seconds
ISC StormCast for Friday, April 21st, 2023
Taking a Bite Out of Password Expiry Helpdesk Calls
https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758
3CX Software Supply Chain Compromise
https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise
Google Ghost Tokens
https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/
PyPi Trusted Publishers
https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/
4/21/2023 • 6 minutes, 35 seconds
ISC StormCast for Thursday, April 20th, 2023
Yet Another Google Chrome 0-Day
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Oracle Critical Patch Update April 2023
https://www.oracle.com/security-alerts/cpuapr2023.html
Github Provenance Action for npm Packages
https://www.theregister.com/2023/04/19/github_actions_npm_origins/
Microsoft Revises Threat Actor Naming
https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
4/20/2023 • 4 minutes, 49 seconds
ISC StormCast for Thursday, April 20th, 2023
Yet Another Google Chrome 0-Day
https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html
Oracle Critical Patch Update April 2023
https://www.oracle.com/security-alerts/cpuapr2023.html
Github Provenance Action for npm Packages
https://www.theregister.com/2023/04/19/github_actions_npm_origins/
Microsoft Revises Threat Actor Naming
https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming
4/20/2023 • 4 minutes, 49 seconds
ISC StormCast for Wednesday, April 19th, 2023
UDDIs Are Back: Attackers Rediscovering Old Exploits.
https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer;
UDDIExplorer;
Russian Attacks against Routers
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Information Leakage on Discarded Routers
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
4/19/2023 • 5 minutes, 22 seconds
ISC StormCast for Wednesday, April 19th, 2023
UDDIs Are Back: Attackers Rediscovering Old Exploits.
https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer;
UDDIExplorer;
Russian Attacks against Routers
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108
Information Leakage on Discarded Routers
https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/
4/19/2023 • 5 minutes, 22 seconds
ISC StormCast for Tuesday, April 18th, 2023
The strange case of the Great Honeypot of China
https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750
The LockBit ransomware (kinda) comes for macOS
https://objective-see.org/blog/blog_0x75.html
Google Cloud Used as C&C
https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
4/18/2023 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, April 18th, 2023
The strange case of the Great Honeypot of China
https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750
The LockBit ransomware (kinda) comes for macOS
https://objective-see.org/blog/blog_0x75.html
Google Cloud Used as C&C
https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html
HTTP: What's Left of it and the OCSP Problem
https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744
NTP Vulnerability Update
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
SecurePoint UTM Vulnerability CVE-2023-22897
https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/
Google Cloud Assured Open Source Software Services
https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
4/14/2023 • 6 minutes, 29 seconds
ISC StormCast for Friday, April 14th, 2023
HTTP: What's Left of it and the OCSP Problem
https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744
NTP Vulnerability Update
https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321
SecurePoint UTM Vulnerability CVE-2023-22897
https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/
https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/
Google Cloud Assured Open Source Software Services
https://cloud.google.com/blog/products/identity-security/google-cloud-assured-open-source-software-service-now-ga
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736
Windows LAPS Available as part of Windows
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
4/12/2023 • 6 minutes, 3 seconds
ISC StormCast for Wednesday, April 12th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736
Windows LAPS Available as part of Windows
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
4/12/2023 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, April 11th, 2023
Another Malicious HTA File Analysis - Part 2
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676
Apple Updates for Older Operating Systems
https://support.apple.com/en-us/HT201222
MSI Attack May Affect BIOS Updates
https://www.msi.com/news/detail/MSI-Statement-141688
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
4/11/2023 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, April 11th, 2023
Another Malicious HTA File Analysis - Part 2
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676
Apple Updates for Older Operating Systems
https://support.apple.com/en-us/HT201222
MSI Attack May Affect BIOS Updates
https://www.msi.com/news/detail/MSI-Statement-141688
KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023
https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-2022-38023-46ea3067-3989-4d40-963c-680fd9e8ee25
4/11/2023 • 5 minutes, 39 seconds
ISC StormCast for Monday, April 10th, 2023
Detecting Suspicious API Usage with YARA Rules
https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726
VM2 Sandbox Escape
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
4/10/2023 • 6 minutes, 55 seconds
ISC StormCast for Monday, April 10th, 2023
Detecting Suspicious API Usage with YARA Rules
https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724
Apple Patching Two 0-Day Vulnerabilities in iOS and macOS
https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726
VM2 Sandbox Escape
https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv
https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d
Microsoft Netlogon: Potential Upcoming Impacts of CVE-2022-38023
https://isc.sans.edu/diary/Microsoft%20Netlogon%3A%20Potential%20Upcoming%20Impacts%20of%20CVE-2022-38023/29728
Exploration of DShield Cowrie Data with jq
https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714
NEXX Garage Door Vulnerability
https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc
OneNote Changes
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
MSFT Changes to Auto-Update
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060
NPM Spam DDoS Attacks
https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
4/6/2023 • 6 minutes, 52 seconds
ISC StormCast for Thursday, April 6th, 2023
Exploration of DShield Cowrie Data with jq
https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714
NEXX Garage Door Vulnerability
https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc
OneNote Changes
https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block
MSFT Changes to Auto-Update
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060
NPM Spam DDoS Attacks
https://www.helpnetsecurity.com/2023/04/05/flood-of-malicious-packages-results-in-npm-registry-dos/
4/6/2023 • 6 minutes, 52 seconds
ISC StormCast for Wednesday, April 5th, 2023
Analyzing the efile.com Malware
https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712
ALPHV Ransomware Targets Backup Installations
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Sophos Web Appliance Vulnerability (and EoL)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
Zimbra Exploited in Targeted Attacks
https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
4/5/2023 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, April 5th, 2023
Analyzing the efile.com Malware
https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712
ALPHV Ransomware Targets Backup Installations
https://www.mandiant.com/resources/blog/alphv-ransomware-backup
Sophos Web Appliance Vulnerability (and EoL)
https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce
Zimbra Exploited in Targeted Attacks
https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability
4/5/2023 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, April 4th, 2023
efile.com compromise
https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/
Western Digital MyCloud Breach
https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/
3CX Compromise Affected Cryptocoin Exchanges
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
4/4/2023 • 7 minutes, 46 seconds
ISC StormCast for Tuesday, April 4th, 2023
efile.com compromise
https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/
Western Digital MyCloud Breach
https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/
3CX Compromise Affected Cryptocoin Exchanges
https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/
4/4/2023 • 7 minutes, 46 seconds
ISC StormCast for Monday, April 3rd, 2023
Use of X-Frame-Options and CSP frame-ancestors security headers
https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698
oledump supporting MSI Files
https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/
3CX Update
https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
PinDuoDuo App shows anomalous behaviour
https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
4/3/2023 • 5 minutes, 57 seconds
ISC StormCast for Monday, April 3rd, 2023
Use of X-Frame-Options and CSP frame-ancestors security headers
https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698
oledump supporting MSI Files
https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/
3CX Update
https://www.3cx.com/blog/news/chrome-blocks-latest-msi/
PinDuoDuo App shows anomalous behaviour
https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html
4/3/2023 • 5 minutes, 57 seconds
ISC StormCast for Friday, March 31st, 2023
Malicious 3CX Dekstop App Update
Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY
3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/
SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html
Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Bypassing PowerShell Strong Obfuscation
https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
3/31/2023 • 6 minutes, 10 seconds
ISC StormCast for Friday, March 31st, 2023
Malicious 3CX Dekstop App Update
Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY
3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/
SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/
Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html
Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Bypassing PowerShell Strong Obfuscation
https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692
3/31/2023 • 6 minutes, 10 seconds
ISC StormCast for Thursday, March 30th, 2023
Extracting Multiple Streams From OLE Files
https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688
3CXDesktop App Compromise
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Microsoft Defender False Positives
https://twitter.com/MSFT365Status/status/1641048649525260289
https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login)
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
QNAP Patch for sudo vulnerablity
https://www.qnap.com/en/security-advisory/qsa-23-11
3/30/2023 • 5 minutes, 29 seconds
ISC StormCast for Thursday, March 30th, 2023
Extracting Multiple Streams From OLE Files
https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688
3CXDesktop App Compromise
https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/
Microsoft Defender False Positives
https://twitter.com/MSFT365Status/status/1641048649525260289
https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login)
Active Exploitation of IBM Aspera Faspex CVE-2022-47986
https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/
QNAP Patch for sudo vulnerablity
https://www.qnap.com/en/security-advisory/qsa-23-11
3/30/2023 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, March 29th, 2023
Network Data Collector Placement Makes a Difference
https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
3/29/2023 • 5 minutes, 17 seconds
ISC StormCast for Wednesday, March 29th, 2023
Network Data Collector Placement Makes a Difference
https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078
Bypassing Wi-Fi Encryption by Manipulating Transmit Queues
https://papers.mathyvanhoef.com/usenix2023-wifi.pdf
3/29/2023 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, March 28th, 2023
Another Malicious HTA File Analysis Part 1
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682
MacStealer Malware Exfiltrates Mac Secrets
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
3/28/2023 • 5 minutes, 13 seconds
ISC StormCast for Tuesday, March 28th, 2023
Another Malicious HTA File Analysis Part 1
https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674
Apple Updates Everything
https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682
MacStealer Malware Exfiltrates Mac Secrets
https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware
3/28/2023 • 5 minutes, 13 seconds
ISC StormCast for Monday, March 27th, 2023
Update for Windows Snipping Tool
https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670
GitHub Rotates SSH Keys
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
redis-py vulnerability leads to mixed up sessions, affects ChatGPT
https://openai.com/blog/march-20-chatgpt-outage
Linux Tech Tips YouTube Hack
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
CyberChef Update
https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
3/27/2023 • 4 minutes, 59 seconds
ISC StormCast for Monday, March 27th, 2023
Update for Windows Snipping Tool
https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670
GitHub Rotates SSH Keys
https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/
redis-py vulnerability leads to mixed up sessions, affects ChatGPT
https://openai.com/blog/march-20-chatgpt-outage
Linux Tech Tips YouTube Hack
https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
CyberChef Update
https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features
3/27/2023 • 4 minutes, 59 seconds
ISC StormCast for Friday, March 24th, 2023
Cropping and Redacting Images Safely
https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666
Untitled Goose Tool
https://github.com/cisagov/untitledgoosetool
Veeam Vulnerability Details
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Unicode Support in Python used to Evade Detection
https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
3/24/2023 • 5 minutes, 39 seconds
ISC StormCast for Friday, March 24th, 2023
Cropping and Redacting Images Safely
https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666
Untitled Goose Tool
https://github.com/cisagov/untitledgoosetool
Veeam Vulnerability Details
https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/
Unicode Support in Python used to Evade Detection
https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection
String Obfuscation: Character Pair Reversal
https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654
Windows 11 Snipping Tool Privacy Bug
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/
Malicious .Net Packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
Spring Framework Vulnerability
https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861
Snappy Vulnerability
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
3/22/2023 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, March 22nd, 2023
String Obfuscation: Character Pair Reversal
https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654
Windows 11 Snipping Tool Privacy Bug
https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/
Malicious .Net Packages
https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/
Spring Framework Vulnerability
https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861
Snappy Vulnerability
https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc
3/22/2023 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, March 21st, 2023
From Phishing Kit to Telegram ... or Not
https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650
Emotet uses OneNote
https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
WSUS Update
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations
DOTRUNPEX .Net Injector
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
3/21/2023 • 5 minutes, 11 seconds
ISC StormCast for Tuesday, March 21st, 2023
From Phishing Kit to Telegram ... or Not
https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650
Emotet uses OneNote
https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/
WSUS Update
https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations
DOTRUNPEX .Net Injector
https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/
3/21/2023 • 5 minutes, 11 seconds
ISC StormCast for Monday, March 20th, 2023
Old Backdoor, New Obfuscation
https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646
Samsung Exynos Chip Vulnerability
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Android Image Cropping Problem
https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1
https://acropalypse.app/
Bitwarden Pins
https://ambiso.github.io/bitwarden-pin/
3/20/2023 • 6 minutes, 47 seconds
ISC StormCast for Monday, March 20th, 2023
Old Backdoor, New Obfuscation
https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646
Samsung Exynos Chip Vulnerability
https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html
Android Image Cropping Problem
https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1
https://acropalypse.app/
Bitwarden Pins
https://ambiso.github.io/bitwarden-pin/
IPFS Phishing and the need for correctly set HTTP security headers
https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
CVE-2023-23415 ICMP RCE
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Chromium Certificate Proposals
https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
3/16/2023 • 6 minutes, 36 seconds
ISC StormCast for Thursday, March 16th, 2023
IPFS Phishing and the need for correctly set HTTP security headers
https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638
Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability
https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/
CVE-2023-23415 ICMP RCE
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415
Chromium Certificate Proposals
https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/
3/16/2023 • 6 minutes, 36 seconds
ISC StormCast for Wednesday, March 15th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634
Adobe Cold Fusion and Magento (Adobe Commerce) patches
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
3/15/2023 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, March 15th, 2023
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634
Adobe Cold Fusion and Magento (Adobe Commerce) patches
https://helpx.adobe.com/security/products/magento/apsb23-17.html
https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html
SAP Patches
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/
3/15/2023 • 6 minutes, 25 seconds
ISC StormCast for Tuesday, March 14th, 2023
SVB Scams and New Domain Registrations
https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630
CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/
FortiOS Vulnerability Exploited
https://www.fortiguard.com/psirt/FG-IR-22-369
3/14/2023 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, March 14th, 2023
SVB Scams and New Domain Registrations
https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630
CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List
https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/
FortiOS Vulnerability Exploited
https://www.fortiguard.com/psirt/FG-IR-22-369
3/14/2023 • 5 minutes, 18 seconds
ISC StormCast for Monday, March 13th, 2023
AsynRAT Trojan - Bill Payment (Pago de la factura)
https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626
Mirai Payload Generator
https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624
Multi-Technology Script Leading to Browser Hijacking
https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620
OneNote will warn users of embeded content
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277
Google Removing Chrome Cleanup Tool
https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
3/13/2023 • 5 minutes, 41 seconds
ISC StormCast for Monday, March 13th, 2023
AsynRAT Trojan - Bill Payment (Pago de la factura)
https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626
Mirai Payload Generator
https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624
Multi-Technology Script Leading to Browser Hijacking
https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620
OneNote will warn users of embeded content
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277
Google Removing Chrome Cleanup Tool
https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html
3/13/2023 • 5 minutes, 41 seconds
ISC StormCast for Friday, March 10th, 2023
Suspected Chinese Campaign to Persist on SonicWall Devices
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
Old Cyber Gang Uses New Crypted - ScrubCrypt
https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Home Assistant Supervisor Security Vulnerability
https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/
Fake ChatGPT Chrome Extensions
https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/
Criminals Steal Crytocurrency through Play-to-Earn Games
https://www.ic3.gov/Media/Y2023/PSA230309
3/10/2023 • 6 minutes, 23 seconds
ISC StormCast for Friday, March 10th, 2023
Suspected Chinese Campaign to Persist on SonicWall Devices
https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall
Old Cyber Gang Uses New Crypted - ScrubCrypt
https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt
Home Assistant Supervisor Security Vulnerability
https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/
Fake ChatGPT Chrome Extensions
https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/
Criminals Steal Crytocurrency through Play-to-Earn Games
https://www.ic3.gov/Media/Y2023/PSA230309
3/10/2023 • 6 minutes, 23 seconds
ISC StormCast for Thursday, March 9th, 2023
Increase in exploits against Joomla (CVE-2023-23752)
https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614
Jenkins RCE Vulnerability
https://blog.aquasec.com/jenkins-server-vulnerabilities
Bitwarden: The Curious Use-Case of Password Pilfering
https://flashpoint.io/blog/bitwarden-password-pilfering/
FortiOS Vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-23-001
Veeam Backup Vulnerabilities
https://www.veeam.com/kb4245
3/9/2023 • 6 minutes, 23 seconds
ISC StormCast for Thursday, March 9th, 2023
Increase in exploits against Joomla (CVE-2023-23752)
https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614
Jenkins RCE Vulnerability
https://blog.aquasec.com/jenkins-server-vulnerabilities
Bitwarden: The Curious Use-Case of Password Pilfering
https://flashpoint.io/blog/bitwarden-password-pilfering/
FortiOS Vulnerabilities
https://www.fortiguard.com/psirt/FG-IR-23-001
Veeam Backup Vulnerabilities
https://www.veeam.com/kb4245
3/9/2023 • 6 minutes, 23 seconds
ISC StormCast for Wednesday, March 8th, 2023
Hackers Love This VSCode Extension: What You Can Do to Stay Safe
https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610
Protecting Android Clipboard Content from Unintended Exposure
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
SYS01 Stealer Targeting Facebook Accounts
https://blog.morphisec.com/sys01stealer-facebook-info-stealer
3/8/2023 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, March 8th, 2023
Hackers Love This VSCode Extension: What You Can Do to Stay Safe
https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610
Protecting Android Clipboard Content from Unintended Exposure
https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/
SYS01 Stealer Targeting Facebook Accounts
https://blog.morphisec.com/sys01stealer-facebook-info-stealer
3/8/2023 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, March 7th, 2023
Scanning s3 Buckets
https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606
HiatusRAT Router Malware
https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
Windows Word RCE Proof-of-Concept
https://twitter.com/jduck/status/1632471544935923712
https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
DBatLoader and Remcos RAT
https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
3/7/2023 • 5 minutes, 6 seconds
ISC StormCast for Tuesday, March 7th, 2023
Scanning s3 Buckets
https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606
HiatusRAT Router Malware
https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/
SonicWall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004
Windows Word RCE Proof-of-Concept
https://twitter.com/jduck/status/1632471544935923712
https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md
DBatLoader and Remcos RAT
https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/
3/7/2023 • 5 minutes, 6 seconds
ISC StormCast for Monday, March 6th, 2023
SANS.edu Commencement
https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/
SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Preventing Malicious OneNote Files
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/
Redis Miner Leverages Command Line File Hosting Service
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
3/6/2023 • 5 minutes, 6 seconds
ISC StormCast for Monday, March 6th, 2023
SANS.edu Commencement
https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/
SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft
https://sysdig.com/blog/cloud-breach-terraform-data-theft/
Preventing Malicious OneNote Files
https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/
Redis Miner Leverages Command Line File Hosting Service
https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/
3/6/2023 • 5 minutes, 6 seconds
ISC StormCast for Friday, March 3rd, 2023
YARA: Detect the Unexpected
https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598
Drone Security and the Mysterious Case of DJI's DroneID
https://github.com/RUB-SysSec/DroneSecurity
Booking.com OAuth Flaw
https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline
https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
3/3/2023 • 14 minutes, 14 seconds
ISC StormCast for Friday, March 3rd, 2023
YARA: Detect the Unexpected
https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598
Drone Security and the Mysterious Case of DJI's DroneID
https://github.com/RUB-SysSec/DroneSecurity
Booking.com OAuth Flaw
https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com
SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline
https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/
BB11 Distribution Qakbot (Qbot) activity
https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592
LastPass Incident Details
https://support.lastpass.com/help/incident-1-additional-details-of-the-attack
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
CISA Red Team Shares Key Findings
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Jailbreak Chat
https://www.jailbreakchat.com
3/1/2023 • 6 minutes, 5 seconds
ISC StormCast for Wednesday, March 1st, 2023
BB11 Distribution Qakbot (Qbot) activity
https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592
LastPass Incident Details
https://support.lastpass.com/help/incident-1-additional-details-of-the-attack
https://support.lastpass.com/help/incident-2-additional-details-of-the-attack
CISA Red Team Shares Key Findings
https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a
Jailbreak Chat
https://www.jailbreakchat.com
3/1/2023 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, February 28th, 2023
Phishing Again and Again
https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588
Unlocked Phone Stealing
https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a
More Fake Authenticator Apps
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/
Zoneminder Vulnerability
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
WebLogic Exploit (not verified) CVE-2023-21839
https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
2/28/2023 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, February 28th, 2023
Phishing Again and Again
https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588
Unlocked Phone Stealing
https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a
More Fake Authenticator Apps
https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/
Zoneminder Vulnerability
https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr
WebLogic Exploit (not verified) CVE-2023-21839
https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go
2/28/2023 • 5 minutes, 17 seconds
ISC StormCast for Monday, February 27th, 2023
URL Files and WebDav used for IcedId Bockbot Infection
https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578
oledump msi file plugin
https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584
Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
2/27/2023 • 6 minutes, 24 seconds
ISC StormCast for Monday, February 27th, 2023
URL Files and WebDav used for IcedId Bockbot Infection
https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578
oledump msi file plugin
https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584
Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender
https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294
Cisco Vulnerabilities
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX
2/27/2023 • 6 minutes, 24 seconds
ISC StormCast for Friday, February 24th, 2023
Updated Exchange AV Guidance
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Best Practices for Securing Your Home Network
https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Attacks on Data Center Organizations
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
NPM Package Phishing
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
2/24/2023 • 5 minutes, 24 seconds
ISC StormCast for Friday, February 24th, 2023
Updated Exchange AV Guidance
https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464
Best Practices for Securing Your Home Network
https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF
Attacks on Data Center Organizations
https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations
NPM Package Phishing
https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/
Malicious PyPi Packages
https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi
2/24/2023 • 5 minutes, 24 seconds
ISC StormCast for Thursday, February 23rd, 2023
Internet Wide Scan Fingerprinting Confluence Servers
https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574
Apple Updates Advisories
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Questionable two-factor Apps
https://twitter.com/mysk_co/status/1627097291063435264
VMWare Carbon Black App Control Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
2/23/2023 • 5 minutes, 36 seconds
ISC StormCast for Thursday, February 23rd, 2023
Internet Wide Scan Fingerprinting Confluence Servers
https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574
Apple Updates Advisories
https://support.apple.com/en-us/HT213606
https://support.apple.com/en-us/HT213605
https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html
Questionable two-factor Apps
https://twitter.com/mysk_co/status/1627097291063435264
VMWare Carbon Black App Control Vulnerability
https://www.vmware.com/security/advisories/VMSA-2023-0004.html
2/23/2023 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, February 22nd, 2023
Phishing Page Branded with Your Corporate Website
https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Apache Commons FileUpload Vulnerability
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
VMWare Windows Server 2022 Fix
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
2/22/2023 • 4 minutes, 56 seconds
ISC StormCast for Wednesday, February 22nd, 2023
Phishing Page Branded with Your Corporate Website
https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570
Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs
https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/
Apache Commons FileUpload Vulnerability
https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy
VMWare Windows Server 2022 Fix
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues
2/22/2023 • 4 minutes, 56 seconds
ISC StormCast for Tuesday, February 21st, 2023
OneNote Suricata Rules
https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564
New IIS Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Outlook Spam
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Godaddy Breach and Website Redirects
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
2/21/2023 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, February 21st, 2023
OneNote Suricata Rules
https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564
New IIS Backdoor
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis
Outlook Spam
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/
Godaddy Breach and Website Redirects
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
2/21/2023 • 5 minutes, 46 seconds
ISC StormCast for Monday, February 20th, 2023
Phishing Emails to out Handlers Inbox
https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560
Twitter Alters 2FA
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
Fortinet Updates
https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories
https://twitter.com/Horizon3Attack/status/1626692778062237713
Cisco ClamAV Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
2/20/2023 • 5 minutes, 46 seconds
ISC StormCast for Monday, February 20th, 2023
Phishing Emails to out Handlers Inbox
https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560
Twitter Alters 2FA
https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter
Fortinet Updates
https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories
https://twitter.com/Horizon3Attack/status/1626692778062237713
Cisco ClamAV Patches
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy
2/20/2023 • 5 minutes, 46 seconds
ISC StormCast for Friday, February 17th, 2023
HTML Phishing Attachment with Browser-in-the-Browser Technique
https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556
Windows Server 2022 Might Not Start Up After Updates
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up
New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods
https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods
PHP Updates
https://www.php.net
ClamAV Patches
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
2/17/2023 • 5 minutes, 18 seconds
ISC StormCast for Friday, February 17th, 2023
HTML Phishing Attachment with Browser-in-the-Browser Technique
https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556
Windows Server 2022 Might Not Start Up After Updates
https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up
New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods
https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods
PHP Updates
https://www.php.net
ClamAV Patches
https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html
2/17/2023 • 5 minutes, 18 seconds
ISC StormCast for Thursday, February 16th, 2023
DNS Recon Redux
https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552
GitHub Copilot Update
https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Hyundai Software Update
https://www.hyundaiantitheft.com
Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
HA Proxy Patch CVE-2023-25725
https://www.mail-archive.com/[email protected]/msg43229.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
2/16/2023 • 5 minutes, 33 seconds
ISC StormCast for Thursday, February 16th, 2023
DNS Recon Redux
https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552
GitHub Copilot Update
https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/
Hyundai Software Update
https://www.hyundaiantitheft.com
Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483
https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and
HA Proxy Patch CVE-2023-25725
https://www.mail-archive.com/[email protected]/msg43229.html
Firefox Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/
2/16/2023 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, February 15th, 2023
Microsoft February 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel OpenBMC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
2/15/2023 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, February 15th, 2023
Microsoft February 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel OpenBMC Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html
Obfuscated Deactivation of Script Block Logging
https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538
PCAP Data Analysis with Zeek
https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530
Bing Chat Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
More Malicious Python Packages
https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
2/13/2023 • 5 minutes, 13 seconds
ISC StormCast for Monday, February 13th, 2023
Obfuscated Deactivation of Script Block Logging
https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538
PCAP Data Analysis with Zeek
https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530
Bing Chat Prompt Injection
https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/
More Malicious Python Packages
https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat
2/13/2023 • 5 minutes, 13 seconds
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability
https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534
KeePass Patches Issue Allowing Password Export
https://keepass.info/news/n230109_2.53.html
AWS Phishing via Google Ads
https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/
Apache Kafka Vulnerability
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
2/10/2023 • 5 minutes, 24 seconds
ISC StormCast for Friday, February 10th, 2023
A Backdoor with Smart Screenshot Capability
https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534
KeePass Patches Issue Allowing Password Export
https://keepass.info/news/n230109_2.53.html
AWS Phishing via Google Ads
https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/
Apache Kafka Vulnerability
https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz
2/10/2023 • 5 minutes, 24 seconds
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot
https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/
Recovering from ESXiArgs Ransomware
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
NIST Standardizes Lightweight Cryptography
https://csrc.nist.gov/Projects/lightweight-cryptography
Sonicwall Web Content Filtering on Windows 11 22H2
https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/
Google Chrome Release Changes
https://developer.chrome.com/blog/early-stable/
2/9/2023 • 5 minutes, 44 seconds
ISC StormCast for Thursday, February 9th, 2023
Simple HTML Phishing via Telegram Bot
https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/
Recovering from ESXiArgs Ransomware
https://www.cisa.gov/uscert/ncas/alerts/aa23-039a
NIST Standardizes Lightweight Cryptography
https://csrc.nist.gov/Projects/lightweight-cryptography
Sonicwall Web Content Filtering on Windows 11 22H2
https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/
Google Chrome Release Changes
https://developer.chrome.com/blog/early-stable/
2/9/2023 • 5 minutes, 44 seconds
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends
https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522
OpenSSL Vulnerabilities / Patches
https://www.openssl.org/news/secadv/20230207.txt
Packet Tuesday: Most Frequent DNS Query ID / DNS Notify
https://www.youtube.com/watch?v=QgCuE_zKyMY
GoAnywhere MFT Patch Available (and PoC)
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://my.goanywhere.com/webclient/Dashboard.xhtml
Qakbot Mechanizes Distribution of Malicous OneNote Notebooks
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
2/8/2023 • 6 minutes, 32 seconds
ISC StormCast for Wednesday, February 8th, 2023
A Survey of Bluetooth Vulnerabilities Trends
https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522
OpenSSL Vulnerabilities / Patches
https://www.openssl.org/news/secadv/20230207.txt
Packet Tuesday: Most Frequent DNS Query ID / DNS Notify
https://www.youtube.com/watch?v=QgCuE_zKyMY
GoAnywhere MFT Patch Available (and PoC)
https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html
https://my.goanywhere.com/webclient/Dashboard.xhtml
Qakbot Mechanizes Distribution of Malicous OneNote Notebooks
https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/
2/8/2023 • 6 minutes, 32 seconds
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams
https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518
APIs Used By Bots to Detect Public IP Addresses
https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/
OpenSSH Vulnerablity Details CVE 2023-25136
https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1
A Novel State-of-the-Art Redis Malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
2/7/2023 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, February 7th, 2023
Earthquake Scams
https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518
APIs Used By Bots to Detect Public IP Addresses
https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/
OpenSSH Vulnerablity Details CVE 2023-25136
https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1
A Novel State-of-the-Art Redis Malware
https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true
2/7/2023 • 6 minutes, 36 seconds
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox
https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510
GoAnywhere MFT zero-day Exploited
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Ransomware targeting VMware ESXi
https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/
Jira Service Managment Server and Data Center Advisory CVE-2023-22501
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html
OpenSSH Update
https://www.openssh.com/releasenotes.html
F5 BigIP Vulnerability CVE-2023-22374
https://my.f5.com/manage/s/article/K000130415
2/6/2023 • 5 minutes, 26 seconds
ISC StormCast for Monday, February 6th, 2023
Assemblyline as a Malware Analysis Sandbox
https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510
GoAnywhere MFT zero-day Exploited
https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/
Ransomware targeting VMware ESXi
https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/
Jira Service Managment Server and Data Center Advisory CVE-2023-22501
https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html
OpenSSH Update
https://www.openssh.com/releasenotes.html
F5 BigIP Vulnerability CVE-2023-22374
https://my.f5.com/manage/s/article/K000130415
2/6/2023 • 5 minutes, 26 seconds
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense
https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500
BEC Group Incorporates Secondary Impersonated Personas
https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks
MalVirt .Net Virtualization Thrives in Malvertising Attacks
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Cisco Remote Code Execution with Persistence
https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
2/3/2023 • 4 minutes, 58 seconds
ISC StormCast for Friday, February 3rd, 2023
Rotating Packet Captures with pfSense
https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500
BEC Group Incorporates Secondary Impersonated Personas
https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks
MalVirt .Net Virtualization Thrives in Malvertising Attacks
https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/
Cisco Remote Code Execution with Persistence
https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html
2/3/2023 • 4 minutes, 58 seconds
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files
https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494
Microsoft Defender Device Isolation for Linux
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400
SH1MMER Exploit for Chromebooks
https://sh1mmer.me
DOMPDF SVG Parsing Vulnerability
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
2/2/2023 • 6 minutes, 14 seconds
ISC StormCast for Thursday, February 2nd, 2023
Detecting Malicious OneNote Files
https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494
Microsoft Defender Device Isolation for Linux
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400
SH1MMER Exploit for Chromebooks
https://sh1mmer.me
DOMPDF SVG Parsing Vulnerability
https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg
2/2/2023 • 6 minutes, 14 seconds
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense
https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft's "Verified Publisher" Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
2/1/2023 • 7 minutes, 43 seconds
ISC StormCast for Wednesday, February 1st, 2023
DShield Honeypot Setup with pfSense
https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490
Threat Actors Abusing Microsoft's "Verified Publisher" Status
https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher
PoS Malware Can Block Contactless Payments
https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/
Detecting Files Exempt from Anti Malware Scans
https://github.com/bananabr/TimeException
2/1/2023 • 7 minutes, 43 seconds
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests
https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
1/31/2023 • 7 minutes, 13 seconds
ISC StormCast for Tuesday, January 31st, 2023
Decoding DNS over HTTP(s) Requests
https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488
Action Needed for GitHub Desktop and Atom Users
https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/
GitHub Checksum Mismatches for .tar.gz Files
https://github.com/orgs/community/discussions/45830
Facebook 2FA Bypass
https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c
Fortinet Exploit
https://wzt.ac.cn/2022/12/15/CVE-2022-42475/
QNAP Vulnerability
https://www.qnap.com/en/security-advisory/qsa-23-01
1/31/2023 • 7 minutes, 13 seconds
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
1/30/2023 • 5 minutes, 52 seconds
ISC StormCast for Monday, January 30th, 2023
Microsoft Tips to Patch Your Exchange Servers
https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001
FCC Treatens to Take Action Against Twilio over Robocalls
https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners
PlugX Variant Spreads via USB
https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/
Adware in Google Play Store
https://news.drweb.com/show/review/?lng=en&i=14652
Tails 5.9 Update
https://tails.boum.org/news/version_5.9/index.de.html
1/30/2023 • 5 minutes, 52 seconds
ISC StormCast for Friday, January 27th, 2023
Live Linux IR with UAC
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
1/27/2023 • 6 minutes, 15 seconds
ISC StormCast for Friday, January 27th, 2023
Live Linux IR with UAC
https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480
Bitwarden Phishing
https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704
https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/
PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets
https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/
Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin
https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin
Windows Crypto API Vuln PoC
https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689
BIND Patches
https://kb.isc.org/docs/cve-2022-3094
1/27/2023 • 6 minutes, 15 seconds
ISC StormCast for Thursday, January 26th, 2023
First Malicious OneNote Document
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
1/26/2023 • 5 minutes, 46 seconds
ISC StormCast for Thursday, January 26th, 2023
First Malicious OneNote Document
https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470
Guidance for Securing Remote Monitoring and Management Software
https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF
Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts
https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts
Microsoft Blocking XLL Files Downloaded From Internet
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485
Lexmark Vulnerablities
https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf
VMware VRealize Update
https://www.vmware.com/security/advisories/VMSA-2023-0001.html
1/26/2023 • 5 minutes, 46 seconds
ISC StormCast for Wednesday, January 25th, 2023
Apple Patch Summary
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
1/25/2023 • 6 minutes, 49 seconds
ISC StormCast for Wednesday, January 25th, 2023
Apple Patch Summary
https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/
ManageEngine News;
https://github.com/vonahisec/CVE-2022-47966-Scan
KSMBD Vulnerability
https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/
BitWarden Server Side Iterations
https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/
Packet Tuesday: Neighbor Advertisements
https://www.youtube.com/watch?v=CoaZjuuY1do
1/25/2023 • 6 minutes, 49 seconds
ISC StormCast for Tuesday, January 24th, 2023
Who's Resolving This Domain
https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
1/24/2023 • 5 minutes, 44 seconds
ISC StormCast for Tuesday, January 24th, 2023
Who's Resolving This Domain
https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
NSA IPv6 Security Guidance
https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF
Roaming Mantis Implements new DNS Changer in tis malicious mobile app
https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html
1/24/2023 • 5 minutes, 44 seconds
ISC StormCast for Monday, January 23rd, 2023
Imortance of Signing in Windows Environments
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
1/23/2023 • 6 minutes, 26 seconds
ISC StormCast for Monday, January 23rd, 2023
Imortance of Signing in Windows Environments
https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456
FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack
https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/
OneNote Documents Used to Embed Malicious Office Documents
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/
Cisco Unified Communications Manager SQL Injection
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n
Possible KeePass Vulnerability
https://twitter.com/vomanc/status/1617135599030530054
1/23/2023 • 6 minutes, 26 seconds
ISC StormCast for Friday, January 20th, 2023
SPF and DMARC use on 100k most popular domains
https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
1/20/2023 • 5 minutes, 35 seconds
ISC StormCast for Friday, January 20th, 2023
SPF and DMARC use on 100k most popular domains
https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452
Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704
https://github.com/Wh04m1001/SysmonEoP
ManageEngine CVE-2022-47966 Technical Deep Dive
https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/
Netcomm Router Vulnerablities
https://kb.cert.org/vuls/id/986018
Microsoft Pushes Outdated Office Install Check
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/
1/20/2023 • 5 minutes, 35 seconds
ISC StormCast for Thursday, January 19th, 2023
Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer
https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
1/19/2023 • 6 minutes, 19 seconds
ISC StormCast for Thursday, January 19th, 2023
Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer
https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2023.html
QT QML Vulnerability
https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/
sudo sudoedit vulnerablity
https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf
1/19/2023 • 6 minutes, 19 seconds
ISC StormCast for Wednesday, January 18th, 2023
Finding that one GPO setting in a pool of hundreds of GPOs
https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
1/18/2023 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, January 18th, 2023
Finding that one GPO setting in a pool of hundreds of GPOs
https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442
GIT Code Audit
https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/
Azure SSRF Flaws
https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/
SMB Insecure Guest Auth Off By Default In Windows 11 Pro
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014
Packet Tuesday: IPv6 Router Advertisements
https://www.youtube.com/watch?v=uRWpB_lYIZ8
1/18/2023 • 5 minutes, 50 seconds
ISC StormCast for Tuesday, January 17th, 2023
PSA: Why you must run an ad blocker when using Google
https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
1/17/2023 • 6 minutes, 17 seconds
ISC StormCast for Tuesday, January 17th, 2023
PSA: Why you must run an ad blocker when using Google
https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438
NortonLifeLock Password Manager Bruteforcing
https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de
CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup
https://seclists.org/oss-sec/2023/q1/20
MSI (in)Secure Boot
https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/
1/17/2023 • 6 minutes, 17 seconds
ISC StormCast for Monday, January 16th, 2023
Elon Musk Themed Crypto Scams Flooding YouTube Today
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
1/16/2023 • 5 minutes, 9 seconds
ISC StormCast for Monday, January 16th, 2023
Elon Musk Themed Crypto Scams Flooding YouTube Today
https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434
Microsoft Text to Speech Synthesizer
https://arxiv.org/pdf/2301.02111.pdf
Missing Windows Start Menu
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc
1/16/2023 • 5 minutes, 9 seconds
ISC StormCast for Friday, January 13th, 2023
Prowler v3: AWS & Azure security assessments
https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
1/13/2023 • 6 minutes, 59 seconds
ISC StormCast for Friday, January 13th, 2023
Prowler v3: AWS & Azure security assessments
https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430
Certified Pre-Pw0ned Android TV
https://github.com/DesktopECHO/T95-H616-Malware
Revolte Attack
https://revolte-attack.net
NGFW Data Exfiltration
https://cymulate.com/blog/data-exfiltration-firewall/
1/13/2023 • 6 minutes, 59 seconds
ISC StormCast for Thursday, January 12th, 2023
Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities
https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426
Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication
https://seclists.org/oss-sec/2023/q1/4
Cisco RV Series Vulnerabilities CVE-2023-20025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
Gootkit Abusing VLC
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
1/12/2023 • 6 minutes, 13 seconds
ISC StormCast for Thursday, January 12th, 2023
Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities
https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426
Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication
https://seclists.org/oss-sec/2023/q1/4
Cisco RV Series Vulnerabilities CVE-2023-20025
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
Gootkit Abusing VLC
https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html
1/12/2023 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, January 11th, 2023
Microsoft January 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420
Cacti Unauthenticated Remote Code Execution
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
On the Security Vulnerabilities of Text-to-SQL Models
https://arxiv.org/pdf/2211.15363.pdf
1/11/2023 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, January 11th, 2023
Microsoft January 2023 Patch Tuesday
https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420
Cacti Unauthenticated Remote Code Execution
https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/
On the Security Vulnerabilities of Text-to-SQL Models
https://arxiv.org/pdf/2211.15363.pdf
1/11/2023 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, January 10th, 2023
New Year Old Tricks: Hunting for CircleCI Configuration Files
https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416
Amazon S3 Encrypts New Objects By Default
https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/
MatrixSSL Buffer Overflow
https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Auth0 JsonWebToken Vulnerability CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
1/10/2023 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, January 10th, 2023
New Year Old Tricks: Hunting for CircleCI Configuration Files
https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416
Amazon S3 Encrypts New Objects By Default
https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/
MatrixSSL Buffer Overflow
https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29
Auth0 JsonWebToken Vulnerability CVE-2022-23529
https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/
1/10/2023 • 6 minutes, 3 seconds
ISC StormCast for Monday, January 9th, 2023
Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
Can You Trust Your VSCode Extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
A Deep Dive Into Powerat
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1/9/2023 • 5 minutes, 48 seconds
ISC StormCast for Monday, January 9th, 2023
Reversing AutoIT Scripts
https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408
Can You Trust Your VSCode Extensions
https://blog.aquasec.com/can-you-trust-your-vscode-extensions
A Deep Dive Into Powerat
https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi
1/9/2023 • 5 minutes, 48 seconds
ISC StormCast for Friday, January 6th, 2023
More Brazil Malspam Pushing Astaroth (Guildma) in January 2023
https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/
CircleCI Breach
https://circleci.com/blog/january-4-2023-security-alert/
Twitter Leak
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Slack Source Code Leak
https://slack.com/blog/news/slack-security-update
Control Web Panel Patch CVE-2022-44877
https://github.com/numanturle/CVE-2022-44877
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
1/6/2023 • 5 minutes, 52 seconds
ISC StormCast for Friday, January 6th, 2023
More Brazil Malspam Pushing Astaroth (Guildma) in January 2023
https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/
CircleCI Breach
https://circleci.com/blog/january-4-2023-security-alert/
Twitter Leak
https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/
Slack Source Code Leak
https://slack.com/blog/news/slack-security-update
Control Web Panel Patch CVE-2022-44877
https://github.com/numanturle/CVE-2022-44877
Turla: A Galaxy of Opportunity
https://www.mandiant.com/resources/blog/turla-galaxy-opportunity
1/6/2023 • 5 minutes, 52 seconds
ISC StormCast for Thursday, January 5th, 2023
Update to RTRBK - Diff and File Dates in PowerShell
https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400
Google Chrome Sunsetting Legacy Windows Support
https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en
SHC used to compile cryptominer malware
https://asec.ahnlab.com/en/45182/
ManageEngine Password Manager Pro SQL Injection
https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability
ForiADC Command Injection in Web Interface
https://www.fortiguard.com/psirt/FG-IR-22-061
Raspberry Robin Developments
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1/5/2023 • 7 minutes, 13 seconds
ISC StormCast for Thursday, January 5th, 2023
Update to RTRBK - Diff and File Dates in PowerShell
https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400
Google Chrome Sunsetting Legacy Windows Support
https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en
SHC used to compile cryptominer malware
https://asec.ahnlab.com/en/45182/
ManageEngine Password Manager Pro SQL Injection
https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability
ForiADC Command Injection in Web Interface
https://www.fortiguard.com/psirt/FG-IR-22-061
Raspberry Robin Developments
https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe
1/5/2023 • 7 minutes, 13 seconds
ISC StormCast for Wednesday, January 4th, 2023
NTP Fingerprinting
https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394
Misc Car Vulnerabilities
https://samcurry.net/web-hackers-vs-the-auto-industry/
Flipper Zero Phishing
https://twitter.com/AlvieriD/status/1609945425871609858
Trend Micro Patch
https://helpcenter.trendmicro.com/en-us/article/TMKA-11252
Packet Tuesday: IP Options
https://www.youtube.com/watch?v=HldNL3SLLwM
1/4/2023 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, January 4th, 2023
NTP Fingerprinting
https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394
Misc Car Vulnerabilities
https://samcurry.net/web-hackers-vs-the-auto-industry/
Flipper Zero Phishing
https://twitter.com/AlvieriD/status/1609945425871609858
Trend Micro Patch
https://helpcenter.trendmicro.com/en-us/article/TMKA-11252
Packet Tuesday: IP Options
https://www.youtube.com/watch?v=HldNL3SLLwM
1/4/2023 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, January 3rd, 2023
Kyverno's container image signature verification bypass
https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/
Google Smart Spaeker Vulnerability
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Verizon Decomissions 3G CDMA Network
https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service
EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations
https://arxiv.org/pdf/2212.12151.pdf
1/3/2023 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, January 3rd, 2023
Kyverno's container image signature verification bypass
https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/
Google Smart Spaeker Vulnerability
https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html
Verizon Decomissions 3G CDMA Network
https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service
EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations
https://arxiv.org/pdf/2212.12151.pdf
1/3/2023 • 5 minutes, 52 seconds
ISC StormCast for Monday, January 2nd, 2023
SPF and DMARC use on GOV domains in different ccTLDs
https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/
CVE-2022-47939 ksmbd Vulnerability
https://ubuntu.com/security/CVE-2022-47939
Netgear Vulnerabilities
https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208
PyTorch Malicious Dependency
https://pytorch.org/blog/compromised-nightly-dependency/
1/2/2023 • 6 minutes, 23 seconds
ISC StormCast for Monday, January 2nd, 2023
SPF and DMARC use on GOV domains in different ccTLDs
https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/
CVE-2022-47939 ksmbd Vulnerability
https://ubuntu.com/security/CVE-2022-47939
Netgear Vulnerabilities
https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208
PyTorch Malicious Dependency
https://pytorch.org/blog/compromised-nightly-dependency/
Quick NTP Measurement
https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368
FBI Favors Ad Blockers
https://www.ic3.gov/Media/Y2022/PSA221221
Hidden Costs of Parental Control Apps
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/
ProxyNotShell Mitigtation Bypass
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
12/22/2022 • 6 minutes
ISC StormCast for Thursday, December 22nd, 2022
Quick NTP Measurement
https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368
FBI Favors Ad Blockers
https://www.ic3.gov/Media/Y2022/PSA221221
Hidden Costs of Parental Control Apps
https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/
ProxyNotShell Mitigtation Bypass
https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/
12/22/2022 • 6 minutes
ISC StormCast for Wednesday, December 21st, 2022
Linux File System Monitoring and Actions
https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362
Feed of NTP Server IP Addresses
https://isc.sans.edu/api/threatlist/ntpservers?json
Feed of Mastodon Server IP Addresses
https://isc.sans.edu/api/threatlist/mastodon?json
Packet Tuesday TLS Server Hello
https://www.youtube.com/watch?v=2HymU4dxWEQ
Android Preparing Support for Updatable Root Certificates
https://blog.esper.io/android-14-updatable-certificates/
Elastic IP Hijacking
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Microsoft Fixes HyperV issues With Latest Patch
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
12/21/2022 • 7 minutes, 20 seconds
ISC StormCast for Wednesday, December 21st, 2022
Linux File System Monitoring and Actions
https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362
Feed of NTP Server IP Addresses
https://isc.sans.edu/api/threatlist/ntpservers?json
Feed of Mastodon Server IP Addresses
https://isc.sans.edu/api/threatlist/mastodon?json
Packet Tuesday TLS Server Hello
https://www.youtube.com/watch?v=2HymU4dxWEQ
Android Preparing Support for Updatable Root Certificates
https://blog.esper.io/android-14-updatable-certificates/
Elastic IP Hijacking
https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws
Microsoft Fixes HyperV issues With Latest Patch
https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988
12/21/2022 • 7 minutes, 20 seconds
ISC StormCast for Tuesday, December 20th, 2022
Hunting for Mastodon Servers
https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358
KB5021233 Blue Screen
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc
Edge Update will disable Internet Explorer in February
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Gatekeeper's Achilles heel: Unearthin a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Corsair Bug not causing keystroke logging
https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/
SentinelSneak: Malicious PyPi module poses as security software development kit
12/20/2022 • 6 minutes, 19 seconds
ISC StormCast for Tuesday, December 20th, 2022
Hunting for Mastodon Servers
https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358
KB5021233 Blue Screen
https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc
Edge Update will disable Internet Explorer in February
https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge
Gatekeeper's Achilles heel: Unearthin a macOS vulnerability
https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/
Corsair Bug not causing keystroke logging
https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/
SentinelSneak: Malicious PyPi module poses as security software development kit
12/20/2022 • 6 minutes, 19 seconds
ISC StormCast for Monday, December 19th, 2022
Infostealer Malware with Double Extension
https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354
Client Side Encryption For GMail
https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html
Google Releases OSV Scanner
https://github.com/google/osv-scanner/releases/tag/v1.0.1
Samba Security Patches
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Zyxel Router Buffer Overflow
https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
12/19/2022 • 6 minutes, 4 seconds
ISC StormCast for Monday, December 19th, 2022
Infostealer Malware with Double Extension
https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354
Client Side Encryption For GMail
https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html
Google Releases OSV Scanner
https://github.com/google/osv-scanner/releases/tag/v1.0.1
Samba Security Patches
https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html
Zyxel Router Buffer Overflow
https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/
12/19/2022 • 6 minutes, 4 seconds
ISC StormCast for Friday, December 16th, 2022
Google ads lead to fake software pages pushing IcedID (Bokbot)
https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344
HTML smugglers turn to SVG images
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
GitHub Improvements
https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/
NIST Retires SHA-1
https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
12/16/2022 • 6 minutes, 3 seconds
ISC StormCast for Friday, December 16th, 2022
Google ads lead to fake software pages pushing IcedID (Bokbot)
https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344
HTML smugglers turn to SVG images
https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/
GitHub Improvements
https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/
NIST Retires SHA-1
https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm
12/16/2022 • 6 minutes, 3 seconds
ISC StormCast for Thursday, December 15th, 2022
Microsoft Patch Issues:
https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318
Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
VMWare EHCI Controller Vulnerability CVE-2022-31705
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Veem Vulnerability now Exploited
https://www.veeam.com/kb4288
nuget / npm / pypi used to host phishing pages
https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
12/15/2022 • 6 minutes, 9 seconds
ISC StormCast for Thursday, December 15th, 2022
Microsoft Patch Issues:
https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45
https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318
Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism
https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/
VMWare EHCI Controller Vulnerability CVE-2022-31705
https://www.vmware.com/security/advisories/VMSA-2022-0033.html
Veem Vulnerability now Exploited
https://www.veeam.com/kb4288
nuget / npm / pypi used to host phishing pages
https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/
12/15/2022 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, December 14th, 2022
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336
Apple Patches
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338
Citrix Patches
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
12/14/2022 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, December 14th, 2022
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336
Apple Patches
https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338
Citrix Patches
https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/
12/14/2022 • 6 minutes, 28 seconds
ISC StormCast for Tuesday, December 13th, 2022
Quickie: CyberChef Sorting By String Length
https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328
FortiOS Buffer Overlow
https://www.fortiguard.com/psirt/FG-IR-22-398
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Fuzzing Ping
https://tlakh.xyz/fuzzing-ping.html
12/13/2022 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, December 13th, 2022
Quickie: CyberChef Sorting By String Length
https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328
FortiOS Buffer Overlow
https://www.fortiguard.com/psirt/FG-IR-22-398
A Custom Python Backdoor for VMWare ESXi Servers
https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers
Fuzzing Ping
https://tlakh.xyz/fuzzing-ping.html
12/13/2022 • 6 minutes, 21 seconds
ISC StormCast for Monday, December 12th, 2022
Fast Port Scanning in Powershell
https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
Bypassing WAFs with JSON
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/
PCI Secre Software Standard V 1.2
https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf
VMWare/VCenter Patches
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
12/12/2022 • 6 minutes, 42 seconds
ISC StormCast for Monday, December 12th, 2022
Fast Port Scanning in Powershell
https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324
Bypassing WAFs with JSON
https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf
Invisbile npm malware evading security checks
https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/
PCI Secre Software Standard V 1.2
https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf
VMWare/VCenter Patches
https://www.vmware.com/security/advisories/VMSA-2022-0030.html
12/12/2022 • 6 minutes, 42 seconds
ISC StormCast for Friday, December 9th, 2022
Finding Gaps in Syslog
https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Document
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermac
https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
daloRADIUS Vulnerablity CVE-2022-23475
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
12/9/2022 • 5 minutes, 43 seconds
ISC StormCast for Friday, December 9th, 2022
Finding Gaps in Syslog
https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314
Internet Explorer Vulnerabilty used in Malicious Word Document
https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/
Zombinder Obfuscation Service used by Ermac
https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html
Cisco IP Phone Vulnerability CVE-2022-20968
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U
daloRADIUS Vulnerablity CVE-2022-23475
https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
Mirai Botnet and Gafgyt DDoS Team Up
https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday;
Packet Tuesday Episode 4: TLS Client Hello
https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL
Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
Fake D-Link Vulnerability used by Moobot
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
Android Patches CVE-2022-20411
https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
12/7/2022 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, December 7th, 2022
Mirai Botnet and Gafgyt DDoS Team Up
https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday;
Packet Tuesday Episode 4: TLS Client Hello
https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL
Defcon Skimming: A new batch of Web Skimming attacks
https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks
Fake D-Link Vulnerability used by Moobot
https://vulncheck.com/blog/moobot-uses-fake-vulnerability
Android Patches CVE-2022-20411
https://source.android.com/docs/security/bulletin/2022-12-01?hl=en
12/7/2022 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, December 6th, 2022
VLCs Check For Updates No Updates
https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300
AMI MegaRAC Baseboard Managment Controller Vulnerabilities
https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Netgear IPv6 Firewall Misconfiguration
https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6
Veritas NetBackup Patch
https://www.veritas.com/content/support/en_US/security/VTS22-019
12/6/2022 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, December 6th, 2022
VLCs Check For Updates No Updates
https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300
AMI MegaRAC Baseboard Managment Controller Vulnerabilities
https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/
Netgear IPv6 Firewall Misconfiguration
https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6
Veritas NetBackup Patch
https://www.veritas.com/content/support/en_US/security/VTS22-019
12/6/2022 • 5 minutes, 46 seconds
ISC StormCast for Monday, December 5th, 2022
QBot Update
https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/
Living of the Land: Unix tools in Windows
https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296
https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/
CVE-2022-44721 Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
Android Platform Key Leak
https://twitter.com/MishaalRahman/status/1598426974594433025
GitHub Pipeline Vulnerability
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
12/5/2022 • 9 minutes, 2 seconds
ISC StormCast for Monday, December 5th, 2022
QBot Update
https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/
Living of the Land: Unix tools in Windows
https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296
https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/
CVE-2022-44721 Crowdstrike Falcon Uninstaller
https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller
Android Platform Key Leak
https://twitter.com/MishaalRahman/status/1598426974594433025
GitHub Pipeline Vulnerability
https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust
What is the deal wtih these router vulnerabilities
https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/
Apple Updates
https://support.apple.com/en-us/HT201222
VLC Media Player Updates CVE-2022-41325
https://www.videolan.org/security/sb-vlc3018.html
VIN used to authenticate to Sirius XM Connected Vehicle Services
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
12/1/2022 • 5 minutes, 42 seconds
ISC StormCast for Thursday, December 1st, 2022
What is the deal wtih these router vulnerabilities
https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/
Apple Updates
https://support.apple.com/en-us/HT201222
VLC Media Player Updates CVE-2022-41325
https://www.videolan.org/security/sb-vlc3018.html
VIN used to authenticate to Sirius XM Connected Vehicle Services
https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
12/1/2022 • 5 minutes, 42 seconds
ISC StormCast for Wednesday, November 30th, 2022
LinkedIn Bots
https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282
Oracle Fusion Middle Ware Exploited CVE-2021-35587
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Windows IKE Flaw Exploited CVE-2022-34721
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/
Anker Eufy Cameras Sending Images to Cloud even if asked not to
https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
Packet Tuesday
https://packettuesday.com
SANS Holiday Hack Challenge Sign Up
https://www.sans.org/mlp/holiday-hack-challenge/
11/30/2022 • 6 minutes, 46 seconds
ISC StormCast for Wednesday, November 30th, 2022
LinkedIn Bots
https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282
Oracle Fusion Middle Ware Exploited CVE-2021-35587
https://www.cisa.gov/known-exploited-vulnerabilities-catalog
Windows IKE Flaw Exploited CVE-2022-34721
https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/
Anker Eufy Cameras Sending Images to Cloud even if asked not to
https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/
Packet Tuesday
https://packettuesday.com
SANS Holiday Hack Challenge Sign Up
https://www.sans.org/mlp/holiday-hack-challenge/
11/30/2022 • 6 minutes, 46 seconds
ISC StormCast for Tuesday, November 29th, 2022
Ukraine Themed Twitter Spam Pushing iOS Scareware
https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276
Google Maps Privacy Issues
https://garrit.xyz/posts/2022-11-24-smart-move-google
ACER UEFI BIOS Vulnerabilities
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings
OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
11/29/2022 • 7 minutes, 4 seconds
ISC StormCast for Tuesday, November 29th, 2022
Ukraine Themed Twitter Spam Pushing iOS Scareware
https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276
Google Maps Privacy Issues
https://garrit.xyz/posts/2022-11-24-smart-move-google
ACER UEFI BIOS Vulnerabilities
https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings
OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs
https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html
11/29/2022 • 7 minutes, 4 seconds
ISC StormCast for Monday, November 28th, 2022
Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines
https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266
Attackers Keep Phishing Victms Under Stress
https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270
Vulnerable SDK components lead to supply chian risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Google Chrome Patches 0-Day
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
11/28/2022 • 7 minutes
ISC StormCast for Monday, November 28th, 2022
Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines
https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266
Attackers Keep Phishing Victms Under Stress
https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270
Vulnerable SDK components lead to supply chian risks in IoT and OT environments
https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/
Google Chrome Patches 0-Day
https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html
Hacking Smartwatches for Spear Phishing
https://cybervelia.com/?p=1380
11/28/2022 • 7 minutes
ISC StormCast for Friday, November 18th, 2022
Lessons Learned from Automatic Failover
https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260
Bitbucket Server and Data Center Vulnerability
https://jira.atlassian.com/browse/BSERV-13522
Amazon RDS Snapshot Leaks
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
Adobe Commerce merchants to be hit with TrojanOrders this season
https://sansec.io/research/trojanorder-magento
SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza
https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
11/18/2022 • 14 minutes, 5 seconds
ISC StormCast for Friday, November 18th, 2022
Lessons Learned from Automatic Failover
https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260
Bitbucket Server and Data Center Vulnerability
https://jira.atlassian.com/browse/BSERV-13522
Amazon RDS Snapshot Leaks
https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots
Adobe Commerce merchants to be hit with TrojanOrders this season
https://sansec.io/research/trojanorder-magento
SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza
https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/
11/18/2022 • 14 minutes, 5 seconds
ISC StormCast for Thursday, November 17th, 2022
Evil Maid Attacks - Remediation for the Cheap
https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256
F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details
https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899
https://github.com/0x36/weightBufs/
Disneyland Malware Team: It's a Puny World After All
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
11/17/2022 • 6 minutes, 34 seconds
ISC StormCast for Thursday, November 17th, 2022
Evil Maid Attacks - Remediation for the Cheap
https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256
F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details
https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/
Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899
https://github.com/0x36/weightBufs/
Disneyland Malware Team: It's a Puny World After All
https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870
11/17/2022 • 6 minutes, 34 seconds
ISC StormCast for Wednesday, November 16th, 2022
Packet Tuesday
https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
11/16/2022 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, November 16th, 2022
Packet Tuesday
https://packettuesday.com
Stealing Passwords From Infosec Mastodon - Without Bypassing CSP
https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp
SQLi and Access Flaws in Zendesk
https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws
Electric Vehicle Charging Infrastructure
https://newsreleases.sandia.gov/ev_security/
11/16/2022 • 5 minutes, 24 seconds
ISC StormCast for Tuesday, November 15th, 2022
Extracting "HTTP CONNECT" Requests with Python
https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246
Windows Kerberos Authentication Breaks After November Updates
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc
Cookies for MFA Bypass Gain Traction Among Cyberattackers
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
11/15/2022 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, November 15th, 2022
Extracting "HTTP CONNECT" Requests with Python
https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246
Windows Kerberos Authentication Breaks After November Updates
https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/
https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc
Cookies for MFA Bypass Gain Traction Among Cyberattackers
https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers
11/15/2022 • 5 minutes, 26 seconds
ISC StormCast for Monday, November 14th, 2022
Extracting Information From "logfmt" Files with CyberChef
https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244
Soccer Worldcup Risks
https://www.theregister.com/2022/11/11/world_cup_security/
https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/
Mysterious Company With Government Ties Plays Key Internet Role
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Extortion Scams Hit Website Owners
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
11/14/2022 • 6 minutes, 5 seconds
ISC StormCast for Monday, November 14th, 2022
Extracting Information From "logfmt" Files with CyberChef
https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244
Soccer Worldcup Risks
https://www.theregister.com/2022/11/11/world_cup_security/
https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/
Mysterious Company With Government Ties Plays Key Internet Role
https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/
Extortion Scams Hit Website Owners
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/
11/14/2022 • 6 minutes, 5 seconds
ISC StormCast for Friday, November 11th, 2022
Do you collect "Observables" or "IOCs"
https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238
Android Update fixes Lock Screen Bypass
https://source.android.com/docs/security/bulletin/2022-11-01
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
libxml Vulnerability Details
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
CVE-2022-45063: xterm remote code execution vulnerability
https://www.openwall.com/lists/oss-security/2022/11/10/1
11/11/2022 • 6 minutes, 49 seconds
ISC StormCast for Friday, November 11th, 2022
Do you collect "Observables" or "IOCs"
https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238
Android Update fixes Lock Screen Bypass
https://source.android.com/docs/security/bulletin/2022-11-01
https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/
libxml Vulnerability Details
https://gitlab.gnome.org/GNOME/libxml2/-/issues/381
CVE-2022-45063: xterm remote code execution vulnerability
https://www.openwall.com/lists/oss-security/2022/11/10/1
11/11/2022 • 6 minutes, 49 seconds
ISC StormCast for Thursday, November 10th, 2022
Another Script-Based Ransomware
https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234
Apple Security Updates
https://support.apple.com/en-us/HT201222
Lenovo UEFI Patch
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
FoxIT Update
https://www.foxit.com/support/security-bulletins.html
SAP Update
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
11/10/2022 • 5 minutes, 14 seconds
ISC StormCast for Thursday, November 10th, 2022
Another Script-Based Ransomware
https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234
Apple Security Updates
https://support.apple.com/en-us/HT201222
Lenovo UEFI Patch
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
FoxIT Update
https://www.foxit.com/support/security-bulletins.html
SAP Update
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
11/10/2022 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, November 9th, 2022
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230
VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688
https://www.vmware.com/security/advisories/VMSA-2022-0028.html
Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Microsoft Exchange Updates
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
11/9/2022 • 7 minutes, 29 seconds
ISC StormCast for Wednesday, November 9th, 2022
Microsoft Patches
https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230
VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688
https://www.vmware.com/security/advisories/VMSA-2022-0028.html
Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510
https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516
Microsoft Exchange Updates
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045
11/9/2022 • 7 minutes, 29 seconds
ISC StormCast for Tuesday, November 8th, 2022
IPv4 Address Representations
https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224
Azure AD Certificate-based Authentication (CBA) on Mobile
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672
Twitter Scams
https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/
Facebook Personal Information Removal
https://www.facebook.com/contacts/removal
RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic
https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
11/8/2022 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, November 8th, 2022
IPv4 Address Representations
https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224
Azure AD Certificate-based Authentication (CBA) on Mobile
https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672
Twitter Scams
https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/
Facebook Personal Information Removal
https://www.facebook.com/contacts/removal
RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic
https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security
11/8/2022 • 6 minutes, 3 seconds
ISC StormCast for Monday, November 7th, 2022
Remcos Downloader With Unicode Obfuscation
https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220
Windows Malware With VHD Extension
https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222
PyPi Packages Attempting to Deliver w4sp Stealer
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
11/7/2022 • 5 minutes, 34 seconds
ISC StormCast for Monday, November 7th, 2022
Remcos Downloader With Unicode Obfuscation
https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220
Windows Malware With VHD Extension
https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222
PyPi Packages Attempting to Deliver w4sp Stealer
https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
11/7/2022 • 5 minutes, 34 seconds
ISC StormCast for Friday, November 4th, 2022
Breakpoints in Burp
https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/
TA569 Supply Chain Attack Injects JavaScript
https://twitter.com/threatinsight/status/1587865920130752515
https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites
Link to old story similar to the above JavaScript injection
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Hitachi Infrastructure Analytics Advisor
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html
FortiNet Patches
https://fortiguard.fortinet.com/psirt?date=11-2022
Nessus Patches
https://www.tenable.com/security/tns-2022-24
11/4/2022 • 6 minutes, 57 seconds
ISC StormCast for Friday, November 4th, 2022
Breakpoints in Burp
https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/
TA569 Supply Chain Attack Injects JavaScript
https://twitter.com/threatinsight/status/1587865920130752515
https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites
Link to old story similar to the above JavaScript injection
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Hitachi Infrastructure Analytics Advisor
https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html
FortiNet Patches
https://fortiguard.fortinet.com/psirt?date=11-2022
Nessus Patches
https://www.tenable.com/security/tns-2022-24
11/4/2022 • 6 minutes, 57 seconds
ISC StormCast for Thursday, November 3rd, 2022
Who Put the "Dark" in DarkVNC?
https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210
sigstore General Availability
https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/
https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/
URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data
https://positive.security/blog/urlscan-data-leaks
Checkmk: Remote Code Execution by Chaining Multiple Bugs
https://blog.sonarsource.com/checkmk-rce-chain-1/
11/3/2022 • 6 minutes, 12 seconds
ISC StormCast for Thursday, November 3rd, 2022
Who Put the "Dark" in DarkVNC?
https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210
sigstore General Availability
https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/
https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/
URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data
https://positive.security/blog/urlscan-data-leaks
Checkmk: Remote Code Execution by Chaining Multiple Bugs
https://blog.sonarsource.com/checkmk-rce-chain-1/
NMAP without NMAP - Port Testing and Scanning with PowerShell
https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202
ConnectWise Recover and R1Soft Server Backup Critical Vulnerability
https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
LODEINFO 2022 Abusing Security Software
https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/
Spring Security Vulnerability
https://tanzu.vmware.com/security/cve-2022-31692
11/1/2022 • 6 minutes, 25 seconds
ISC StormCast for Tuesday, November 1st, 2022
NMAP without NMAP - Port Testing and Scanning with PowerShell
https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202
ConnectWise Recover and R1Soft Server Backup Critical Vulnerability
https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html
LODEINFO 2022 Abusing Security Software
https://securelist.com/apt10-tracking-down-lodeinfo-2022-part-i/107742/
Spring Security Vulnerability
https://tanzu.vmware.com/security/cve-2022-31692
11/1/2022 • 6 minutes, 25 seconds
ISC StormCast for Monday, October 31st, 2022
Supersizing you DUO and 365 Integration
https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/
TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis
https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Juniper SSLVON / JunOS RCE Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
Raspberry Robin Update
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
10/31/2022 • 5 minutes, 57 seconds
ISC StormCast for Monday, October 31st, 2022
Supersizing you DUO and 365 Integration
https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/
TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis
https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf
Juniper SSLVON / JunOS RCE Vulnerabilities
https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/
Raspberry Robin Update
https://www.microsoft.com/en-us/security/blog/2022/10/27/raspberry-robin-worm-part-of-larger-ecosystem-facilitating-pre-ransomware-activity/
10/31/2022 • 5 minutes, 57 seconds
ISC StormCast for Friday, October 28th, 2022
Upcoming Critical OpenSSL Vulnerability: What will be Affected?
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
10/28/2022 • 5 minutes, 57 seconds
ISC StormCast for Friday, October 28th, 2022
Upcoming Critical OpenSSL Vulnerability: What will be Affected?
https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192
Apple Updates
https://support.apple.com/en-us/HT201222
Fodcha Botnet Reaches 1Tbps
https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/
https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
10/28/2022 • 5 minutes, 57 seconds
ISC StormCast for Thursday, October 27th, 2022
Why is My Cat Using Baidu And Other IoT DNS Oddities
https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
10/27/2022 • 6 minutes, 12 seconds
ISC StormCast for Thursday, October 27th, 2022
Why is My Cat Using Baidu And Other IoT DNS Oddities
https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188
OpenSSL Critical Flaw to Be Patched
https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html
MacOS Ventura Blocks Security Tools
https://www.wired.com/story/apple-macos-ventura-bug-security-tools/
Critical VMWare Security Tools
https://www.vmware.com/security/advisories/VMSA-2022-0027.html
10/27/2022 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, October 26th, 2022
Massing Cryptomining Operation via Github Actions
https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
10/26/2022 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, October 26th, 2022
Massing Cryptomining Operation via Github Actions
https://sysdig.com/blog/massive-cryptomining-operation-github-actions/
Daixin Team Ransomware Targeting Healthcare Providers
https://www.ic3.gov/Media/News/2022/221021.pdf
Cisco Anyconnect Client Exploited in the Wild
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj
SQLite Vulnerability Details
https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/
10/26/2022 • 5 minutes, 53 seconds
ISC StormCast for Tuesday, October 25th, 2022
C2 Communications Through Outlook.com
https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
10/25/2022 • 6 minutes, 20 seconds
ISC StormCast for Tuesday, October 25th, 2022
C2 Communications Through Outlook.com
https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180
Apple Patches Everything October 2022 Edition
https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/
Cisco ISE Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM
Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed
https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849
10/25/2022 • 6 minutes, 20 seconds
ISC StormCast for Monday, October 24th, 2022
Sczriptzzbn Inject Pushes Malware for NetSupport RAT
https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
10/24/2022 • 6 minutes, 47 seconds
ISC StormCast for Monday, October 24th, 2022
Sczriptzzbn Inject Pushes Malware for NetSupport RAT
https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/
rtfdump find options
https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174
Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings
https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/
A study of malicious CVE proof of concept exploits in GitHub
https://arxiv.org/pdf/2210.08374.pdf
F5 Patches
https://support.f5.com/csp/article/K11830089
https://support.f5.com/csp/article/K30425568
Synology Updates
https://www.synology.com/en-global/security/advisory/Synology_SA_22_17
10/24/2022 • 6 minutes, 47 seconds
ISC StormCast for Friday, October 21st, 2022
Forensic Value of Prefetch
https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
10/21/2022 • 5 minutes, 54 seconds
ISC StormCast for Friday, October 21st, 2022
Forensic Value of Prefetch
https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/
Microsoft TLS Fix
https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5
CISA Releases ScubaGear to Audit M365
https://github.com/cisagov/ScubaGear
HTTP/3 Connection Contamination
https://portswigger.net/research/http-3-connection-contamination
10/21/2022 • 5 minutes, 54 seconds
ISC StormCast for Thursday, October 20th, 2022
Are Internet Scanning Services Good or Bad for You?
https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
10/20/2022 • 6 minutes, 6 seconds
ISC StormCast for Thursday, October 20th, 2022
Are Internet Scanning Services Good or Bad for You?
https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164
FBI Warns of Student Loan Foregiveness Scams
https://www.ic3.gov/Media/Y2022/PSA221018
Fully Undetectable Powershell Backdoor
https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
10/20/2022 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, October 19th, 2022
Python Obfuscation for Dummies
https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/
Oracle October 2022 Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2022.html
Weak Encryption in Microsoft Office 365
https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
Tesla 3 Hack
https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
10/19/2022 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, October 19th, 2022
Python Obfuscation for Dummies
https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/
Oracle October 2022 Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2022.html
Weak Encryption in Microsoft Office 365
https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation
Tesla 3 Hack
https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
10/19/2022 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, October 18th, 2022
Fileless Powershell Dropper
https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/
Apache Commons Text Vulnerablity
https://www.openwall.com/lists/oss-security/2022/10/13/4
How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
10/18/2022 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, October 18th, 2022
Fileless Powershell Dropper
https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/
Apache Commons Text Vulnerablity
https://www.openwall.com/lists/oss-security/2022/10/13/4
How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
10/18/2022 • 6 minutes, 24 seconds
ISC StormCast for Monday, October 17th, 2022
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
More Exchange Vulnerability Workaround Bypasses
https://twitter.com/wdormann/status/1576922677675102208
Analysis of a Malicious HTML File and QBot
https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146
End of Life VMWare ESXi Versions
https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
10/17/2022 • 5 minutes, 58 seconds
ISC StormCast for Monday, October 17th, 2022
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit
https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/
More Exchange Vulnerability Workaround Bypasses
https://twitter.com/wdormann/status/1576922677675102208
Analysis of a Malicious HTML File and QBot
https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146
End of Life VMWare ESXi Versions
https://www.lansweeper.com/eol/vmware-esxi-end-of-life/
Microsoft October 2022 Patches
https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/
SAP Patchday
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
10/12/2022 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, October 12th, 2022
Microsoft October 2022 Patches
https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/
SAP Patchday
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors
https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
Fortinet Update
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
10/10/2022 • 6 minutes, 22 seconds
ISC StormCast for Monday, October 10th, 2022
Fortinet Update
https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models
Zimbra Vulnerability
https://twitter.com/iagox86/status/1578084484720734209
https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed
Microsoft Exchange Workaround Improved Again
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Ikea Smart Bulb Exploit
https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/
10/10/2022 • 6 minutes, 22 seconds
ISC StormCast for Friday, October 7th, 2022
Infosec Calendar
https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
10/7/2022 • 5 minutes, 55 seconds
ISC StormCast for Friday, October 7th, 2022
Infosec Calendar
https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118
OnionPoison: infected Tor Browser installer distributed through popular YouTube channel
https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/
MacOS Architve Utility Vulnerability Details
https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
10/7/2022 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
10/5/2022 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, October 5th, 2022
Credential Harvesting with Telegram
https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/
Updated Microsoft Exchange Fix
https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/
Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization
https://www.cisa.gov/uscert/ncas/alerts/aa22-277a
A New Supply Chain Attack on PHP
https://blog.sonarsource.com/securing-developer-tools-a-new-supply-chain-attack-on-php/
10/5/2022 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
10/4/2022 • 5 minutes, 1 second
ISC StormCast for Tuesday, October 4th, 2022
Microsoft Exchange Vulnerability Fix Bypassed
https://twitter.com/testanull/status/1576774007826718720
Schneider Electric UMAS Patch Bypass
https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/
Supply Chain Attack via Trojanized Comm100 Chat Installer
https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
10/4/2022 • 5 minutes, 1 second
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
10/3/2022 • 5 minutes, 18 seconds
ISC StormCast for Monday, October 3rd, 2022
Microsoft Exchange 0-Day Update
https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106
https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/
CISA Adds Atlasian Bitbucket Vulnerability to Exploited List
https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog
Every unsandboxed app has Full Disk Access if Terminal Does
https://lapcatsoftware.com/articles/FullDiskAccess.html
10/3/2022 • 5 minutes, 18 seconds
ISC StormCast for Friday, September 30th, 2022
PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9/30/2022 • 6 minutes, 3 seconds
ISC StormCast for Friday, September 30th, 2022
PNG Analysis with pngdump.py
https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/
Possible Exchange Server 0-Day Vulnerability
https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html
https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US
Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors
https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence
9/30/2022 • 6 minutes, 3 seconds
ISC StormCast for Thursday, September 29th, 2022
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
9/29/2022 • 6 minutes, 35 seconds
ISC StormCast for Thursday, September 29th, 2022
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability
https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098
IRS Reports Significant Increase in Texting Scams
https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant
Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative
https://blog.cloudflare.com/turnstile-private-captcha-alternative/
Cisco Patches
https://kb.cert.org/vuls/id/855201
Chrome 106 Release
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop_27.html?m=1
9/29/2022 • 6 minutes, 35 seconds
ISC StormCast for Wednesday, September 28th, 2022
DNS Option 15 and Debugging DNSSEC Errors
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
9/28/2022 • 7 minutes, 6 seconds
ISC StormCast for Wednesday, September 28th, 2022
DNS Option 15 and Debugging DNSSEC Errors
https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094
Yari: A New Era of Yara Debugging
https://engineering.avast.io/yari-a-new-era-of-yara-debugging/
HTTP Archive Almanac
https://almanac.httparchive.org/en/2022/security
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
9/26/2022 • 5 minutes, 46 seconds
ISC StormCast for Monday, September 26th, 2022
Kids Like Cookies and Malware Likes them Too
https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082
Downloading Files from Removed Domains
https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/
WhatsApp Security Updates
https://www.whatsapp.com/security/advisories/2022/
Sophos RCE Flaw
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce
CircleCI Phishing Attacks Used to Access GitHub Accounts
https://discuss.circleci.com/t/circleci-security-alert-warning-phishing-attempt-for-login-credentials/45408
9/26/2022 • 5 minutes, 46 seconds
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
9/23/2022 • 5 minutes, 21 seconds
ISC StormCast for Friday, September 23rd, 2022
RAT Delivered Through FODHelper
https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078
Microsoft Endpoint Configuration Manager Spoofing Vulnerability
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972
New Fuzzing Tool: cifuzz
https://github.com/CodeIntelligenceTesting/cifuzz
No Security Updates from Apple
https://support.apple.com/en-us/HT201222
9/23/2022 • 5 minutes, 21 seconds
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
9/22/2022 • 6 minutes, 48 seconds
ISC StormCast for Thursday, September 22nd, 2022
Phishing Campaigns Use Free Only Resources
https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/
Insecure use of tarfile.extract in Python
https://bugs.python.org/issue1044#msg55464
Twitter Failed to Logout Users After Password Reset
https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
9/22/2022 • 6 minutes, 48 seconds
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records
https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
9/21/2022 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, September 21st, 2022
Chainsaw: Hunt, search and extract event log records
https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066
PDU Exploits past NAT
https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices
Tamper Protection will be turned on for all Enterprise Customers
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478
9/21/2022 • 6 minutes, 28 seconds
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware
https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062
State of Emotet
https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022
Undermining Microsoft Teams Security by Mining Tokens
https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
9/20/2022 • 6 minutes, 28 seconds
ISC StormCast for Tuesday, September 20th, 2022
Preventing ISO Malware
https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062
State of Emotet
https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022
Undermining Microsoft Teams Security by Mining Tokens
https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens
9/20/2022 • 6 minutes, 28 seconds
ISC StormCast for Monday, September 19th, 2022
Word Maldoc With CustomXML and Renamed VBAProject.bin
https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
9/19/2022 • 5 minutes, 56 seconds
ISC StormCast for Monday, September 19th, 2022
Word Maldoc With CustomXML and Renamed VBAProject.bin
https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056
2FA on Lock Screens
https://www.bbc.com/news/uk-england-london-62809151
Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password
https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords
Reconstructing Content Reflected in Glasses
https://arxiv.org/abs/2205.03971
9/19/2022 • 5 minutes, 56 seconds
ISC StormCast for Friday, September 16th, 2022
Malicous Word Document With a Frameset
https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
9/16/2022 • 6 minutes, 44 seconds
ISC StormCast for Friday, September 16th, 2022
Malicous Word Document With a Frameset
https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052
CVE-2022-34721 Exploit
https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721
Trojaned Putty Used in Attacks
https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing
Lenovo BIOS Updates
https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop
9/16/2022 • 6 minutes, 44 seconds
ISC StormCast for Thursday, September 15th, 2022
Easy Process Injection within Python
https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
9/15/2022 • 5 minutes, 34 seconds
ISC StormCast for Thursday, September 15th, 2022
Easy Process Injection within Python
https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048
Queen Elizabeth Related Phishing
https://twitter.com/threatinsight/status/1570092339984584705
Microsoft 365 Auto Updates Apps on Locked or Idle Devices
https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901
VirusTotal Result Comparisons for Honeypot Malware
https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040
Apple Patches
https://support.apple.com/en-us/HT201222
Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
9/13/2022 • 7 minutes, 41 seconds
ISC StormCast for Tuesday, September 13th, 2022
VirusTotal Result Comparisons for Honeypot Malware
https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040
Apple Patches
https://support.apple.com/en-us/HT201222
Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free
https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/
Analyzing Obfuscated VBS with CyberChef
https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902
pfBlockerNG Unauthenticated RCE
https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
GifShell attack creates reverse shell using microsoft teams gifs
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
9/9/2022 • 7 minutes, 3 seconds
ISC StormCast for Friday, September 9th, 2022
Analyzing Obfuscated VBS with CyberChef
https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902
pfBlockerNG Unauthenticated RCE
https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/
GifShell attack creates reverse shell using microsoft teams gifs
https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/
9/9/2022 • 7 minutes, 3 seconds
ISC StormCast for Thursday, September 8th, 2022
PHP Deserialization Exploit Attempt
https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024
TA505 Group's TeslaGun In-Depth Analysis
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Cisco publishes unpatched Small Business Router Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
Shikitega - New stealthy malware targeting Linux
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
9/8/2022 • 5 minutes, 52 seconds
ISC StormCast for Thursday, September 8th, 2022
PHP Deserialization Exploit Attempt
https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024
TA505 Group's TeslaGun In-Depth Analysis
https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis
Cisco publishes unpatched Small Business Router Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O
Shikitega - New stealthy malware targeting Linux
https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html
9/8/2022 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, September 7th, 2022
Analysis of an Encoded Cobalt Strike Beacon
https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014
EvilProxy Phishing-As-A-Service with MFA Bypass
https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
Zyxel Patches RCE Vulnerability
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml
Moobot Going after D-Link Devices
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
9/7/2022 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, September 7th, 2022
Analysis of an Encoded Cobalt Strike Beacon
https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014
EvilProxy Phishing-As-A-Service with MFA Bypass
https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web
Zyxel Patches RCE Vulnerability
https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml
Moobot Going after D-Link Devices
https://unit42.paloaltonetworks.com/moobot-d-link-devices/
9/7/2022 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, September 6th, 2022
James Webb JPEG With Malware
https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010
Windows Defender False Positive
https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/
Google Chrome 0-Day
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Sharkbot Android Infostealer in Google Play Store
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Nmap 7.93 - 25th Anniversary Release
https://seclists.org/nmap-announce/2022/1
9/6/2022 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, September 6th, 2022
James Webb JPEG With Malware
https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010
Windows Defender False Positive
https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/
Google Chrome 0-Day
https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html
Sharkbot Android Infostealer in Google Play Store
https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/
Nmap 7.93 - 25th Anniversary Release
https://seclists.org/nmap-announce/2022/1
9/6/2022 • 5 minutes, 46 seconds
ISC StormCast for Friday, September 2nd, 2022
Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers
https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006
Microsoft Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Gitlab Update
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
9/2/2022 • 6 minutes, 32 seconds
ISC StormCast for Friday, September 2nd, 2022
Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers
https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006
Microsoft Basic Authentication Deprecation in Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437
Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws
Gitlab Update
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled
9/2/2022 • 6 minutes, 32 seconds
ISC StormCast for Thursday, September 1st, 2022
Underscores and DNS: The Privacy Story
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
iOS 12.5.6 Update
https://support.apple.com/en-us/HT201222
Malware Disguised as Google Translate Desktop App
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Apache Geode Deserialization Flaw
https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr
Foxit PDF Reader Update
https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
9/1/2022 • 5 minutes, 37 seconds
ISC StormCast for Thursday, September 1st, 2022
Underscores and DNS: The Privacy Story
https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002
iOS 12.5.6 Update
https://support.apple.com/en-us/HT201222
Malware Disguised as Google Translate Desktop App
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
Apache Geode Deserialization Flaw
https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr
Foxit PDF Reader Update
https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/
9/1/2022 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, August 31st, 2022
Two things that will never die: bash scripts and irc
https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998
Malware using James Webb Telescope images
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Malicious Chrome Extensions
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Chromium Based Browsers Allow Access to Clipboard
https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
8/31/2022 • 6 minutes, 40 seconds
ISC StormCast for Wednesday, August 31st, 2022
Two things that will never die: bash scripts and irc
https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998
Malware using James Webb Telescope images
https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/
Malicious Chrome Extensions
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/
Chromium Based Browsers Allow Access to Clipboard
https://bugs.chromium.org/p/chromium/issues/detail?id=1334203
8/31/2022 • 6 minutes, 40 seconds
ISC StormCast for Tuesday, August 30th, 2022
Update: VBA Malcode & UTF7 (APT-C-35)
https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994
Twilio Breach used to access 2FA Tokens
https://sec.okta.com/scatterswine
Popular PDF Reader Adware
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Google changing its VPN Ad Blocker Policy
https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
8/30/2022 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, August 30th, 2022
Update: VBA Malcode & UTF7 (APT-C-35)
https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994
Twilio Breach used to access 2FA Tokens
https://sec.okta.com/scatterswine
Popular PDF Reader Adware
https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads
Google changing its VPN Ad Blocker Policy
https://support.google.com/googleplay/android-developer/answer/12253906?hl=en
8/30/2022 • 6 minutes, 9 seconds
ISC StormCast for Monday, August 29th, 2022
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990
HTTP2 Packet Analysis with Wireshark
https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986
Paypal Phishing/Coinbase in One Image
https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988
eth.link domain at risk
https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
8/29/2022 • 6 minutes, 27 seconds
ISC StormCast for Monday, August 29th, 2022
Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons
https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990
HTTP2 Packet Analysis with Wireshark
https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986
Paypal Phishing/Coinbase in One Image
https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984
Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01
https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988
eth.link domain at risk
https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/
8/29/2022 • 6 minutes, 27 seconds
ISC StormCast for Friday, August 26th, 2022
Taking Apart URL Shorteners
https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980
Python Developers Phished for PyPi Credentials
https://twitter.com/pypi/status/1562442188285308929
Group IB Connects Twilio and Cloudflare Phishing attacks to others
https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
LastPass Security Incident
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Bitbucket Vulnerability
https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
8/26/2022 • 6 minutes, 35 seconds
ISC StormCast for Friday, August 26th, 2022
Taking Apart URL Shorteners
https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980
Python Developers Phished for PyPi Credentials
https://twitter.com/pypi/status/1562442188285308929
Group IB Connects Twilio and Cloudflare Phishing attacks to others
https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/
Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus
https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html
LastPass Security Incident
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
Bitbucket Vulnerability
https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/
8/26/2022 • 6 minutes, 35 seconds
ISC StormCast for Thursday, August 25th, 2022
Monster Libra -> IcedID -> Cobalt Strike and DarkVNC
https://isc.sans.edu/forums/diary/VNC/28974/
Is Tox the New C&C Method for Coinminers?
https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers
Carbon Black Blue Screens
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369
Gitlab Vulnerability
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
8/25/2022 • 5 minutes, 30 seconds
ISC StormCast for Thursday, August 25th, 2022
Monster Libra -> IcedID -> Cobalt Strike and DarkVNC
https://isc.sans.edu/forums/diary/VNC/28974/
Is Tox the New C&C Method for Coinminers?
https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers
Carbon Black Blue Screens
https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369
Gitlab Vulnerability
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import
8/25/2022 • 5 minutes, 30 seconds
ISC StormCast for Wednesday, August 24th, 2022
Who's Looking at Your security.txt File
https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972
Assessing Python Malware Detectors with a Benchmark Dataset
https://blog.chainguard.dev/taming-python-malware-scanners/
New Iranian APT Data Extraction Tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
IBM MQ Update
https://www.ibm.com/support/pages/node/6613021
8/24/2022 • 6 minutes, 49 seconds
ISC StormCast for Wednesday, August 24th, 2022
Who's Looking at Your security.txt File
https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972
Assessing Python Malware Detectors with a Benchmark Dataset
https://blog.chainguard.dev/taming-python-malware-scanners/
New Iranian APT Data Extraction Tool
https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/
IBM MQ Update
https://www.ibm.com/support/pages/node/6613021
8/24/2022 • 6 minutes, 49 seconds
ISC StormCast for Tuesday, August 23rd, 2022
32 or 64 Bits Malware
https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
Proxies and Configurations Used for Credential Stuffing Attacks
https://www.ic3.gov/Media/News/2022/220818.pdf
DirtyCred Linux Privilege Escalation Vulnerablity
https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169
Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads
https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
8/23/2022 • 7 minutes, 7 seconds
ISC StormCast for Tuesday, August 23rd, 2022
32 or 64 Bits Malware
https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968
Proxies and Configurations Used for Credential Stuffing Attacks
https://www.ic3.gov/Media/News/2022/220818.pdf
DirtyCred Linux Privilege Escalation Vulnerablity
https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169
Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads
https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html
8/23/2022 • 7 minutes, 7 seconds
ISC StormCast for Monday, August 22nd, 2022
Brazil malspam pushes Astaroth (Guildma) malware
https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962
Android Ring App XSS
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
iOS in App Browser Security Issues
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
iOS in-App Browser Issues
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
8/22/2022 • 5 minutes, 41 seconds
ISC StormCast for Monday, August 22nd, 2022
Brazil malspam pushes Astaroth (Guildma) malware
https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962
Android Ring App XSS
https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/
iOS in App Browser Security Issues
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
iOS in-App Browser Issues
https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser
https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser
8/22/2022 • 5 minutes, 41 seconds
ISC StormCast for Friday, August 19th, 2022
Honeypot Attack Summaries with Python
https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956
TP-Link Vulnerability
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/
Safari Update
https://support.apple.com/en-us/HT213414
iOS VPN Leaks
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
Janet Jackson Hard Drive DDoS
https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
8/19/2022 • 5 minutes, 48 seconds
ISC StormCast for Friday, August 19th, 2022
Honeypot Attack Summaries with Python
https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956
TP-Link Vulnerability
https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/
Safari Update
https://support.apple.com/en-us/HT213414
iOS VPN Leaks
https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php
Janet Jackson Hard Drive DDoS
https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994
8/19/2022 • 5 minutes, 48 seconds
ISC StormCast for Thursday, August 18th, 2022
A Quick VoIP Experiment
https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952
Google Chrome Update
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Cisco staystaystay exploit tool
https://www.youtube.com/watch?v=ySgbHClk9HE
8/18/2022 • 5 minutes, 52 seconds
ISC StormCast for Thursday, August 18th, 2022
A Quick VoIP Experiment
https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950
Apple Patches Two Exploited Vulnerabilities
https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952
Google Chrome Update
https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html
Cisco staystaystay exploit tool
https://www.youtube.com/watch?v=ySgbHClk9HE
8/18/2022 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, August 17th, 2022
VBA Maldoc and UTF7 (APT-C-35)
https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946
Disrupting SEABORGIUM's Ongoing Phishing Operations
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/
UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
8/17/2022 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, August 17th, 2022
VBA Maldoc and UTF7 (APT-C-35)
https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946
Disrupting SEABORGIUM's Ongoing Phishing Operations
https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/
UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.
8/17/2022 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, August 16th, 2022
Realtek CVE-2022-27255 Followup (snort signature and presentation)
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
8/16/2022 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, August 16th, 2022
Realtek CVE-2022-27255 Followup (snort signature and presentation)
https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940
MacOS Privilege Escalation
https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/
Zoom Update
https://explore.zoom.us/en/trust/security/security-bulletin/
Microsoft Block Vulnerable Bootloaders
https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/
HPE Integrated Lights Out 5 Vulnerablities
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us
InfoStealer Script Based on Curl and NSudo
https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
8/12/2022 • 6 minutes, 53 seconds
ISC StormCast for Friday, August 12th, 2022
InfoStealer Script Based on Curl and NSudo
https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932
Cisco Breach Details
https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html
Ivanti Pulse Connect Secure Privilege Escalation Vulnerability
https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz
8/12/2022 • 6 minutes, 53 seconds
ISC StormCast for Thursday, August 11th, 2022
And Here They Come Again: DNS Reflection Attacks
https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
8/11/2022 • 6 minutes, 22 seconds
ISC StormCast for Thursday, August 11th, 2022
And Here They Come Again: DNS Reflection Attacks
https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928
Rapid 7 Defaultinator
https://defaultinator.com
Zimbra Mass Compromise
https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2022-0022.html
Microsoft Vulnerability and IPS/Snort
https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649
8/11/2022 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, August 10th, 2022
Microsoft August 2022 Patch Tuesday
https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
8/10/2022 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, August 10th, 2022
Microsoft August 2022 Patch Tuesday
https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924
AEPIC Leak
https://aepicleak.com
Adobe security bulletins
https://helpx.adobe.com/security/security-bulletin.html
8/10/2022 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, August 9th, 2022
JSON All the Logs!
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
8/9/2022 • 6 minutes, 26 seconds
ISC StormCast for Tuesday, August 9th, 2022
JSON All the Logs!
https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920
Microsoft Edge Enhanced Security
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer
Malicious Python Packages
https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry
New Orchard Botnet
https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/
TLP 2.0 is Here
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
8/5/2022 • 7 minutes, 10 seconds
ISC StormCast for Friday, August 5th, 2022
TLP 2.0 is Here
https://isc.sans.edu/diary/TLP+2.0+is+here/28914
Hijacking email with Cloudflare Email Routing
https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/
rsync arbitrary file write vulnerablity
https://www.openwall.com/lists/oss-security/2022/08/02/1
Local privilege escalation in Kaspersky VPN
https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/
Increase in Chinese "Hacktivism" Attacks
https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
8/3/2022 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, August 3rd, 2022
Increase in Chinese "Hacktivism" Attacks
https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906
Zoho Password Manager Exploit
https://xz.aliyun.com/t/11578
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0021.html
https://twitter.com/VietPetrus
Manjusaka: A Chinese sibling of Sliver and Cobalt Strike
https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html
8/3/2022 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, August 2nd, 2022
A Little DDoS in the Morning
https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900
Exposed Twitter API Keys
https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/
TCL LinkHub Serialization Issues
https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Jenkins Plugin Updates
https://www.jenkins.io/security/advisory/2022-07-27/
8/2/2022 • 6 minutes, 40 seconds
ISC StormCast for Tuesday, August 2nd, 2022
A Little DDoS in the Morning
https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900
Exposed Twitter API Keys
https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/
TCL LinkHub Serialization Issues
https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html
Jenkins Plugin Updates
https://www.jenkins.io/security/advisory/2022-07-27/
8/2/2022 • 6 minutes, 40 seconds
ISC StormCast for Monday, August 1st, 2022
PDF Analysis Introduction and OpenActions Entries
https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894
IPFS The New Hotbed of Phishing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/
Mail Stealing Browser Extension
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Lofylife Malicious NPM Packages
https://securelist.com/lofylife-malicious-npm-packages/107014/
IP Camera Vulnerability
https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/
Nuki Smart Lock Vulnerabilities
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
8/1/2022 • 8 minutes, 34 seconds
ISC StormCast for Monday, August 1st, 2022
PDF Analysis Introduction and OpenActions Entries
https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894
IPFS The New Hotbed of Phishing
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/
Mail Stealing Browser Extension
https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/
Lofylife Malicious NPM Packages
https://securelist.com/lofylife-malicious-npm-packages/107014/
IP Camera Vulnerability
https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/
Nuki Smart Lock Vulnerabilities
https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/
Foxit PDF Reader
https://www.foxit.com/support/security-bulletins.html
8/1/2022 • 8 minutes, 34 seconds
ISC StormCast for Friday, July 29th, 2022
Exfiltrating Data with Bookmarks
https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890
Critical Samba Bug Could Let Anyone Become Domain Admin
https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
Apple IP Address Range Hijacked by Rostelecom
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
Veritas Patches
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1
IBM Patches
https://www.ibm.com/support/pages/node/6606251
https://www.ibm.com/support/pages/node/6607135
7/29/2022 • 7 minutes, 9 seconds
ISC StormCast for Friday, July 29th, 2022
Exfiltrating Data with Bookmarks
https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890
Critical Samba Bug Could Let Anyone Become Domain Admin
https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/
Apple IP Address Range Hijacked by Rostelecom
https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/
Veritas Patches
https://www.veritas.com/content/support/en_US/security/VTS22-004#c1
IBM Patches
https://www.ibm.com/support/pages/node/6606251
https://www.ibm.com/support/pages/node/6607135
7/29/2022 • 7 minutes, 9 seconds
ISC StormCast for Thursday, July 28th, 2022
IcedID (BokBot) with Dark VNC and Cobalt Strike
https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
7/28/2022 • 6 minutes, 3 seconds
ISC StormCast for Thursday, July 28th, 2022
IcedID (BokBot) with Dark VNC and Cobalt Strike
https://isc.sans.edu/diary//28884
Web Assembly Crypto Miners
https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html
Subzero and Knotweed
https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/
7/28/2022 • 6 minutes, 3 seconds
ISC StormCast for Wednesday, July 27th, 2022
How is Your macOS Security Posture
https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
7/27/2022 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, July 27th, 2022
How is Your macOS Security Posture
https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882
Registry file with Executable Payload
https://www.x86matthew.com/view_post?id=embed_exe_reg
Targeted Phishing of Facebook Business Users
https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf
Forwarding Address is Hard
https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html
7/27/2022 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, July 26th, 2022
PowerShell Script with Fileless Capability
https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
7/26/2022 • 7 minutes, 3 seconds
ISC StormCast for Tuesday, July 26th, 2022
PowerShell Script with Fileless Capability
https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878
With Management Comes Risk: Finding Flaws in Filewave MDM
https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/
CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit
https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/
7/26/2022 • 7 minutes, 3 seconds
ISC StormCast for Monday, July 25th, 2022
An Analysis of a Discerning Phishing Website
https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
7/25/2022 • 5 minutes, 48 seconds
ISC StormCast for Monday, July 25th, 2022
An Analysis of a Discerning Phishing Website
https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870
Sonicwall Vulnerability
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007
Sh*load Exploids Episdoe V: Return of the Error
https://dellfer.com/shload-exploits-episode-v-return-of-the-error/
7/25/2022 • 5 minutes, 48 seconds
ISC StormCast for Friday, July 22nd, 2022
Maldoc with non-ASCII VBA Identifiers
https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
7/22/2022 • 6 minutes, 24 seconds
ISC StormCast for Friday, July 22nd, 2022
Maldoc with non-ASCII VBA Identifiers
https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866
Cisco Security Updates
https://tools.cisco.com/security/center/publicationListing.x?
Outlook 365 Odd Supicious Login Attempt Warnings
https://www.theregister.com/2022/07/21/outlook_sign_ins/
Windows RDP Brute Force Protection
https://twitter.com/dwizzzleMSFT/status/1549870156771340288
Microsoft resuming blocking macros
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
7/22/2022 • 6 minutes, 24 seconds
ISC StormCast for Thursday, July 21st, 2022
Malicious Python Script Behaving Like a Rubber Ducky
https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
7/21/2022 • 6 minutes, 9 seconds
ISC StormCast for Thursday, July 21st, 2022
Malicious Python Script Behaving Like a Rubber Ducky
https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860
Apple Patches Everything
https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862
Confluence Atlasian Hard Coded Password
https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html
Zyxel Vulnerablity
https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml
DNS over HTTP/3
https://security.googleblog.com/2022/07/dns-over-http3-in-android.html
7/21/2022 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, July 20th, 2022
Beacon Request
https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
7/20/2022 • 7 minutes, 11 seconds
ISC StormCast for Wednesday, July 20th, 2022
Beacon Request
https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856
Oracle July 2022 CPU
https://www.oracle.com/security-alerts/cpujul2022.html
CloudMensis MacOS Spyware
https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/
GPS Tracker Vulnerabilities
https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf
7/20/2022 • 7 minutes, 11 seconds
ISC StormCast for Tuesday, July 19th, 2022
Adding Your Own Keywords to My PDF Tools
https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
7/19/2022 • 6 minutes, 1 second
ISC StormCast for Tuesday, July 19th, 2022
Adding Your Own Keywords to My PDF Tools
https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852
Tor Improvements
https://blog.torproject.org/new-release-tor-browser-115/
Trojan Horse Malware Password Cracker
https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/
CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability
https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/
Juniper Junos Vulnerabilities
https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]
7/19/2022 • 6 minutes, 1 second
ISC StormCast for Monday, July 18th, 2022
Python: Files in Use By Another Process
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
7/18/2022 • 5 minutes, 19 seconds
ISC StormCast for Monday, July 18th, 2022
Python: Files in Use By Another Process
https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848
Google Removing App Permissions List for Data Safety
https://twitter.com/MishaalRahman/status/1547307555407421443
Google Play Malware
https://twitter.com/IngraoMaxime/status/1547164768401858560
Faking Github Metadata
https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/
7/18/2022 • 5 minutes, 19 seconds
ISC StormCast for Friday, July 15th, 2022
Debugging Broadcast Storms
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
7/15/2022 • 6 minutes, 40 seconds
ISC StormCast for Friday, July 15th, 2022
Debugging Broadcast Storms
https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844
Targeted Deanonymization via Side Channel Attacks
https://leakuidatorplusteam.github.io/preprint.pdf
Cookie Theft to BEC
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
VMWare Patch
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
7/15/2022 • 6 minutes, 40 seconds
ISC StormCast for Thursday, July 14th, 2022
Using Referrers to Detect Phishing Attacks
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
7/14/2022 • 5 minutes, 48 seconds
ISC StormCast for Thursday, July 14th, 2022
Using Referrers to Detect Phishing Attacks
https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836
Callback Phishing Campaigns Impersonating Security Companies
https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/
Retbleed Spectre Attack
https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf
Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706
https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/
Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook
https://twitter.com/ESETresearch/status/1547166334651334657
7/14/2022 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, July 13th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
7/13/2022 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, July 13th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
SAP Patches
https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
IBM Patches
https://www.ibm.com/support/pages/node/6602255
https://www.ibm.com/support/pages/node/6602259
https://www.ibm.com/support/pages/node/6602251
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
7/11/2022 • 5 minutes, 27 seconds
ISC StormCast for Monday, July 11th, 2022
SANSFIRE Keynote Stream
https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/
Extracting URLs from Emotet with Cyberchef
https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/
Microsoft rolling Back Macro Policy Change
https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805
Checkmate Ransomware Affected Poorly Configured QNAP NAS
https://www.qnap.com/en/security-advisory/QSA-22-21
PyPi Requires 2FA for critical packages
https://pypi.org/security-key-giveaway/
7/11/2022 • 5 minutes, 27 seconds
ISC StormCast for Thursday, July 7th, 2022
How Many SANs are Insane
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
7/7/2022 • 7 minutes, 21 seconds
ISC StormCast for Thursday, July 7th, 2022
How Many SANs are Insane
https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/
Fortinet July Updates
https://fortiguard.fortinet.com/psirt?date=07-2022
Phishing Attacks Getting Trickier
https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier
Quantum Safe Ciphers
https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4
Apple Proposes Lockdown Mode
https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/
7/7/2022 • 7 minutes, 21 seconds
ISC StormCast for Wednesday, July 6th, 2022
EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
7/6/2022 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, July 6th, 2022
EternalBlue 5 Years After WannaCry and NotPetya
https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/
OpenSSL Patches Two Vulnerabilities
https://www.openssl.org/news/secadv/20220705.txt
Iconburst NPM Software Supply Chain Attack
https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites
7/6/2022 • 6 minutes, 20 seconds
ISC StormCast for Tuesday, July 5th, 2022
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
7/5/2022 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, July 5th, 2022
7Zip Mark of the Web For Office Files
https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/
SessionManager Backdoor Seen with IIS
https://securelist.com/the-sessionmanager-iis-backdoor/106868/
Googe Chrome Stable Channel Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
7/5/2022 • 5 minutes, 31 seconds
ISC StormCast for Friday, July 1st, 2022
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
7/1/2022 • 6 minutes, 28 seconds
ISC StormCast for Friday, July 1st, 2022
Case Study: Cobalt Strike Server Lives on After its Domain is Suspended
https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/
CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus
https://www.horizon3.ai/red-team-blog-cve-2022-28219/
CWE Top 25 Update
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis
7/1/2022 • 6 minutes, 28 seconds
ISC StormCast for Thursday, June 30th, 2022
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
6/30/2022 • 6 minutes, 45 seconds
ISC StormCast for Thursday, June 30th, 2022
Its New Phone Day: Time to Migrate Your MFA
https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/
Managing Human Risk Security Awareness Report
https://go.sans.org/lp-wp-2022-sans-security-awareness-report
Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability
https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137
Zimbra RCE Vulnerability
https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/
FBI Warns of Deep Fakes Beeing Used in Job Interviews
https://www.ic3.gov/Media/Y2022/PSA220628
6/30/2022 • 6 minutes, 45 seconds
ISC StormCast for Wednesday, June 29th, 2022
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
6/29/2022 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, June 29th, 2022
Possible Scans for HiByMusic Devices
https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/
OpenSSL Heap Overflow
https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/
https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549
ZuoRat MalwareHijacking Home Office Routers
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
6/29/2022 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, June 28th, 2022
Encrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
6/28/2022 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, June 28th, 2022
Encrypted Client Hello: Anybody Using it Yet?
https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/
Jenkins Advisory
https://www.jenkins.io/security/advisory/2022-06-22/
Instagram Age Verification
https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/
CodeSys V2 Vulnerability
https://github.com/ic3sw0rd/Codesys_V2_Vulnerability
6/28/2022 • 6 minutes, 30 seconds
ISC StormCast for Monday, June 27th, 2022
Python Abusing the Windows GUI
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
6/27/2022 • 7 minutes, 51 seconds
ISC StormCast for Monday, June 27th, 2022
Python Abusing the Windows GUI
https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/
Malicious Code Passed to PowerShell via the Clipboard
https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/
Attacking With WebView2 Applications
https://mrd0x.com/attacking-with-webview2-applications/
Bronze Starlight Ransomware Operations Use Hui Loaders
https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader
Novel Exploit Detected in Mitel VoIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
6/27/2022 • 7 minutes, 51 seconds
ISC StormCast for Thursday, June 23rd, 2022
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
6/23/2022 • 5 minutes, 31 seconds
ISC StormCast for Thursday, June 23rd, 2022
Malicious PowerShell Targeting Cryptocurrency Browser Extensions
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/
Keeping PowerShell: Security Measures to Use and Embrace
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Client-Side Magecart Attacks Still Around, But More Covert
https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Israeli Air Raid Sirens Hacked
https://twitter.com/Israel_Cyber/status/1538821467785265153
6/23/2022 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, June 22nd, 2022
Experimental New Domain / Domain Age API
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
6/22/2022 • 6 minutes, 16 seconds
ISC StormCast for Wednesday, June 22nd, 2022
Experimental New Domain / Domain Age API
https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/
Forescout Vedere Labs Discovers 56 OT Vulnerabilities
https://www.forescout.com/resources/ot-icefall-report/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/
Does Acrobat Reader Unload Injection of Security Products
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
7-Zip Mark-of-the-Web Support
https://www.7-zip.org/history.txt
6/22/2022 • 6 minutes, 16 seconds
ISC StormCast for Tuesday, June 21st, 2022
Odd TCP Fast Open Packets
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
6/21/2022 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, June 21st, 2022
Odd TCP Fast Open Packets
https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/
DFSCoerce NTLM Relay Attack
https://github.com/Wh04m1001/DFSCoerce
https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429
Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices
https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/
Safari Vulnerability Analysis
https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html
Internet Explorer Remnants Still an Issue
https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
6/21/2022 • 5 minutes, 43 seconds
ISC StormCast for Monday, June 20th, 2022
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
6/20/2022 • 8 minutes, 34 seconds
ISC StormCast for Monday, June 20th, 2022
Critical Vulnerability in Splunk Enterprise Deployment Server Functionality
https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/
Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Proofpoint Discovers Potentially Dangerous Office 365 Functionality
https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality
6/20/2022 • 8 minutes, 34 seconds
ISC StormCast for Friday, June 17th, 2022
Houdini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
6/17/2022 • 5 minutes, 56 seconds
ISC StormCast for Friday, June 17th, 2022
Houdini is Back Delivered Through a JavaScript Dropper
https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/
Drifting Cloud: Zero-Day Sophos Firewall Exploitation
https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/
Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack
https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack
Cisco Email Security Appliance and Cisco Secure Email and Web Manager
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD
Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability
https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
6/17/2022 • 5 minutes, 56 seconds
ISC StormCast for Thursday, June 16th, 2022
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
6/16/2022 • 5 minutes, 57 seconds
ISC StormCast for Thursday, June 16th, 2022
Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks
https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/
Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Cloud Middleware Dataset
https://github.com/wiz-sec/cloud-middleware-dataset
CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow
https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow
Citrix Application Delivery Management Security Bulletin
https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512
Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch
https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/
Translating Saitama's DNS Tunneling
https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Mitel Desk Phone Backdoor
https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
6/14/2022 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, June 14th, 2022
Translating Saitama's DNS Tunneling
https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/
Travis CI Logs Expose Users to Cyber Attacks
https://blog.aquasec.com/travis-ci-security
Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Mitel Desk Phone Backdoor
https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
TA570 QBot attempts to exploit CVE-2022-30190 (Follina)
https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Zyxel Security Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml
Fujitsu Centricstor Vulnerability
https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/
Meeting Owl Vulnerablities
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
6/10/2022 • 8 minutes, 34 seconds
ISC StormCast for Friday, June 10th, 2022
TA570 QBot attempts to exploit CVE-2022-30190 (Follina)
https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/
Analysis of a Facebook Phishing Campaign
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Zyxel Security Advisory
https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml
Fujitsu Centricstor Vulnerability
https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/
Meeting Owl Vulnerablities
https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf
6/10/2022 • 8 minutes, 34 seconds
ISC StormCast for Thursday, June 9th, 2022
SANS RSA Panel
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-campaign
Weakness in Verbatim Keypad Secure USB Drive
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
6/9/2022 • 5 minutes, 55 seconds
ISC StormCast for Thursday, June 9th, 2022
SANS RSA Panel
(sorry, video no longer available)
Atlassian Confluence Attacks
https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/
Fake CClenaer Malvertisements
https://blog.avast.com/fakecrack-campaign
Weakness in Verbatim Keypad Secure USB Drive
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
6/9/2022 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, June 8th, 2022
The Trouble With Microsoft's Troubleshooters
https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html
Google Android Updates
https://source.android.com/security/bulletin/2022-06-01?hl=en
6/8/2022 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, June 8th, 2022
The Trouble With Microsoft's Troubleshooters
https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd
QBot Uses Follina
https://twitter.com/threatinsight/status/1534227444915482625
Deadbolt Ransomware
https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html
Google Android Updates
https://source.android.com/security/bulletin/2022-06-01?hl=en
Sandbox Evasion... With Just a Filename!
https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
U-Boot Vulnerablities
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Unisoc Baseband Chip Vulnerability
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
6/6/2022 • 5 minutes, 28 seconds
ISC StormCast for Monday, June 6th, 2022
Sandbox Evasion... With Just a Filename!
https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/
Atlassian Exploit Released
https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/
GitLab Critical Security Release
https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/
U-Boot Vulnerablities
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Unisoc Baseband Chip Vulnerability
https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/
6/6/2022 • 5 minutes, 28 seconds
ISC StormCast for Friday, June 3rd, 2022
Quick Answers in Incident Response RECmd.exe
https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Korenix Technology JetPort Backdoor
https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/
Elasticsearch Data Wiped
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
6/3/2022 • 6 minutes
ISC StormCast for Friday, June 3rd, 2022
Quick Answers in Incident Response RECmd.exe
https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/
Zero-Day Exploitation of Atlassian Confluence
https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/
https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html
Korenix Technology JetPort Backdoor
https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/
Elasticsearch Data Wiped
https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note
6/3/2022 • 6 minutes
ISC StormCast for Thursday, June 2nd, 2022
HTML Phishing Attachments - Now With Anti-Analysis Features
https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html
Windows Search Vulnerability
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Call Forwarding Used to Compromise WhatsApp Accounts
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web
Badkeys in Fuji Xerox and Canon Printers
https://fermatattack.secvuln.info
6/2/2022 • 5 minutes, 55 seconds
ISC StormCast for Thursday, June 2nd, 2022
HTML Phishing Attachments - Now With Anti-Analysis Features
https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/
Unofficial Patch for CVE-2022-30190 (Follina)
https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html
Windows Search Vulnerability
https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/
Call Forwarding Used to Compromise WhatsApp Accounts
https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web
Badkeys in Fuji Xerox and Canon Printers
https://fermatattack.secvuln.info
6/2/2022 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, June 1st, 2022
Follina Update
https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platform Vulnerability
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Over 3.6 million MySQL servers found exposed on the Internet
https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
6/1/2022 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, June 1st, 2022
Follina Update
https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/
Open Automation Software Platform Vulnerability
https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html
Over 3.6 million MySQL servers found exposed on the Internet
https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/
6/1/2022 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, May 31st, 2022
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
5/30/2022 • 7 minutes, 47 seconds
ISC StormCast for Tuesday, May 31st, 2022
New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme
https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/
5/30/2022 • 7 minutes, 47 seconds
ISC StormCast for Friday, May 27th, 2022
Huge Signed PE Files
https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection
https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US
Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement
https://www.sans.edu/cyber-research/38685/
5/27/2022 • 15 minutes, 40 seconds
ISC StormCast for Friday, May 27th, 2022
Huge Signed PE Files
https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/
VMWare Authentication Bypass PoC
https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/
Quanta Server BMC Vulnerability
https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/
Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection
https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US
Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement
https://www.sans.edu/cyber-research/38685/
5/27/2022 • 15 minutes, 40 seconds
ISC StormCast for Thursday, May 26th, 2022
Using NMAP to Assess Hosts in Load Balanced Clusters
https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims "Research"
https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Heroku GitHub Integration Re-Enabled Again
https://blog.heroku.com/github-integration-update
Serious security vulnerablity in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
5/26/2022 • 5 minutes, 9 seconds
ISC StormCast for Thursday, May 26th, 2022
Using NMAP to Assess Hosts in Load Balanced Clusters
https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/
Attacker Modifying Libraries Claims "Research"
https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/
Heroku GitHub Integration Re-Enabled Again
https://blog.heroku.com/github-integration-update
Serious security vulnerablity in Tails 5.0
https://tails.boum.org/security/prototype_pollution/index.en.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html
5/26/2022 • 5 minutes, 9 seconds
ISC StormCast for Wednesday, May 25th, 2022
ctx Python Library Updated with "Extra" Features
https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
https://twitter.com/Horizon3Attack/status/1528935531333177344
Zyxel Firewalls, AP Controllers, APs Patch
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
5/25/2022 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, May 25th, 2022
ctx Python Library Updated with "Extra" Features
https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare Exploit About to Be Released
https://twitter.com/Horizon3Attack/status/1528935531333177344
Zyxel Firewalls, AP Controllers, APs Patch
https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml
5/25/2022 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, May 24th, 2022
Attacker Scanning for jQuery-File-Upload
https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM dependencies vulnerable to account hijacking
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Pre-hijacked accounts
https://arxiv.org/pdf/2205.10174.pdf
5/24/2022 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, May 24th, 2022
Attacker Scanning for jQuery-File-Upload
https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/
Oracle Security Alert Advisory - CVE-2022-21500
https://www.oracle.com/security-alerts/alert-cve-2022-21500.html
How to find NPM dependencies vulnerable to account hijacking
https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/
Pre-hijacked accounts
https://arxiv.org/pdf/2205.10174.pdf
5/24/2022 • 5 minutes, 26 seconds
ISC StormCast for Monday, May 23rd, 2022
A "Zip Bomb" to Bypass Security Controls & Sandboxes
https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
pwn2own Vancouver 2022 Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three
Malicious PyPi Packages Drop Cobalt Strike
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Security Advisory for BR200, BR500 and PSV-2021-0286
https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
5/23/2022 • 6 minutes, 10 seconds
ISC StormCast for Monday, May 23rd, 2022
A "Zip Bomb" to Bypass Security Controls & Sandboxes
https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/
Cisco IOS XR Software Health Check Open Port Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK
pwn2own Vancouver 2022 Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three
Malicious PyPi Packages Drop Cobalt Strike
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Security Advisory for BR200, BR500 and PSV-2021-0286
https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286
5/23/2022 • 6 minutes, 10 seconds
ISC StormCast for Friday, May 20th, 2022
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
Sonicwall Patch for SMA 1000
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
QNAP NAS Deadbolt Ransomware
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version
380,000 open Kubernetes API Servers
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
5/20/2022 • 6 minutes, 1 second
ISC StormCast for Friday, May 20th, 2022
Bumblebee Malware from TransferXL URLs
https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/
Microsoft Out-of-Band Update fixes Authentication Issues
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services
Sonicwall Patch for SMA 1000
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010
QNAP NAS Deadbolt Ransomware
https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version
380,000 open Kubernetes API Servers
https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/
Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act
https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act
5/20/2022 • 6 minutes, 1 second
ISC StormCast for Thursday, May 19th, 2022
VMWare Flaws
https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Credit Card Scraping via Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
Microsoft updating Delegated Admin Privileges
https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
5/19/2022 • 6 minutes, 48 seconds
ISC StormCast for Thursday, May 19th, 2022
VMWare Flaws
https://core.vmware.com/vmsa-2022-0014-questions-answers-faq
https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/
Tesla BLE Proximity Authentication Vulnerable to Relay Attacks
https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/
Credit Card Scraping via Malicious PHP Code
https://www.ic3.gov/Media/News/2022/220516.pdf
Microsoft updating Delegated Admin Privileges
https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13
5/19/2022 • 6 minutes, 48 seconds
ISC StormCast for Wednesday, May 18th, 2022
Use Your Browser Internal Password Vault... or Not?
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
5/18/2022 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, May 18th, 2022
Use Your Browser Internal Password Vault... or Not?
https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/
SQL Server Brute Forcing
https://twitter.com/MsftSecIntel/status/1526680337216114693
UpdateAgent Adapts Again
https://www.jamf.com/blog/updateagent-adapts-again/
Updated Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog
5/18/2022 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, May 17th, 2022
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Before Submitting
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
5/17/2022 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, May 17th, 2022
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/
Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones
https://arxiv.org/pdf/2205.06114.pdf
Third-Party Web Trackers Log What You Type Before Submitting
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
5/17/2022 • 6 minutes, 18 seconds
ISC StormCast for Monday, May 16th, 2022
From 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
5/16/2022 • 6 minutes, 26 seconds
ISC StormCast for Monday, May 16th, 2022
From 0-Day to Mirai: 7 days of BIG-IP Exploits
https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/
Sonicwall Vulnerabilities Patched
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009
Zonealarm Patch
https://www.zonealarm.com/software/extreme-security/release-history
Taking over npm account
https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/
5/16/2022 • 6 minutes, 26 seconds
ISC StormCast for Friday, May 13th, 2022
When Get-WebRequest Fails You
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
5/13/2022 • 4 minutes, 58 seconds
ISC StormCast for Friday, May 13th, 2022
When Get-WebRequest Fails You
https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/
HP PC BIOS Security Updates
https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788
INTEL BIOS Advisory
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html
Zyxel RCE Vulnerability
https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/
5/13/2022 • 4 minutes, 58 seconds
ISC StormCast for Thursday, May 12th, 2022
TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
5/12/2022 • 5 minutes, 33 seconds
ISC StormCast for Thursday, May 12th, 2022
TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware
https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/
Google Drive Emerges as Top App for Malware Downloads
https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/
Vanity URL Abuse
https://www.varonis.com/blog/url-spoofing
npm Supply Chain Attack Turns Out to be Part of Penetration Test
https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/
5/12/2022 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, May 11th, 2022
Microsoft May 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm "foreach" package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
5/11/2022 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, May 11th, 2022
Microsoft May 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/
Adobe Updates
https://helpx.adobe.com/security/security-bulletin.html
npm "foreach" package domain takeover
https://www.theregister.com/2022/05/10/security_npm_email/
5/11/2022 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, May 10th, 2022
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
5/10/2022 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, May 10th, 2022
Octopus Backdoor is Back with a New Embedded Obfuscated Bat File
https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments
CVE-2022-1388 (BIG-IP) Exploits
https://twitter.com/sans_isc/status/1523741896707043328
https://github.com/horizon3ai/CVE-2022-1388
Trend Micro False Positive Aftermath
https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US
Microsoft Azure
https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/
https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/
5/10/2022 • 5 minutes, 51 seconds
ISC StormCast for Monday, May 9th, 2022
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
https://redcanary.com/blog/raspberry-robin/
rubygems CVE-2022-29176 explained
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
What is the simples malware in the world?
https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
5/9/2022 • 5 minutes, 53 seconds
ISC StormCast for Monday, May 9th, 2022
F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388)
https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/
QNAP QVR Update
https://www.qnap.com/de-de/security-advisory/qsa-22-07
Raspberry Robin Worm
https://redcanary.com/blog/raspberry-robin/
rubygems CVE-2022-29176 explained
https://greg.molnar.io/blog/rubygems-cve-2022-29176/
What is the simples malware in the world?
https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/
5/9/2022 • 5 minutes, 53 seconds
ISC StormCast for Friday, May 6th, 2022
Password-protected Excel Spreadsheet Pushes Remcos RAT
https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/
Microsoft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/
Heroku Admits Breach
https://status.heroku.com/incidents/2413
5/6/2022 • 5 minutes, 36 seconds
ISC StormCast for Friday, May 6th, 2022
Password-protected Excel Spreadsheet Pushes Remcos RAT
https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/
Microsoft, Apple, Google Accelated FIDO Standard Implementation
https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/
Heroku Admits Breach
https://status.heroku.com/incidents/2413
5/6/2022 • 5 minutes, 36 seconds
ISC StormCast for Thursday, May 5th, 2022
Finding the Real "Last Patched" Day (Interim Version)
https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/
Fake Windows Updates Install Ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Vulnerablities in Ransomware
https://www.malvuln.com
Heroku Forces Password Reset
https://status.heroku.com/incidents/2413
Cisco Patches Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Big-IP iControl REST Vulnerability
https://support.f5.com/csp/article/K23605346
5/5/2022 • 5 minutes, 54 seconds
ISC StormCast for Thursday, May 5th, 2022
Finding the Real "Last Patched" Day (Interim Version)
https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/
Fake Windows Updates Install Ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
Vulnerablities in Ransomware
https://www.malvuln.com
Heroku Forces Password Reset
https://status.heroku.com/incidents/2413
Cisco Patches Enterprise NFV Infrastructure Software
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9
Big-IP iControl REST Vulnerability
https://support.f5.com/csp/article/K23605346
5/5/2022 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, May 4th, 2022
Some Honeypot Updates
https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 - NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
5/4/2022 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, May 4th, 2022
Some Honeypot Updates
https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/
TLStorm 2 - NanoSSL TLS Library Misuse
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Unpatched DNS Bug in uClibc and uClibc-ng Library
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/
Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Microsoft Edge Update Triggers Trend Micro AV
https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-
5/4/2022 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, May 3rd, 2022
Detecting VSTO Office Files with ExifTool
https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
5/3/2022 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, May 3rd, 2022
Detecting VSTO Office Files with ExifTool
https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/
The Gmail SMTP Relay Service Exploit
https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit
OpenSSF Package Analysis
https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/
M1 Prefetcher Data Leak
https://www.prefetchers.info
5/3/2022 • 5 minutes, 45 seconds
ISC StormCast for Monday, May 2nd, 2022
Using Passive DNS Sources for Reconnaissance and Enumeration
https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
5/2/2022 • 4 minutes, 48 seconds
ISC StormCast for Monday, May 2nd, 2022
Using Passive DNS Sources for Reconnaissance and Enumeration
https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/
Microsoft Edge Secure Network
https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318
Sina Weibo Making Users IPs and Location Public
https://www.theregister.com/2022/04/29/weibo_location_services_default/
https://weibo.com/u/1934183965?layerid=4763194269108760
SonicWall Global VPN Client DLL Search Order Hijacking
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036
Zoom Updated
https://explore.zoom.us/en/trust/security/security-bulletin/
5/2/2022 • 4 minutes, 48 seconds
ISC StormCast for Friday, April 29th, 2022
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/
Azure PostgreSQL Privilege Escalation
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Security alert: Attack campaign involving stolen OAuth user tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens
Netatalk Vulnerability Affecting Synology, QNAP, Others?
https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
4/29/2022 • 6 minutes, 18 seconds
ISC StormCast for Friday, April 29th, 2022
A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809
https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/
Azure PostgreSQL Privilege Escalation
https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/
Security alert: Attack campaign involving stolen OAuth user tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens
Netatalk Vulnerability Affecting Synology, QNAP, Others?
https://www.synology.com/en-global/security/advisory/Synology_SA_22_06
4/29/2022 • 6 minutes, 18 seconds
ISC StormCast for Thursday, April 28th, 2022
MITRE ATT&CK v11
https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/
Microsoft Special Report: Ukraine
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Linux Privilege Escalation Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
npm Package Planting
https://blog.aquasec.com/npm-package-planting
4/28/2022 • 6 minutes, 7 seconds
ISC StormCast for Thursday, April 28th, 2022
MITRE ATT&CK v11
https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/
Microsoft Special Report: Ukraine
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd
Linux Privilege Escalation Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
npm Package Planting
https://blog.aquasec.com/npm-package-planting
4/28/2022 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, April 27th, 2022
WSO2 Vuln Exploited to Install Crypto Coin Miners
https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/
Core Impact Backdoor Delivered Via VMware Vulnerablity
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
VirusTotal Exploit Update
https://twitter.com/bquintero/status/1518738072820670464
Emotet Experimenting With New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
4/27/2022 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, April 27th, 2022
WSO2 Vuln Exploited to Install Crypto Coin Miners
https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/
Core Impact Backdoor Delivered Via VMware Vulnerablity
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
VirusTotal Exploit Update
https://twitter.com/bquintero/status/1518738072820670464
Emotet Experimenting With New Delivery Techniques
https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques
4/27/2022 • 6 minutes, 22 seconds
ISC StormCast for Tuesday, April 26th, 2022
Simple PDF Linking to Malicious Content
https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/
VirusTotal Remote Code Execution
https://www.cysrc.com/blog/virus-total-blog
Apple's Private Relay can Cause the System to Ignore Firewall Rules
https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/
Emotet Breaks and Later Fixes Installer
https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
4/26/2022 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, April 26th, 2022
Simple PDF Linking to Malicious Content
https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/
VirusTotal Remote Code Execution
https://www.cysrc.com/blog/virus-total-blog
Apple's Private Relay can Cause the System to Ignore Firewall Rules
https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/
Emotet Breaks and Later Fixes Installer
https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/
4/26/2022 • 5 minutes, 59 seconds
ISC StormCast for Monday, April 25th, 2022
Analyzing Word Phishing Document
https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/
Targeting Roku Streaming Devices
https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/
JWT Null Signature Vulnerability PoC
https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
Expat XML Vulnerabilities
https://www.ibm.com/support/pages/node/6573293
Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
4/25/2022 • 5 minutes
ISC StormCast for Monday, April 25th, 2022
Analyzing Word Phishing Document
https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/
Targeting Roku Streaming Devices
https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/
JWT Null Signature Vulnerability PoC
https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app
Expat XML Vulnerabilities
https://www.ibm.com/support/pages/node/6573293
Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html
AA Distribution Quakbot (Qbot) infection siwth DarkVNC
https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/
Java Psychic Signatures
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Snort DoS Vulnerability
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
4/21/2022 • 5 minutes, 45 seconds
ISC StormCast for Thursday, April 21st, 2022
AA Distribution Quakbot (Qbot) infection siwth DarkVNC
https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/
Java Psychic Signatures
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Snort DoS Vulnerability
https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/
4/21/2022 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, April 20th, 2022
u-boot Password Reset
https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/
Oracle CPU
https://www.oracle.com/security-alerts/cpuapr2022.html
MetaMask iCloud Phishing
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
SMB1 Gone From Windows 11 Home
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
Lenovo UEFI/BIOS Vulnerability
https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability
https://support.lenovo.com/de/de/product_security/LEN-84943
4/20/2022 • 6 minutes, 15 seconds
ISC StormCast for Wednesday, April 20th, 2022
u-boot Password Reset
https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/
Oracle CPU
https://www.oracle.com/security-alerts/cpuapr2022.html
MetaMask iCloud Phishing
https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/
SMB1 Gone From Windows 11 Home
https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473
Lenovo UEFI/BIOS Vulnerability
https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability
https://support.lenovo.com/de/de/product_security/LEN-84943
4/20/2022 • 6 minutes, 15 seconds
ISC StormCast for Tuesday, April 19th, 2022
Sysmon's ReigstryEvent (Value Set) and Binary Data
https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/
Ukraine CERT Posts: IcedID and Zimbra Flaw
https://cert.gov.ua/article/39606
https://cert.gov.ua/article/39609
New NSO Pegasus Exploit Spotted in the Wild
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
Unofficial Windows 11 Upgrade Delivers Spyware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
4/19/2022 • 4 minutes, 56 seconds
ISC StormCast for Tuesday, April 19th, 2022
Sysmon's ReigstryEvent (Value Set) and Binary Data
https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/
Ukraine CERT Posts: IcedID and Zimbra Flaw
https://cert.gov.ua/article/39606
https://cert.gov.ua/article/39609
New NSO Pegasus Exploit Spotted in the Wild
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
Unofficial Windows 11 Upgrade Delivers Spyware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
4/19/2022 • 4 minutes, 56 seconds
ISC StormCast for Monday, April 18th, 2022
Office Now Protects You From Malicious ISO Files
https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/
Github Stolen OAUTH User Tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
Git For Windows Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Cisco Wireless Controller Bug
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
4/18/2022 • 5 minutes, 36 seconds
ISC StormCast for Monday, April 18th, 2022
Office Now Protects You From Malicious ISO Files
https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/
Github Stolen OAUTH User Tokens
https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/
Git For Windows Vulnerability
https://nvd.nist.gov/vuln/detail/CVE-2022-24765
Cisco Wireless Controller Bug
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF
4/18/2022 • 5 minutes, 36 seconds
ISC StormCast for Friday, April 15th, 2022
An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW
https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/
Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/
https://twitter.com/splinter_code/status/1514653941304369153
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Cisco Webex Phones Home Audio Telemetry
https://wiscprivacy.com/papers/vca_mute.pdf
Grafana Enterprise Vulnerabilty
https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
4/15/2022 • 5 minutes, 28 seconds
ISC StormCast for Friday, April 15th, 2022
An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW
https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/
Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/
https://twitter.com/splinter_code/status/1514653941304369153
Google Chrome 0-Day Patch
https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html
Cisco Webex Phones Home Audio Telemetry
https://wiscprivacy.com/papers/vca_mute.pdf
Grafana Enterprise Vulnerabilty
https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/
4/15/2022 • 5 minutes, 28 seconds
ISC StormCast for Thursday, April 14th, 2022
How is Ukrainian Internet Holding Up During Russian Invasion
https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/
Update on Windows Patches and CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
Adobe Updates
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Apache Struts 2 Update
https://cwiki.apache.org/confluence/display/WW/S2-062
4/14/2022 • 5 minutes, 52 seconds
ISC StormCast for Thursday, April 14th, 2022
How is Ukrainian Internet Holding Up During Russian Invasion
https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/
Update on Windows Patches and CVE-2022-26809
https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809
Adobe Updates
https://helpx.adobe.com/security/products/photoshop/apsb22-20.html
Apache Struts 2 Update
https://cwiki.apache.org/confluence/display/WW/S2-062
4/14/2022 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, April 13th, 2022
Microsoft April 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
NGINX Statement To LDAP Weakness
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Attacks on Ukrainian Power Grid
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
4/13/2022 • 6 minutes, 45 seconds
ISC StormCast for Wednesday, April 13th, 2022
Microsoft April 2022 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/
NGINX Statement To LDAP Weakness
https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/
Attacks on Ukrainian Power Grid
https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/
4/13/2022 • 6 minutes, 45 seconds
ISC StormCast for Tuesday, April 12th, 2022
Spring: It isn't just about Spring4Shell.
https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/
Microsoft Windows Autopatch
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839
More npm protestware
https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a
Raspberry Pi Update
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
4/12/2022 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, April 12th, 2022
Spring: It isn't just about Spring4Shell.
https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/
Microsoft Windows Autopatch
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839
More npm protestware
https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a
Raspberry Pi Update
https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/
What is BIMI
https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/
Watchguard Vulnerability behind Cyclops Blink
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US
Malware Targeting Amazon Lambdas
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities
https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
4/8/2022 • 15 minutes, 36 seconds
ISC StormCast for Friday, April 8th, 2022
What is BIMI
https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/
Watchguard Vulnerability behind Cyclops Blink
https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US
Malware Targeting Amazon Lambdas
https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/
Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities
https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/
4/8/2022 • 15 minutes, 36 seconds
ISC StormCast for Thursday, April 7th, 2022
Windows MetaStealer Malware
https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
4/7/2022 • 6 minutes, 18 seconds
ISC StormCast for Thursday, April 7th, 2022
Windows MetaStealer Malware
https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/
US Justice Depatment Takes Down Cyclops Blink Botnet
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
VMWare Bugs
https://www.vmware.com/security/advisories.html
Palo Alto CVE-2022-0778
https://security.paloaltonetworks.com/CVE-2022-0778
Unpatched Apple Bug
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
4/7/2022 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, April 6th, 2022
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
4/6/2022 • 6 minutes, 30 seconds
ISC StormCast for Wednesday, April 6th, 2022
WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools
https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/
Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
New Security Features for Windows 11
https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/
Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
4/6/2022 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, April 5th, 2022
Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet
https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
4/5/2022 • 6 minutes, 13 seconds
ISC StormCast for Tuesday, April 5th, 2022
Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet
https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/
Mailchimp Breach Used to Target Trezor Users
https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/
Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning
https://github.blog/2022-04-04-push-protection-github-advanced-security/
TruffleHog v3
https://trufflesecurity.com/blog/introducing-trufflehog-v3
Russian Certificates (chinese article)
https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/
Apple Patches 0 Day Vulnerability
https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/
Wyze Cam Vulnerabilities
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Zyxel Security Advisory
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
4/1/2022 • 5 minutes, 35 seconds
ISC StormCast for Friday, April 1st, 2022
Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965
https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/
Apple Patches 0 Day Vulnerability
https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/
Wyze Cam Vulnerabilities
https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf
Zyxel Security Advisory
https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml
4/1/2022 • 5 minutes, 35 seconds
ISC StormCast for Thursday, March 31st, 2022
Java Springtime Confusion: What Vulnerabilty are We Talking About
https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/
Quickie: Parsing XLSB Documents
https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/
Pwning 3CX Phone Management Backends from the Internet
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
3/31/2022 • 5 minutes, 56 seconds
ISC StormCast for Thursday, March 31st, 2022
Java Springtime Confusion: What Vulnerabilty are We Talking About
https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/
Quickie: Parsing XLSB Documents
https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/
Pwning 3CX Phone Management Backends from the Internet
https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88
3/31/2022 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, March 30th, 2022
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations
https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/
Mitigating Attacks Against Uninterruptible Power Supply Devices
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
MFA Bypass Attacks
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Google Advertises Mars Stealer
https://blog.morphisec.com/threat-research-mars-stealer
Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests"
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
3/30/2022 • 6 minutes, 44 seconds
ISC StormCast for Wednesday, March 30th, 2022
More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations
https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/
Mitigating Attacks Against Uninterruptible Power Supply Devices
https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf
MFA Bypass Attacks
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Google Advertises Mars Stealer
https://blog.morphisec.com/threat-research-mars-stealer
Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests"
https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/
3/30/2022 • 6 minutes, 44 seconds
ISC StormCast for Tuesday, March 29th, 2022
BGP Hijacking of Twitter Prefix by RTComm.ru
https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/
DDoS Against Sites in Ukraine
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Sophos Patches
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Sonicwall Patches
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
opnsense CARP protocol routing error
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
3/29/2022 • 6 minutes, 4 seconds
ISC StormCast for Tuesday, March 29th, 2022
BGP Hijacking of Twitter Prefix by RTComm.ru
https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/
DDoS Against Sites in Ukraine
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/
Sophos Patches
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce
Sonicwall Patches
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003
opnsense CARP protocol routing error
https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7
3/29/2022 • 6 minutes, 4 seconds
ISC StormCast for Monday, March 28th, 2022
XLSB Files Because Binary is Stealthier Than XML
https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/
Dirty Pipe Container Escape PoC
https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/
PHP filter_var Shenanigans
https://pwning.systems/posts/php_filter_var_shenanigans/
OpenBSD slaacd vuln
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
3/28/2022 • 6 minutes, 16 seconds
ISC StormCast for Monday, March 28th, 2022
XLSB Files Because Binary is Stealthier Than XML
https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/
Dirty Pipe Container Escape PoC
https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/
PHP filter_var Shenanigans
https://pwning.systems/posts/php_filter_var_shenanigans/
OpenBSD slaacd vuln
https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html
Google Chrome Update
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html
3/28/2022 • 6 minutes, 16 seconds
ISC StormCast for Friday, March 25th, 2022
Malware Delivered Through Free Sharing Tool
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/
Western Digital PR4100 NAS Vulnerabilty
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Crypto malware in patched wallets targeting Android and iOS devices
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Lapsus$ Arrest
https://www.bbc.com/news/technology-60864283
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
3/25/2022 • 5 minutes, 56 seconds
ISC StormCast for Friday, March 25th, 2022
Malware Delivered Through Free Sharing Tool
https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/
Western Digital PR4100 NAS Vulnerabilty
https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/
Crypto malware in patched wallets targeting Android and iOS devices
https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Lapsus$ Arrest
https://www.bbc.com/news/technology-60864283
https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical
3/25/2022 • 5 minutes, 56 seconds
ISC StormCast for Thursday, March 24th, 2022
Mars Stealer
https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
Okta Update
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Microsoft Lapsus$ Update
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
npm Attack Targeting Azure Developers
https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
3/24/2022 • 6 minutes, 18 seconds
ISC StormCast for Thursday, March 24th, 2022
Mars Stealer
https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/
Okta Update
https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/
Microsoft Lapsus$ Update
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
npm Attack Targeting Azure Developers
https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/
3/24/2022 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, March 23rd, 2022
Statement by President Biden: What you need to do (or not do)
https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
3/23/2022 • 7 minutes, 18 seconds
ISC StormCast for Wednesday, March 23rd, 2022
Statement by President Biden: What you need to do (or not do)
https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/
ASUS Cyclops Blink Advisory
https://www.asus.com/content/ASUS-Product-Security-Advisory/
HP Vulnerabilities
https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780
Sophos UTM Updates
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710
MacOS GIMMICK Malware
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Octa Breached By Lapsus
https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/
https://twitter.com/BillDemirkapi/status/1506107157124722690
3/23/2022 • 7 minutes, 18 seconds
ISC StormCast for Tuesday, March 22nd, 2022
Maldoc Cleaned by Anti-Virus
https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation's Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
3/22/2022 • 7 minutes, 35 seconds
ISC StormCast for Tuesday, March 22nd, 2022
Maldoc Cleaned by Anti-Virus
https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
IBM Spectrum Protect Update
https://www.ibm.com/support/pages/node/6564745
Lapsus$ May have Breached Microsoft
https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/
Statement by President Biden on our Nation's Cybersecurity
https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/
3/22/2022 • 7 minutes, 35 seconds
ISC StormCast for Monday, March 21st, 2022
Scans for Movable Type Vulnerability (CVE-2021-20837)
https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/
SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)
https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/
MGLNDD_* Scans
https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/
CAPTCHA Phishing
https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters
Browser in the Browser Templates
https://mrd0x.com/browser-in-the-browser-phishing-attack/
3/21/2022 • 6 minutes, 6 seconds
ISC StormCast for Monday, March 21st, 2022
Scans for Movable Type Vulnerability (CVE-2021-20837)
https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/
SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5)
https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/
MGLNDD_* Scans
https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/
CAPTCHA Phishing
https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters
Browser in the Browser Templates
https://mrd0x.com/browser-in-the-browser-phishing-attack/
3/21/2022 • 6 minutes, 6 seconds
ISC StormCast for Friday, March 18th, 2022
npm Package Sabotaged for Belarus/Russian Users
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
President Zelensky Deepfakes
https://twitter.com/ngleicher/status/1504186935291506693
ATM Rootkit
https://www.mandiant.com/resources/unc2891-overview
Scanner for Backdoored Mikrotik Routers
https://github.com/microsoft/routeros-scanner
SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide
https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
3/18/2022 • 14 minutes, 33 seconds
ISC StormCast for Friday, March 18th, 2022
npm Package Sabotaged for Belarus/Russian Users
https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/
President Zelensky Deepfakes
https://twitter.com/ngleicher/status/1504186935291506693
ATM Rootkit
https://www.mandiant.com/resources/unc2891-overview
Scanner for Backdoored Mikrotik Routers
https://github.com/microsoft/routeros-scanner
SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide
https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/
3/18/2022 • 14 minutes, 33 seconds
ISC StormCast for Thursday, March 17th, 2022
Qakbot Infection With Cobalt Strike and VNC Activity
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
3/17/2022 • 5 minutes, 32 seconds
ISC StormCast for Thursday, March 17th, 2022
Qakbot Infection With Cobalt Strike and VNC Activity
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/
Gh0stCringe RAT Being Distributed to Vulnerable Database Servers
https://asec.ahnlab.com/en/32572/
dompdf 0 day
https://positive.security/blog/dompdf-rce
OpenSSL DoS Vulnerability
https://www.openssl.org/news/secadv/20220315.txt
3/17/2022 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, March 16th, 2022
Clean Binaries with Suspicious Behaviour
https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
3/16/2022 • 5 minutes, 6 seconds
ISC StormCast for Wednesday, March 16th, 2022
Clean Binaries with Suspicious Behaviour
https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/
Misconfigured Multi-Factor Authentication Abused
https://www.cisa.gov/uscert/ncas/alerts/aa22-074a
German Office of Information Security Warns Kaspersky Users
https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html
Caddy Wiper Targeting Ukraine
https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/
Fake Antivirus Targeting Ukraine
https://twitter.com/malwrhunterteam/status/1502302718140035080
B1txor20 DNS Tunnel Backdoor
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
3/16/2022 • 5 minutes, 6 seconds
ISC StormCast for Tuesday, March 15th, 2022
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/
Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska
https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/
Curl on Windows
https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/
Veeam Vulnerabilities
https://www.veeam.com/kb4288
Linux Netfilter Privilege Escalation
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
3/15/2022 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, March 15th, 2022
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/
Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska
https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/
Curl on Windows
https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/
Veeam Vulnerabilities
https://www.veeam.com/kb4288
Linux Netfilter Privilege Escalation
https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/
3/15/2022 • 5 minutes, 40 seconds
ISC StormCast for Monday, March 14th, 2022
Malware Using WebSockets For C&C
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Racoon Stealer leverages Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
USAHERDS Hack
https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/
YARA 4.2.0 Released
https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
3/14/2022 • 5 minutes, 27 seconds
ISC StormCast for Monday, March 14th, 2022
Malware Using WebSockets For C&C
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/
Racoon Stealer leverages Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
USAHERDS Hack
https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/
YARA 4.2.0 Released
https://isc.sans.edu/forums/diary/YARA+420+Released/28432/
3/14/2022 • 5 minutes, 27 seconds
ISC StormCast for Friday, March 11th, 2022
Credential Leaks on Virustotal
https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/
GPS Issues Around Finish Rusian Border
https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad
Russia Considering Internal Certificate Authority
https://www.gosuslugi.ru/tls
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
New Spectre Variant
https://www.vusec.net/projects/bhi-spectre-bhb/
Package Manager Vulnerabilities (yarn, pip, composer...)
https://blog.sonarsource.com/securing-developer-tools-package-managers
3/11/2022 • 5 minutes, 32 seconds
ISC StormCast for Friday, March 11th, 2022
Credential Leaks on Virustotal
https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/
GPS Issues Around Finish Rusian Border
https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad
Russia Considering Internal Certificate Authority
https://www.gosuslugi.ru/tls
https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/
New Spectre Variant
https://www.vusec.net/projects/bhi-spectre-bhb/
Package Manager Vulnerabilities (yarn, pip, composer...)
https://blog.sonarsource.com/securing-developer-tools-package-managers
3/11/2022 • 5 minutes, 32 seconds
ISC StormCast for Thursday, March 10th, 2022
Infostealer in a Batch File
https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/
TP240PhoneHome reflection/amplification DDoS Attack Vector
https://blog.cloudflare.com/cve-2022-26143/
Malware Disguises as Pro Ukrainian Cybertools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more
Russian Government Sites Hacked in Supply Chain Attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Third Party Vulnerabilities in RUGGEDCOM ROS
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Adobe Bulletins
https://helpx.adobe.com/security/security-bulletin.html
3/10/2022 • 6 minutes, 15 seconds
ISC StormCast for Thursday, March 10th, 2022
Infostealer in a Batch File
https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/
TP240PhoneHome reflection/amplification DDoS Attack Vector
https://blog.cloudflare.com/cve-2022-26143/
Malware Disguises as Pro Ukrainian Cybertools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more
Russian Government Sites Hacked in Supply Chain Attack
https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/
Third Party Vulnerabilities in RUGGEDCOM ROS
https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf
Adobe Bulletins
https://helpx.adobe.com/security/security-bulletin.html
3/10/2022 • 6 minutes, 15 seconds
ISC StormCast for Wednesday, March 9th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/
Critical APC UPS Vulnerability
https://www.armis.com/research/tlstorm/
Vulnerabilities in Firmware Affecting HP Devices
https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
3/9/2022 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, March 9th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/
Critical APC UPS Vulnerability
https://www.armis.com/research/tlstorm/
Vulnerabilities in Firmware Affecting HP Devices
https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html
3/9/2022 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, March 8th, 2022
Ukraine Scam Followup
https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/
Dirty Pipe Linux Vulnerability
https://dirtypipe.cm4all.com
Mozilla Firefox and Thunderbird Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Azure AutoWarp
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Terramaster TOS Vulnerability
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
3/7/2022 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, March 8th, 2022
Ukraine Scam Followup
https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/
Dirty Pipe Linux Vulnerability
https://dirtypipe.cm4all.com
Mozilla Firefox and Thunderbird Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/
Azure AutoWarp
https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/
Terramaster TOS Vulnerability
https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/
https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030
Attackers Search For Exosed "LuCI" Folders
https://isc.sans.edu/diary/28400
Alexa Versus Alexa
https://arxiv.org/abs/2202.08619
Bypassing Google Cloud Armor
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Ukraine Updates
https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html
https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
3/4/2022 • 7 minutes, 7 seconds
ISC StormCast for Friday, March 4th, 2022
Attackers Search For Exosed "LuCI" Folders
https://isc.sans.edu/diary/28400
Alexa Versus Alexa
https://arxiv.org/abs/2202.08619
Bypassing Google Cloud Armor
https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf
Ukraine Updates
https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html
https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/
https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/
3/4/2022 • 7 minutes, 7 seconds
ISC StormCast for Thursday, March 3rd, 2022
The More Often Something is Repeated, the More True it Becomes
https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/
Fortinet Bug
https://www.fortiguard.com/psirt/FG-IR-21-028
IBM Updates
https://www.ibm.com/blogs/psirt/
Google Updates
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Conti Ransomware Leak
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Middle Box DDoS Attacks
https://www.akamai.com/blog/security/tcp-middlebox-reflection
3/3/2022 • 5 minutes, 28 seconds
ISC StormCast for Thursday, March 3rd, 2022
The More Often Something is Repeated, the More True it Becomes
https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/
Fortinet Bug
https://www.fortiguard.com/psirt/FG-IR-21-028
IBM Updates
https://www.ibm.com/blogs/psirt/
Google Updates
https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html
Conti Ransomware Leak
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Middle Box DDoS Attacks
https://www.akamai.com/blog/security/tcp-middlebox-reflection
3/3/2022 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, March 2nd, 2022
Geoblocking when you can't Geoblock
https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Memory Corruption Vulnerabilities in PJSIP
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
Octa Patch for Advanced Server Access Client
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295
ViaSat Outage
https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
3/2/2022 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, March 2nd, 2022
Geoblocking when you can't Geoblock
https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Memory Corruption Vulnerabilities in PJSIP
https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/
Octa Patch for Advanced Server Access Client
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295
ViaSat Outage
https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/
3/2/2022 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, March 1st, 2022
PHP Patches Code Injection Flaw
https://nvd.nist.gov/vuln/detail/CVE-2021-21708
https://bugs.php.net/bug.php?id=81708
Mozilla VPN Local Privilege Escalation
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
Google Captcha Breaking
https://east-ee.com/2022/02/28/1367/
Samsung Encryption Vulnerability
https://eprint.iacr.org/2022/208.pdf
tshark Multiple IPs
https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
3/1/2022 • 6 minutes, 46 seconds
ISC StormCast for Tuesday, March 1st, 2022
PHP Patches Code Injection Flaw
https://nvd.nist.gov/vuln/detail/CVE-2021-21708
https://bugs.php.net/bug.php?id=81708
Mozilla VPN Local Privilege Escalation
https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/
Google Captcha Breaking
https://east-ee.com/2022/02/28/1367/
Samsung Encryption Vulnerability
https://eprint.iacr.org/2022/208.pdf
tshark Multiple IPs
https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/
3/1/2022 • 6 minutes, 46 seconds
ISC StormCast for Monday, February 28th, 2022
Ukraine Update
https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
https://ddosecrets.com/wiki/Tetraedr
https://twitter.com/YourAnonOne/status/1496965766435926039
https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
Odd Windows Behaviour with Fixed Addresses
https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/
Using Snort IDS Rules in NetWitness Packet Decoder
https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/
NVidia Breach
https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted
Windows 11 Reset Not Removing All Data
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
2/28/2022 • 5 minutes, 35 seconds
ISC StormCast for Monday, February 28th, 2022
Ukraine Update
https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/
https://ddosecrets.com/wiki/Tetraedr
https://twitter.com/YourAnonOne/status/1496965766435926039
https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/
Odd Windows Behaviour with Fixed Addresses
https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/
Using Snort IDS Rules in NetWitness Packet Decoder
https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/
NVidia Breach
https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted
Windows 11 Reset Not Removing All Data
https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc
2/28/2022 • 5 minutes, 35 seconds
ISC StormCast for Friday, February 25th, 2022
Ukraine Update: Webcast
https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/
Other Ukraine Related Stories
https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/
https://detection.watchguard.com
Zabbix Vulnerablity Exploited
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://support.zabbix.com/browse/ZBX-20350
Asustore Victim of Deadbolt Ransomware
https://forum.asustor.com/viewtopic.php?f=45&t=12630
Firepower Rule Update Failure After March 5th 2022
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail
Social Media Takeover Malware Distrubeted Via Microsoft App Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
2/25/2022 • 6 minutes, 42 seconds
ISC StormCast for Friday, February 25th, 2022
Ukraine Update: Webcast
https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/
Other Ukraine Related Stories
https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/
https://detection.watchguard.com
Zabbix Vulnerablity Exploited
https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog
https://support.zabbix.com/browse/ZBX-20350
Asustore Victim of Deadbolt Ransomware
https://forum.asustor.com/viewtopic.php?f=45&t=12630
Firepower Rule Update Failure After March 5th 2022
https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail
Social Media Takeover Malware Distrubeted Via Microsoft App Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
2/25/2022 • 6 minutes, 42 seconds
ISC StormCast for Thursday, February 24th, 2022
New Sandworm Malware Cyclops Blink Replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Wiper Malware Seen Deployed Against Targets in the Ukraine
https://twitter.com/juanandres_gs/status/1496581710368358400
https://twitter.com/ESETresearch/status/1496581903205511181
The Rise and Fall of log4shell
https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
pfsense authenticated RCE
https://www.shielder.it/advisories/pfsense-remote-command-execution/
BVP47 Backdoor
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
2/24/2022 • 6 minutes, 58 seconds
ISC StormCast for Thursday, February 24th, 2022
New Sandworm Malware Cyclops Blink Replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Wiper Malware Seen Deployed Against Targets in the Ukraine
https://twitter.com/juanandres_gs/status/1496581710368358400
https://twitter.com/ESETresearch/status/1496581903205511181
The Rise and Fall of log4shell
https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/
pfsense authenticated RCE
https://www.shielder.it/advisories/pfsense-remote-command-execution/
BVP47 Backdoor
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
2/24/2022 • 6 minutes, 58 seconds
ISC StormCast for Wednesday, February 23rd, 2022
A Good Old Equation Editor Vulnerablity Deliverying Malware
https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/
Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
NoVNC Phishing
https://mrd0x.com/bypass-2fa-using-novnc/
2/23/2022 • 6 minutes, 30 seconds
ISC StormCast for Wednesday, February 23rd, 2022
A Good Old Equation Editor Vulnerablity Deliverying Malware
https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/
Horde Webmail 5.2.22 - Account Takeover via Email
https://blog.sonarsource.com/horde-webmail-account-takeover-via-email
NoVNC Phishing
https://mrd0x.com/bypass-2fa-using-novnc/
2/23/2022 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, February 22nd, 2022
Sending an Email to an IPv4 Address
https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/
SMS Phone-Verified Account Services
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Xenomorph Android Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Modified CryptBot Infostealer Going After Crypto Wallets
https://asec.ahnlab.com/en/31802/
Clarification for Adobe Magento Vulnerabilties
https://helpx.adobe.com/security/products/magento/apsb22-12.html
2/22/2022 • 5 minutes, 55 seconds
ISC StormCast for Tuesday, February 22nd, 2022
Sending an Email to an IPv4 Address
https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/
SMS Phone-Verified Account Services
https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html
Xenomorph Android Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Modified CryptBot Infostealer Going After Crypto Wallets
https://asec.ahnlab.com/en/31802/
Clarification for Adobe Magento Vulnerabilties
https://helpx.adobe.com/security/products/magento/apsb22-12.html
2/22/2022 • 5 minutes, 55 seconds
ISC StormCast for Monday, February 21st, 2022
Remcos RAT Delivered Through Doube Compressed Archive
https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/
Cassandra User-Defined Functions Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
Apple T2 Weakness
https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/
snap priviledge escalation
https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
2/21/2022 • 5 minutes, 4 seconds
ISC StormCast for Monday, February 21st, 2022
Remcos RAT Delivered Through Doube Compressed Archive
https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/
Cassandra User-Defined Functions Remote Code Execution
https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/
Apple T2 Weakness
https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/
snap priviledge escalation
https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt
2/21/2022 • 5 minutes, 4 seconds
ISC StormCast for Friday, February 18th, 2022
Hackers Attach Malicious .exe Files to Teams Conversations
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Thunderbird Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
Cisco Secure Email Gateway Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
Exploit for Magento Vulnerability (CVE-2022-24086) Available
https://twitter.com/ptswarm/status/1494240197915123713
More Packet Fu With Zeek
https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
2/18/2022 • 5 minutes, 17 seconds
ISC StormCast for Friday, February 18th, 2022
Hackers Attach Malicious .exe Files to Teams Conversations
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Thunderbird Patches
https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/
Cisco Secure Email Gateway Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU
GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning
https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/
Exploit for Magento Vulnerability (CVE-2022-24086) Available
https://twitter.com/ptswarm/status/1494240197915123713
More Packet Fu With Zeek
https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/
2/18/2022 • 5 minutes, 17 seconds
ISC StormCast for Thursday, February 17th, 2022
Astaroth (Guildma) Infection
https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/
Atlassian Jira Updates
https://jira.atlassian.com/browse/CONFSERVER-66550
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
FBI Warns of BEC Using Virtual Meeting Platforms
https://www.ic3.gov/Media/Y2022/PSA220216
2/17/2022 • 5 minutes, 31 seconds
ISC StormCast for Thursday, February 17th, 2022
Astaroth (Guildma) Infection
https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/
Atlassian Jira Updates
https://jira.atlassian.com/browse/CONFSERVER-66550
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2022-0004.html
FBI Warns of BEC Using Virtual Meeting Platforms
https://www.ic3.gov/Media/Y2022/PSA220216
2/17/2022 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, February 16th, 2022
Who Are Those Bots?
https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Details About Western Digital MyCloud Flaw
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/
Nooie Baby Monitor Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
2/16/2022 • 5 minutes, 42 seconds
ISC StormCast for Wednesday, February 16th, 2022
Who Are Those Bots?
https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/
SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming
https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/
Details About Western Digital MyCloud Flaw
https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/
Nooie Baby Monitor Vulnerabilities
https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/
2/16/2022 • 5 minutes, 42 seconds
ISC StormCast for Tuesday, February 15th, 2022
Reminder: Decoding TLS Client Hello to Non TLS Servers
https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/
Magento 2 Critical Vulnerability
https://sansec.io/research/magento-2-cve-2022-24086
BigSur/Catalina Mystery Update
https://support.apple.com/en-us/HT201222
MacOS Monterey Patch and Microsoft Defender
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Google Chrome 0-Day Fixed
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Moxa MXview Vulnerabilities and Patch
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
2/15/2022 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, February 15th, 2022
Reminder: Decoding TLS Client Hello to Non TLS Servers
https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/
Magento 2 Critical Vulnerability
https://sansec.io/research/magento-2-cve-2022-24086
BigSur/Catalina Mystery Update
https://support.apple.com/en-us/HT201222
MacOS Monterey Patch and Microsoft Defender
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793
Google Chrome 0-Day Fixed
https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html
Moxa MXview Vulnerabilities and Patch
https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/
2/15/2022 • 5 minutes, 40 seconds
ISC StormCast for Monday, February 14th, 2022
CinaRAT Delivered Through HTML ID Attributes
https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/
Windows Defender ASR Blocks LSASS Credential Stealing
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
Brave Blocking Credential Leaking Extension
https://www.theregister.com/2022/02/12/facebook_god_mode/
Project Zero Summary of Zero Day Bugs
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
2/14/2022 • 5 minutes, 3 seconds
ISC StormCast for Monday, February 14th, 2022
CinaRAT Delivered Through HTML ID Attributes
https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/
Windows Defender ASR Blocks LSASS Credential Stealing
https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem
Brave Blocking Credential Leaking Extension
https://www.theregister.com/2022/02/12/facebook_god_mode/
Project Zero Summary of Zero Day Bugs
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
2/14/2022 • 5 minutes, 3 seconds
ISC StormCast for Friday, February 11th, 2022
iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit
https://support.apple.com/en-us/HT213091
Zyxel Network Storage Devics Hunted By Mirai Variant
https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
WMIC Removal
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features
Zoom Uses Microphone after Meeting is Over
https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019
Evidence Planted to Implicate Innocent Activists
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
2/11/2022 • 6 minutes, 2 seconds
ISC StormCast for Friday, February 11th, 2022
iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit
https://support.apple.com/en-us/HT213091
Zyxel Network Storage Devics Hunted By Mirai Variant
https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/
WMIC Removal
https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features
Zoom Uses Microphone after Meeting is Over
https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019
Evidence Planted to Implicate Innocent Activists
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
2/11/2022 • 6 minutes, 2 seconds
ISC StormCast for Thursday, February 10th, 2022
Example of Cobalt Strike form Emotet Infection
https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
NaturalFreshMall: A Mass Store Attack
https://sansec.io/research/naturalfreshmall-mass-hack
2/10/2022 • 6 minutes, 23 seconds
ISC StormCast for Thursday, February 10th, 2022
Example of Cobalt Strike form Emotet Infection
https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
NaturalFreshMall: A Mass Store Attack
https://sansec.io/research/naturalfreshmall-mass-hack
2/10/2022 • 6 minutes, 23 seconds
ISC StormCast for Wednesday, February 9th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/
Google Cloud Virtual Machine Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Android Patches
https://source.android.com/security/bulletin/2022-02-01
SAP Patches
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Podcast 13 Year Anniversary
https://isc.sans.edu/podcastdetail.html?id=25
2/9/2022 • 5 minutes, 46 seconds
ISC StormCast for Wednesday, February 9th, 2022
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/
Google Cloud Virtual Machine Threat Detection
https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview
Android Patches
https://source.android.com/security/bulletin/2022-02-01
SAP Patches
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022
Podcast 13 Year Anniversary
https://isc.sans.edu/podcastdetail.html?id=25
Intuit warns of new phishing scams
https://security.intuit.com/security-notices
IRS working with ID.me
https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services
Argo CD Vulnerability
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
Thermal Imaging of PoE Devices
https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
2/7/2022 • 6 minutes, 16 seconds
ISC StormCast for Monday, February 7th, 2022
Intuit warns of new phishing scams
https://security.intuit.com/security-notices
IRS working with ID.me
https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services
Argo CD Vulnerability
https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/
https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7
Thermal Imaging of PoE Devices
https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/
Finding elFinder: Who is looking for your files?
https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/
IBM Spectrum Protect Plus Container Backup Vulnerabilities
https://www.ibm.com/support/pages/node/6540860
https://www.ibm.com/support/pages/node/6552188
Microsoft Update Connectivity
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
UEFI Bios Vulnerabilities
https://www.insyde.com/security-pledge
2/3/2022 • 5 minutes, 31 seconds
ISC StormCast for Thursday, February 3rd, 2022
Finding elFinder: Who is looking for your files?
https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/
IBM Spectrum Protect Plus Container Backup Vulnerabilities
https://www.ibm.com/support/pages/node/6540860
https://www.ibm.com/support/pages/node/6552188
Microsoft Update Connectivity
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
UEFI Bios Vulnerabilities
https://www.insyde.com/security-pledge
2/3/2022 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, February 2nd, 2022
Windows Privilege Escalation Exploit CVE-2022-21882
https://github.com/KaLendsi/CVE-2022-21882
Fingerprinting Devices Via GPU
https://arxiv.org/pdf/2201.09956.pdf
SolarMarker Campaign used novel registry changes to establish persistence
https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/
Fake Job Ads
https://www.ic3.gov/Media/Y2022/PSA220201
Automation is Nice But Don't Replace Your Knowledge
https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
2/2/2022 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, February 2nd, 2022
Windows Privilege Escalation Exploit CVE-2022-21882
https://github.com/KaLendsi/CVE-2022-21882
Fingerprinting Devices Via GPU
https://arxiv.org/pdf/2201.09956.pdf
SolarMarker Campaign used novel registry changes to establish persistence
https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/
Fake Job Ads
https://www.ic3.gov/Media/Y2022/PSA220201
Automation is Nice But Don't Replace Your Knowledge
https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/
2/2/2022 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, February 1st, 2022
Be Careful with RPMSG Files
https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/
QNAP Auto Update Clarification
https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature
Samba Vulnerability
https://kb.cert.org/vuls/id/119678
Exposed Datacenter Management
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Expat Vulnerability
https://github.com/libexpat/libexpat/blob/master/expat/Changes
2/1/2022 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, February 1st, 2022
Be Careful with RPMSG Files
https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/
QNAP Auto Update Clarification
https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature
Samba Vulnerability
https://kb.cert.org/vuls/id/119678
Exposed Datacenter Management
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Expat Vulnerability
https://github.com/libexpat/libexpat/blob/master/expat/Changes
2/1/2022 • 5 minutes, 18 seconds
ISC StormCast for Monday, January 31st, 2022
Malicious ISO Embedded in an HTML Page
https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/
YARA Console Module
https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/
Attackers Attaching Devices to Azure AD
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
QNAP Forced Updates
https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
1/31/2022 • 6 minutes, 12 seconds
ISC StormCast for Monday, January 31st, 2022
Malicious ISO Embedded in an HTML Page
https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/
YARA Console Module
https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/
Attackers Attaching Devices to Azure AD
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
QNAP Forced Updates
https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/
1/31/2022 • 6 minutes, 12 seconds
ISC StormCast for Friday, January 28th, 2022
Technical Analysis of CVE-2022-22583
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/
Little Snitch Firewall Bypass
https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/
DazzleSpy Malware
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System
https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
1/28/2022 • 16 minutes
ISC StormCast for Friday, January 28th, 2022
Technical Analysis of CVE-2022-22583
https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/
https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/
Little Snitch Firewall Bypass
https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/
DazzleSpy Malware
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System
https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/
1/28/2022 • 16 minutes
ISC StormCast for Thursday, January 27th, 2022
Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet
https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/
Apple Patches and Exploits
https://support.apple.com/en-us/HT201222
https://www.ryanpickren.com/safari-uxss
Let's Encrypt Fixes Problems and Revoces Certificates
https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
1/27/2022 • 6 minutes, 22 seconds
ISC StormCast for Thursday, January 27th, 2022
Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet
https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/
Apple Patches and Exploits
https://support.apple.com/en-us/HT201222
https://www.ryanpickren.com/safari-uxss
Let's Encrypt Fixes Problems and Revoces Certificates
https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427
1/27/2022 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, January 26th, 2022
Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034)
https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/
Emotet Stops Using 0.0.0.0 in Spambot Traffic
https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
VMWare Warns of Log4j Exploitation
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
1/26/2022 • 5 minutes, 17 seconds
ISC StormCast for Wednesday, January 26th, 2022
Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034)
https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/
Emotet Stops Using 0.0.0.0 in Spambot Traffic
https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/
VMWare Warns of Log4j Exploitation
https://www.vmware.com/security/advisories/VMSA-2021-0028.html
https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/
1/26/2022 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, January 25th, 2022
Moonbound UEFI Malware
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Exploit of Sonicwall CVE-2021-20038
https://twitter.com/buffaloverflow/status/1485671824725786633
Dell EMC AppSync Vulnerability
https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities
Twitter API Keys Leaked in GitHub
https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
1/25/2022 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, January 25th, 2022
Moonbound UEFI Malware
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Exploit of Sonicwall CVE-2021-20038
https://twitter.com/buffaloverflow/status/1485671824725786633
Dell EMC AppSync Vulnerability
https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities
Twitter API Keys Leaked in GitHub
https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a
1/25/2022 • 6 minutes, 8 seconds
ISC StormCast for Monday, January 24th, 2022
Obscure Wininet.dll Feature
https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/
Mixed VBA and Excel 4 Macro in Targeted Excel Sheet
https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/
https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905
F5 January 2022 Patches
https://support.f5.com/csp/article/K40084114
McAfee Privilege Escalation
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
1/24/2022 • 6 minutes, 12 seconds
ISC StormCast for Monday, January 24th, 2022
Obscure Wininet.dll Feature
https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/
Mixed VBA and Excel 4 Macro in Targeted Excel Sheet
https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/
https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905
F5 January 2022 Patches
https://support.f5.com/csp/article/K40084114
McAfee Privilege Escalation
https://kc.mcafee.com/corporate/index?page=content&id=SB10378
1/24/2022 • 6 minutes, 12 seconds
ISC StormCast for Friday, January 21st, 2022
RedLine Stealer Delivered Through FTP
https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
1/21/2022 • 6 minutes, 14 seconds
ISC StormCast for Friday, January 21st, 2022
RedLine Stealer Delivered Through FTP
https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/
Google Camera Alters QR Codes
https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html
https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/
Linux Kernel Privilege Escalation / Container Escape
https://seclists.org/oss-sec/2022/q1/54
https://access.redhat.com/security/cve/cve-2022-0185
Crypto.com 2FA Bypass
https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/
Windows Policies to Avoid
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
1/21/2022 • 6 minutes, 14 seconds
ISC StormCast for Thursday, January 20th, 2022
0.0.0.0 in Emotet Spambot Traffic
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
1/20/2022 • 6 minutes, 13 seconds
ISC StormCast for Thursday, January 20th, 2022
0.0.0.0 in Emotet Spambot Traffic
https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/
Linux Patch to Make 0.0.0.0/8 Routable
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a
WebKit Patch for Cross Origin Database Name Leak
https://trac.webkit.org/changeset/288078/webkit
ACER Care Center Privilege Escalation
https://aptw.tf/2022/01/20/acer-care-center-privesc.html
Imporper Input Validation Vulnerability in Serv-U
https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247
1/20/2022 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, January 19th, 2022
Phishing E-Mail With an Advertisement
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
1/19/2022 • 5 minutes, 30 seconds
ISC StormCast for Wednesday, January 19th, 2022
Phishing E-Mail With an Advertisement
https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/
Virustotal Credential
https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2022.html
Box MFA Bypass
https://www.varonis.com/blog/box-mfa-bypass-sms
1/19/2022 • 5 minutes, 30 seconds
ISC StormCast for Tuesday, January 18th, 2022
Log4Shell Attacks Getting Smarter
https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
1/18/2022 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, January 18th, 2022
Log4Shell Attacks Getting Smarter
https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/
Microsoft Releases Special Update to Deal with January Update Fail
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/
Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4
Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP
https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022
Google Chrome Restricting Private Network Access
https://developer.chrome.com/blog/private-network-access-preflight/
1/18/2022 • 5 minutes, 26 seconds
ISC StormCast for Monday, January 17th, 2022
Use of Alternate Data Streams in Research Scans
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
1/17/2022 • 5 minutes, 17 seconds
ISC StormCast for Monday, January 17th, 2022
Use of Alternate Data Streams in Research Scans
https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/
Microsoft Resumes Windows Server 2019 Cumulative Updates
https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/
Safari Index DB Leak
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
A Quick CVE-2022-21907 FAQ
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/
Details Released Regarding Patched Sonicwall Vulnerabilities
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues
https://support.apple.com/en-us/HT201222
https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/
Atticking RDP From Inside
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
1/13/2022 • 5 minutes, 31 seconds
ISC StormCast for Thursday, January 13th, 2022
A Quick CVE-2022-21907 FAQ
https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/
Details Released Regarding Patched Sonicwall Vulnerabilities
https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/
iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues
https://support.apple.com/en-us/HT201222
https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/
Atticking RDP From Inside
https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside
Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre
https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html
1/13/2022 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, January 12th, 2022
Microsoft Patch Tuesday - January 2022
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/
Adobe Updates
https://helpx.adobe.com/security.html
1/12/2022 • 6 minutes, 32 seconds
ISC StormCast for Wednesday, January 12th, 2022
Microsoft Patch Tuesday - January 2022
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/
Adobe Updates
https://helpx.adobe.com/security.html
1/12/2022 • 6 minutes, 32 seconds
ISC StormCast for Tuesday, January 11th, 2022
New MacOS Vulnerability Could Lead to Unauthorized User Data Access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Exploiting URL Parsers
https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf
NPM libs "colors" and "faker" sabotaged by developer
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
1/11/2022 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, January 11th, 2022
New MacOS Vulnerability Could Lead to Unauthorized User Data Access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access
Exploiting URL Parsers
https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf
NPM libs "colors" and "faker" sabotaged by developer
https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/
1/11/2022 • 5 minutes, 39 seconds
ISC StormCast for Monday, January 10th, 2022
Extracting Cobalt Strike Beacons from MSBuild Scripts
https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/
The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
Trojanized dnSpy app drops malware cocktail
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
FIN7 Attackers Sending Malicious USB Sticks
https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
1/10/2022 • 5 minutes, 31 seconds
ISC StormCast for Monday, January 10th, 2022
Extracting Cobalt Strike Beacons from MSBuild Scripts
https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/
The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console
https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/
Trojanized dnSpy app drops malware cocktail
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
FIN7 Attackers Sending Malicious USB Sticks
https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/
1/10/2022 • 5 minutes, 31 seconds
ISC StormCast for Friday, January 7th, 2022
Malicious Python Script Targeting Chinese People
https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
Google Voice Authentication Scams
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams
Norton Crypto Miner
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
1/7/2022 • 5 minutes, 28 seconds
ISC StormCast for Friday, January 7th, 2022
Malicious Python Script Targeting Chinese People
https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/
Google Docs Comment Exploit Allows for Distribution of Phishing and Malware
https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware
Google Voice Authentication Scams
https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams
Norton Crypto Miner
https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx
A Simple Batch File That Blocks People
https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/
Windows Server Remote Desktop Emergency Update
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772
Malicious Telegram Installer Includes Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Web Skimmer Campaign Targets Real Estate Websites
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
1/5/2022 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, January 5th, 2022
A Simple Batch File That Blocks People
https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/
Windows Server Remote Desktop Emergency Update
https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772
Malicious Telegram Installer Includes Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Web Skimmer Campaign Targets Real Estate Websites
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
1/5/2022 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, January 4th, 2022
McAfee Phishing Campaign with a Nice Fake Scan
https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/
Trend Micro Apex One Patch
https://success.trendmicro.com/solution/000289996
E-commerce Bots Using Cheap Domain Registration Services
https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/
iOS Homekit DoS Vulnerability
https://trevorspiniolas.com/doorlock/doorlock.html
1/4/2022 • 5 minutes, 38 seconds
ISC StormCast for Tuesday, January 4th, 2022
McAfee Phishing Campaign with a Nice Fake Scan
https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/
Trend Micro Apex One Patch
https://success.trendmicro.com/solution/000289996
E-commerce Bots Using Cheap Domain Registration Services
https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/
iOS Homekit DoS Vulnerability
https://trevorspiniolas.com/doorlock/doorlock.html
1/4/2022 • 5 minutes, 38 seconds
ISC StormCast for Monday, January 3rd, 2022
Exchange Server Year 2022 Bug
https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Agent Tesla Updates
https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/
https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/
Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
iLO Bleed Attack
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
1/3/2022 • 7 minutes, 35 seconds
ISC StormCast for Monday, January 3rd, 2022
Exchange Server Year 2022 Bug
https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/
https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447
Agent Tesla Updates
https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/
https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/
Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature
https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf
iLO Bleed Attack
https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/
Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons
https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/
Bypassing File Quarantine, Gatekeeper and Notarization Requirements
https://objective-see.com/blog/blog_0x6A.html
Spider-Miner: Trojanized Version of Spiderman No Way Home
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
12/28/2021 • 4 minutes, 41 seconds
ISC StormCast for Tuesday, December 28th, 2021
Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons
https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/
Bypassing File Quarantine, Gatekeeper and Notarization Requirements
https://objective-see.com/blog/blog_0x6A.html
Spider-Miner: Trojanized Version of Spiderman No Way Home
https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/
12/28/2021 • 4 minutes, 41 seconds
ISC StormCast for Monday, December 27th, 2021
Log4j/Log4Shell and Cloud Internal Meta Data Services
https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/
https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/
Log4j/Log4Shell Pushing Crypto Miner
https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Azure Source Code Leak
https://blog.wiz.io/azure-app-service-source-code-leak/
12/27/2021 • 5 minutes, 46 seconds
ISC StormCast for Monday, December 27th, 2021
Log4j/Log4Shell and Cloud Internal Meta Data Services
https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/
https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/
Log4j/Log4Shell Pushing Crypto Miner
https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/
Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Azure Source Code Leak
https://blog.wiz.io/azure-app-service-source-code-leak/
12/27/2021 • 5 minutes, 46 seconds
ISC StormCast for Thursday, December 23rd, 2021
Forensics Challenge Solution
https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/
CAB-less 40444
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Ellume COVID Home Test Weakness
https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
12/23/2021 • 4 minutes
ISC StormCast for Thursday, December 23rd, 2021
Forensics Challenge Solution
https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/
CAB-less 40444
https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/
Ellume COVID Home Test Weakness
https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files
12/23/2021 • 4 minutes
ISC StormCast for Wednesday, December 22nd, 2021
More Undetected PowerShell Droppers
https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/
Apache Patches
https://httpd.apache.org/security/vulnerabilities_24.html
Auerswald COMpact Multiple Backdoors
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
Vulnerabilities in Garrett Metal Detectors
https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
12/22/2021 • 4 minutes, 59 seconds
ISC StormCast for Wednesday, December 22nd, 2021
More Undetected PowerShell Droppers
https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/
Apache Patches
https://httpd.apache.org/security/vulnerabilities_24.html
Auerswald COMpact Multiple Backdoors
https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors
Vulnerabilities in Garrett Metal Detectors
https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more
12/22/2021 • 4 minutes, 59 seconds
ISC StormCast for Tuesday, December 21st, 2021
PowerPoint Atachments: Agent Tesla and Code Reuse in Malware
https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/
VMWare Workspace ONE Patch / log4j status
https://www.vmware.com/security/advisories.html
Attacks Against Building Automation
https://limessecurity.com/en/knxlock/
12/21/2021 • 5 minutes, 55 seconds
ISC StormCast for Tuesday, December 21st, 2021
PowerPoint Atachments: Agent Tesla and Code Reuse in Malware
https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/
VMWare Workspace ONE Patch / log4j status
https://www.vmware.com/security/advisories.html
Attacks Against Building Automation
https://limessecurity.com/en/knxlock/
12/21/2021 • 5 minutes, 55 seconds
ISC StormCast for Monday, December 20th, 2021
Disaster Recovery Automation Using Public DNS APIs
https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/
Office 2021: VBA Project Version
https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/
Log4j Updates
https://www.blumira.com/analysis-log4shell-local-trigger/
https://logging.apache.org/log4j/2.x/security.html
12/20/2021 • 6 minutes, 31 seconds
ISC StormCast for Monday, December 20th, 2021
Disaster Recovery Automation Using Public DNS APIs
https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/
Office 2021: VBA Project Version
https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/
Log4j Updates
https://www.blumira.com/analysis-log4shell-local-trigger/
https://logging.apache.org/log4j/2.x/security.html
12/20/2021 • 6 minutes, 31 seconds
ISC StormCast for Friday, December 17th, 2021
How the "Contact Forms" Campaign Tricks People
https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
Bluetooth Used to Extract WiFi Secrets
https://arxiv.org/pdf/2112.05719.pdf
Lenovo Privilege Escalation Vulnerability
https://support.lenovo.com/cy/en/product_security/len-75210
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Log4j Updates
https://github.com/cisagov/log4j-affected-db
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://twitter.com/sans_isc/status/1471611522694717445
12/17/2021 • 7 minutes, 42 seconds
ISC StormCast for Friday, December 17th, 2021
How the "Contact Forms" Campaign Tricks People
https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/
Bluetooth Used to Extract WiFi Secrets
https://arxiv.org/pdf/2112.05719.pdf
Lenovo Privilege Escalation Vulnerability
https://support.lenovo.com/cy/en/product_security/len-75210
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Log4j Updates
https://github.com/cisagov/log4j-affected-db
https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021
https://twitter.com/sans_isc/status/1471611522694717445
12/17/2021 • 7 minutes, 42 seconds
ISC StormCast for Thursday, December 16th, 2021
Undetected Powershell Backdoor
https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/
Adobe Security Updates
https://helpx.adobe.com/security.html
Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension
https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Webkit Bug Exploitable in PS4
https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
12/16/2021 • 5 minutes, 45 seconds
ISC StormCast for Thursday, December 16th, 2021
Undetected Powershell Backdoor
https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/
Adobe Security Updates
https://helpx.adobe.com/security.html
Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension
https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/
Webkit Bug Exploitable in PS4
https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/
12/16/2021 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, December 15th, 2021
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/
Log4j Updates
https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/
Log4j Scanner
https://github.com/dtact/divd-2021-00038--log4j-scanner
Apple Updates
https://support.apple.com/en-us/HT201222
12/15/2021 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, December 15th, 2021
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/
Log4j Updates
https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/
Log4j Scanner
https://github.com/dtact/divd-2021-00038--log4j-scanner
Apple Updates
https://support.apple.com/en-us/HT201222
12/15/2021 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, December 14th, 2021
Log4Shell Becoming Part of the Day to Day Grind
https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
https://www.youtube.com/watch?v=oC2PZB5D3Ys
Google Chrome Update
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Malicious PyPi Packages
https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
12/14/2021 • 5 minutes, 7 seconds
ISC StormCast for Tuesday, December 14th, 2021
Log4Shell Becoming Part of the Day to Day Grind
https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/
https://www.youtube.com/watch?v=oC2PZB5D3Ys
Google Chrome Update
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html
Malicious PyPi Packages
https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2
12/14/2021 • 5 minutes, 7 seconds
ISC StormCast for Monday, December 13th, 2021
Remote Code Execution in log4j2
https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/
Log4j Zero Day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data
https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/
Log4Shell Vendor Bulletins
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
12/13/2021 • 7 minutes, 44 seconds
ISC StormCast for Monday, December 13th, 2021
Remote Code Execution in log4j2
https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/
Log4j Zero Day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data
https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/
Log4Shell Vendor Bulletins
https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592
12/13/2021 • 7 minutes, 44 seconds
ISC StormCast for Friday, December 10th, 2021
Phishing Direct Messages via Discord
https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
12/10/2021 • 6 minutes, 30 seconds
ISC StormCast for Friday, December 10th, 2021
Phishing Direct Messages via Discord
https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/
Vulnerable Microtik Routers
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
log4j RCE 0-day
https://www.lunasec.io/docs/blog/log4j-zero-day/
Sonicwall SMA 100 Patch
https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/
12/10/2021 • 6 minutes, 30 seconds
ISC StormCast for Thursday, December 9th, 2021
December 2021 Forensic Challenge
https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
12/9/2021 • 5 minutes, 30 seconds
ISC StormCast for Thursday, December 9th, 2021
December 2021 Forensic Challenge
https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Android Patch Day
https://source.android.com/security/bulletin/2021-12-01?hl=en
12/9/2021 • 5 minutes, 30 seconds
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere!
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
12/8/2021 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, December 8th, 2021
Webshells, Webshells everywhere!
https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/
AWS Outage
https://status.aws.amazon.com
Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed
https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers
https://xsinator.com/paper.pdf
12/8/2021 • 5 minutes, 37 seconds
ISC StormCast for Tuesday, December 7th, 2021
The Importance of Out of Band Networks
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
12/7/2021 • 5 minutes, 30 seconds
ISC StormCast for Tuesday, December 7th, 2021
The Importance of Out of Band Networks
https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/
Kaseya Unitrends Backup Appliance Updates
https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961
Is KAX17 Performing De-Anonymization Attacks Against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Google Chrome Update No 0-Days
https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html
12/7/2021 • 5 minutes, 30 seconds
ISC StormCast for Monday, December 6th, 2021
The UPX Packer will never die
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
12/6/2021 • 5 minutes, 22 seconds
ISC StormCast for Monday, December 6th, 2021
The UPX Packer will never die
https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/
Survey of Airgap Attacks
https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/
Ubiquity Victim of Insider Extortion
https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting
12/6/2021 • 5 minutes, 22 seconds
ISC StormCast for Friday, December 3rd, 2021
TA551 (Shathak) Pushes IcedID (Bokbot)
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
12/3/2021 • 14 minutes, 23 seconds
ISC StormCast for Friday, December 3rd, 2021
TA551 (Shathak) Pushes IcedID (Bokbot)
https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/
pip-audit scanning Python packages for known vulnerabilities
https://pypi.org/project/pip-audit/
Wifi Router Flaws
https://www.iot-inspector.com/blog/router-security-check-2021/
SANS Holiday Hack Challenge
https://www.sans.org/mlp/holiday-hack-challenge/
12/3/2021 • 14 minutes, 23 seconds
ISC StormCast for Thursday, December 2nd, 2021
Info-Stealer Using webhook.site to Exfiltrate Data
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
12/2/2021 • 6 minutes, 15 seconds
ISC StormCast for Thursday, December 2nd, 2021
Info-Stealer Using webhook.site to Exfiltrate Data
https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/
Mozilla NSS Library Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=2237
EwDoor Botnet is Attacking AT&T Customers
https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/
JAMF Pro 10.32 Patch
https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505
12/2/2021 • 6 minutes, 15 seconds
ISC StormCast for Wednesday, December 1st, 2021
Hunting for PHPUnit Installed via Composer
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
12/1/2021 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, December 1st, 2021
Hunting for PHPUnit Installed via Composer
https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/
Microsoft Defender Scares Admins with Emotet False Positivies
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/
Printing Shellz HP Printer Vulnerabilities
https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485
Unpatched Local Privilege Escalation in Mobile Device Management Service
https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html
12/1/2021 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, November 30th, 2021
Wireshark 3.6.0 Released
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
11/30/2021 • 5 minutes, 25 seconds
ISC StormCast for Tuesday, November 30th, 2021
Wireshark 3.6.0 Released
https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/
Google Cloud Security Report
https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf
Zoom Patch
https://explore.zoom.us/en/trust/security/security-bulletin/
Slack DNSSEC Experience Reports
https://slack.engineering/what-happened-during-slacks-dnssec-rollout/
11/30/2021 • 5 minutes, 25 seconds
ISC StormCast for Monday, November 29th, 2021
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
11/29/2021 • 6 minutes, 4 seconds
ISC StormCast for Monday, November 29th, 2021
Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List
https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/
Trickbot Phishing Checks Screen Resolution to Evade Researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
QNAP QVR Patch
https://www.qnap.com/de-de/security-advisory/qsa-21-51
CronRAT Malware Hiding in cron
https://sansec.io/research/cronrat
11/29/2021 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, November 24th, 2021
YARA Rule for OOXML Maldocs: Less False Positives
https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
11/24/2021 • 3 minutes, 13 seconds
ISC StormCast for Wednesday, November 24th, 2021
YARA Rule for OOXML Maldocs: Less False Positives
https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/
Zero-Day Windows Installer Exploit
https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/
VMWare VCenter Vulnerability and Patch
https://www.vmware.com/security/advisories/VMSA-2021-0027.html
11/24/2021 • 3 minutes, 13 seconds
ISC StormCast for Tuesday, November 23rd, 2021
Simple YARA Rules for Office Maldocs
https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
11/23/2021 • 4 minutes, 25 seconds
ISC StormCast for Tuesday, November 23rd, 2021
Simple YARA Rules for Office Maldocs
https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/
Retailers Urged to Patch Magento
https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/
PoC of CVE-2021-42321: pop mspaint.exe on the target
https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398
BeC Via Exchange Flaws
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Windows Priv. Escalation PoC
https://github.com/klinix5/InstallerFileTakeOver
PHP deserialize vulnerablity in CloudLinux Imunity360
https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html
11/23/2021 • 4 minutes, 25 seconds
ISC StormCast for Monday, November 22nd, 2021
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
11/22/2021 • 5 minutes
ISC StormCast for Monday, November 22nd, 2021
Hikvision Security Cameras Potentially Exposed to Remote Code Execution
https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/
Detecting PAM Backdoors
https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/
Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem
https://dl.acm.org/doi/pdf/10.1145/3460120.3484768
CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/
Emotet Returns
https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
11/17/2021 • 6 minutes, 43 seconds
ISC StormCast for Wednesday, November 17th, 2021
Emotet Returns
https://isc.sans.edu/forums/diary/Emotet+Returns/28044/
GitHub Improves npm Security
https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/
Intel CPU Debug Vulnerability
https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html
Home Router Vulnerability Listing
https://modemly.com/m1/pulse
11/17/2021 • 6 minutes, 43 seconds
ISC StormCast for Tuesday, November 16th, 2021
Microsoft Emergency Update fixes AD Authentication Problems
https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
11/16/2021 • 6 minutes, 41 seconds
ISC StormCast for Tuesday, November 16th, 2021
Microsoft Emergency Update fixes AD Authentication Problems
https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9
Using Copy Paste to Change Microsoft AD Password
https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/
Parking Pages Used to Distrbute Malware
https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/
Blacksmith Revives Rowhamer
https://comsec.ethz.ch/research/dram/blacksmith/
11/16/2021 • 6 minutes, 41 seconds
ISC StormCast for Monday, November 15th, 2021
Not So Fake FBI E-Mails
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
11/15/2021 • 5 minutes, 45 seconds
ISC StormCast for Monday, November 15th, 2021
Not So Fake FBI E-Mails
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/
https://twitter.com/spamhaus/status/1459450061696417792
Reversing Obfuscated Maldoc with BASE64
https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/
Zoom Updates
https://explore.zoom.us/en/trust/security/security-bulletin/
VMWare VCenter Update
https://www.vmware.com/security/advisories/VMSA-2021-0025.html
Windows User Profile 0-Day LPE
https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html
11/15/2021 • 5 minutes, 45 seconds
ISC StormCast for Friday, November 12th, 2021
In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
11/12/2021 • 3 minutes
ISC StormCast for Friday, November 12th, 2021
In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder
https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/
https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/
11/12/2021 • 3 minutes
ISC StormCast for Thursday, November 11th, 2021
Shadow IT Makes People More Vulnerable to Phishing
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
11/11/2021 • 6 minutes, 35 seconds
ISC StormCast for Thursday, November 11th, 2021
Shadow IT Makes People More Vulnerable to Phishing
https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/
PaloAlto Networks GlobalProtect VPN CVE-2021-3064
https://www.randori.com/blog/cve-2021-3064/?i=2
Citrix ADC/Gateway/SD-WAN WANOP Patch
https://support.citrix.com/article/CTX330728
HPE Aruba Breach
https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/
LiveStream: Application Security; Web Apps, APIs & Microservices
youtu.be/6gGB7skXvpg
2pm ET Today (not 1pm as mentioned in the podcast
11/11/2021 • 6 minutes, 35 seconds
ISC StormCast for Wednesday, November 10th, 2021
Microsoft November 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
11/10/2021 • 6 minutes, 35 seconds
ISC StormCast for Wednesday, November 10th, 2021
Microsoft November 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/
Adobe Patches
https://helpx.adobe.com/security.html
BusyBox Vulnerabilities
https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/
11/10/2021 • 6 minutes, 35 seconds
ISC StormCast for Tuesday, November 9th, 2021
(Ab)Using Security Tools & Controls for the Bad
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
11/9/2021 • 7 minutes, 15 seconds
ISC StormCast for Tuesday, November 9th, 2021
(Ab)Using Security Tools & Controls for the Bad
https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/
Targeted Attack Campaign Against ManageEngine ADSelfService Plus
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Image-Scaling Attacks in Machine Learning
https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf
11/9/2021 • 7 minutes, 15 seconds
ISC StormCast for Monday, November 8th, 2021
Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
11/8/2021 • 5 minutes, 11 seconds
ISC StormCast for Monday, November 8th, 2021
Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/
XMount for Disk Images
https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/
More Proactive SIMs
https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189
Thunderbird Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/
11/8/2021 • 5 minutes, 11 seconds
ISC StormCast for Friday, November 5th, 2021
October 2021 Forensic Contest Answers and Analysis
https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
11/5/2021 • 7 minutes, 3 seconds
ISC StormCast for Friday, November 5th, 2021
October 2021 Forensic Contest Answers and Analysis
https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/
CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module
https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
The Security Risk of Lacking Compiler Protection in WebAssembly
https://arxiv.org/abs/2111.01421
11/5/2021 • 7 minutes, 3 seconds
ISC StormCast for Thursday, November 4th, 2021
Gitlab CVE-2021-22205 Exploited (and often not patched)
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
11/4/2021 • 5 minutes, 11 seconds
ISC StormCast for Thursday, November 4th, 2021
Gitlab CVE-2021-22205 Exploited (and often not patched)
https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
New Proxy Shell Exploits Seen Against Exchange
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Blackmatter Shutting Down Again
https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/
Android 0-Day Patched
https://source.android.com/security/bulletin/2021-11-01
11/4/2021 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, November 3rd, 2021
Revisiting BrakTooth: Two Months Later
https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
11/3/2021 • 5 minutes, 41 seconds
ISC StormCast for Wednesday, November 3rd, 2021
Revisiting BrakTooth: Two Months Later
https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/
Escalating XSS to Sainthood with Nagios
https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html
Pentaho Business Analytics Vulnerablity
https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf
11/3/2021 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, November 2nd, 2021
Trojan Source: Invisible Vulnerabilities
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
11/2/2021 • 7 minutes, 3 seconds
ISC StormCast for Tuesday, November 2nd, 2021
Trojan Source: Invisible Vulnerabilities
https://www.trojansource.codes/trojan-source.pdf
Detecting HTTP Header Smuggling Vulnerabilities
https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks
Kaspersky Lost Amazon Simple Email Service Token
https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing
11/2/2021 • 7 minutes, 3 seconds
ISC StormCast for Monday, November 1st, 2021
Remote Desktop Protocol RDP Discovery
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
11/1/2021 • 5 minutes, 22 seconds
ISC StormCast for Monday, November 1st, 2021
Remote Desktop Protocol RDP Discovery
https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/
Sysmon Update
https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/
Google Chrome Updates
https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
AbstractEmu Malware Roots Android
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Microsoft Defender For Endpoint Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357
11/1/2021 • 5 minutes, 22 seconds
ISC StormCast for Friday, October 29th, 2021
Critical Hikvision Patch
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
10/29/2021 • 5 minutes, 36 seconds
ISC StormCast for Friday, October 29th, 2021
Critical Hikvision Patch
https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html
https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/
Shrootless Vulnerability in MacOS
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
More Malicious NPM Libraries
https://www.theregister.com/2021/10/27/npm_roblox_ransomware/
10/29/2021 • 5 minutes, 36 seconds
ISC StormCast for Thursday, October 28th, 2021
Outlook Web Access Phishing
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
10/28/2021 • 5 minutes, 9 seconds
ISC StormCast for Thursday, October 28th, 2021
Outlook Web Access Phishing
https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/
Apple Security Updates Details Available
https://support.apple.com/en-us/HT201222
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
PinkBot Botnet Uses DoH
https://blog.netlab.360.com/pinkbot/
Jira Insight Patch
https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html
10/28/2021 • 5 minutes, 9 seconds
ISC StormCast for Wednesday, October 27th, 2021
Apple Updates Everything (but no details yet)
https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
10/27/2021 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, October 27th, 2021
Apple Updates Everything (but no details yet)
https://support.apple.com/en-sa/HT201222
Craigslist E-Mail Hijack
https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist
UltimaSMS Android Malware
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
Firefox Proxy Malware
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
10/27/2021 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, October 26th, 2021
Decrypting Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
10/26/2021 • 4 minutes, 44 seconds
ISC StormCast for Tuesday, October 26th, 2021
Decrypting Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/
Critical Discourse Vulnerability
https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse
Discourse Discussion Platform RCE
https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq
https://0day.click/recipe/discourse-sns-rce/
ua-parser-js malware
https://github.com/advisories/GHSA-pjwm-rvh2-c87w
Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
10/26/2021 • 4 minutes, 44 seconds
ISC StormCast for Monday, October 25th, 2021
Malware Quiz
https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
10/25/2021 • 5 minutes, 35 seconds
ISC StormCast for Monday, October 25th, 2021
Malware Quiz
https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
10/25/2021 • 5 minutes, 35 seconds
ISC StormCast for Friday, October 22nd, 2021
Stolen Images Evidence Campaign Pushes Sliver Based Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
10/22/2021 • 6 minutes, 18 seconds
ISC StormCast for Friday, October 22nd, 2021
Stolen Images Evidence Campaign Pushes Sliver Based Malware
https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/
FiveSys Rootkit Signed By Microsoft
https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2021.html
WinRAR Vulnerability
https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/
Crypto Mining npm Libraries
https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices
10/22/2021 • 6 minutes, 18 seconds
ISC StormCast for Thursday, October 21st, 2021
Thanks to Covid 19: New Types of Documents are Lost in the Wild
https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
10/21/2021 • 5 minutes, 38 seconds
ISC StormCast for Thursday, October 21st, 2021
Thanks to Covid 19: New Types of Documents are Lost in the Wild
https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/
Google Chrome 95 Released
https://chromestatus.com/roadmap
Squirrel VM Bug
https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html
BlackByte Decryptor Released
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://github.com/SpiderLabs/BlackByteDecryptor
10/21/2021 • 5 minutes, 38 seconds
ISC StormCast for Wednesday, October 20th, 2021
Can You Make the Great Chinese Firewall Work For You
https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
10/20/2021 • 4 minutes, 45 seconds
ISC StormCast for Wednesday, October 20th, 2021
Can You Make the Great Chinese Firewall Work For You
https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/
Fake Government Assistance Websites
https://www.ic3.gov/Media/Y2021/PSA211015
TA505 Coming Back
https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant
BlackMatter Ransomware
https://us-cert.cisa.gov/ncas/alerts/aa21-291a
10/20/2021 • 4 minutes, 45 seconds
ISC StormCast for Tuesday, October 19th, 2021
Malcious PowerShell Script Using Client Certificate Authentication
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/
PowerShell Updates
https://github.com/PowerShell/Announcements/issues/27
Juniper JunOS Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
TianFu Cup
https://tianfucup.com/en/#canjia
10/19/2021 • 5 minutes, 6 seconds
ISC StormCast for Tuesday, October 19th, 2021
Malcious PowerShell Script Using Client Certificate Authentication
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/
PowerShell Updates
https://github.com/PowerShell/Announcements/issues/27
Juniper JunOS Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
TianFu Cup
https://tianfucup.com/en/#canjia
10/19/2021 • 5 minutes, 6 seconds
ISC StormCast for Monday, October 18th, 2021
Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013
https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
Warranty Repairs and Non Removable Storage Risks
https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/
Crypto Wallet Compromised on OpenSea NFT Marketplace
https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/
$5.2 Billion worth of Bitcoin Transactions Linked to Ransomware
https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
10/18/2021 • 5 minutes, 34 seconds
ISC StormCast for Monday, October 18th, 2021
Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013
https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/
Warranty Repairs and Non Removable Storage Risks
https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/
Crypto Wallet Compromised on OpenSea NFT Marketplace
https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/
$5.2 Billion worth of Bitcoin Transactions Linked to Ransomware
https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf
10/18/2021 • 5 minutes, 34 seconds
ISC StormCast for Friday, October 15th, 2021
Port Forwarding with Windows for the Win
https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/
Please Fix Your E-Mail Brute Forcing Tool
https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/
Ad Blocker Injects Ads
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Romance Scams Go After Crypto Currency
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/
Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
Foxit Updates
https://www.foxit.com/support/security-bulletins.html
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2021-0023.html
10/15/2021 • 6 minutes, 32 seconds
ISC StormCast for Friday, October 15th, 2021
Port Forwarding with Windows for the Win
https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/
Please Fix Your E-Mail Brute Forcing Tool
https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/
Ad Blocker Injects Ads
https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/
Romance Scams Go After Crypto Currency
https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/
Sysmon For Linux
https://github.com/Sysinternals/SysmonForLinux
Foxit Updates
https://www.foxit.com/support/security-bulletins.html
VMWare Updates
https://www.vmware.com/security/advisories/VMSA-2021-0023.html
Non HTTP Requests Hitting Web Server
https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/
Apple Updates iOS/iPadOS to 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://support.apple.com/en-us/HT212846
Weak SSH Keys Used with GitKraken
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
Let's Encrypt Outage
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
10/12/2021 • 5 minutes, 4 seconds
ISC StormCast for Tuesday, October 12th, 2021
Non HTTP Requests Hitting Web Server
https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/
Apple Updates iOS/iPadOS to 15.0.2
https://saaramar.github.io/IOMFB_integer_overflow_poc/
https://support.apple.com/en-us/HT212846
Weak SSH Keys Used with GitKraken
https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/
Let's Encrypt Outage
https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c
10/12/2021 • 5 minutes, 4 seconds
ISC StormCast for Monday, October 11th, 2021
Scanning for Previous Oracle WebLogic Vulnerabilities
https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
Sorting Things Out - Sorting Data by IP Address
https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/
https://gitlab.com/slackermedia/bashcrawl
Telegram Does Not Remove Auto-Deleted Messages from Cache
https://habr.com/en/post/580582/
Microsoft To Disable Excel 4.0 Macros By Default
https://twitter.com/GelosSnake/status/1446192775087722497
https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
10/11/2021 • 5 minutes, 24 seconds
ISC StormCast for Monday, October 11th, 2021
Scanning for Previous Oracle WebLogic Vulnerabilities
https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/
Sorting Things Out - Sorting Data by IP Address
https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/
https://gitlab.com/slackermedia/bashcrawl
Telegram Does Not Remove Auto-Deleted Messages from Cache
https://habr.com/en/post/580582/
Microsoft To Disable Excel 4.0 Macros By Default
https://twitter.com/GelosSnake/status/1446192775087722497
https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/
10/11/2021 • 5 minutes, 24 seconds
ISC StormCast for Friday, October 8th, 2021
Who is Hunting For Your IPTV Set-Top Box?
https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Another Update For Apache
https://httpd.apache.org
Font on Lake Rootkit
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
osquery 5 with macOS Endpoint Security
https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
10/8/2021 • 6 minutes, 21 seconds
ISC StormCast for Friday, October 8th, 2021
Who is Hunting For Your IPTV Set-Top Box?
https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/
Another Update For Apache
https://httpd.apache.org
Font on Lake Rootkit
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
osquery 5 with macOS Endpoint Security
https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos
10/8/2021 • 6 minutes, 21 seconds
ISC StormCast for Thursday, October 7th, 2021
Apache 2.4.49 Directory Traversal Vulnerability
https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/
Python Ransomware Targeting ESXi Server
https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx
AT&T SIM Forensics
https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c
Google Making Additional 2FA Push
https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
10/7/2021 • 5 minutes, 19 seconds
ISC StormCast for Thursday, October 7th, 2021
Apache 2.4.49 Directory Traversal Vulnerability
https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/
Python Ransomware Targeting ESXi Server
https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx
AT&T SIM Forensics
https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c
Google Making Additional 2FA Push
https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/
10/7/2021 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, October 6th, 2021
Looking Glass Sites
https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/
Facebook Postmortem
https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/
Apache 2.4.49 Directory Traversal Vulnerability
https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching
Windows 11 Released
https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
10/6/2021 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, October 6th, 2021
Looking Glass Sites
https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/
Facebook Postmortem
https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/
Apache 2.4.49 Directory Traversal Vulnerability
https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching
Windows 11 Released
https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/
https://www.microsoft.com/en-us/download/details.aspx?id=55319
10/6/2021 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, October 5th, 2021
Facebook Outage
https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/
Boutique "Dark" Botnet Hunting for Crumbs
https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
Apache Airflow May Leak Credentials
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
10/5/2021 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, October 5th, 2021
Facebook Outage
https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/
Boutique "Dark" Botnet Hunting for Crumbs
https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/
Apache Airflow May Leak Credentials
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
10/5/2021 • 5 minutes, 47 seconds
ISC StormCast for Monday, October 4th, 2021
A New Tool To Add to Your LOLBAS List: cvtres.exe
https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/
Google Chrome Continuing Updates
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Cyber Security Awareness Month
https://www.sans.org/security-awareness-training/resources/
https://isc.sans.edu/tag.html?tag=csam
FCC Attempts to Fight SIM Swapping
https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf
MacOS Gatekeeper Bypass
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
10/4/2021 • 5 minutes, 51 seconds
ISC StormCast for Monday, October 4th, 2021
A New Tool To Add to Your LOLBAS List: cvtres.exe
https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/
Google Chrome Continuing Updates
https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop
Cyber Security Awareness Month
https://www.sans.org/security-awareness-training/resources/
https://isc.sans.edu/tag.html?tag=csam
FCC Attempts to Fight SIM Swapping
https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf
MacOS Gatekeeper Bypass
https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/
Keeping Track of Time: Network Time Protocol and GPSD Bug
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Apple Airtags Stored XSS
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
CISA/NSA Guidance To Configure VPNs
https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps
https://engineering.fb.com/2021/09/29/security/mariana-trench/
9/30/2021 • 5 minutes, 28 seconds
ISC StormCast for Thursday, September 30th, 2021
Keeping Track of Time: Network Time Protocol and GPSD Bug
https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/
Apple Airtags Stored XSS
https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216
CISA/NSA Guidance To Configure VPNs
https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF
Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps
https://engineering.fb.com/2021/09/29/security/mariana-trench/
9/30/2021 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, September 29th, 2021
TLS 1.3 and SSL: The Current State of Affairs
https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/
EFF Discontinues HTTPS Everywhere Plugin
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
Malicious CryptoCoin Wallet
https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
9/29/2021 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, September 29th, 2021
TLS 1.3 and SSL: The Current State of Affairs
https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/
EFF Discontinues HTTPS Everywhere Plugin
https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
Malicious CryptoCoin Wallet
https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797
Microsoft Automates Exchange Mitigations
https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155
Mobile Device Inventory via Active Sync
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/
Autodiscover Attacks
https://autodiscover-vulnerable-tlds.com
https://wiki.mozilla.org/Public_Suffix_List
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Three More 0-Day Vulnerabilities in iOS
https://habr.com/en/post/579714/
original russian version: https://habr.com/en/post/579716/
Cisco CAPWAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf
Sonicwall SMA 100 Series Vulnerablity
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
9/27/2021 • 6 minutes, 13 seconds
ISC StormCast for Monday, September 27th, 2021
Mobile Device Inventory via Active Sync
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/
Autodiscover Attacks
https://autodiscover-vulnerable-tlds.com
https://wiki.mozilla.org/Public_Suffix_List
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Three More 0-Day Vulnerabilities in iOS
https://habr.com/en/post/579714/
original russian version: https://habr.com/en/post/579716/
Cisco CAPWAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf
Sonicwall SMA 100 Series Vulnerablity
https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/
9/27/2021 • 6 minutes, 13 seconds
ISC StormCast for Friday, September 24th, 2021
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
9/24/2021 • 5 minutes, 31 seconds
ISC StormCast for Friday, September 24th, 2021
Excel Recipe: Some VBA Code with a Touch of Excel4 Macro
https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/
Windows Platform Binary Table Weakness
https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/
Apple Patches Older iOS/MacOS Versions
https://support.apple.com/en-us/HT201222
Broken Digital Signatures Used to Foil Malware Detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
9/24/2021 • 5 minutes, 31 seconds
ISC StormCast for Thursday, September 23rd, 2021
An XML-Obfustcated Office Document (CVE-2021-40444)
https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
9/23/2021 • 6 minutes, 53 seconds
ISC StormCast for Thursday, September 23rd, 2021
An XML-Obfustcated Office Document (CVE-2021-40444)
https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/
Exchange Autodiscovering Leaks Credentials
https://www.guardicore.com/labs/autodiscovering-the-great-leak/
Nagios Vulnerabilities
https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/
Apple Deprecating TLS 1.0/1.1
https://developer.apple.com/news/?id=bv8ur34d
9/23/2021 • 6 minutes, 53 seconds
ISC StormCast for Wednesday, September 22nd, 2021
A First Look at Apple's iOS 15 "Private Relay" feature
https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
9/22/2021 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, September 22nd, 2021
A First Look at Apple's iOS 15 "Private Relay" feature
https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/
macOS Finder Security Feature Bypass Leads to Possible RCE
https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/
VMWare vCenter Advisory
https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html
NetGear Circle Parental Control Vulnerablity
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
9/22/2021 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, September 21st, 2021
OMIGOD Exploits Captured in the Wild.
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
9/21/2021 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, September 21st, 2021
OMIGOD Exploits Captured in the Wild.
https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/
Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari)
https://support.apple.com/en-us/HT201222
ManageEngine ADSelfService Plus Exploited
https://us-cert.cisa.gov/ncas/alerts/aa21-259a
9/21/2021 • 6 minutes, 24 seconds
ISC StormCast for Monday, September 20th, 2021
Malicious Calendar Subscriptions Are Back
https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
9/20/2021 • 5 minutes, 47 seconds
ISC StormCast for Monday, September 20th, 2021
Malicious Calendar Subscriptions Are Back
https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/
Simple Analysis of a CVE-2021-40444 (MSHTML) Document
https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/
Mirai Botnet Hunting OMIGOD
https://twitter.com/1ZRR4H/status/1438580885142507528
https://isc.sans.edu/port.html?port=1270
Exploit for Netgear Flaws Available
https://gynvael.coldwind.pl/?id=742
9/20/2021 • 5 minutes, 47 seconds
ISC StormCast for Friday, September 17th, 2021
Phishing 101: why depend on one suspicious message subject when you can use many
https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
9/17/2021 • 6 minutes, 30 seconds
ISC StormCast for Friday, September 17th, 2021
Phishing 101: why depend on one suspicious message subject when you can use many
https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/
PrintNightmare Fix Breaks Network Printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
Malware Taking Advantage of Linux Subsystem for Windows
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Travis CI Patch
https://travis-ci.community/t/security-bulletin/12081
IBM System x IMM Vulnerability
https://support.lenovo.com/es/en/product_security/len-66347
Fake iTerm installing Malware on OS X
https://objective-see.com/blog/blog_0x66.html
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
9/15/2021 • 5 minutes, 22 seconds
ISC StormCast for Wednesday, September 15th, 2021
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/
Adobe Patches
https://helpx.adobe.com/security/security-bulletin.html
9/15/2021 • 5 minutes, 22 seconds
ISC StormCast for Tuesday, September 14th, 2021
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
9/14/2021 • 5 minutes, 8 seconds
ISC StormCast for Tuesday, September 14th, 2021
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Citizenlab Discloses NSO Exploit Details
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/
Google Chrome Update
https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html
WooCommerce Multi Currency Plugin Vulnerablity
https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/
9/14/2021 • 5 minutes, 8 seconds
ISC StormCast for Monday, September 13th, 2021
Shipping Microsoft DNS Logs to Elasticsearch
https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
9/13/2021 • 5 minutes, 33 seconds
ISC StormCast for Monday, September 13th, 2021
Shipping Microsoft DNS Logs to Elasticsearch
https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/
Exploit Generator for CVE-2021-40444
https://github.com/lockedbyte/CVE-2021-40444
Windows Lock Screen Bypass
https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html
Citrix Hypervisor Update
https://support.citrix.com/article/CTX325319
GitHub Identifies Vulnerable node.js Packages
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
9/13/2021 • 5 minutes, 33 seconds
ISC StormCast for Friday, September 10th, 2021
ISC/DShield API Updates
https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
9/10/2021 • 6 minutes, 30 seconds
ISC StormCast for Friday, September 10th, 2021
ISC/DShield API Updates
https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/
Update on Windows MSHTML Vulnerability
https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/
GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage
https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
9/8/2021 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, September 8th, 2021
Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444
ProntonMail/VPN Releasing User's IP Address
https://protonmail.com/blog/climate-activist-arrest/
What's App End To End Encryption Questioned (but upheld)
https://twitter.com/evacide/status/1435288900587589632?s=20
PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS)
https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html
Attackers Will Always Abuse Major Events in our Lifes
https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084
https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
GitHub Removing old Ciphers / Keys
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Hackers are Selling Tool to Hide Malware in GPUs
https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html
Michael Beck: Cloud Forensics Triage Framework (CFTF)
https://www.sans.org/white-papers/40415/
9/3/2021 • 14 minutes, 10 seconds
ISC StormCast for Friday, September 3rd, 2021
Attackers Will Always Abuse Major Events in our Lifes
https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/
Active Exploitation of Confluence Server CVE-2021-26084
https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/
GitHub Removing old Ciphers / Keys
https://github.blog/2021-09-01-improving-git-protocol-security-github/
Cisco Enterprise NFV Infrastructure Software Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh
Hackers are Selling Tool to Hide Malware in GPUs
https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html
Michael Beck: Cloud Forensics Triage Framework (CFTF)
https://www.sans.org/white-papers/40415/
9/3/2021 • 14 minutes, 10 seconds
ISC StormCast for Thursday, September 2nd, 2021
STRRAT: A Java Based RAT That Doesn't Care if You Have Java
https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/
IPC360 Baby Monitor Vulnerability
https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf
Annke Network Video Recorder Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
ProxyWare Abuse
https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
9/2/2021 • 6 minutes
ISC StormCast for Thursday, September 2nd, 2021
STRRAT: A Java Based RAT That Doesn't Care if You Have Java
https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/
IPC360 Baby Monitor Vulnerability
https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf
Annke Network Video Recorder Vulnerability
https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02
ProxyWare Abuse
https://blog.talosintelligence.com/2021/08/proxyware-abuse.html
9/2/2021 • 6 minutes
ISC StormCast for Wednesday, September 1st, 2021
BrakTooth: Impacts, Implications and Next Steps
https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/
Fortress Home Security System Weakness
https://threatpost.com/fortress-home-security-remote-disarmament/169069/
PostgreSQL set_user Module Vulnerability
https://www.postgresql.org/about/news/set_user-201-released-2279/
9/1/2021 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, September 1st, 2021
BrakTooth: Impacts, Implications and Next Steps
https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/
Fortress Home Security System Weakness
https://threatpost.com/fortress-home-security-remote-disarmament/169069/
PostgreSQL set_user Module Vulnerability
https://www.postgresql.org/about/news/set_user-201-released-2279/
9/1/2021 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, August 31st, 2021
Cryptocurrency Clipboard Swapper Delivered With Love
https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/
ProxyToken Vulnerability in Exchange
https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
LockFile Ransomware Evasion Tricks
https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
8/31/2021 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, August 31st, 2021
Cryptocurrency Clipboard Swapper Delivered With Love
https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/
ProxyToken Vulnerability in Exchange
https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server
LockFile Ransomware Evasion Tricks
https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html
8/31/2021 • 5 minutes, 54 seconds
ISC StormCast for Monday, August 30th, 2021
ChaosDB: Azure Cosmos Database Vulnerability
https://chaosdb.wiz.io
Phishing via Open Redirects
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
Parallels Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/208188
https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
8/30/2021 • 5 minutes, 4 seconds
ISC StormCast for Monday, August 30th, 2021
ChaosDB: Azure Cosmos Database Vulnerability
https://chaosdb.wiz.io
Phishing via Open Redirects
https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/
Parallels Vulnerability
https://exchange.xforce.ibmcloud.com/vulnerabilities/208188
https://www.zerodayinitiative.com/advisories/ZDI-21-1000/
There May Be Many More SPF Records Than We Might Expect
https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
8/26/2021 • 5 minutes, 44 seconds
ISC StormCast for Thursday, August 26th, 2021
There May Be Many More SPF Records Than We Might Expect
https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html
F5 Update
https://support.f5.com/csp/article/K50974556
https://support.f5.com/csp/article/K41351250
SideWalk Backdoor
https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/
8/26/2021 • 5 minutes, 44 seconds
ISC StormCast for Wednesday, August 25th, 2021
Attackers Hunting for Twilio Credentials
https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
8/25/2021 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, August 25th, 2021
Attackers Hunting for Twilio Credentials
https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/
Modified WhatsApp Spreading Malware
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Privilege Escalation without Pluggin in Device
http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all
8/25/2021 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, August 24th, 2021
Out of Band Phishing Using SMS Messages to Evade Network Detection
https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
8/24/2021 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, August 24th, 2021
Out of Band Phishing Using SMS Messages to Evade Network Detection
https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/
Elevate Priviledges with Razer Mouse
https://twitter.com/j0nh4t/status/1429049506021138437
Realtek Vulnerabilites Exploited
https://securingsam.com/realtek-vulnerabilities-weaponized/
Exposed Microsoft Power Apps
https://www.upguard.com/breaches/power-apps
8/24/2021 • 5 minutes, 41 seconds
ISC StormCast for Monday, August 23rd, 2021
Waiting for the C2 to Show Up
https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
8/23/2021 • 5 minutes, 10 seconds
ISC StormCast for Monday, August 23rd, 2021
Waiting for the C2 to Show Up
https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/
DOCX with Embdedded EXE
https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/
Securing Your Windows 365 Cloud PCs
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129
Pegasus Fraud Scam
https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html
Proper Audit Logging for Office 365
https://zolder.io/office-365-audit-logging/
8/23/2021 • 5 minutes, 10 seconds
ISC StormCast for Friday, August 20th, 2021
When Lightning Strikes: What works and doesn't work
https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
8/20/2021 • 15 minutes, 17 seconds
ISC StormCast for Friday, August 20th, 2021
When Lightning Strikes: What works and doesn't work
https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5
Blackberry QNX Products Vulnerability
https://support.blackberry.com/kb/articleDetail?articleNumber=000082334
SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory
https://www.sans.org/white-papers/40390/
8/20/2021 • 15 minutes, 17 seconds
ISC StormCast for Thursday, August 19th, 2021
5 Things to Consider Before Moving Back to the Office
https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
8/19/2021 • 4 minutes, 52 seconds
ISC StormCast for Thursday, August 19th, 2021
5 Things to Consider Before Moving Back to the Office
https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/
Adobe Patches
https://helpx.adobe.com/security.html
Several Web Sites Infected with Chinese Spyware
https://imp0rtp3.wordpress.com/2021/08/12/tetris/
Trickbot Tricks Users with 1Password
https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html
Unsolicited DNS Queries
https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
Changing BAT Files on the Fly
https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/
Empty NPM Package has Over 700,000 Downloads
https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/
Blocking PetitPotam with netsh RPC Filters
https://twitter.com/gentilkiwi/status/1421949715986403329
Pneumatic Tube Vulnerabilities
https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
8/3/2021 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, August 3rd, 2021
Unsolicited DNS Queries
https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/
Changing BAT Files on the Fly
https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/
Empty NPM Package has Over 700,000 Downloads
https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/
Blocking PetitPotam with netsh RPC Filters
https://twitter.com/gentilkiwi/status/1421949715986403329
Pneumatic Tube Vulnerabilities
https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546
8/3/2021 • 6 minutes, 12 seconds
ISC StormCast for Sunday, August 1st, 2021
Infected With a .reg File
https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
Excessive Exchange Permissions (Patched)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2186
Node.JS July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Malicious PyPi Packages
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
REvil / Darkside May be Back as Blackmatter
https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
8/1/2021 • 5 minutes, 26 seconds
ISC StormCast for Sunday, August 1st, 2021
Infected With a .reg File
https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/
Excessive Exchange Permissions (Patched)
https://bugs.chromium.org/p/project-zero/issues/detail?id=2186
Node.JS July 2021 Security Releases
https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/
Malicious PyPi Packages
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
REvil / Darkside May be Back as Blackmatter
https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/
8/1/2021 • 5 minutes, 26 seconds
ISC StormCast for Friday, July 30th, 2021
Malicious Content Delivered Trhough archive.org
https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
https://arxiv.org/abs/2107.12699
Crimea "manifesto" deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
7/30/2021 • 5 minutes, 31 seconds
ISC StormCast for Friday, July 30th, 2021
Malicious Content Delivered Trhough archive.org
https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/
A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI
https://arxiv.org/abs/2107.12699
Crimea "manifesto" deploys VBA Rat using double attack vectors
https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/
7/30/2021 • 5 minutes, 31 seconds
ISC StormCast for Thursday, July 29th, 2021
A Sextortion E-Mail From ... IT Support?!
https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/
AV-Test Compares Android Anti-Virus Software
https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/
Oscorp evolves into UBEL: Advanced Android Malware
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
QOMPLX Reboots Punkspider
https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html
AFRINIC IPv4 Address Heist
https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
7/29/2021 • 8 minutes, 32 seconds
ISC StormCast for Thursday, July 29th, 2021
A Sextortion E-Mail From ... IT Support?!
https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/
AV-Test Compares Android Anti-Virus Software
https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/
Oscorp evolves into UBEL: Advanced Android Malware
https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution
QOMPLX Reboots Punkspider
https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html
AFRINIC IPv4 Address Heist
https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html
7/29/2021 • 8 minutes, 32 seconds
ISC StormCast for Wednesday, July 28th, 2021
Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS)
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
Zimbra 8.8.15 XSS and SSRF Vulnerability
https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
LockBit Ransomware Uses Group Policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
Microsoft Extending SafeLinks to Teams
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
7/28/2021 • 6 minutes, 42 seconds
ISC StormCast for Wednesday, July 28th, 2021
Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS)
https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/
Zimbra 8.8.15 XSS and SSRF Vulnerability
https://blog.sonarsource.com/zimbra-webmail-compromise-via-email
LockBit Ransomware Uses Group Policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/
Microsoft Extending SafeLinks to Teams
https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559
7/28/2021 • 6 minutes, 42 seconds
ISC StormCast for Tuesday, July 27th, 2021
Recovering Malspam Password
https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/
Apple Patches 0-Day
https://support.apple.com/en-us/HT201222
Attackers Adopt Exotic Programming Languages
https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages
LemonDuck/LemonCat Coinminers Going Multi-OS
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
GitHub Expending Supply Chain Security Support to Go
https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
7/27/2021 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, July 27th, 2021
Recovering Malspam Password
https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/
Apple Patches 0-Day
https://support.apple.com/en-us/HT201222
Attackers Adopt Exotic Programming Languages
https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages
LemonDuck/LemonCat Coinminers Going Multi-OS
https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/
GitHub Expending Supply Chain Security Support to Go
https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/
7/27/2021 • 6 minutes, 7 seconds
ISC StormCast for Monday, July 26th, 2021
PetitPotam ADCS Domain Admin Vulnerability
https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/
XCSSET Mac Malware Target Google Chrome / Telegram
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Defunct Video Hosting Site Flooding Normal Websites With Porn
https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
7/26/2021 • 6 minutes, 26 seconds
ISC StormCast for Monday, July 26th, 2021
PetitPotam ADCS Domain Admin Vulnerability
https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/
XCSSET Mac Malware Target Google Chrome / Telegram
https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html
Defunct Video Hosting Site Flooding Normal Websites With Porn
https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn
7/26/2021 • 6 minutes, 26 seconds
ISC StormCast for Friday, July 23rd, 2021
Akamai Outage
https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/
"Summer of SAM" Continues
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2021.html
Kaseya Decryptor Available
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Jira Data Center and Jira Service Management Data Center Security Advisory
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
Forgot password? Taking over user accounts Kaminsky style
https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
7/23/2021 • 6 minutes, 28 seconds
ISC StormCast for Friday, July 23rd, 2021
Akamai Outage
https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/
"Summer of SAM" Continues
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2021.html
Kaseya Decryptor Available
https://www.kaseya.com/potential-attack-on-kaseya-vsa/
Jira Data Center and Jira Service Management Data Center Security Advisory
https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html
Forgot password? Taking over user accounts Kaminsky style
https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/
7/23/2021 • 6 minutes, 28 seconds
ISC StormCast for Thursday, July 22nd, 2021
Microsoft Published Summer of SAM Guidance
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Apple Patches Everything
https://support.apple.com/en-us/HT201222
Formbook/XLoader Malware Ported to Mac
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Pulse Secure Backdoors
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
7/22/2021 • 6 minutes, 34 seconds
ISC StormCast for Thursday, July 22nd, 2021
Microsoft Published Summer of SAM Guidance
https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/
Apple Patches Everything
https://support.apple.com/en-us/HT201222
Formbook/XLoader Malware Ported to Mac
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Pulse Secure Backdoors
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
7/22/2021 • 6 minutes, 34 seconds
ISC StormCast for Wednesday, July 21st, 2021
Windows Registry Hives Permission Problem
https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/
HP Printer Drivers Allows Privilege Escalation
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
Linux Local Privilege Escalation in Filesystem Layer
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
FortiManager and FortiAnalyzer Vulnerability
https://www.fortiguard.com/psirt/FG-IR-21-067
7/21/2021 • 7 minutes
ISC StormCast for Wednesday, July 21st, 2021
Windows Registry Hives Permission Problem
https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/
HP Printer Drivers Allows Privilege Escalation
https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/
Linux Local Privilege Escalation in Filesystem Layer
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
FortiManager and FortiAnalyzer Vulnerability
https://www.fortiguard.com/psirt/FG-IR-21-067
7/21/2021 • 7 minutes
ISC StormCast for Tuesday, July 20th, 2021
New Windows Print Spooler Vulnerability - CVE-2021-34481
https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/
iOS/WatchOS/tvOS/Safari Updates
https://support.apple.com/en-us/HT201222
iOS Format String Vulnerability Exploitable as RCE
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Surfside Condo Collapse Scams
https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
7/20/2021 • 5 minutes, 44 seconds
ISC StormCast for Tuesday, July 20th, 2021
New Windows Print Spooler Vulnerability - CVE-2021-34481
https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/
iOS/WatchOS/tvOS/Safari Updates
https://support.apple.com/en-us/HT201222
iOS Format String Vulnerability Exploitable as RCE
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Surfside Condo Collapse Scams
https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/
USPS Phishing Kit Reporting Data Back Via Telegram
https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/
Sonicwall Warns of Ransomware
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
WooCommerce Flaw Exploited
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
KiwiSDR Backdoor
https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
7/16/2021 • 5 minutes, 58 seconds
ISC StormCast for Friday, July 16th, 2021
USPS Phishing Kit Reporting Data Back Via Telegram
https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/
Sonicwall Warns of Ransomware
https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/
WooCommerce Flaw Exploited
https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/
KiwiSDR Backdoor
https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/
7/16/2021 • 5 minutes, 58 seconds
ISC StormCast for Thursday, July 15th, 2021
One way to fail at malspam - give reipients the wrong password
https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
SAP Netweaver Vulnerabilities
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter/
less.js RCE
https://www.softwaresecured.com/exploiting-less-js
7/15/2021 • 5 minutes, 38 seconds
ISC StormCast for Thursday, July 15th, 2021
One way to fail at malspam - give reipients the wrong password
https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/
SAP Netweaver Vulnerabilities
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506
Joker Android Fleezware
https://blog.zimperium.com/joker-is-still-no-laughing-matter/
less.js RCE
https://www.softwaresecured.com/exploiting-less-js
Increase in UDP Port 389 Scans (LDAP/AD)
https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/
CD/DVD Destruction
https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/
Zyxel Exploits
https://twitter.com/JAMESWT_MHT/status/1407987022170578946
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN
Cisco Vulnerability Exploited
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
Microsoft Signs Netfilter Rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
6/28/2021 • 6 minutes, 13 seconds
ISC StormCast for Monday, June 28th, 2021
Increase in UDP Port 389 Scans (LDAP/AD)
https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/
CD/DVD Destruction
https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/
Zyxel Exploits
https://twitter.com/JAMESWT_MHT/status/1407987022170578946
https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN
Cisco Vulnerability Exploited
https://threatpost.com/cisco-asa-bug-exploited-poc/167274/
Microsoft Signs Netfilter Rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
6/28/2021 • 6 minutes, 13 seconds
ISC StormCast for Friday, June 25th, 2021
Do You Like Cookies? Some are for sale!
https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/
A supply-chain breach: Taking over an Atlassian account
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf
Dell Bios Connect Vulnerability
https://eclypsium.com/2021/06/24/biosdisconnect/
ATM Jackpotting via NFC
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
6/25/2021 • 6 minutes, 20 seconds
ISC StormCast for Friday, June 25th, 2021
Do You Like Cookies? Some are for sale!
https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/
A supply-chain breach: Taking over an Atlassian account
https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf
Dell Bios Connect Vulnerability
https://eclypsium.com/2021/06/24/biosdisconnect/
ATM Jackpotting via NFC
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
6/25/2021 • 6 minutes, 20 seconds
ISC StormCast for Thursday, June 24th, 2021
DNS Name Server Hijack Attack
https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
Paloalto Cortex XSOAR Vulnerablity
https://security.paloaltonetworks.com/CVE-2021-3044
VMWare Carbon Black App Control Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?
Standing With Security Researchers Against Misuse of the DMCA
https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
6/24/2021 • 6 minutes, 28 seconds
ISC StormCast for Thursday, June 24th, 2021
DNS Name Server Hijack Attack
https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377
Paloalto Cortex XSOAR Vulnerablity
https://security.paloaltonetworks.com/CVE-2021-3044
VMWare Carbon Black App Control Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0012.html?
Standing With Security Researchers Against Misuse of the DMCA
https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
6/24/2021 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, June 23rd, 2021
Phishing asking recipients not to report abuse
https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/
PyPi Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Dovecot TLS Implementation Vulnerability
https://hackerone.com/reports/1204962
(see the link to the PDF for more details)
Sonicwall Patch Incomplete
https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
6/23/2021 • 6 minutes, 10 seconds
ISC StormCast for Wednesday, June 23rd, 2021
Phishing asking recipients not to report abuse
https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/
PyPi Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Dovecot TLS Implementation Vulnerability
https://hackerone.com/reports/1204962
(see the link to the PDF for more details)
Sonicwall Patch Incomplete
https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
6/23/2021 • 6 minutes, 10 seconds
ISC StormCast for Tuesday, June 22nd, 2021
Attack and Defend: Distributed Web Applications (free Webcast)
https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610
Darkside Impersonators
https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/
Tesla RAT COVID-19 Vaccination Phish
https://threatpost.com/agent-tesla-covid-vax-phish/167082/
Tor Browser Update
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Schneider PowerLogic Vulnerabilities
https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html
AutoCAD Update
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
6/22/2021 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, June 22nd, 2021
Attack and Defend: Distributed Web Applications (free Webcast)
https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610
Darkside Impersonators
https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/
Tesla RAT COVID-19 Vaccination Phish
https://threatpost.com/agent-tesla-covid-vax-phish/167082/
Tor Browser Update
https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/
Schneider PowerLogic Vulnerabilities
https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html
AutoCAD Update
https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
6/22/2021 • 5 minutes, 28 seconds
ISC StormCast for Monday, June 21st, 2021
Network Forensics on Azure VMs (Part #2)
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
Google Open Redirect Being Abused
https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
iOS Wifi Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
NSA VoIP Security Guide
https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
6/21/2021 • 5 minutes, 40 seconds
ISC StormCast for Monday, June 21st, 2021
Network Forensics on Azure VMs (Part #2)
https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/
Google Open Redirect Being Abused
https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/
Easy Access to the NIST RDS Database
https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/
iOS Wifi Bug
https://blog.chichou.me/2021/06/20/quick-analysis-wifid/
NSA VoIP Security Guide
https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
June 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/
ThroughTek IP Camera SDK Vulnerability
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Peleoton Insecure Boot Vulnerability
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
Microsoft Defender for Endpoint Detecting Jailbroken Devices
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
6/17/2021 • 5 minutes, 26 seconds
ISC StormCast for Thursday, June 17th, 2021
June 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/
ThroughTek IP Camera SDK Vulnerability
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Peleoton Insecure Boot Vulnerability
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/
Microsoft Defender for Endpoint Detecting Jailbroken Devices
https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
6/17/2021 • 5 minutes, 26 seconds
ISC StormCast for Wednesday, June 16th, 2021
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/
Google Open Sourcing Homomorphic Encrypion Libraries
https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html
Stealing Tokens, emails, files and more in Microsoft Teams
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
6/16/2021 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, June 16th, 2021
Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more
https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/
Google Open Sourcing Homomorphic Encrypion Libraries
https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html
Stealing Tokens, emails, files and more in Microsoft Teams
https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
6/16/2021 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, June 15th, 2021
Apple iOS 12.5.4 Security Update
https://support.apple.com/en-us/HT212548
NIST.gov DNS Issues
https://puck.nether.net/pipermail/outages/2021-June/013670.html
Akkadian Provisioning Manager Multiple Vulnerabilities
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Bypassing MFA in Exchange Online
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
6/15/2021 • 5 minutes, 38 seconds
ISC StormCast for Tuesday, June 15th, 2021
Apple iOS 12.5.4 Security Update
https://support.apple.com/en-us/HT212548
NIST.gov DNS Issues
https://puck.nether.net/pipermail/outages/2021-June/013670.html
Akkadian Provisioning Manager Multiple Vulnerabilities
https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/
Bypassing MFA in Exchange Online
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
6/15/2021 • 5 minutes, 38 seconds
ISC StormCast for Monday, June 14th, 2021
EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks
https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/
Older Fortinet Vulnerability Still Exploited
https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/
PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition
http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf
Linux Vulnerability in polkit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
6/14/2021 • 6 minutes, 31 seconds
ISC StormCast for Monday, June 14th, 2021
EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks
https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/
Older Fortinet Vulnerability Still Exploited
https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/
PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition
http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf
Linux Vulnerability in polkit
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
6/14/2021 • 6 minutes, 31 seconds
ISC StormCast for Friday, June 11th, 2021
Are Cookie Banners a Waste of Time or a Complete Waste of Time?
https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/
Citrix Application Delivery Controller Vulnerability
https://support.citrix.com/article/CTX297155
VoIP Monitor GUI XSS
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ
https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
6/11/2021 • 6 minutes, 39 seconds
ISC StormCast for Friday, June 11th, 2021
Are Cookie Banners a Waste of Time or a Complete Waste of Time?
https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/
Citrix Application Delivery Controller Vulnerability
https://support.citrix.com/article/CTX297155
VoIP Monitor GUI XSS
https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/
Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ
https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/
6/11/2021 • 6 minutes, 39 seconds
ISC StormCast for Thursday, June 10th, 2021
Architecture, Compilers and Black Magic
https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/
ALPACA TLS Attack
https://alpaca-attack.com/ALPACA.pdf
Google Chrome Update
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
6/10/2021 • 5 minutes, 45 seconds
ISC StormCast for Thursday, June 10th, 2021
Architecture, Compilers and Black Magic
https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/
ALPACA TLS Attack
https://alpaca-attack.com/ALPACA.pdf
Google Chrome Update
https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html
6/10/2021 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, June 9th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
Adobe Updates
https://helpx.adobe.com/security.html
Let's Encrypt and CentOS 7
https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
6/9/2021 • 6 minutes, 42 seconds
ISC StormCast for Wednesday, June 9th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/
PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Intel Patches
https://www.intel.com/content/www/us/en/security-center/default.html
Adobe Updates
https://helpx.adobe.com/security.html
Let's Encrypt and CentOS 7
https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3
Strange Goings on With Port 37
https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/
QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21
Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT
VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
6/7/2021 • 4 minutes, 57 seconds
ISC StormCast for Monday, June 7th, 2021
Strange Goings on With Port 37
https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/
QNAP Video Station RCE Vulnerability
https://www.qnap.com/de-de/security-advisory/qsa-21-21
Updated GitHub Policy
https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/
Cisco WebEx Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT
VMWare vCenter Server Vulnerability Actively Exploited
https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html
6/7/2021 • 4 minutes, 57 seconds
ISC StormCast for Friday, June 4th, 2021
Script to Test CIS Zoom Benchmark
https://github.com/turbot/steampipe-mod-zoom-compliance
F5 BIG-IP Edge Client for Windows Vulnerability
https://support.f5.com/csp/article/K20346072
Fancy Product Designer Wordpress Plugin Vulnerability
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
WordPress Pushes Jetpack Plugin Patch
https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
We.Lock Vulnerability
https://github.com/CriticalSecurity/welock
6/4/2021 • 6 minutes, 1 second
ISC StormCast for Friday, June 4th, 2021
Script to Test CIS Zoom Benchmark
https://github.com/turbot/steampipe-mod-zoom-compliance
F5 BIG-IP Edge Client for Windows Vulnerability
https://support.f5.com/csp/article/K20346072
Fancy Product Designer Wordpress Plugin Vulnerability
https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/
WordPress Pushes Jetpack Plugin Patch
https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/
We.Lock Vulnerability
https://github.com/CriticalSecurity/welock
Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses
https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
Bypassing Protected Folders Protections
https://dl.acm.org/doi/10.1145/3431286
Firefox 89 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Microsoft Edge Will make https default
https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
6/2/2021 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, June 2nd, 2021
Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses
https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/
Bypassing Protected Folders Protections
https://dl.acm.org/doi/10.1145/3431286
Firefox 89 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/
Microsoft Edge Will make https default
https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/
6/2/2021 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, June 1st, 2021
Malicious PowerShell Hosted on script.google.com
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/
Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/
Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
6/1/2021 • 4 minutes, 59 seconds
ISC StormCast for Tuesday, June 1st, 2021
Malicious PowerShell Hosted on script.google.com
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/
Sonicwall Advisory
https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/
Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
Memory Protection Bypass in Siemens PLCs
https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/
6/1/2021 • 4 minutes, 59 seconds
ISC StormCast for Friday, May 28th, 2021
AV evasion with 64-bit Executables
https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type-confusion/
VSCode Extension Vulnerabilities
https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/
M1RACLES
https://m1racles.com
5/28/2021 • 6 minutes, 58 seconds
ISC StormCast for Friday, May 28th, 2021
AV evasion with 64-bit Executables
https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/
Unpatches WebKit Vulnerablity in iOS/macOS
https://blog.theori.io/research/webkit-type-confusion/
VSCode Extension Vulnerabilities
https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/
M1RACLES
https://m1racles.com
5/28/2021 • 6 minutes, 58 seconds
ISC StormCast for Thursday, May 27th, 2021
A Survey of Bluetooth Vulnerabilities
https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Attacks on PDF Certification
https://www.pdf-insecurity.org
nginx vulnerability
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
5/27/2021 • 5 minutes, 57 seconds
ISC StormCast for Thursday, May 27th, 2021
A Survey of Bluetooth Vulnerabilities
https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/
Google Chrome Update
https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html
Attacks on PDF Certification
https://www.pdf-insecurity.org
nginx vulnerability
https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/
5/27/2021 • 5 minutes, 57 seconds
ISC StormCast for Wednesday, May 26th, 2021
Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit
https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Trend Micro Bugs
https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
5/26/2021 • 4 minutes, 59 seconds
ISC StormCast for Wednesday, May 26th, 2021
Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit
https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/
VMware Advisory
https://www.vmware.com/security/advisories/VMSA-2021-0010.html
Trend Micro Bugs
https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html
5/26/2021 • 4 minutes, 59 seconds
ISC StormCast for Tuesday, May 25th, 2021
Apple Patches 0-Days
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
NAGIOS Vulnerabilities
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
5/25/2021 • 4 minutes, 56 seconds
ISC StormCast for Tuesday, May 25th, 2021
Apple Patches 0-Days
https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/
https://support.apple.com/en-us/HT201222
Bluetooth Vulnerabilities
https://kb.cert.org/vuls/id/799380
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
NAGIOS Vulnerabilities
https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/
5/25/2021 • 4 minutes, 56 seconds
ISC StormCast for Monday, May 24th, 2021
Serverless Phishing Campaign
https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerable to http.sys Vulnerability
https://twitter.com/JimDinMN/status/1395071966487269376
Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution
https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
5/24/2021 • 6 minutes, 25 seconds
ISC StormCast for Monday, May 24th, 2021
Serverless Phishing Campaign
https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/
Locking Kernel32.dll As Anti-Debugging Technique
https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/
WinRM Vulnerable to http.sys Vulnerability
https://twitter.com/JimDinMN/status/1395071966487269376
Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution
https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/
5/24/2021 • 6 minutes, 25 seconds
ISC StormCast for Friday, May 21st, 2021
New YouTube Video Series: Everything you ever wanted to know about DNS and more
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/
Attackers Scanned for Exchange Servers Five Minutes after Patch Release
https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html
GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu
https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
5/21/2021 • 19 minutes, 50 seconds
ISC StormCast for Friday, May 21st, 2021
New YouTube Video Series: Everything you ever wanted to know about DNS and more
https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/
And Ransomware Just Got a Bit Meaner
https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/
Attackers Scanned for Exchange Servers Five Minutes after Patch Release
https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html
GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu
https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270
5/21/2021 • 19 minutes, 50 seconds
ISC StormCast for Thursday, May 20th, 2021
May 2021 Forensic Contest: Answers and Analysis
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability
QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover
https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
5/20/2021 • 6 minutes, 7 seconds
ISC StormCast for Thursday, May 20th, 2021
May 2021 Forensic Contest: Answers and Analysis
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/
CIS Controls V8
https://www.cisecurity.org/controls/v8/
Dell iDRAC 9 Security Update
https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability
QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover
https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/
5/20/2021 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, May 19th, 2021
From RunDLL32 to JavaScript then PowerShell
https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware Vulnerabilities
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Double Encrypting Ransomware
https://www.wired.com/story/ransomware-double-encryption/
5/19/2021 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, May 19th, 2021
From RunDLL32 to JavaScript then PowerShell
https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/
New Pulse Secure VPN Advisory
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/
Android Stalkerware Vulnerabilities
https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/
Double Encrypting Ransomware
https://www.wired.com/story/ransomware-double-encryption/
5/19/2021 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, May 18th, 2021
Ransomware Defenses
https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/
AXA Stops Ransomware Payments
https://www.insurancejournal.com/news/international/2021/05/09/613255.htm
http.sys Proof of Concept
https://github.com/0vercl0k/CVE-2021-31166
Google/Mozilla colaborating on HTML Sanitizer API
https://wicg.github.io/sanitizer-api/#sanitizer-api
SANS Technology Institute Research Journal
https://www.sans.edu/cyber-research
5/18/2021 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, May 18th, 2021
Ransomware Defenses
https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/
AXA Stops Ransomware Payments
https://www.insurancejournal.com/news/international/2021/05/09/613255.htm
http.sys Proof of Concept
https://github.com/0vercl0k/CVE-2021-31166
Google/Mozilla colaborating on HTML Sanitizer API
https://wicg.github.io/sanitizer-api/#sanitizer-api
SANS Technology Institute Research Journal
https://www.sans.edu/cyber-research
5/18/2021 • 6 minutes, 8 seconds
ISC StormCast for Monday, May 17th, 2021
"Open" Access to Industrial Systems Interfaces is Also Far From Zero
https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/
Malicious Rust Macro for VSCode
https://github.com/lucky/bad_actor_poc
Exim PoC Released
https://adepts.of0x.cc/exim-cve-2020-28018/
Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity
https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
5/17/2021 • 5 minutes, 41 seconds
ISC StormCast for Monday, May 17th, 2021
"Open" Access to Industrial Systems Interfaces is Also Far From Zero
https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/
Malicious Rust Macro for VSCode
https://github.com/lucky/bad_actor_poc
Exim PoC Released
https://adepts.of0x.cc/exim-cve-2020-28018/
Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity
https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/
5/17/2021 • 5 minutes, 41 seconds
ISC StormCast for Friday, May 14th, 2021
Cross Browser Tracking with Schemeflood
https://fingerprintjs.com/blog/external-protocol-flooding/
Cisco AnyConnect Secure Mobility Client Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
MSBuild Abused By Attackers
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
5/14/2021 • 6 minutes, 48 seconds
ISC StormCast for Friday, May 14th, 2021
Cross Browser Tracking with Schemeflood
https://fingerprintjs.com/blog/external-protocol-flooding/
Cisco AnyConnect Secure Mobility Client Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
MSBuild Abused By Attackers
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
5/14/2021 • 6 minutes, 48 seconds
ISC StormCast for Thursday, May 13th, 2021
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/
Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775
Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html
Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my
5/13/2021 • 5 minutes, 51 seconds
ISC StormCast for Thursday, May 13th, 2021
Number of industrial control systems on the internet is lower then in 2020...but still far from zero
https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/
Webcast: Ransoming Critical Infrastructure
https://www.sans.org/webcasts/119775
Links to FragAttacks Vendor Bulletins (in German)
https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html
Adobe Acrobat Patches
https://helpx.adobe.com/security/products/acrobat/apsb21-29.html
Sending Arbitrary Messages via FindMy
https://positive.security/blog/send-my
5/13/2021 • 5 minutes, 51 seconds
ISC StormCast for Wednesday, May 12th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408
WiFi Fragmentation Attacks
https://www.fragattacks.com
5/12/2021 • 6 minutes, 30 seconds
ISC StormCast for Wednesday, May 12th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408
WiFi Fragmentation Attacks
https://www.fragattacks.com
5/12/2021 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, May 11th, 2021
Validating IP Addresses: Why Encoding Matters
https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/
Jail Breaking AirTags
https://twitter.com/ghidraninja/status/1391148503196438529
Malicious Tor Exit Relay Activities
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
5/11/2021 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, May 11th, 2021
Validating IP Addresses: Why Encoding Matters
https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/
Jail Breaking AirTags
https://twitter.com/ghidraninja/status/1391148503196438529
Malicious Tor Exit Relay Activities
https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df
5/11/2021 • 5 minutes, 27 seconds
ISC StormCast for Monday, May 10th, 2021
Who is Probing the Internet for Research Purposes
https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/
Cycle Hunter and tsuNAME DDoS Attack
https://github.com/SIDN/CycleHunter
https://tsuname.io/tech_report.pdf
Foxit Reader / Phantom PDF Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06
Hypocrit Patches Reviewed By Linux Foundation
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
5/10/2021 • 5 minutes, 22 seconds
ISC StormCast for Monday, May 10th, 2021
Who is Probing the Internet for Research Purposes
https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/
Cycle Hunter and tsuNAME DDoS Attack
https://github.com/SIDN/CycleHunter
https://tsuname.io/tech_report.pdf
Foxit Reader / Phantom PDF Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06
Hypocrit Patches Reviewed By Linux Foundation
https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/
5/10/2021 • 5 minutes, 22 seconds
ISC StormCast for Friday, May 7th, 2021
Scans for Exposed Azure Storage Containers
https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/
Qualcomm MSM Vulnerability
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Google to Automatically enroll users in 2SF
https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
New Cellebrite Vulnerabilities Announced
https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
5/7/2021 • 5 minutes, 36 seconds
ISC StormCast for Friday, May 7th, 2021
Scans for Exposed Azure Storage Containers
https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/
Qualcomm MSM Vulnerability
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Google to Automatically enroll users in 2SF
https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/
New Cellebrite Vulnerabilities Announced
https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html
5/7/2021 • 5 minutes, 36 seconds
ISC StormCast for Thursday, May 6th, 2021
May 2021 Forensic Contest
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/
Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files
https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
VMWare vRealize Business for Cloud Patch
https://kb.vmware.com/s/article/83475
Cisco Updates SD-WAN vManager / HyperFlex HX
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Security and Privacy Risks of Number Recycling at Mobile Carriers in the US
https://recyclednumbers.cs.princeton.edu
5/6/2021 • 6 minutes, 17 seconds
ISC StormCast for Thursday, May 6th, 2021
May 2021 Forensic Contest
https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/
Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files
https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/
VMWare vRealize Business for Cloud Patch
https://kb.vmware.com/s/article/83475
Cisco Updates SD-WAN vManager / HyperFlex HX
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Security and Privacy Risks of Number Recycling at Mobile Carriers in the US
https://recyclednumbers.cs.princeton.edu
5/6/2021 • 6 minutes, 17 seconds
ISC StormCast for Wednesday, May 5th, 2021
Android Update
https://source.android.com/security/bulletin/2021-05-01?hl=en
Dell Privilege Escalation Vulnerability
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
Exim Mail Server Vulnerabilities
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Quick and Dirty Python: masscan
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/
ICMP Tunnel Backdoor
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
5/5/2021 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, May 5th, 2021
Android Update
https://source.android.com/security/bulletin/2021-05-01?hl=en
Dell Privilege Escalation Vulnerability
https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
Exim Mail Server Vulnerabilities
https://www.qualys.com/2021/05/04/21nails/21nails.txt
Quick and Dirty Python: masscan
https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/
ICMP Tunnel Backdoor
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
5/5/2021 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, May 4th, 2021
Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS
https://support.apple.com/en-us/HT201222
PoC Exploit for CVE-2021-28482 (Microsoft Exchange)
https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda
https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f
Yet Another Processor Side-Channel: Micro-Ops Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
Pulse Secure Update
https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
5/4/2021 • 4 minutes, 42 seconds
ISC StormCast for Tuesday, May 4th, 2021
Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS
https://support.apple.com/en-us/HT201222
PoC Exploit for CVE-2021-28482 (Microsoft Exchange)
https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda
https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f
Yet Another Processor Side-Channel: Micro-Ops Caches
http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf
Pulse Secure Update
https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/
5/4/2021 • 4 minutes, 42 seconds
ISC StormCast for Monday, May 3rd, 2021
Qiling: A true instrumentable binary emulation framework
https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/
Python "ipaddress" improper input validation
https://sick.codes/sick-2021-014/
EXIF Tool Vulnerabilities
https://twitter.com/wcbowling/status/1385803927321415687
ABUS Secvest Internet Connected Alarm Systems
https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973
FiveHands Ransomware Installed via SonicWall Flaw
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
5/3/2021 • 5 minutes, 31 seconds
ISC StormCast for Monday, May 3rd, 2021
Qiling: A true instrumentable binary emulation framework
https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/
Python "ipaddress" improper input validation
https://sick.codes/sick-2021-014/
EXIF Tool Vulnerabilities
https://twitter.com/wcbowling/status/1385803927321415687
ABUS Secvest Internet Connected Alarm Systems
https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973
FiveHands Ransomware Installed via SonicWall Flaw
https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html
5/3/2021 • 5 minutes, 31 seconds
ISC StormCast for Friday, April 30th, 2021
From Python to .Net
https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/
PHP Composer Vulnerability
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
Microsoft Identifies Several Integer Overflow Vulnerablities
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
4/30/2021 • 5 minutes, 19 seconds
ISC StormCast for Friday, April 30th, 2021
From Python to .Net
https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/
PHP Composer Vulnerability
https://blog.sonarsource.com/php-supply-chain-attack-on-composer
Microsoft Identifies Several Integer Overflow Vulnerablities
https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04
4/30/2021 • 5 minutes, 19 seconds
ISC StormCast for Thursday, April 29th, 2021
Stopping Google FLoC
https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org
RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246
4/29/2021 • 5 minutes, 14 seconds
ISC StormCast for Thursday, April 29th, 2021
Stopping Google FLoC
https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/
https://amifloced.org
RotaJakiro Backdoor
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
F5 Big IP Kerberos Spoofing Vulnerablity
https://support.f5.com/csp/article/K51213246
4/29/2021 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, April 28th, 2021
Diving into a Singapore Post Phihsing E-Mail
https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/
Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms
https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/
Microsoft Defender Blocks Cryptojacking Malware
https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/
Linux Privilege Escalation Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
4/28/2021 • 4 minutes, 25 seconds
ISC StormCast for Wednesday, April 28th, 2021
Diving into a Singapore Post Phihsing E-Mail
https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/
Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms
https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/
Microsoft Defender Blocks Cryptojacking Malware
https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/
Linux Privilege Escalation Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211
4/28/2021 • 4 minutes, 25 seconds
ISC StormCast for Tuesday, April 27th, 2021
CAD: .DGN and .MVBA Files analyzed with oledump
https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/
MacOS 0-Day Bug Patched
https://objective-see.com/blog/blog_0x64.html
https://support.apple.com/en-us/HT201222
Emotet Uninstaller Triggered
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
HashiCorp Code Signing Key Exposed By Codecov Compromise
https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
4/27/2021 • 7 minutes, 23 seconds
ISC StormCast for Tuesday, April 27th, 2021
CAD: .DGN and .MVBA Files analyzed with oledump
https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/
MacOS 0-Day Bug Patched
https://objective-see.com/blog/blog_0x64.html
https://support.apple.com/en-us/HT201222
Emotet Uninstaller Triggered
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
HashiCorp Code Signing Key Exposed By Codecov Compromise
https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/
4/27/2021 • 7 minutes, 23 seconds
ISC StormCast for Monday, April 26th, 2021
Compact VBA Macros
https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/
Base64 Strings Used in Web Scanning
https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/
Clickstudios Password Manager Compromise
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
Homebrew Code Execution Vulnerability
https://brew.sh/2021/04/21/security-incident-disclosure/
Apple AirDrop Shares Personal Data
https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
4/26/2021 • 5 minutes, 46 seconds
ISC StormCast for Monday, April 26th, 2021
Compact VBA Macros
https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/
Base64 Strings Used in Web Scanning
https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/
Clickstudios Password Manager Compromise
https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/
Homebrew Code Execution Vulnerability
https://brew.sh/2021/04/21/security-incident-disclosure/
Apple AirDrop Shares Personal Data
https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp
4/26/2021 • 5 minutes, 46 seconds
ISC StormCast for Friday, April 23rd, 2021
How Safe are Your Docker Images
https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/
Additional SolarWinds Infrastructure
https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/
Cellebrite Exploit
https://signal.org/blog/cellebrite-vulnerabilities/
Duo 2FA Bypass
https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
4/23/2021 • 5 minutes, 51 seconds
ISC StormCast for Friday, April 23rd, 2021
How Safe are Your Docker Images
https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/
Additional SolarWinds Infrastructure
https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/
Cellebrite Exploit
https://signal.org/blog/cellebrite-vulnerabilities/
Duo 2FA Bypass
https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/
4/23/2021 • 5 minutes, 51 seconds
ISC StormCast for Thursday, April 22nd, 2021
Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota
https://lore.kernel.org/lkml/[email protected]/
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
QNAP QLocker uses 7-Zip
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
Chrome O-Day Fixed
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
4/22/2021 • 6 minutes, 25 seconds
ISC StormCast for Thursday, April 22nd, 2021
Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota
https://lore.kernel.org/lkml/[email protected]/
https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf
https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf
QNAP QLocker uses 7-Zip
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
Chrome O-Day Fixed
https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html
Hunting Phishing Websites with Favicon Hashes
https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/
Nagios XI Vulnerability Exploited by Cryptominers
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
XCSSET Malware Adapting to MacOS 11 and M1
https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html
QNAP Patches
https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
4/20/2021 • 5 minutes, 3 seconds
ISC StormCast for Tuesday, April 20th, 2021
Hunting Phishing Websites with Favicon Hashes
https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/
Nagios XI Vulnerability Exploited by Cryptominers
https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/
XCSSET Malware Adapting to MacOS 11 and M1
https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html
QNAP Patches
https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
4/20/2021 • 5 minutes, 3 seconds
ISC StormCast for Monday, April 19th, 2021
Decoding Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/
Codecov Breach
https://about.codecov.io/security-update/
Google Project Zero Tweaks Disclosure Rules
https://googleprojectzero.blogspot.com
EIPStackGroup OpENer Ethernet/IP
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
DNS Problems with Windows 10 Security Update
https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
4/19/2021 • 5 minutes, 36 seconds
ISC StormCast for Monday, April 19th, 2021
Decoding Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/
Codecov Breach
https://about.codecov.io/security-update/
Google Project Zero Tweaks Disclosure Rules
https://googleprojectzero.blogspot.com
EIPStackGroup OpENer Ethernet/IP
https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02
DNS Problems with Windows 10 Security Update
https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/
4/19/2021 • 5 minutes, 36 seconds
ISC StormCast for Friday, April 16th, 2021
Why and How You Should be Using an Internal Certificate Authority
https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/
Vulnerabilities Used By Russian Foreign Intelligence Service
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Insecurity URL Handling
https://positive.security/blog/url-open-rce
SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning
https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
4/16/2021 • 14 minutes, 20 seconds
ISC StormCast for Friday, April 16th, 2021
Why and How You Should be Using an Internal Certificate Authority
https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/
Vulnerabilities Used By Russian Foreign Intelligence Service
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/
Insecurity URL Handling
https://positive.security/blog/url-open-rce
SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning
https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185
4/16/2021 • 14 minutes, 20 seconds
ISC StormCast for Thursday, April 15th, 2021
April 2021 Forensics Quiz Solution
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Congratulations to the SANS.edu National Cyber League Teams!
https://twitter.com/SANS_EDU/status/1382453652602941440
4/15/2021 • 6 minutes, 9 seconds
ISC StormCast for Thursday, April 15th, 2021
April 2021 Forensics Quiz Solution
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Chrome 90 Released (and 0-Day Exploits)
https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html
https://github.com/avboy1337/1195777-chrome0day
https://github.com/r4j0x00/exploits/tree/master/chrome-0day
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649
Linux/Mac Malware included in npm Module
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Congratulations to the SANS.edu National Cyber League Teams!
https://twitter.com/SANS_EDU/status/1382453652602941440
4/15/2021 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, April 14th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/
NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/
4/14/2021 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, April 14th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/
NAME:WRECK DNS Vulnerabilities
https://www.forescout.com/research-labs/namewreck/
4/14/2021 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, April 13th, 2021
Example of Cleartext Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/
ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html
Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR
Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/
4/13/2021 • 6 minutes, 4 seconds
ISC StormCast for Tuesday, April 13th, 2021
Example of Cleartext Cobalt Strike Traffic
https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/
ASA 5506 Series Security Appliances Field Notice
https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html
Expired Certificate for PulseSecure VPN Devices
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR
Pwn2Own Summary
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
Tesla Exploited Via Google Chrome Vulnerability
https://leethax0.rs/2021/04/ElectricChrome/
4/13/2021 • 6 minutes, 4 seconds
ISC StormCast for Monday, April 12th, 2021
No Python Interpreter? This Simple RAT Installs Its Own Copy
https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/
Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202
Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html
Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
4/12/2021 • 6 minutes, 48 seconds
ISC StormCast for Monday, April 12th, 2021
No Python Interpreter? This Simple RAT Installs Its Own Copy
https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/
Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking
https://publicsuffix.org
https://www.facebook.com/business/help/331612538028890?id=428636648170202
Facebook Ads Used to Push Clubhouse Related Malware
https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html
Identifying Cobalt Strike DNS Intrastructure
https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors
4/12/2021 • 6 minutes, 48 seconds
ISC StormCast for Friday, April 9th, 2021
Simple Powershell Ransomware Creating a 7Z Archive of your Files
https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Royal FLush: Privilege Escalation Vulnerability in Azure Functions
https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
Google Chrome Blocking Port 10080
https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
4/9/2021 • 5 minutes, 42 seconds
ISC StormCast for Friday, April 9th, 2021
Simple Powershell Ransomware Creating a 7Z Archive of your Files
https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Royal FLush: Privilege Escalation Vulnerability in Azure Functions
https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/
Cisco Small Business Router Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm
Google Chrome Blocking Port 10080
https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444
4/9/2021 • 5 minutes, 42 seconds
ISC StormCast for Thursday, April 8th, 2021
WiFi IDS's and Private MAC Addresses
https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/
Update on PHP Incident
https://externals.io/message/113981
Details about Linux Kernel Bluetooth Vulnerabilities
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
LinkedIn Leak
https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html
VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0005.html
Cisco SD-WAN vManage Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
4/8/2021 • 6 minutes, 44 seconds
ISC StormCast for Thursday, April 8th, 2021
WiFi IDS's and Private MAC Addresses
https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/
Update on PHP Incident
https://externals.io/message/113981
Details about Linux Kernel Bluetooth Vulnerabilities
https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html
LinkedIn Leak
https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html
VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass
https://www.vmware.com/security/advisories/VMSA-2021-0005.html
Cisco SD-WAN vManage Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy
4/8/2021 • 6 minutes, 44 seconds
ISC StormCast for Wednesday, April 7th, 2021
Malspam with Lokibot vs. Outlook and RFCs
https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/
SAP Attacks
https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications
QNAP Upates Older EOL Devices
https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322
GIGASET Android Phones Infected by Compromised Update Server
https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
4/7/2021 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, April 7th, 2021
Malspam with Lokibot vs. Outlook and RFCs
https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/
SAP Attacks
https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications
QNAP Upates Older EOL Devices
https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322
GIGASET Android Phones Infected by Compromised Update Server
https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html
C2 Activity: Sandboxes or Real Victims
https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
4/5/2021 • 5 minutes, 57 seconds
ISC StormCast for Monday, April 5th, 2021
C2 Activity: Sandboxes or Real Victims
https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/
Exploitation of Fortinet FortiOS Vulnerabilities
https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios
https://www.ic3.gov/Media/News/2021/210402.pdf
GitHub Actions Used to Mine Crypto
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Large Facebook Leak
https://thehackernews.com/2021/04/533-million-facebook-users-phone.html
4/5/2021 • 5 minutes, 57 seconds
ISC StormCast for Friday, April 2nd, 2021
April 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
4/2/2021 • 6 minutes, 16 seconds
ISC StormCast for Friday, April 2nd, 2021
April 2021 Forensic Quiz
https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/
Coinhive Domains Used to Warn Victims
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Detecting Attacker's BITS Utility Use
https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html
Kansas Man Indicted For Tampering With Public Water System
https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system
Older QNAP Devices Vulnerable And No Longer Patched
https://securingsam.com/new-vulnerabilities-allow-complete-takeover/
4/2/2021 • 6 minutes, 16 seconds
ISC StormCast for Thursday, April 1st, 2021
Quick Analysis of a Modular InfoStealer
https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
4/1/2021 • 4 minutes, 53 seconds
ISC StormCast for Thursday, April 1st, 2021
Quick Analysis of a Modular InfoStealer
https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/
Google Chrome Update / DoH on Linux
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html
https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit#
Chinese Tax Authority Facial Recognition System Fooled
https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax
4/1/2021 • 4 minutes, 53 seconds
ISC StormCast for Wednesday, March 31st, 2021
Old TLS Versions: Gone but not Forgotten
https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
3/31/2021 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, March 31st, 2021
Old TLS Versions: Gone but not Forgotten
https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/
Perl Netmask Vulnerability
https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/
VMWare vRealize Vulnerability
https://www.vmware.com/security/advisories/VMSA-2021-0004.html
Pre-P0wned Docker Containers
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
A Simple Python Keylogger
https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
3/19/2021 • 6 minutes, 4 seconds
ISC StormCast for Friday, March 19th, 2021
A Simple Python Keylogger
https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/
New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Zoom Screen Sharing Leak
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt
MyBB Remote Code Execution
https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/
3/19/2021 • 6 minutes, 4 seconds
ISC StormCast for Thursday, March 18th, 2021
"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex
https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
3/18/2021 • 5 minutes, 52 seconds
ISC StormCast for Thursday, March 18th, 2021
"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex
https://cofense.com/blog/american-rescue-plan-phish/
Apple May Split Security Updates from Other Updates
https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/
Polyglot Images on Twitter
https://twitter.com/David3141593/status/1371978592679309315
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
3/18/2021 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, March 17th, 2021
One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
3/17/2021 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, March 17th, 2021
One-Click Microsoft Exchange On-Premises Mitigation Tool
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
Microsoft Explains Authentication Issues with Azure Active Directory
https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z
JavaScript Less Side-Channel Exploits
https://arxiv.org/abs/2103.04952
3/17/2021 • 5 minutes, 55 seconds
ISC StormCast for Tuesday, March 16th, 2021
NimzaLoader Malware Written in "nim"
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
3/16/2021 • 5 minutes, 2 seconds
ISC StormCast for Tuesday, March 16th, 2021
NimzaLoader Malware Written in "nim"
https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware
Windows 10 Emergency Update to Fix Printing Crashes
https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/
Windows Azure AD Outage
https://status.azure.com/status
IBM DB2 Patch
https://www.ibm.com/support/pages/node/6427855
3/16/2021 • 5 minutes, 2 seconds
ISC StormCast for Monday, March 15th, 2021
Wireshark Code Execution Exploit
https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
3/15/2021 • 4 minutes, 53 seconds
ISC StormCast for Monday, March 15th, 2021
Wireshark Code Execution Exploit
https://gitlab.com/wireshark/wireshark/-/issues/17232
Google Chrome Vulnerability Exploited in the Wild
https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193
Malware Installs Honeypot
https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/
Twitter "Memphis" Bug
https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/
3/15/2021 • 4 minutes, 53 seconds
ISC StormCast for Friday, March 12th, 2021
Pichktochart - Phishing with Infographics
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
3/12/2021 • 15 minutes, 44 seconds
ISC StormCast for Friday, March 12th, 2021
Pichktochart - Phishing with Infographics
https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/
ProxyLogon Public PoC
https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Windows 10 Crashes After March 10th Updates
https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/
DNS Vulnerability Updates
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/
Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage
https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165
3/12/2021 • 15 minutes, 44 seconds
ISC StormCast for Thursday, March 11th, 2021
SharpRDP - PSExec with PSExec, PSRemoting without PowerShell
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
3/11/2021 • 5 minutes, 21 seconds
ISC StormCast for Thursday, March 11th, 2021
SharpRDP - PSExec with PSExec, PSRemoting without PowerShell
https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/
F5 Critical Vulnerabilities
https://support.f5.com/csp/article/K02566623
Netgear Updates
https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/
Linux Foundation sigstore
https://sigstore.dev
3/11/2021 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, March 10th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
3/10/2021 • 7 minutes, 13 seconds
ISC StormCast for Wednesday, March 10th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/
Adobe Updates
https://helpx.adobe.com/security.html
Network Camera Breach
https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams
https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/
git vulnerability
https://www.openwall.com/lists/oss-security/2021/03/09/3
3/10/2021 • 7 minutes, 13 seconds
ISC StormCast for Tuesday, March 9th, 2021
YARA and CyberChef
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
3/9/2021 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, March 9th, 2021
YARA and CyberChef
https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Google Adds Port 554 to "Restricted Ports"
https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc
Yet Another Intel Side Channel Attack
https://arxiv.org/pdf/2103.03443.pdf
3/9/2021 • 5 minutes, 35 seconds
ISC StormCast for Monday, March 8th, 2021
Update on Microsoft Exchange Vulnerability
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
3/8/2021 • 7 minutes, 29 seconds
ISC StormCast for Monday, March 8th, 2021
Update on Microsoft Exchange Vulnerability
https://github.com/microsoft/CSS-Exchange/tree/main/Security
https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange
https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b
Microsoft Adding Excel 4.0 Macro Hooks to AMSI
https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against-excel-4-0-macro-malware/
Apple Find My Device Leak
https://arxiv.org/pdf/2103.02282.pdf
3/8/2021 • 7 minutes, 29 seconds
ISC StormCast for Friday, March 5th, 2021
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
3/5/2021 • 6 minutes, 1 second
ISC StormCast for Friday, March 5th, 2021
From VBS, PowerShell, C Sharp, Process Hollowing to RAT
https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/
Cisco Patches Snort Related Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n
VMWare View Planner Update
https://www.vmware.com/security/advisories/VMSA-2021-0003.html
Google's FLoC Algorithm
https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea
Supermicro Trickbot Patch
https://www.supermicro.com/en/support/security/trickbot
3/5/2021 • 6 minutes, 1 second
ISC StormCast for Thursday, March 4th, 2021
Microsoft Exchange Followup
https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/
Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
3/4/2021 • 4 minutes, 53 seconds
ISC StormCast for Thursday, March 4th, 2021
Microsoft Exchange Followup
https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/
Saltstack Vulnerability
https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/
GRUB2 Patches
https://seclists.org/oss-sec/2021/q1/189
Dependency Confusion in the Wild
https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/
3/4/2021 • 4 minutes, 53 seconds
ISC StormCast for Wednesday, March 3rd, 2021
Qakbot Infection with Cobalt Strike
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
3/3/2021 • 7 minutes, 15 seconds
ISC StormCast for Wednesday, March 3rd, 2021
Qakbot Infection with Cobalt Strike
https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/
Exchange Server 0-Day Exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Google Chrome 0-Day Exploits
https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html
3/3/2021 • 7 minutes, 15 seconds
ISC StormCast for Tuesday, March 2nd, 2021
Fun with DNS over TLS and
https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
3/2/2021 • 6 minutes, 13 seconds
ISC StormCast for Tuesday, March 2nd, 2021
Fun with DNS over TLS and
https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/
Gootloader Update
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
AOL Phishing
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
Spectre Exploit in the Wild
https://dustri.org/b/spectre-exploits-in-the-wild.html
3/2/2021 • 6 minutes, 13 seconds
ISC StormCast for Monday, March 1st, 2021
Pretending to be an Outlook Version Update
https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
3/1/2021 • 5 minutes, 2 seconds
ISC StormCast for Monday, March 1st, 2021
Pretending to be an Outlook Version Update
https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/
Geolocating Satori Botnet Scanning Port 26
https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/
Alexa Skill Security
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf
TMobile Data Breach / SIM Swapping
https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach
Malspam Pushes GuLoader for Remcos RAT
https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/
vCenter Exploit / Vulnerability Details
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
DNS CNAME Tracking
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Cisco MSO Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
2/25/2021 • 5 minutes, 23 seconds
ISC StormCast for Thursday, February 25th, 2021
Malspam Pushes GuLoader for Remcos RAT
https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/
vCenter Exploit / Vulnerability Details
https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477
DNS CNAME Tracking
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Cisco MSO Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv
2/25/2021 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, February 24th, 2021
Qakbot In a Response to Full Disclosure Post
https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/
Firefox Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
VMWare ESXi / vCenter Server Update
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Replacing Content in Signed PDFs
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
2/24/2021 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, February 24th, 2021
Qakbot In a Response to Full Disclosure Post
https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/
Firefox Total Cookie Protection
https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/
VMWare ESXi / vCenter Server Update
https://www.vmware.com/security/advisories/VMSA-2021-0002.html
Replacing Content in Signed PDFs
https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf
2/24/2021 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, February 23rd, 2021
Unprotecting Malicious Documents For Inspection
https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/
Brave Browser DNS Leak
https://www.theregister.com/2021/02/22/in_brief_security/
Telephony DoS
https://www.ic3.gov/Media/Y2021/PSA210217
2/23/2021 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, February 23rd, 2021
Unprotecting Malicious Documents For Inspection
https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/
Brave Browser DNS Leak
https://www.theregister.com/2021/02/22/in_brief_security/
Telephony DoS
https://www.ic3.gov/Media/Y2021/PSA210217
2/23/2021 • 5 minutes, 45 seconds
ISC StormCast for Monday, February 22nd, 2021
Dynamic Data Exchange (DDE) is Back in the Wild
https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/
https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/
macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings/
New Phishing Attack Identifed: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Sonicwall SMA 100 Firmware Update
https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
2/22/2021 • 5 minutes, 48 seconds
ISC StormCast for Monday, February 22nd, 2021
Dynamic Data Exchange (DDE) is Back in the Wild
https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/
https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/
macOS Malware "Prototype"
https://redcanary.com/blog/clipping-silver-sparrows-wings/
New Phishing Attack Identifed: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Sonicwall SMA 100 Firmware Update
https://www.sonicwall.com/support/product-notification/additional-sma-100-series-10-x-and-9-x-firmware-updates-required-updated-feb-19-2-p-m-cst/210122173415410/
The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
2/18/2021 • 5 minutes, 53 seconds
ISC StormCast for Thursday, February 18th, 2021
The new "LinkedInSecureMessage" Phish
https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/
Apple M1 Optimized Malware
https://objective-see.com/blog/blog_0x62.html
QNAP Surveilance Station Vulnerability
https://www.qnap.com/en/security-advisory/qsa-21-07
Masslogger Exfiltrates User Credentials
https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html
2/18/2021 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, February 17th, 2021
More Weirdness on TCP Port 26
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700
2/17/2021 • 5 minutes, 15 seconds
ISC StormCast for Wednesday, February 17th, 2021
More Weirdness on TCP Port 26
https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/
Microsoft Pulls Servicing Stack Update
https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/
Network Monitoring Company Centreon Compromised
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
VSCode NPM Extension RCE
https://github.com/jackadamson/CVE-2021-26700
2/17/2021 • 5 minutes, 15 seconds
ISC StormCast for Tuesday, February 16th, 2021
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
2/16/2021 • 6 minutes, 39 seconds
ISC StormCast for Tuesday, February 16th, 2021
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat
https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/
Apple to Proxy Safe Browsing Requests
https://twitter.com/othermaciej/status/1359736220809531393
Power Outages and Some Network Outages as a Result
https://downdetector.com
Phone Scam Success Rates
https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/
https://nakedsecurity.sophos.com/2021/02/12/sms-tax-scam-unmasked-bogus-but-believable-dont-fall-for-it/
2/16/2021 • 6 minutes, 39 seconds
ISC StormCast for Monday, February 15th, 2021
AgentTesla Dropped Through Automatic Click in Microsoft Help File
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
2/15/2021 • 7 minutes, 49 seconds
ISC StormCast for Monday, February 15th, 2021
AgentTesla Dropped Through Automatic Click in Microsoft Help File
https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/
Telegram used to Defraud Delivery Serivces
https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/
Singtel Suffers Zero-DAy Cyberattack
https://threatpost.com/singtel-zero-day-cyberattack/163938/
Vulnerabilities in Mobile Health Apps
https://approov.io/download/all-that-we-let-in_hacking-mhealth-apps-and-apis.pdf
Bloomberg Supermicro Story
https://www.bloomberg.com/features/2021-supermicro/
https://www.theregister.com/2021/02/12/supermicro_bloomberg_spying/
2/15/2021 • 7 minutes, 49 seconds
ISC StormCast for Friday, February 12th, 2021
Agent Tesla Hidden in Historical Anti-Malware Tool
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
2/12/2021 • 5 minutes, 41 seconds
ISC StormCast for Friday, February 12th, 2021
Agent Tesla Hidden in Historical Anti-Malware Tool
https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/
McAfee Total Protection Vulnerabilities
https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx
Intel Patches
https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021
Discord Used to Distribute Malware
https://www.zscaler.com/blogs/security-research/discord-cdn-popular-choice-hosting-malicious-payloads
2/12/2021 • 5 minutes, 41 seconds
ISC StormCast for Thursday, February 11th, 2021
Phishing Message to the ISC Handlers E-Mail Distro
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
2/11/2021 • 5 minutes, 47 seconds
ISC StormCast for Thursday, February 11th, 2021
Phishing Message to the ISC Handlers E-Mail Distro
https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/
Google Phishing Statistics
https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams
Adobe Security Updates
https://helpx.adobe.com/security/products/acrobat/apsb21-09.html
Apple Sudo Patch
https://support.apple.com/en-us/HT212177
Number:Jack ISN Generation Weaknesses
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
2/11/2021 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, February 10th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
2/10/2021 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, February 10th, 2021
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/
https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/
Dependency Confusion
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
2/10/2021 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, February 9th, 2021
Tshark and Malware Analysis
https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
2/9/2021 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, February 9th, 2021
Tshark and Malware Analysis
https://isc.sans.edu/forums/diary/Quickie+tshark+Malware+Analysis/27076/
Barcode Scanner Going Bad
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Morse Code Obfuscation
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2021-06/
Water Treatment Facility Compromised
https://www.reuters.com/article/us-usa-cyber-florida/hackers-broke-into-florida-towns-water-treatment-plant-attempted-to-poison-supply-sheriff-says-idUSKBN2A82FV
2/9/2021 • 5 minutes, 49 seconds
ISC StormCast for Monday, February 8th, 2021
VBA Macro Trying to Alter the Application Menus
https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
2/8/2021 • 6 minutes
ISC StormCast for Monday, February 8th, 2021
VBA Macro Trying to Alter the Application Menus
https://isc.sans.edu/forums/diary/VBA+Macro+Trying+to+Alter+the+Application+Menus/27068/
The Great Suspender Going Malicious
https://www.zdnet.com/article/google-kills-the-great-suspender-heres-what-you-should-do-next/
https://github.com/greatsuspender/thegreatsuspender/issues/1263
Google Chrome Zero Day
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html
Plex Media SSDP Amplication DDoS
https://www.netscout.com/blog/asert/plex-media-ssdp-pmssdp-reflectionamplification-ddos-attack
2/8/2021 • 6 minutes
ISC StormCast for Friday, February 5th, 2021
Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
2/5/2021 • 6 minutes, 27 seconds
ISC StormCast for Friday, February 5th, 2021
Abusing Google Chrome Extension Syncing For Data Exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Microsoft Defender ATP Google Chrome False Positive
https://twitter.com/itquartz/status/1356940218138509312
Social Engineering Attacks against Security Researchers Used IE 0 day
https://enki.co.kr/blog/2021/02/04/ie_0day.html#
https://www.bleepingcomputer.com/news/security/hacking-group-also-used-an-ie-zero-day-against-security-researchers/
New Example of XSL Script Processing aka "Mitre T1220"
https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
2/3/2021 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, February 3rd, 2021
New Example of XSL Script Processing aka "Mitre T1220"
https://isc.sans.edu/forums/diary/New+Example+of+XSL+Script+Processing+aka+Mitre+T1220/27056/
Camerfirma Certificate Authority Revocation
https://groups.google.com/g/mozilla.dev.security.policy/c/jif4zWNgGPw
Kobalos HPC Linux Malware
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Agent Tesla Overwries Windows AMSI
https://threatpost.com/agent-tesla-microsoft-asmi/163581/
2/3/2021 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, February 2nd, 2021
MacOS 11.2 Update
https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
2/2/2021 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, February 2nd, 2021
MacOS 11.2 Update
https://support.apple.com/en-us/HT212147
Objective-See Tools Now Open Sources
https://twitter.com/patrickwardle/status/1356149073045143553
iMessage Blastdoor
https://googleprojectzero.blogspot.com/2021/01/a-look-at-imessage-in-ios-14.html
SonicWall Update
https://www.sonicwall.com/support/product-notification/urgent-security-notice-sonicwall-confirms-sma-100-series-10-x-zero-day-vulnerability-feb-1-2-p-m-cst/210122173415410/
New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
1/29/2021 • 6 minutes, 1 second
ISC StormCast for Friday, January 29th, 2021
New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
SlipStreaming
https://www.armis.com/resources/iot-security-blog/nat-slipstreaming-v2-0-new-attack-variant-can-expose-all-internal-network-devices-to-the-internet/
Shadowsocks
https://shadowsocks.org/en/index.html
1/29/2021 • 6 minutes, 1 second
ISC StormCast for Thursday, January 28th, 2021
Emotet vs. Windows Attack Surface Reduction
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
1/28/2021 • 6 minutes, 17 seconds
ISC StormCast for Thursday, January 28th, 2021
Emotet vs. Windows Attack Surface Reduction
https://isc.sans.edu/forums/diary/Emotet+vs+Windows+Attack+Surface+Reduction/27036/
Go Lang Vulnerability
https://blog.golang.org/path-security
Azure Docker Escape
https://www.intezer.com/blog/research/how-we-hacked-azure-functions-and-escaped-docker/
1/28/2021 • 6 minutes, 17 seconds
ISC StormCast for Wednesday, January 27th, 2021
Critical sudo Vulnerability
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
1/27/2021 • 6 minutes, 41 seconds
ISC StormCast for Wednesday, January 27th, 2021
Critical sudo Vulnerability
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Quakbot (QBot) Update
https://isc.sans.edu/forums/diary/TA551+Shathak+Word+docs+push+Qakbot+Qbot/27030/
Targeting Security Researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Apple Updates iOS, iPad, tvOS, watchOS, Xcode and iCloud for Windows
https://support.apple.com/en-us/HT201222
1/27/2021 • 6 minutes, 41 seconds
ISC StormCast for Tuesday, January 26th, 2021
Fun With nmap nse Scripts and DoH (DNS over HTTPS)
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
1/26/2021 • 4 minutes, 46 seconds
ISC StormCast for Tuesday, January 26th, 2021
Fun With nmap nse Scripts and DoH (DNS over HTTPS)
https://isc.sans.edu/forums/diary/Fun+with+NMAP+NSE+Scripts+and+DOH+DNS+over+HTTPS/27026/
Malicious NPM Module Stealing Discord Passwords
https://blog.sonatype.com/cursedgrabber-strikes-again-sonatype-spots-new-malware-campaign-against-software-supply-chains
Mitigating the $I30 Bug
https://www.osr.com/blog/2021/01/21/mitigating-the-i30bitmap-ntfs-bug/
https://github.com/OSRDrivers/i30Flt
ProtonVPN BSOD
https://protonstatus.com/incidents/124
1/26/2021 • 4 minutes, 46 seconds
ISC StormCast for Monday, January 25th, 2021
Another File Extension to Block: JNLP
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
1/25/2021 • 5 minutes, 57 seconds
ISC StormCast for Monday, January 25th, 2021
Another File Extension to Block: JNLP
https://isc.sans.edu/forums/diary/Another+File+Extension+to+Block+in+your+MTA+jnlp/27018/
SonicWall Vulnerability Used to Breach SonicWall
https://www.sonicwall.com/support/product-notification/urgent-security-notice-netextender-vpn-client-10-x-sma-100-series-vulnerability-updated-jan-23-2021/210122173415410/
iObit Forum Breached / Used for Ransomware Distribution
https://www.bleepingcomputer.com/forums/t/741190/derohe-ransomware-distributed-through-fake-iobit-one-year-free-license-key-promo/
1/25/2021 • 5 minutes, 57 seconds
ISC StormCast for Friday, January 22nd, 2021
Powershell Ropping REvil Ransomware
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
1/22/2021 • 13 minutes, 50 seconds
ISC StormCast for Friday, January 22nd, 2021
Powershell Ropping REvil Ransomware
https://isc.sans.edu/forums/diary/Powershell+Dropping+a+REvil+Ransomware/27012/
SAP Exploit Circulating
https://onapsis.com/blog/new-sap-exploit-published-online-how-stay-secure
Oracle Critical Patch Update
https://www.oracle.com/security-alerts/cpujan2021.html
RDP Used for DDoS
https://www.netscout.com/blog/asert/microsoft-remote-desktop-protocol-rdp-reflectionamplification
Billy Wilson: Mitigating Attacks Against Supercomputers with KRSI
https://www.sans.org/reading-room/whitepapers/linux/mitigating-attacks-supercomputer-krsi-40010
1/22/2021 • 13 minutes, 50 seconds
ISC StormCast for Thursday, January 21st, 2021
SolarWinds Updates
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444
1/21/2021 • 7 minutes, 10 seconds
ISC StormCast for Thursday, January 21st, 2021
SolarWinds Updates
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Cisco Advisories
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-bufovulns-B5NrSHbj
Evesdropping Vulnerabilities in Various WebRTC Based Video Conferencing Systems
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Oracle Business Intelligence Enterprise Edition XSS
https://www.exploit-db.com/exploits/49444
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
1/19/2021 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, January 19th, 2021
Doc And RTF Malicious Document
https://isc.sans.edu/forums/diary/Doc+RTF+Malicious+Document/26996/
Center for Internet Security Cisco NX-OS Benchmark
https://www.cisecurity.org/cis-benchmarks/
Exploit for Shazam Geolocation Vulnerablity
https://ash-king.co.uk/blog/Shazlocate-abusing-CVE-2019-8791-CVE-2019-8792
Voice Phishing and Internal Messaging Systems Used to Escalate Privileges
https://www.ic3.gov/Media/News/2021/210115.pdf
1/19/2021 • 5 minutes, 45 seconds
ISC StormCast for Monday, January 18th, 2021
Scans for DNS over HTTPs
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
1/18/2021 • 5 minutes, 11 seconds
ISC StormCast for Monday, January 18th, 2021
Scans for DNS over HTTPs
https://isc.sans.edu/forums/diary/Obfuscated+DNS+Queries/26992/
https://us-cert.cisa.gov/ncas/current-activity/2021/01/15/nsa-releases-guidance-encrypted-dns-enterprise-environments
Netlogon Domain Controller Enforcement Mode Starting February 9th
https://msrc-blog.microsoft.com/2021/01/14/netlogon-domain-controller-enforcement-mode-is-enabled-by-default-beginning-with-the-february-9-2021-security-update-related-to-cve-2020-1472/
Apple Removing ContentFilterExclusionList
https://www.patreon.com/posts/46179028
Hancitor Activity Resumes After a Holiday Break
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
1/14/2021 • 6 minutes, 2 seconds
ISC StormCast for Thursday, January 14th, 2021
Hancitor Activity Resumes After a Holiday Break
https://isc.sans.edu/forums/diary/Hancitor+activity+resumes+after+a+hoilday+break/26980/
Intel Hardware-Enabled Ransomware Protections
https://www.cybereason.com/blog/cybereason-and-intel-introduce-hardware-enabled-ransomware-protections-for-businesses
Making Clouds Rain: RCE in Microsoft Office 365
https://srcincite.io/blog/2021/01/12/making-clouds-rain-rce-in-office-365.html#fn:1
SAP Security Patch Day
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476
1/14/2021 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, January 13th, 2021
MSFT January 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
1/13/2021 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, January 13th, 2021
MSFT January 2021 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2021+Patch+Tuesday/26978/
Adobe Patches
https://helpx.adobe.com/security.html
MimeCast Cert Stolen
https://www.mimecast.com/blog/important-update-from-mimecast/
Leaking Silhouettes of Cross-Origin Images
https://blog.mozilla.org/attack-and-defense/2021/01/11/leaking-silhouettes-of-cross-origin-images/
1/13/2021 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, January 12th, 2021
Using the NVD Database API Part 3/3
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
1/12/2021 • 5 minutes, 57 seconds
ISC StormCast for Tuesday, January 12th, 2021
Using the NVD Database API Part 3/3
https://isc.sans.edu/forums/diary/Using+the+NVD+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Tool+Drop+CVEScan+Part+3+of+3/26974/
Sysinternals Update
https://docs.microsoft.com/en-us/sysinternals/
Ubiquiti Breach
https://www.bleepingcomputer.com/news/security/networking-giant-ubiquiti-alerts-customers-of-potential-data-breach/
Run-Only AppleScript Reversing
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Using the NIST Database and API to Keep Up with Vulnerabilities
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
1/8/2021 • 15 minutes, 50 seconds
ISC StormCast for Friday, January 8th, 2021
Using the NIST Database and API to Keep Up with Vulnerabilities
https://isc.sans.edu/forums/diary/Using+the+NIST+Database+and+API+to+Keep+Up+with+Vulnerabilities+and+Patches+Part+1+of+3/26958/
Titan Security Key
https://ninjalab.io/wp-content/uploads/2021/01/a_side_journey_to_titan.pdf
The Great Suspender Google Chrome Extension
https://www.theregister.com/2021/01/07/great_suspender_malware/
Brian Nishida: Ubuntu Artifacts Generated by Gnome Desktop Environment
https://www.sans.org/reading-room/whitepapers/forensics/ubuntu-artifacts-generated-gnome-desktop-environment-40035
1/8/2021 • 15 minutes, 50 seconds
ISC StormCast for Thursday, January 7th, 2021
Zyxel Exploitation Under Way
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
1/7/2021 • 4 minutes, 23 seconds
ISC StormCast for Thursday, January 7th, 2021
Zyxel Exploitation Under Way
https://isc.sans.edu/forums/diary/Scans+for+Zyxel+Backdoors+are+Commencing/26954/
Fortinet Patches
https://www.fortiguard.com/psirt?date=01-2021
Foxit PhantomPDF Patches
https://www.foxitsoftware.com/support/security-bulletins.html
Firefox Android Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2021-01/
1/7/2021 • 4 minutes, 23 seconds
ISC StormCast for Wednesday, January 6th, 2021
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
1/6/2021 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, January 6th, 2021
Netfox Detective: An Alternative Open-Source Packet Analysis Tool
https://isc.sans.edu/forums/diary/Netfox+Detective+An+Alternative+OpenSource+Packet+Analysis+Tool/26950/
ElectroRAT Drains Cryptocurrency Accounts
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Chrome Will Prefer HTTPS over HTTP By Default
https://chromium-review.googlesource.com/c/chromium/src/+/2568448
Android January Patch Day
https://source.android.com/security/bulletin/2021-01-01
Telegram Publishes Users' Locations Online
https://blog.ahmed.nyc/2021/01/if-you-use-this-feature-on-telegram.html
1/6/2021 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, January 5th, 2021
From a Small BAT File to Mass Logger Infostealer
https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
1/5/2021 • 5 minutes, 24 seconds
ISC StormCast for Tuesday, January 5th, 2021
From a Small BAT File to Mass Logger Infostealer
https://isc.sans.edu/forums/diary/From+a+small+BAT+file+to+Mass+Logger+infostealer/26946/
Citrix Releases Updates Addressing DTLS Flaw
https://support.citrix.com/article/CTX289674
Zend Framework Deserialization Flaw
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3007
https://github.com/Ling-Yizhou/zendframework3-/blob/main/zend%20framework3%20 %20rce.md
1/5/2021 • 5 minutes, 24 seconds
ISC StormCast for Monday, January 4th 2021
Traffic Analysis Quiz
https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
1/4/2021 • 4 minutes, 22 seconds
ISC StormCast for Monday, January 4th 2021
Traffic Analysis Quiz
https://isc.sans.edu/forums/diary/End+of+Year+Traffic+Analysis+Quiz/26940/
Zyxel Backdoor
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Microsoft Source Code Accessed As a Result of SolarWinds Backdoor
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
1/4/2021 • 4 minutes, 22 seconds
ISC StormCast for Wednesday, December 30th 2020
Accessing Restricted Directory Listings via Your AV Solution
https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
12/30/2020 • 4 minutes, 16 seconds
ISC StormCast for Wednesday, December 30th 2020
Accessing Restricted Directory Listings via Your AV Solution
https://isc.sans.edu/forums/diary/Want+to+know+whats+in+a+folder+you+dont+have+a+permission+to+access+Try+asking+your+AV+solution/26932/
Coin Miner Malware Written in Go
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/?fbclid=IwAR3eFiHCNoqr5mc2UAOcm8nocjUOjZn0cpcAiSoYmn__JtJfBbjqUUT1OwQ
AutoHotKey Credential Stealer
https://www.trendmicro.com/en_us/research/20/l/stealth-credential-stealer-targets-us-canadian-bank-customers.html
12/30/2020 • 4 minutes, 16 seconds
ISC StormCast for Tuesday, December 29th 2020
Extending Android Device Compatibility for Let's Encrypt Certificates
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3
12/29/2020 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, December 29th 2020
Extending Android Device Compatibility for Let's Encrypt Certificates
https://letsencrypt.org/2020/12/21/extending-android-compatibility.html
Insufficient Patch for Windows 8.1/10 Print Spooler
https://bugs.chromium.org/p/project-zero/issues/detail?id=2096
Google Docs Vulnerability
https://savebreach.com/stealing-private-documents-through-a-google-docs-bug/
CCC Conferences Virtual
https://streaming.media.ccc.de/rc3
12/29/2020 • 5 minutes, 28 seconds
ISC StormCast for Monday, December 28th 2020
base64dump.py Supported Encodings
https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT
12/28/2020 • 5 minutes, 35 seconds
ISC StormCast for Monday, December 28th 2020
base64dump.py Supported Encodings
https://isc.sans.edu/forums/diary/base64dumppy+Supported+Encodings/26924/
String Analysis and Maldocs
https://isc.sans.edu/forums/diary/Quickie+String+Analysis+Maldocs/26922/
Malicious Word Document Delivering an Octopus Backdoor
https://isc.sans.edu/forums/diary/Malicious+Word+Document+Delivering+an+Octopus+Backdoor/26918/
Analysis Dridex Dropper, IoC extraction
https://isc.sans.edu/forums/diary/Analysis+Dridex+Dropper+IoC+extraction+guest+diary/26920/
AT&T Outage due to Nashville Explosion
https://about.att.com/pages/disaster_relief/nashville.html
SolarWinds SUPERNOVA Malware / API Vulnerability
https://www.solarwinds.com/securityadvisory
Citrix ADC DDoS Attack
https://support.citrix.com/article/CTX289674
Crowdstrike Reporting Tool for Azure
https://github.com/CrowdStrike/CRT
12/28/2020 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, December 23rd 2020
Malware Victim Selection Through WiFi Identification
https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector
12/23/2020 • 3 minutes, 50 seconds
ISC StormCast for Wednesday, December 23rd 2020
Malware Victim Selection Through WiFi Identification
https://isc.sans.edu/forums/diary/Malware+Victim+Selection+Through+WiFi+Identification/26910/
New Treck IP Stack Vulnerabilities
https://treck.com/vulnerability-response-information/
Detecting Treck IP Stack
https://github.com/Forescout/project-memoria-detector
12/23/2020 • 3 minutes, 50 seconds
ISC StormCast for Tuesday, December 22nd 2020
What's The Deal With Openportstats.com?
https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
12/22/2020 • 6 minutes, 14 seconds
ISC StormCast for Tuesday, December 22nd 2020
What's The Deal With Openportstats.com?
https://isc.sans.edu/forums/diary/Whats+the+deal+with+openportstatscom/26912/
Dell Wyse ThinOS 8.6 Security Update
https://www.dell.com/support/kbdoc/en-hr/000180768/dsa-2020-281
SolarWinds 2nd Backdoor
https://www.microsoft.com/security/blog/2020/12/18/analyzing-solorigate-the-compromised-dll-file-that-started-a-sophisticated-cyberattack-and-how-microsoft-defender-helps-protect/
SolarWinds Domains
https://securelist.com/sunburst-connecting-the-dots-in-the-dns-requests/99862/
12/22/2020 • 6 minutes, 14 seconds
ISC StormCast for Monday, December 21st 2020
A slightly optimistic tale of how patching went for CVE-2019-19781
https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
12/21/2020 • 5 minutes, 31 seconds
ISC StormCast for Monday, December 21st 2020
A slightly optimistic tale of how patching went for CVE-2019-19781
https://isc.sans.edu/forums/diary/A+slightly+optimistic+tale+of+how+patching+went+for+CVE201919781/26900/
Heads-up: VirusTotal Functionality in Sysinternals Tools Not Working
https://isc.sans.edu/forums/diary/Headsup+VirusTotal+Functionality+in+Sysinternals+Tools+Not+Working/26906/
Kasachstan: Browsers Block Government Certificate Authority
https://www.zdnet.com/article/apple-google-microsoft-and-mozilla-ban-kazakhstans-mitm-https-certificate/
5G Vulnerabilities
https://positive-tech.com/about/news/vulnerabilities-in-standalone-5g-networks-could-allow-attackers-to-steal-credentials-and-falsify-subscriber-authentication/
Bouncy Castle BCrypt Password Verification Error
https://www.synopsys.com/blogs/software-security/cve-2020-28052-bouncy-castle/
12/21/2020 • 5 minutes, 31 seconds
ISC StormCast for Friday, December 18th 2020
Token Authentication Requirements for Git Operations
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast
12/18/2020 • 6 minutes, 20 seconds
ISC StormCast for Friday, December 18th 2020
Token Authentication Requirements for Git Operations
https://github.blog/2020-12-15-token-authentication-requirements-for-git-operations/
Google Attempting to Speed Up OS Update Adoption
https://android-developers.googleblog.com/2020/12/treble-plus-one-equals-four.html
Trend Micro InterScan Web Security Virtual Appliance Vulnerability
https://success.trendmicro.com/solution/000283077
Malicios Browser Extensions
https://blog.avast.com/malicious-browser-extensions-avast
12/18/2020 • 6 minutes, 20 seconds
ISC StormCast for Thursday, December 17th 2020
Cloud DNS Logs
https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
12/17/2020 • 6 minutes, 6 seconds
ISC StormCast for Thursday, December 17th 2020
Cloud DNS Logs
https://isc.sans.edu/forums/diary/DNS+Logs+in+Public+Clouds/26892/
Solarwinds Update
https://www.heise.de/news/l-f-SolarWinds-Backdoor-Hersteller-sorgte-fuer-Ausnahmen-von-AV-Ueberwachung-4990910.html
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Hewlett Packard Enterprise Systems Insight Manager (SIM) Vulnerability
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us
SAP HANA SAML Validation Weakness
https://www.secureauth.com/blog/secureauth-uncovers-saml-validation-weakness-in-sap-hana/
12/17/2020 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, December 16th 2020
Analyzing A Fireeye Maldoc
https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/
Didier Stevens: 2020 Difference Makers
https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154
F5 Big IP Vulnerabilities
https://support.f5.com/csp/article/K20984059
https://support.f5.com/csp/article/K42696541
https://support.f5.com/csp/article/K37960100
Google Outage
https://status.cloud.google.com/incident/zall/20013
GoLang XML Parser Vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
12/16/2020 • 6 minutes, 21 seconds
ISC StormCast for Wednesday, December 16th 2020
Analyzing A Fireeye Maldoc
https://isc.sans.edu/forums/diary/Analyzing+FireEye+Maldocs/26882/
Didier Stevens: 2020 Difference Makers
https://www.sans.org/webcasts/2020-difference-makers-awards-ceremony-117154
F5 Big IP Vulnerabilities
https://support.f5.com/csp/article/K20984059
https://support.f5.com/csp/article/K42696541
https://support.f5.com/csp/article/K37960100
Google Outage
https://status.cloud.google.com/incident/zall/20013
GoLang XML Parser Vulnerabilities
https://mattermost.com/blog/coordinated-disclosure-go-xml-vulnerabilities/
12/16/2020 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, December 15th 2020
SolarWinds Followup
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
https://sansurl.com/solarwinds
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Sophos and Reversing Labs Release 20 Million Malware Samples
https://github.com/sophos-ai/SOREL-20M
12/15/2020 • 7 minutes, 6 seconds
ISC StormCast for Tuesday, December 15th 2020
SolarWinds Followup
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
https://sansurl.com/solarwinds
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Sophos and Reversing Labs Release 20 Million Malware Samples
https://github.com/sophos-ai/SOREL-20M
12/15/2020 • 7 minutes, 6 seconds
ISC StormCast for Monday, December 14th 2020
SolarWinds Compromise
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures
https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/
Flash Player EoL
https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html
Subway Marketing System Hacked to Send TrickBot Malware Emails
https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
12/14/2020 • 5 minutes, 44 seconds
ISC StormCast for Monday, December 14th 2020
SolarWinds Compromise
https://isc.sans.edu/forums/diary/SolarWinds+Breach+Used+to+Infiltrate+Customer+Networks+Solarigate/26884/
Writing Yara Rules for Fun and Profit: Notes form the FireEye Breach Countermeasures
https://isc.sans.edu/forums/diary/Writing+Yara+Rules+for+Fun+and+Profit+Notes+from+the+FireEye+Breach+Countermeasures/26870/
Flash Player EoL
https://helpx.adobe.com/flash-player/release-note/fp_32_air_32_release_notes.html
Subway Marketing System Hacked to Send TrickBot Malware Emails
https://www.bleepingcomputer.com/news/security/subway-marketing-system-hacked-to-send-trickbot-malware-emails/
12/14/2020 • 5 minutes, 44 seconds
ISC StormCast for Friday, December 11th 2020
Python Backdoor Talking to a C2 Through Ngrok
https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/
Cisco Releases Improved Patch for Jabber Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/
Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
12/11/2020 • 13 minutes, 21 seconds
ISC StormCast for Friday, December 11th 2020
Python Backdoor Talking to a C2 Through Ngrok
https://isc.sans.edu/forums/diary/Python+Backdoor+Talking+to+a+C2+Through+Ngrok/26866/
Cisco Releases Improved Patch for Jabber Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-ZktzjpgO
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
SANS Holiday Hack Challenge
https://holidayhackchallenge.com/2020/
Karim Lalji: Fear of the Unkown: A Metanalysis of Insecure Object Deserialization Vulnerabilities
https://www.sans.org/reading-room/whitepapers/testing/fear-unknown-metanalysis-insecure-object-deserialization-vulnerabilities-39920
12/11/2020 • 13 minutes, 21 seconds
ISC StormCast for Thursday, December 10th 2020
Oblivious DoH
https://blog.cloudflare.com/oblivious-dns/
HTTP Archive Almanach
https://almanac.httparchive.org/en/2020/security
Open Source IoT TCP/IP Stack Vulnerabilities
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Fireeye Red Team Tool Signatures
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
12/10/2020 • 6 minutes, 18 seconds
ISC StormCast for Thursday, December 10th 2020
Oblivious DoH
https://blog.cloudflare.com/oblivious-dns/
HTTP Archive Almanach
https://almanac.httparchive.org/en/2020/security
Open Source IoT TCP/IP Stack Vulnerabilities
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Fireeye Red Team Tool Signatures
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
Corrupt BASE64 Strings: Detection and Decoding
https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/
Microsoft Teams Remote Code Execution Vulnerability (Patched)
https://github.com/oskarsve/ms-teams-rce
PlayStation Now RCE
https://hackerone.com/reports/873614
Cisco Security Manager Java Deserialization Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
12/8/2020 • 5 minutes, 44 seconds
ISC StormCast for Tuesday, December 8th 2020
Corrupt BASE64 Strings: Detection and Decoding
https://isc.sans.edu/forums/diary/Corrupt+BASE64+Strings+Detection+and+Decoding/26616/
Microsoft Teams Remote Code Execution Vulnerability (Patched)
https://github.com/oskarsve/ms-teams-rce
PlayStation Now RCE
https://hackerone.com/reports/873614
Cisco Security Manager Java Deserialization Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-csm-java-rce-mWJEedcD
12/8/2020 • 5 minutes, 44 seconds
ISC StormCast for Monday, December 7th 2020
Proxy Scanner Attempting to Connect to Specific Hostname
https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/
Recovering Passwords From Pixelized Screenshots
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Tomcat Information Leak
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
Google Updates
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
12/7/2020 • 5 minutes, 52 seconds
ISC StormCast for Monday, December 7th 2020
Proxy Scanner Attempting to Connect to Specific Hostname
https://isc.sans.edu/forums/diary/Is+IP+91199118137+testing+Access+to+aahwwx52hostxyz/26852/
Recovering Passwords From Pixelized Screenshots
https://www.linkedin.com/pulse/recovering-passwords-from-pixelized-screenshots-sipke-mellema/
Tomcat Information Leak
http://mail-archives.us.apache.org/mod_mbox/www-announce/202012.mbox/%3C52858194-2efd-6f17-1821-9036c8494df0%40apache.org%3E
Google Updates
https://chromereleases.googleblog.com/2020/12/stable-channel-update-for-desktop.html
12/7/2020 • 5 minutes, 52 seconds
ISC StormCast for Friday, December 4th 2020
Traffic Analysis Quiz: Mr. Natural
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/
An iOS Zero-Click Radio Proximity Exploit Odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Github "State of the Octoverse" Report
https://octoverse.github.com/static/2020-security-report.pdf
Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive
https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
12/4/2020 • 16 minutes, 48 seconds
ISC StormCast for Friday, December 4th 2020
Traffic Analysis Quiz: Mr. Natural
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Mr+Natural/26844/
An iOS Zero-Click Radio Proximity Exploit Odyssey
https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html
Github "State of the Octoverse" Report
https://octoverse.github.com/static/2020-security-report.pdf
Christopher Hurless: Open-Source Endpoint Detection and Response with CIS Benchmarks, OSQuery, Elastic Stack and The Hive
https://www.sans.org/reading-room/whitepapers/incident/open-source-endpoint-detection-response-cis-benchmarks-osquery-elastic-stack-thehive-39900
12/4/2020 • 16 minutes, 48 seconds
ISC StormCast for Thursday, December 3rd 2020
Prevelance of DNS Spoofing
https://arxiv.org/abs/2011.12978
New npm Malware Includes Bladabindi Trojan
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
12/3/2020 • 6 minutes, 54 seconds
ISC StormCast for Thursday, December 3rd 2020
Prevelance of DNS Spoofing
https://arxiv.org/abs/2011.12978
New npm Malware Includes Bladabindi Trojan
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
DarkIRC Bot Exploits Recent Oracle WebLogic Vulnerablity
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
12/3/2020 • 6 minutes, 54 seconds
ISC StormCast for Wednesday, December 2nd 2020
Xanthe Docker Aware Miner
https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more
Ocean Lotus Mac Backdoor
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
OpenClinic vs OpenClinic GA
https://labs.bishopfox.com/advisories/openclinic-version-0.8.2
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/
Register For Cyberstart
https://www.cyberstartamerica.org
12/2/2020 • 8 minutes, 54 seconds
ISC StormCast for Wednesday, December 2nd 2020
Xanthe Docker Aware Miner
https://blog.talosintelligence.com/2020/12/xanthe-docker-aware-miner.html#more
Ocean Lotus Mac Backdoor
https://www.trendmicro.com/en_us/research/20/k/new-macos-backdoor-connected-to-oceanlotus-surfaces.html
OpenClinic vs OpenClinic GA
https://labs.bishopfox.com/advisories/openclinic-version-0.8.2
https://us-cert.cisa.gov/ics/advisories/icsma-20-184-01
https://sourceforge.net/p/open-clinic/discussion/1231980/thread/a2e8909fc5/
Register For Cyberstart
https://www.cyberstartamerica.org
12/2/2020 • 8 minutes, 54 seconds
ISC StormCast for Tuesday, December 1st 2020
Decrypting PowerShell Payloads
https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/
Trend Micro ServerProtect for Linux
https://success.trendmicro.com/solution/000281950
WebKit Vulnerabilities
https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html
New Skimmer JS
https://twitter.com/AffableKraut/status/1333258498910588928
12/1/2020 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, December 1st 2020
Decrypting PowerShell Payloads
https://isc.sans.edu/forums/diary/Decrypting+PowerShell+Payloads+video/26838/
Trend Micro ServerProtect for Linux
https://success.trendmicro.com/solution/000281950
WebKit Vulnerabilities
https://blog.talosintelligence.com/2020/11/vuln-spotlight-webkit-use-after-free-nov-2020.html
New Skimmer JS
https://twitter.com/AffableKraut/status/1333258498910588928
12/1/2020 • 6 minutes, 12 seconds
ISC StormCast for Monday, November 30th 2020
Live Patching Windows API Calls Using PowerShell
https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/
Threat Hunting with JARM
https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/
https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/
Be Careful With IoT Gifts
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
Active Exploitation of Mobile Iron Vulnerabilities
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
11/30/2020 • 6 minutes, 35 seconds
ISC StormCast for Monday, November 30th 2020
Live Patching Windows API Calls Using PowerShell
https://isc.sans.edu/forums/diary/Live+Patching+Windows+API+Calls+Using+PowerShell/26826/
Threat Hunting with JARM
https://isc.sans.edu/forums/diary/Threat+Hunting+with+JARM/26832/
https://isc.sans.edu/forums/diary/Quick+Tip+Using+JARM+With+a+SOCKS+Proxy/26834/
Be Careful With IoT Gifts
https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/
https://www.cyberscoop.com/smart-doorbells-amazon-ebay-ncc-vulnerabilities/
Active Exploitation of Mobile Iron Vulnerabilities
https://www.ncsc.gov.uk/news/alert-multiple-actors-attempt-exploit-mobileiron-vulnerability
11/30/2020 • 6 minutes, 35 seconds
ISC StormCast for Wednesday, November 25th 2020
The Special Case of TCP Resets
https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/
VMWare Workspace Vulnerability
https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Holiday Hack Challenge 2020
https://holidayhackchallenge.com/2020/
11/25/2020 • 11 minutes, 17 seconds
ISC StormCast for Wednesday, November 25th 2020
The Special Case of TCP Resets
https://isc.sans.edu/forums/diary/The+special+case+of+TCP+RST/26824/
VMWare Workspace Vulnerability
https://www.theregister.com/2020/11/24/vmware_urges_sysadmins_to_implement/
Holiday Hack Challenge 2020
https://holidayhackchallenge.com/2020/
11/25/2020 • 11 minutes, 17 seconds
ISC StormCast for Tuesday, November 24th 2020
Quick Tip: Cobalt Strike Beacon Analysis
https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/
Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains
https://blog.liquid.com/security-incident-november-13-2020
Spoofed FBI Domains
https://www.ic3.gov/Media/Y2020/PSA201123
11/24/2020 • 3 minutes, 42 seconds
ISC StormCast for Tuesday, November 24th 2020
Quick Tip: Cobalt Strike Beacon Analysis
https://isc.sans.edu/forums/diary/Quick+Tip+Cobalt+Strike+Beacon+Analysis/26818/
Godaddy Social Engineering Used to Compromise Bitcoin Exchange Domains
https://blog.liquid.com/security-incident-november-13-2020
Spoofed FBI Domains
https://www.ic3.gov/Media/Y2020/PSA201123
11/24/2020 • 3 minutes, 42 seconds
ISC StormCast for Monday, November 23rd 2020
Updates for VMWare ESXi; Fusion and Workstation
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
IBM DB2 Vulnerability
https://www.ibm.com/support/pages/node/6370025
https://www.ibm.com/support/pages/node/6370023
Fortinet SSL VPN Exploit Used to Collect Credentials
https://twitter.com/Bank_Security/status/1329426020647243778
11/23/2020 • 3 minutes, 53 seconds
ISC StormCast for Monday, November 23rd 2020
Updates for VMWare ESXi; Fusion and Workstation
https://www.vmware.com/security/advisories/VMSA-2020-0026.html
IBM DB2 Vulnerability
https://www.ibm.com/support/pages/node/6370025
https://www.ibm.com/support/pages/node/6370023
Fortinet SSL VPN Exploit Used to Collect Credentials
https://twitter.com/Bank_Security/status/1329426020647243778
11/23/2020 • 3 minutes, 53 seconds
ISC StormCast for Friday, November 20th 2020
PowerShell Dropper Delivering Formbook
https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/
Google Leading the Way in Phishing
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign
Identifying Malicious Servers With JARM
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production
https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
11/20/2020 • 15 minutes, 59 seconds
ISC StormCast for Friday, November 20th 2020
PowerShell Dropper Delivering Formbook
https://isc.sans.edu/forums/diary/PowerShell+Dropper+Delivering+Formbook/26806/
Google Leading the Way in Phishing
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign
Identifying Malicious Servers With JARM
https://engineering.salesforce.com/easily-identify-malicious-servers-on-the-internet-with-jarm-e095edac525a
Daniel Behrens: Industrial Traffic Collection: Understanding the Implications of Deploying Visibility Without Impacting Production
https://www.sans.org/reading-room/whitepapers/ICS/industrial-traffic-collection-understanding-implications-deploying-visibility-impacting-production-39810
11/20/2020 • 15 minutes, 59 seconds
ISC StormCast for Thursday, November 19th 2020
When Security Controls Lead to Security Issues
https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
Firefox 83 HTTPS Only Mode
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
OOB Windows Kerberos Update
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center
Cisco WebEx Patch Fixes "Ghost Users"
https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/
Ransomware Flooding Printers
https://twitter.com/Irlenys/status/1327784305465188353
11/19/2020 • 5 minutes, 7 seconds
ISC StormCast for Thursday, November 19th 2020
When Security Controls Lead to Security Issues
https://isc.sans.edu/forums/diary/When+Security+Controls+Lead+to+Security+Issues/26804/
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop_17.html
Firefox 83 HTTPS Only Mode
https://blog.mozilla.org/security/2020/11/17/firefox-83-introduces-https-only-mode/
OOB Windows Kerberos Update
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center
Cisco WebEx Patch Fixes "Ghost Users"
https://securityintelligence.com/posts/ibm-works-with-cisco-exorcise-ghosts-webex-meetings/
Ransomware Flooding Printers
https://twitter.com/Irlenys/status/1327784305465188353
11/19/2020 • 5 minutes, 7 seconds
ISC StormCast for Wednesday, November 18th 2020
Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11
https://twitter.com/patrickwardle/status/1327726496203476992
Apple Improving Privacy on App Certificate Checks
https://support.apple.com/en-us/HT202491
Cisco Security Manager Vulnerabilities
https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e
https://tools.cisco.com/security/center/publicationListing.x
11/18/2020 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, November 18th 2020
Apple Binaries Used to Bypass 3rd Party Security Products on MacOS 11
https://twitter.com/patrickwardle/status/1327726496203476992
Apple Improving Privacy on App Certificate Checks
https://support.apple.com/en-us/HT202491
Cisco Security Manager Vulnerabilities
https://gist.github.com/Frycos/8bf5c125d720b3504b4f28a1126e509e
https://tools.cisco.com/security/center/publicationListing.x
11/18/2020 • 5 minutes, 37 seconds
ISC StormCast for Tuesday, November 17th 2020
Old Vulnerbilities Don't Die
https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/
Citrix Virtual Apps and Desktops Security Update
https://support.citrix.com/article/CTX285059
Zoom Security Improvements
https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/
Firefox File Read Vulnerability Details
https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
11/17/2020 • 6 minutes, 10 seconds
ISC StormCast for Tuesday, November 17th 2020
Old Vulnerbilities Don't Die
https://isc.sans.edu/forums/diary/Heartbleed+BlueKeep+and+other+vulnerabilities+that+didnt+disappear+just+because+we+dont+talk+about+them+anymore/26798/
Citrix Virtual Apps and Desktops Security Update
https://support.citrix.com/article/CTX285059
Zoom Security Improvements
https://blog.zoom.us/new-ways-to-combat-zoom-meeting-disruptions/
Firefox File Read Vulnerability Details
https://medium.com/@kanytu/firefox-and-how-a-website-could-steal-all-of-your-cookies-581fe4648e8d
11/17/2020 • 6 minutes, 10 seconds
ISC StormCast for Monday, November 16th 2020
Oledump Removed Macro Indicator
https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/
Old Worm But New Obfuscation Technique
https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/
MacOS OCSP Disaster
https://blog.cryptohack.org/macos-ocsp-disaster
VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface
https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
11/16/2020 • 6 minutes, 41 seconds
ISC StormCast for Monday, November 16th 2020
Oledump Removed Macro Indicator
https://isc.sans.edu/forums/diary/oledumps+Indicator/26794/
Old Worm But New Obfuscation Technique
https://isc.sans.edu/forums/diary/Old+Worm+But+New+Obfuscation+Technique/26792/
MacOS OCSP Disaster
https://blog.cryptohack.org/macos-ocsp-disaster
VoltPillager: Hardware-base fault injection attacks against Instel SGX Enclaves using the SVID voltage scaling interface
https://www.usenix.org/system/files/sec21summer_chen-zitai.pdf
11/16/2020 • 6 minutes, 41 seconds
ISC StormCast for Friday, November 13th 2020
Preventing Exposed Azure Blob Storage
https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/
Apple Security Updates
https://support.apple.com/en-us/HT201222
DNS Cache Poisoning Attack Reloaded
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
11/13/2020 • 14 minutes, 3 seconds
ISC StormCast for Friday, November 13th 2020
Preventing Exposed Azure Blob Storage
https://isc.sans.edu/forums/diary/Preventing+Exposed+Azure+Blob+Storage/26786/
Apple Security Updates
https://support.apple.com/en-us/HT201222
DNS Cache Poisoning Attack Reloaded
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Rebel Powell: Poisoned Postman; Detecting Manipulation of Compliance Features in a Microsoft Exchange Online Environment
https://www.sans.org/reading-room/whitepapers/cloud/poisoned-postman-detecting-manipulation-compliance-features-microsoft-exchange-online-environment-39850
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/
"Platypus" Attack against Intel SGX
https://platypusattack.com/
Adobe Updates
https://helpx.adobe.com/security.html
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
Fingerprinting ADS-B Signals
https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
11/11/2020 • 6 minutes, 26 seconds
ISC StormCast for Wednesday, November 11th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+November+2020+Patch+Tuesday/26778/
"Platypus" Attack against Intel SGX
https://platypusattack.com/
Adobe Updates
https://helpx.adobe.com/security.html
Firefox Updates
https://www.mozilla.org/en-US/security/advisories/mfsa2020-49/#CVE-2020-26950
Fingerprinting ADS-B Signals
https://icnp20.cs.ucr.edu/proceedings/aimcom2/Real-World%20ADS-B%20signal%20recognition%20based%20on%20Radio%20Frequency%20Fingerprinting.pdf
11/11/2020 • 6 minutes, 26 seconds
ISC StormCast for Tuesday, November 10th 2020
How Attackers Brush Up Their Malicious Scripts
https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/
RansomEXX Trojan Attacks Linux Systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/
More NPM Malare Found
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
The Internet is Getting Safer: Fall 2020 RPKI Update
https://blog.cloudflare.com/rpki-2020-fall-update/
11/10/2020 • 5 minutes, 58 seconds
ISC StormCast for Tuesday, November 10th 2020
How Attackers Brush Up Their Malicious Scripts
https://isc.sans.edu/forums/diary/How+Attackers+Brush+Up+Their+Malicious+Scripts/26770/
RansomEXX Trojan Attacks Linux Systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Fake Microsoft Teams Updates Lead to Cobalt Strike Deployment
https://www.bleepingcomputer.com/news/security/fake-microsoft-teams-updates-lead-to-cobalt-strike-deployment/
More NPM Malare Found
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
The Internet is Getting Safer: Fall 2020 RPKI Update
https://blog.cloudflare.com/rpki-2020-fall-update/
11/10/2020 • 5 minutes, 58 seconds
ISC StormCast for Monday, November 9th 2020
Cryptojacking Targeting WebLogic TCP/7001
Cryptojacking Targeting WebLogic TCP/7001
https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
Extracting VBA Code From Maldocs
https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/
Let's Encrypt May No Longer Be Recognized by Older Android Versions
https://letsencrypt.org/2020/11/06/own-two-feet.html
Linux Kernel to Remove set_fs()
http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html
BigIP Vulnerability
https://support.f5.com/csp/article/K43310520
11/9/2020 • 5 minutes, 16 seconds
ISC StormCast for Monday, November 9th 2020
Cryptojacking Targeting WebLogic TCP/7001
Cryptojacking Targeting WebLogic TCP/7001
https://isc.sans.edu/forums/diary/Cryptojacking+Targeting+WebLogic+TCP7001/26768/
Extracting VBA Code From Maldocs
https://isc.sans.edu/forums/diary/Quick+Tip+Extracting+all+VBA+Code+from+a+Maldoc/26772/
Let's Encrypt May No Longer Be Recognized by Older Android Versions
https://letsencrypt.org/2020/11/06/own-two-feet.html
Linux Kernel to Remove set_fs()
http://lkml.iu.edu/hypermail/linux/kernel/2010.3/00552.html
BigIP Vulnerability
https://support.f5.com/csp/article/K43310520
11/9/2020 • 5 minutes, 16 seconds
ISC StormCast for Friday, November 6th 2020
Did You Spot "Invoke-Expression" ?
https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Corporte VoIP Phone System Attacks
https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/
Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers
https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
11/6/2020 • 15 minutes, 51 seconds
ISC StormCast for Friday, November 6th 2020
Did You Spot "Invoke-Expression" ?
https://isc.sans.edu/forums/diary/Did+You+Spot+InvokeExpression/26762/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Corporte VoIP Phone System Attacks
https://blog.checkpoint.com/2020/11/05/whos-calling-gaza-and-west-bank-hackers-exploit-and-monetize-corporate-voip-phone-system-vulnerability-internationally/
Mark Lucas: Replacing WINS in an Open Environment with Policy Managed DNS Servers
https://www.sans.org/reading-room/whitepapers/dns/replacing-wins-open-environment-policy-managed-dns-servers-39820
11/6/2020 • 15 minutes, 51 seconds
ISC StormCast for Thursday, November 5th 2020
Cisco AnyConnect Security Mobility Client
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
Google Chrome Root CA Policy
https://www.chromium.org/Home/chromium-security/root-ca-policy
Android November 2020 Security Bulletin
https://source.android.com/security/bulletin/2020-11-01
11/5/2020 • 5 minutes, 39 seconds
ISC StormCast for Thursday, November 5th 2020
Cisco AnyConnect Security Mobility Client
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK
Google Chrome Root CA Policy
https://www.chromium.org/Home/chromium-security/root-ca-policy
Android November 2020 Security Bulletin
https://source.android.com/security/bulletin/2020-11-01
Emotet -> Qakbot -> More Emotet
https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
WebLogic Bad News
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://twitter.com/80vul/status/1322078337137700865
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
NAT Slipstreaming Re-Discovered
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
11/3/2020 • 6 minutes, 39 seconds
ISC StormCast for Tuesday, November 3rd 2020
Emotet -> Qakbot -> More Emotet
https://isc.sans.edu/forums/diary/Emotet+Qakbot+more+Emotet/26750/
WebLogic Bad News
https://www.oracle.com/security-alerts/alert-cve-2020-14750.html
https://twitter.com/80vul/status/1322078337137700865
Google Chrome Update
https://chromereleases.googleblog.com/2020/11/stable-channel-update-for-desktop.html
NAT Slipstreaming Re-Discovered
https://thehackernews.com/2020/11/new-natfirewall-bypass-attack-lets.html
11/3/2020 • 6 minutes, 39 seconds
ISC StormCast for Monday, November 2nd 2020
Quick Status of the CAA DNS Record Adoption
https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/
Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
Operation Earth Kitsune
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
11/2/2020 • 5 minutes, 30 seconds
ISC StormCast for Monday, November 2nd 2020
Quick Status of the CAA DNS Record Adoption
https://isc.sans.edu/forums/diary/Quick+Status+of+the+CAA+DNS+Record+Adoption/26738/
Windows Kernel cng.sys pool-based buffer overflow CVE-2020-17087
https://bugs.chromium.org/p/project-zero/issues/detail?id=2104
Operation Earth Kitsune
https://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/operation-earth-kitsune-tracking-slub-s-current-operations
SMBGhost Remains Unpatched on 8% of Exposed SMB Servers
https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/
Microsoft Defender ATP Cobalt Strike False Positive
https://twitter.com/ffforward/status/1321375690084810753?s=20
QNAP Security Advisory
https://www.qnap.com/en/security-advisory/QSA-20-09
New Linux Trickbot Version Sighted
https://www.netscout.com/blog/asert/dropping-anchor
Abuse.ch Needs Help
https://abuse.ch/blog/moving-forward/
10/29/2020 • 5 minutes, 51 seconds
ISC StormCast for Thursday, October 29th 2020
SMBGhost Remains Unpatched on 8% of Exposed SMB Servers
https://isc.sans.edu/forums/diary/SMBGhost+the+critical+vulnerability+many+seem+to+have+forgotten+to+patch/26732/
Microsoft Defender ATP Cobalt Strike False Positive
https://twitter.com/ffforward/status/1321375690084810753?s=20
QNAP Security Advisory
https://www.qnap.com/en/security-advisory/QSA-20-09
New Linux Trickbot Version Sighted
https://www.netscout.com/blog/asert/dropping-anchor
Abuse.ch Needs Help
https://abuse.ch/blog/moving-forward/
10/29/2020 • 5 minutes, 51 seconds
ISC StormCast for Wednesday, October 28th 2020
Vulnerable SonarQube Configurations Used to Steal Code
https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc
Microsoft Edge Security Updates (Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
Microsoft Releases Flash Removal Tool
https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Bypassing MSFT Teams Policies
https://o365blog.com/post/teams-policies/
10/28/2020 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, October 28th 2020
Vulnerable SonarQube Configurations Used to Steal Code
https://beta.documentcloud.org/documents/20399900-fbi_flash_sonarqube_access_bc
Microsoft Edge Security Updates (Chromium-Based)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002
Microsoft Releases Flash Removal Tool
https://support.microsoft.com/en-us/help/4577586/update-for-removal-of-adobe-flash-player
Bypassing MSFT Teams Policies
https://o365blog.com/post/teams-policies/
10/28/2020 • 5 minutes, 19 seconds
ISC StormCast for Tuesday, October 27th 2020
Excel 4 Macros: "Abnormal Sheet Visibility"
https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/
HP Printer Applications Certificate Revoked
https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/
Link Previews and Privacy
https://www.mysk.blog/2020/10/25/link-previews/
10/27/2020 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, October 27th 2020
Excel 4 Macros: "Abnormal Sheet Visibility"
https://isc.sans.edu/forums/diary/Excel+4+Macros+Abnormal+Sheet+Visibility/26726/
HP Printer Applications Certificate Revoked
https://eclecticlight.co/2020/10/23/why-have-my-hp-printers-stopped-working-how-to-check-their-software-signature/
Link Previews and Privacy
https://www.mysk.blog/2020/10/25/link-previews/
10/27/2020 • 6 minutes, 9 seconds
ISC StormCast for Monday, October 26th 2020
An Alternative to Shodan: Censys
https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
Sooty: SOC Analyst's All-in-One Tool
https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/
Adversarial ML Threat Matrix
https://github.com/mitre/advmlthreatmatrix
Samsung S20 RCE
https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/
VMWare Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
10/26/2020 • 5 minutes, 39 seconds
ISC StormCast for Monday, October 26th 2020
An Alternative to Shodan: Censys
https://isc.sans.edu/forums/diary/An+Alternative+to+Shodan+Censys+with+UserAgent+CensysInspect11/26718/
Sooty: SOC Analyst's All-in-One Tool
https://isc.sans.edu/forums/diary/Sooty+SOC+Analysts+AllinOne+Tool/26714/
Adversarial ML Threat Matrix
https://github.com/mitre/advmlthreatmatrix
Samsung S20 RCE
https://labs.f-secure.com/blog/samsung-s20-rce-via-samsung-galaxy-store-app/
VMWare Advisory
https://www.vmware.com/security/advisories/VMSA-2020-0023.html
Shipping Dangerous Goods
https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/
Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
URL Bar Spoofing Vulnerabilities
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2020.html
10/22/2020 • 5 minutes, 40 seconds
ISC StormCast for Thursday, October 22nd 2020
Shipping Dangerous Goods
https://isc.sans.edu/forums/diary/Shipping+dangerous+goods/26702/
Chinese State-Sponsored Actors Exploit Same Vulnerablities as Others
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
URL Bar Spoofing Vulnerabilities
https://thehackernews.com/2020/10/browser-address-spoofing-vulnerability.html
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpuoct2020.html
10/22/2020 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, October 21st 2020
Mirai-alike Python Scanner
https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Google Chrome Update (actively exploited vulnerability fixed)
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
QNAP Fixes ZeroLogon Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-07
GravityRat Going Multi Platform
https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms
US Census Spoof
https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
10/21/2020 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, October 21st 2020
Mirai-alike Python Scanner
https://isc.sans.edu/forums/diary/Miraialike+Python+Scanner/26698/
Google Chrome Update (actively exploited vulnerability fixed)
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html
QNAP Fixes ZeroLogon Vulnerability
https://www.qnap.com/en/security-advisory/qsa-20-07
GravityRat Going Multi Platform
https://usa.kaspersky.com/about/press-releases/2020_infamous-gravity-rat-spyware-evolves-to-target-multiple-platforms
US Census Spoof
https://beta.documentcloud.org/documents/20397864-fbi-flash-unattributed-entities-register-domains-10142020
10/21/2020 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, October 20th 2020
Out of Band MSFT Patches
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
Adobe Magento Patches
https://helpx.adobe.com/security/products/magento/apsb20-59.html
Attacks against SS7
https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
10/20/2020 • 5 minutes, 8 seconds
ISC StormCast for Tuesday, October 20th 2020
Out of Band MSFT Patches
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17022
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-17023
Adobe Magento Patches
https://helpx.adobe.com/security/products/magento/apsb20-59.html
Attacks against SS7
https://www.haaretz.com/israel-news/tech-news/.premium-exclusive-intricate-hack-against-israeli-crypto-execs-mossad-investigating-1.9211991
https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/
Obfuscated Python RAT
https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/
BadNeighbor ICMPv6 Router Advertisement Update
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/
BlueZ Vulnerability
https://www.youtube.com/watch?v=qPYrLRausSw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://security.googleblog.com/ (available "soon")
Zoom Rolling Out End-to-End Encryption
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
10/16/2020 • 5 minutes, 48 seconds
ISC StormCast for Friday, October 16th 2020
Obfuscated Python RAT
https://isc.sans.edu/forums/diary/Nicely+Obfuscated+Python+RAT/26680/
BadNeighbor ICMPv6 Router Advertisement Update
https://isc.sans.edu/forums/diary/CVE202016898+Windows+ICMPv6+Router+Advertisement+RRDNS+Option+Remote+Code+Execution+Vulnerability/26684/
BlueZ Vulnerability
https://www.youtube.com/watch?v=qPYrLRausSw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00435.html
https://security.googleblog.com/ (available "soon")
Zoom Rolling Out End-to-End Encryption
https://blog.zoom.us/zoom-rolling-out-end-to-end-encryption-offering/
10/16/2020 • 5 minutes, 48 seconds
ISC StormCast for Thursday, October 15th 2020
TA551/Shathak Word Docs Push IcedID and Bokbot
https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/
MSFT Patch Tuesday Followup
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
Apple T2 Chip Vulnerability Confirmed
https://9to5mac.com/2020/10/13/t2-exploit-team/
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
10/15/2020 • 6 minutes
ISC StormCast for Thursday, October 15th 2020
TA551/Shathak Word Docs Push IcedID and Bokbot
https://isc.sans.edu/forums/diary/More+TA551+Shathak+Word+docs+push+IcedID+Bokbot/26674/
MSFT Patch Tuesday Followup
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16951
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-16952
Apple T2 Chip Vulnerability Confirmed
https://9to5mac.com/2020/10/13/t2-exploit-team/
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
10/15/2020 • 6 minutes
ISC StormCast for Wednesday, October 14th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/
Adobe Updates
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
10/14/2020 • 6 minutes, 37 seconds
ISC StormCast for Wednesday, October 14th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2020+Patch+Tuesday/26672/
Adobe Updates
https://helpx.adobe.com/security/products/flash-player/apsb20-58.html
10/14/2020 • 6 minutes, 37 seconds
ISC StormCast for Tuesday, October 13th 2020
Nested .MSGs: Turtles All The Way Down
https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/
Microsoft Attempting To Take Down Trickbot C2 Infrastructure
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Google Chrome Cache Partitioning
https://developers.google.com/web/updates/2020/10/http-cache-partitioning
10/13/2020 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, October 13th 2020
Nested .MSGs: Turtles All The Way Down
https://isc.sans.edu/forums/diary/Nested+MSGs+Turtles+All+The+Way+Down/26668/
Microsoft Attempting To Take Down Trickbot C2 Infrastructure
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
Google Chrome Cache Partitioning
https://developers.google.com/web/updates/2020/10/http-cache-partitioning
10/13/2020 • 5 minutes, 45 seconds
ISC StormCast for Monday, October 12th 2020
Phishing Kits As Far As The Eye Can See
https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/
Open Packaging Conventions
https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/
Analyzing MSG Files
https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/
Cisco Video Surveillance 8000 Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx
55 New Apple Flaws
https://samcurry.net/hacking-apple/
10/12/2020 • 5 minutes, 49 seconds
ISC StormCast for Monday, October 12th 2020
Phishing Kits As Far As The Eye Can See
https://isc.sans.edu/forums/diary/Phishing+kits+as+far+as+the+eye+can+see/26660/
Open Packaging Conventions
https://isc.sans.edu/forums/diary/Open+Packaging+Conventions/26662/
Analyzing MSG Files
https://isc.sans.edu/forums/diary/Analyzing+MSG+Files+With+pluginmsgsummary/26664/
Cisco Video Surveillance 8000 Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cdp-rcedos-mAHR8vNx
55 New Apple Flaws
https://samcurry.net/hacking-apple/
10/12/2020 • 5 minutes, 49 seconds
ISC StormCast for Friday, October 9th 2020
Hashicorp Vault Vulnerabilities
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
Ryuk Ransomware Writeup
https://thedfirreport.com/2020/10/08/ryuks-return/
Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile
https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
10/9/2020 • 19 minutes, 33 seconds
ISC StormCast for Friday, October 9th 2020
Hashicorp Vault Vulnerabilities
https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
Ryuk Ransomware Writeup
https://thedfirreport.com/2020/10/08/ryuks-return/
Ricky Tan: Zeek Log Reconnaissance with Netowrk Graphs Using Maltego Casefile
https://www.sans.org/reading-room/whitepapers/securityanalytics/zeek-log-reconnaissance-network-graphs-maltego-casefile-39815
10/9/2020 • 19 minutes, 33 seconds
ISC StormCast for Thursday, October 8th 2020
Today, Nobody is Going to Attack You
https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/
Google Chrome Patches
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Android Security Update
https://source.android.com/security/bulletin/2020-10-01
QNAP Patches Helpdesk Application
https://www.qnap.com/en/security-advisory/QSA-20-08
Comcast Remote Control Evesdropping
https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
10/8/2020 • 6 minutes, 51 seconds
ISC StormCast for Thursday, October 8th 2020
Today, Nobody is Going to Attack You
https://isc.sans.edu/forums/diary/Today+Nobody+is+Going+to+Attack+You/26654/
Google Chrome Patches
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html
Android Security Update
https://source.android.com/security/bulletin/2020-10-01
QNAP Patches Helpdesk Application
https://www.qnap.com/en/security-advisory/QSA-20-08
Comcast Remote Control Evesdropping
https://www.guardicore.com/2020/10/wareztheremote-turning-remotes-into-listening-devices/
Obfuscation and Repetition
https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/
Compromised UEFI Payload Found
https://securelist.com/mosaicregressor/98849/
Privilege Escalation Flaw in All AntiVirus Products
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Rapid7 SMTP "NICER" Report
https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
10/6/2020 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, October 6th 2020
Obfuscation and Repetition
https://isc.sans.edu/forums/diary/Obfuscation+and+Repetition/26648/
Compromised UEFI Payload Found
https://securelist.com/mosaicregressor/98849/
Privilege Escalation Flaw in All AntiVirus Products
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Rapid7 SMTP "NICER" Report
https://blog.rapid7.com/2020/10/02/nicer-protocol-deep-dive-internet-exposure-of-smtp/
10/6/2020 • 5 minutes, 51 seconds
ISC StormCast for Monday, October 5th 2020
Analysis of a Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/
Hoaxcalls Botnet Scanning for Huawei Home Gateway
https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/
SQL Server Cumulative Update 8
https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019
Telstra Accidentially Reroutes Proton Mail Traffic
https://protonmail.com/blog/bgp-hijacking-september-2020/
"Raccine" Ransomware Vaccine
https://github.com/Neo23x0/Raccine
10/5/2020 • 6 minutes, 24 seconds
ISC StormCast for Monday, October 5th 2020
Analysis of a Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Phishing+Kit/26634/
Hoaxcalls Botnet Scanning for Huawei Home Gateway
https://isc.sans.edu/forums/diary/Scanning+for+SOHO+Routers/26638/
SQL Server Cumulative Update 8
https://support.microsoft.com/en-us/help/4577194/cumulative-update-8-for-sql-server-2019
Telstra Accidentially Reroutes Proton Mail Traffic
https://protonmail.com/blog/bgp-hijacking-september-2020/
"Raccine" Ransomware Vaccine
https://github.com/Neo23x0/Raccine
10/5/2020 • 6 minutes, 24 seconds
ISC StormCast for Friday, October 2nd 2020
Making Sensor of Azure AD Activity Logs
https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/
IOCs Turning into IOOIs
https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/
Apple Security Patch Pulled
https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated
Have I Been EMOTET Service
https://www.haveibeenemotet.com/
10/2/2020 • 5 minutes, 19 seconds
ISC StormCast for Friday, October 2nd 2020
Making Sensor of Azure AD Activity Logs
https://isc.sans.edu/forums/diary/Making+sense+of+Azure+AD+AAD+activity+logs/26626/
IOCs Turning into IOOIs
https://isc.sans.edu/forums/diary/IOCs+turning+into+IOOIs/26624/
Apple Security Patch Pulled
https://mrmacintosh.com/mojave-2020-005-security-update-causing-major-problems-updated
Have I Been EMOTET Service
https://www.haveibeenemotet.com/
10/2/2020 • 5 minutes, 19 seconds
ISC StormCast for Thursday, October 1st 2020
Scans for FPURL.xml: Reconnaissance or Not?
https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/
HP Device Manager Backdoor
https://support.hp.com/us-en/document/c06921908
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
KensingtonWorks RCE
https://robertheaton.com/another-rce-in-kensingtonworks/
10/1/2020 • 6 minutes, 11 seconds
ISC StormCast for Thursday, October 1st 2020
Scans for FPURL.xml: Reconnaissance or Not?
https://isc.sans.edu/forums/diary/Scans+for+FPURLxml+Reconnaissance+or+Not/26622/
HP Device Manager Backdoor
https://support.hp.com/us-en/document/c06921908
https://www.theregister.com/2020/09/30/hp_device_manager_backdoor_database_account/
KensingtonWorks RCE
https://robertheaton.com/another-rce-in-kensingtonworks/
10/1/2020 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, September 30th 2020
Managing Remote Access for Contractors and Partners
https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments
Updated Windows ZeroLogon Advisory
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Cisco Patching Exploited DoS Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
FoxIT PDF Reader Update
https://www.foxitsoftware.com/support/security-bulletins.html
9/30/2020 • 4 minutes, 58 seconds
ISC StormCast for Wednesday, September 30th 2020
Managing Remote Access for Contractors and Partners
https://isc.sans.edu/forums/diary/Managing+Remote+Access+for+Partners+Contractors/26614/#comments
Updated Windows ZeroLogon Advisory
https://support.microsoft.com/en-us/help/4557222/how-to-manage-the-changes-in-netlogon-secure-channel-connections-assoc
Cisco Patching Exploited DoS Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
FoxIT PDF Reader Update
https://www.foxitsoftware.com/support/security-bulletins.html
9/30/2020 • 4 minutes, 58 seconds
ISC StormCast for Tuesday, September 29th 2020
Some Tyler Technologies Customers Targeted after Breach
https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/
Obfuscated PowerShell Backdoor
https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/
QNAP Fixes AgeLocker Vulnerability in Photo Station
https://www.qnap.com/de-de/security-advisory/qsa-20-06
TrendMicro Apex One Vulnerablity
https://success.trendmicro.com/product-support/apex-one
9/29/2020 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, September 29th 2020
Some Tyler Technologies Customers Targeted after Breach
https://isc.sans.edu/forums/diary/Some+Tyler+Technologies+Customers+Targeted+with+The+Installation+of+a+Bomgar+Client/26610/
Obfuscated PowerShell Backdoor
https://isc.sans.edu/forums/diary/PowerShell+Backdoor+Launched+from+a+ShellCode/26602/
QNAP Fixes AgeLocker Vulnerability in Photo Station
https://www.qnap.com/de-de/security-advisory/qsa-20-06
TrendMicro Apex One Vulnerablity
https://success.trendmicro.com/product-support/apex-one
9/29/2020 • 5 minutes, 35 seconds
ISC StormCast for Monday, September 28th 2020
Securing Exchange Online
https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/
Decoding Corrupt BASE64
https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/
Fortinet VPN Default Setting Problem
https://securingsam.com/breaching-the-fort/
Single Use Credit Cards Numbers
https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
9/28/2020 • 5 minutes, 39 seconds
ISC StormCast for Monday, September 28th 2020
Securing Exchange Online
https://isc.sans.edu/forums/diary/Securing+Exchange+Online+Guest+Diary/26600/
Decoding Corrupt BASE64
https://isc.sans.edu/forums/diary/Decoding+Corrupt+BASE64+Strings/26606/
Fortinet VPN Default Setting Problem
https://securingsam.com/breaching-the-fort/
Single Use Credit Cards Numbers
https://www.helpnetsecurity.com/2020/09/25/privacy-cards/
9/28/2020 • 5 minutes, 39 seconds
ISC StormCast for Friday, September 25th 2020
Party in Ibiza with PowerShell
https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Microsoft Tracking Zerologon Exploits
https://twitter.com/MsftSecIntel/status/1308941504707063808
Apple Patches
https://support.apple.com/en-us/HT201222
Instagram for Android Vulnerability
https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
9/25/2020 • 6 minutes, 3 seconds
ISC StormCast for Friday, September 25th 2020
Party in Ibiza with PowerShell
https://isc.sans.edu/forums/diary/Party+in+Ibiza+with+PowerShell/26594/
Microsoft Tracking Zerologon Exploits
https://twitter.com/MsftSecIntel/status/1308941504707063808
Apple Patches
https://support.apple.com/en-us/HT201222
Instagram for Android Vulnerability
https://blog.checkpoint.com/2020/09/24/instahack-how-researchers-were-able-to-take-over-the-instagram-app-using-a-malicious-image/
9/25/2020 • 6 minutes, 3 seconds
ISC StormCast for Thursday, September 24th 2020
Dynamic Malicious Word Document
https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
9/24/2020 • 5 minutes, 35 seconds
ISC StormCast for Thursday, September 24th 2020
Dynamic Malicious Word Document
https://isc.sans.edu/forums/diary/Malicious+Word+Document+with+Dynamic+Content/26590/
Old Versions of SAMBA Affected by ZeroLogon Vulnerability
https://www.samba.org/samba/security/CVE-2020-1472.html
Google Chrome Update
https://chromereleases.googleblog.com/2020/09/stable-channel-update-for-desktop_21.html
QNAP Devices hit by AgeLocker Ransomware
https://www.bleepingcomputer.com/news/security/agelocker-ransomware-targets-qnap-nas-devices-steals-data/
9/24/2020 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, September 23rd 2020
Citrix ADC Udpates
https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
9/23/2020 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, September 23rd 2020
Citrix ADC Udpates
https://support.citrix.com/article/CTX281474
Firefox Version 81 Released
https://www.mozilla.org/en-US/firefox/81.0/releasenotes/
Simple Scan Drops Ransomware Risk
https://www.accesswire.com/607018/Corvus-Updates-Scan-Technology-with-RDP-Detection-Slashes-Ransomware-Claims-by-65
iOS 14 Jailbreak
https://checkra.in/news/2020/09/iOS-14-announcement
9/23/2020 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, September 22nd 2020
Slightly Broken Overlay Phishing
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
9/22/2020 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, September 22nd 2020
Slightly Broken Overlay Phishing
https://isc.sans.edu/forums/diary/Slightly+broken+overlay+phishing/26586/
MacOS Code Injection via Third Party Frameworks
https://www.trustedsec.com/blog/macos-injection-via-third-party-frameworks
Snort/ClamAV Cobalt Strike Detection
https://blog.talosintelligence.com/2020/09/coverage-strikes-back-cobalt-strike-paper.html#more
9/22/2020 • 6 minutes, 12 seconds
ISC StormCast for Monday, September 21st 2020
A Mix of Python and VBA in a Malicious Word Document
https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
9/21/2020 • 5 minutes, 47 seconds
ISC StormCast for Monday, September 21st 2020
A Mix of Python and VBA in a Malicious Word Document
https://isc.sans.edu/forums/diary/A+Mix+of+Python+VBA+in+a+Malicious+Word+Document/26578/
Salesforce Phish
https://isc.sans.edu/forums/diary/Analysis+of+a+Salesforce+Phishing+Emails/26582/
Google App Engine Used in Phishing Attacks
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Sysmon Adds Clipboard Monitoring
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
Windows Defender No Longer Able to Download Files
https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-windows-defender-ability-after-security-concerns/
9/21/2020 • 5 minutes, 47 seconds
ISC StormCast for Friday, September 18th 2020
OSSEC Active Response
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
9/18/2020 • 5 minutes, 38 seconds
ISC StormCast for Friday, September 18th 2020
OSSEC Active Response
https://isc.sans.edu/forums/diary/Suspicious+Endpoint+Containment+with+OSSEC/26576/
Microsoft Patch for Office for Mac
https://docs.microsoft.com/en-us/officeupdates/release-notes-office-for-mac
VMWare Fusion Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2020-0020.html
NSA Secure Boot Configuration Guide
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Microsoft Edge Warns Users of Adobe Flash End of Support
https://blogs.windows.com/msedgedev/2020/09/04/update-adobe-flash-end-support/
9/18/2020 • 5 minutes, 38 seconds
ISC StormCast for Thursday, September 17th 2020
Most Recent "Mirai" Bot Includes Code to Target Backups
https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
9/17/2020 • 5 minutes, 32 seconds
ISC StormCast for Thursday, September 17th 2020
Most Recent "Mirai" Bot Includes Code to Target Backups
https://isc.sans.edu/forums/diary/Do+Vulnerabilities+Ever+Get+Old+Recent+Mirai+Variant+Scanning+for+20+Year+Old+Amanda+Version/26572/
Apple Security Updates
https://support.apple.com/en-us/HT201222
9/17/2020 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, September 16th 2020
Traffic Analysis Quiz: Oh No... Another Infection
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
9/16/2020 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, September 16th 2020
Traffic Analysis Quiz: Oh No... Another Infection
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Oh+No+Another+Infection/26566/
Magento 1 Stores Targeted By Recent Attack
https://sansec.io/research/largest-magento-hack-to-date
Adobe Media Encoder Patch
https://helpx.adobe.com/security/products/media-encoder/apsb20-57.html
Zerologin Reminder
https://www.secura.com/pathtoimg.php?id=2055
Windows "Finger" Utility Abused
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
9/16/2020 • 6 minutes, 20 seconds
ISC StormCast for Tuesday, September 15th 2020
Not Everything About ".well-known" is Well Known
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
9/15/2020 • 5 minutes, 9 seconds
ISC StormCast for Tuesday, September 15th 2020
Not Everything About ".well-known" is Well Known
https://isc.sans.edu/forums/diary/Not+Everything+About+wellknown+is+Well+Known/26564/
BLE Lock Vulnerable to Replay Attack
https://www.pentestpartners.com/security-blog/360lock-smart-lock-review/
Mobile Iron Exploit Released
https://blog.orange.tw/2020/09/how-i-hacked-facebook-again-mobileiron-mdm-rce.html
9/15/2020 • 5 minutes, 9 seconds
ISC StormCast for Monday, September 14th 2020
Pillaging and Protecting the Clipboard
https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
9/14/2020 • 6 minutes, 22 seconds
ISC StormCast for Monday, September 14th 2020
Pillaging and Protecting the Clipboard
https://isc.sans.edu/forums/diary/Whats+in+Your+Clipboard+Pillaging+and+Protecting+the+Clipboard/26556/
Critical Vulnerability in PANOS
https://security.paloaltonetworks.com/CVE-2020-2040
Linux VoIP Softswitch Malware
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
CVE-2020-1472 Zerologon Privilege Escalation Vulnerability
https://www.secura.com/blog/zero-logon
9/14/2020 • 6 minutes, 22 seconds
ISC StormCast for Friday, September 11th 2020
Recent Dridex Activity
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
9/11/2020 • 7 minutes, 40 seconds
ISC StormCast for Friday, September 11th 2020
Recent Dridex Activity
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/26550/
Zoom Bombings and Zoom 2FA
https://arxiv.org/abs/2009.03822
https://blog.zoom.us/secure-your-zoom-account-with-two-factor-authentication/
AMD Server CPUs May Be Locked to Particular Motherboard
https://www.servethehome.com/amd-psb-vendor-locks-epyc-cpus-for-enhanced-security-at-a-cost/
BLURtooth Vulnerability
https://www.bluetooth.com/learn-about-bluetooth/bluetooth-technology/bluetooth-security/blurtooth/
9/11/2020 • 7 minutes, 40 seconds
ISC StormCast for Thursday, September 10th 2020
MacOS 11 Network Traffic
https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/
Azure Offers Automatic Windows VM Patching
https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/
WeaveScope Used to Attack Docker Infrastructure
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
9/10/2020 • 5 minutes, 33 seconds
ISC StormCast for Thursday, September 10th 2020
MacOS 11 Network Traffic
https://isc.sans.edu/forums/diary/A+First+Look+at+macOS+11+Big+Sur+Network+Traffic+New+Now+with+more+GREASE/26548/
Azure Offers Automatic Windows VM Patching
https://azure.microsoft.com/en-us/updates/automatic-vm-guest-patching-now-in-preview/
WeaveScope Used to Attack Docker Infrastructure
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
A Blast From The Past: XXEncoded VB 6.0 Trojan
https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/
Office: About OLE and ZIP Files
https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/
Go XSS Vulnerability
https://seclists.org/fulldisclosure/2020/Sep/5
"Baka" JavaScript Skimmer
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
9/8/2020 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, September 8th 2020
A Blast From The Past: XXEncoded VB 6.0 Trojan
https://isc.sans.edu/forums/diary/A+blast+from+the+past+XXEncoded+VB60+Trojan/26538/
Office: About OLE and ZIP Files
https://isc.sans.edu/forums/diary/Office+About+OLE+and+ZIP+Files/26540/
Go XSS Vulnerability
https://seclists.org/fulldisclosure/2020/Sep/5
"Baka" JavaScript Skimmer
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/visa-security-alert-baka-javascript-skimmer.pdf
9/8/2020 • 5 minutes, 31 seconds
ISC StormCast for Friday, September 4th 2020
Sandbox Evasion Using NTP
https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/
Android DNS over HTTPS
https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html
Cisco Jabber Vulnerability Fullowup
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
9/4/2020 • 6 minutes, 12 seconds
ISC StormCast for Friday, September 4th 2020
Sandbox Evasion Using NTP
https://isc.sans.edu/forums/diary/Sandbox+Evasion+Using+NTP/26534/
Android DNS over HTTPS
https://blog.chromium.org/2020/09/a-safer-and-more-private-browsing.html
Cisco Jabber Vulnerability Fullowup
https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/
9/4/2020 • 6 minutes, 12 seconds
ISC StormCast for Thursday, September 3rd 2020
Python and Risky Windows API Calls
https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/
QNAP Updates
https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825
https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817
iOS 13.7 Update
https://support.apple.com/en-us/HT201222
Cisco Jabber Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
MoFi Router Vulnerabilities
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
9/3/2020 • 6 minutes, 18 seconds
ISC StormCast for Thursday, September 3rd 2020
Python and Risky Windows API Calls
https://isc.sans.edu/forums/diary/Python+and+Risky+Windows+API+Calls/26530/
QNAP Updates
https://www.qnap.com/en/release-notes/qts/4.3.6.1411/20200825
https://www.qnap.com/en/release-notes/qts/4.4.3.1400/20200817
iOS 13.7 Update
https://support.apple.com/en-us/HT201222
Cisco Jabber Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg
MoFi Router Vulnerabilities
https://www.criticalstart.com/critical-vulnerabilities-discovered-in-mofi-routers/
9/3/2020 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, September 2nd 2020
Exposed Domain Controllers Used in DDoS Attacks
https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
Microsoft Reviving SHA-1
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585
Trend Micro Updating Anti Malware Products
https://success.trendmicro.com/solution/000263632
Public Voter Data Sold as "Breach"
https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
9/2/2020 • 6 minutes, 39 seconds
ISC StormCast for Wednesday, September 2nd 2020
Exposed Domain Controllers Used in DDoS Attacks
https://isc.sans.edu/forums/diary/Exposed+Windows+Domain+Controllers+Used+in+CLDAP+DDoS+Attacks/26526/
Microsoft Reviving SHA-1
https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-85/ba-p/1618585
Trend Micro Updating Anti Malware Products
https://success.trendmicro.com/solution/000263632
Public Voter Data Sold as "Breach"
https://www.cyberscoop.com/russia-hack-michigan-voter-data-kommersant/
9/2/2020 • 6 minutes, 39 seconds
ISC StormCast for Tuesday, September 1st 2020
Finding The Original Maldoc
https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/
Slack Remote Code Execution
https://hackerone.com/reports/783877
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Cisco IOS XR Bug Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
9/1/2020 • 5 minutes, 15 seconds
ISC StormCast for Tuesday, September 1st 2020
Finding The Original Maldoc
https://isc.sans.edu/forums/diary/Finding+The+Original+Maldoc/26520/
Slack Remote Code Execution
https://hackerone.com/reports/783877
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Cisco IOS XR Bug Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-dvmrp-memexh-dSmpdvfz
9/1/2020 • 5 minutes, 15 seconds
ISC StormCast for Monday, August 31st 2020
CenturyLink Outage
https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
New Zealand Stock Market Denial of Service Attack
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
Pulse Connect Secure RCE Patch
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
8/31/2020 • 7 minutes, 21 seconds
ISC StormCast for Monday, August 31st 2020
CenturyLink Outage
https://blog.cloudflare.com/analysis-of-todays-centurylink-level-3-outage/
New Zealand Stock Market Denial of Service Attack
https://www.theregister.com/2020/08/27/nzx_ddos_third_day/
Pulse Connect Secure RCE Patch
https://www.gosecure.net/blog/2020/08/26/forget-your-perimeter-rce-in-pulse-connect-secure/
8/31/2020 • 7 minutes, 21 seconds
ISC StormCast for Friday, August 28th 2020
A Reminder about Security.txt
https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/
DNS Queries to Root Name Servers
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/
Microsoft Extends Windows 10 1803 Deadline
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
LemonDuck Adding New Tricks
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
8/28/2020 • 7 minutes, 9 seconds
ISC StormCast for Friday, August 28th 2020
A Reminder about Security.txt
https://isc.sans.edu/forums/diary/Securitytxt+one+small+file+for+an+admin+one+giant+help+to+a+security+researcher/26510/
DNS Queries to Root Name Servers
https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/
https://www.zdnet.com/article/chromium-dns-hijacking-detection-accused-of-being-around-half-of-all-root-queries/
Microsoft Extends Windows 10 1803 Deadline
https://support.microsoft.com/en-us/help/13853/windows-lifecycle-fact-sheet
LemonDuck Adding New Tricks
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
8/28/2020 • 7 minutes, 9 seconds
ISC StormCast for Thursday, August 27th 2020
Malicious Excel Sheet with a NULL VT Score
https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/
APT Attack Uses Autodesk Plugin
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
Arrest in Insider Attack
https://www.justice.gov/opa/press-release/file/1308766/download
8/27/2020 • 5 minutes, 43 seconds
ISC StormCast for Thursday, August 27th 2020
Malicious Excel Sheet with a NULL VT Score
https://isc.sans.edu/forums/diary/Malicious+Excel+Sheet+with+a+NULL+VT+Score/26506/
APT Attack Uses Autodesk Plugin
https://www.bitdefender.com/files/News/CaseStudies/study/365/Bitdefender-PR-Whitepaper-APTHackers-creat4740-en-EN-GenericUse.pdf
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-36/
Arrest in Insider Attack
https://www.justice.gov/opa/press-release/file/1308766/download
8/27/2020 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, August 26th 2020
Keep an Eye on LOLBins
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
8/26/2020 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, August 26th 2020
Keep an Eye on LOLBins
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+LOLBins/26502/
Malicious iOS Adnetwork SDK
https://snyk.io/research/sour-mint-malicious-sdk/
Apache Update
https://httpd.apache.org/security/vulnerabilities_24.html
Google Chrome User-Agent Client Hints
https://web.dev/user-agent-client-hints/
8/26/2020 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, August 25th 2020
Tracking a Malware Campaign Through VT
https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
8/25/2020 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, August 25th 2020
Tracking a Malware Campaign Through VT
https://isc.sans.edu/forums/diary/Tracking+A+Malware+Campaign+Through+VT/26498/
Zoom Outage
https://www.cnn.com/2020/08/24/us/zoom-outage-worldwide-trnd/index.html
RDP Remains a Top Target
https://www.group-ib.com/media/iran-cybercriminals/?utm_source=bleeping_computer&utm_medium=article&utm_campaign=referral
Microsoft Introduces Application Guard
https://docs.microsoft.com/en-us/microsoft-365/security/office-365-security/install-app-guard?view=o365-worldwide
Safari File Sharing Bug
https://blog.redteam.pl/2020/08/stealing-local-files-using-safari-web.html
8/25/2020 • 5 minutes, 49 seconds
ISC StormCast for Monday, August 24th 2020
A Word of Caution: Helping Cyber Stalking Victims
https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
8/24/2020 • 6 minutes, 59 seconds
ISC StormCast for Monday, August 24th 2020
A Word of Caution: Helping Cyber Stalking Victims
https://isc.sans.edu/forums/diary/A+Word+of+Caution+Helping+Out+People+Being+Stalked+Online/26422/
RDP and Telnet Scans
https://isc.sans.edu/forums/diary/Remote+Desktop+TCP3389+and+Telnet+TCP23+What+might+they+have+in+Common/26492/
Thales Cinterion Input Validation Vulnerability
https://www.thalesgroup.com/en/markets/digital-identity-and-security/iot/resources/security-updates-cinterion-iot-modules
Google Drive File Extension Spoofing
https://thehackernews.com/2020/08/google-drive-file-versions.html
8/24/2020 • 6 minutes, 59 seconds
ISC StormCast for Friday, August 21st 2020
Office 365 Mail Forwarding Rules (and other Mail Rules too)
https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
8/21/2020 • 6 minutes, 35 seconds
ISC StormCast for Friday, August 21st 2020
Office 365 Mail Forwarding Rules (and other Mail Rules too)
https://isc.sans.edu/forums/diary/Office+365+Mail+Forwarding+Rules+and+other+Mail+Rules+too/26484/
Spoofing GMail/GSuite Customers
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Microsoft Updates DisableAntiSpyware Registry Key
https://docs.microsoft.com/en-us/windows-hardware/customize/desktop/unattend/security-malware-windows-defender-disableantispyware
Acoustic Based Physical Key Inference
https://www.comp.nus.edu.sg/~junhan/papers/SpiKey_HotMobile20_CamReady.pdf
8/21/2020 • 6 minutes, 35 seconds
ISC StormCast for Thursday, August 20th 2020
Example of a Word Document Delivering Qakbot
https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
8/20/2020 • 6 minutes, 20 seconds
ISC StormCast for Thursday, August 20th 2020
Example of a Word Document Delivering Qakbot
https://isc.sans.edu/forums/diary/Example+of+Word+Document+Delivering+Qakbot/26482/
PGP/SMime Implementation Weaknesses
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Windows 8.1 / 2012 Special Patch
https://support.microsoft.com/en-us/help/4578013/security-update-for-windows-8-1-rt-8-1-and-server-2012-r2
Fileless Cryptomining Worm
https://www.helpnetsecurity.com/2020/08/19/fileless-worm-p2p-botnet/
8/20/2020 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, August 19th 2020
Using APIs to Track Attackers
https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
8/19/2020 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, August 19th 2020
Using APIs to Track Attackers
https://isc.sans.edu/forums/diary/Using+APIs+to+Track+Attackers/26472/
Jenkins Security Advisory
https://www.jenkins.io/security/advisory/2020-08-17/
Chrome Will Warn of Insecure Forms
https://blog.chromium.org/2020/08/protecting-google-chrome-users-from.html
Reminder: September 1st Certificate Expiration Change
https://www.ssl.com/blogs/398-day-browser-limit-for-ssl-tls-certificates-begins-september-1-2020/
Cryptojacking Worm Steals AWS Credentials
https://www.helpnetsecurity.com/2020/08/18/worm-steals-aws-credentials/
8/19/2020 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, August 18th 2020
Apache Struts Patch and PoC Exploit
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
8/18/2020 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, August 18th 2020
Apache Struts Patch and PoC Exploit
https://www.tenable.com/blog/cve-2019-0230-apache-struts-potential-remote-code-execution-vulnerability
https://cwiki.apache.org/confluence/display/WW/S2-059
Emotet Bug Used to Inoculate Systems
https://www.binarydefense.com/emocrash-exploiting-a-vulnerability-in-emotet-malware-for-defense/
8/18/2020 • 5 minutes, 59 seconds
ISC StormCast for Monday, August 17th 2020
SANS Data Incident 2020 - Indicators of Compromise
https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
8/17/2020 • 4 minutes, 37 seconds
ISC StormCast for Monday, August 17th 2020
SANS Data Incident 2020 - Indicators of Compromise
https://www.sans.org/blog/sans-data-incident-2020-indicators-of-compromise/
Large File Used to Obfuscate Malware
https://isc.sans.edu/forums/diary/Definition+of+overkill+using+130+MB+executable+to+hide+24+kB+malware/26464/
Mac Malware Spreading via XCode
https://documents.trendmicro.com/assets/pdf/XCSSET_Technical_Brief.pdf
Citrix Broker Service Detected as Trojan by Windows Defender
https://support.citrix.com/article/CTX279897
8/17/2020 • 4 minutes, 37 seconds
ISC StormCast for Friday, August 14th 2020
Decrypting Voice over LTE Calls
https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
8/14/2020 • 8 minutes, 27 seconds
ISC StormCast for Friday, August 14th 2020
Decrypting Voice over LTE Calls
https://revolte-attack.net/
Vulnerabilities found on Amazon's Alexa
https://research.checkpoint.com/2020/amazons-alexa-hacked/
DROVORUB Russian GRU Linux Malware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
8/14/2020 • 8 minutes, 27 seconds
ISC StormCast for Thursday, August 13th 2020
To the Brim at the Gates of Mordor
https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/
Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
8/13/2020 • 7 minutes, 18 seconds
ISC StormCast for Thursday, August 13th 2020
To the Brim at the Gates of Mordor
https://isc.sans.edu/forums/diary/To+the+Brim+at+the+Gates+of+Mordor+Pt+1/26456/
Large Group of Malicious Tor Exit Nodes
https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
SAP Updates
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345
Intel Updates
https://www.intel.com/content/www/us/en/security-center/default.html
SANS Data Incident
https://www.sans.org/dataincident2020
8/13/2020 • 7 minutes, 18 seconds
ISC StormCast for Wednesday, August 12th 2020
vBulletin 0-Day Exploit
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/
Adobe Patches
https://helpx.adobe.com/security.html
Citrix End Point Management Updates
https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
8/12/2020 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, August 12th 2020
vBulletin 0-Day Exploit
https://blog.exploitee.rs/2020/exploiting-vbulletin-a-tale-of-patch-fail/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+August+2020+Patch+Tuesday/26452/
Adobe Patches
https://helpx.adobe.com/security.html
Citrix End Point Management Updates
https://www.citrix.com/blogs/2020/08/11/citrix-provides-security-update-on-citrix-endpoint-management/
8/12/2020 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, August 11th 2020
Small Challenge: A Simple Word Maldoc (Solution)
https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/
Scoping Web Application Pentests
https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/
Problems With Chrome Extensions
https://adguard.com/en/blog/fake-ad-blockers-part-3.html
PDF Test Suite
https://github.com/RUB-NDS/PDF101
https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png
Teamviewer Update
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
8/11/2020 • 7 minutes, 6 seconds
ISC StormCast for Tuesday, August 11th 2020
Small Challenge: A Simple Word Maldoc (Solution)
https://isc.sans.edu/forums/diary/Small+Challenge+A+Simple+Word+Maldoc+Part+2/26444/
Scoping Web Application Pentests
https://isc.sans.edu/forums/diary/Scoping+web+application+and+web+service+penetration+tests/26448/
Problems With Chrome Extensions
https://adguard.com/en/blog/fake-ad-blockers-part-3.html
PDF Test Suite
https://github.com/RUB-NDS/PDF101
https://raw.githubusercontent.com/RUB-NDS/PDF101/master/eval.png
Teamviewer Update
https://community.teamviewer.com/t5/Announcements/Statement-on-CVE-2020-13699/m-p/99129
8/11/2020 • 7 minutes, 6 seconds
ISC StormCast for Monday, August 10th 2020
Scanning Activity Against WIFICAM Using Netcat
https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
Qualcom Snapdragon Vulnerabilities
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
China Blocking TLS 1.3 and ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
8/10/2020 • 7 minutes, 26 seconds
ISC StormCast for Monday, August 10th 2020
Scanning Activity Against WIFICAM Using Netcat
https://isc.sans.edu/forums/diary/Scanning+Activity+Include+Netcat+Listener/26442/
Qualcom Snapdragon Vulnerabilities
https://blog.checkpoint.com/2020/08/06/achilles-small-chip-big-peril/
China Blocking TLS 1.3 and ESNI
https://gfw.report/blog/gfw_esni_blocking/en/
Malware Analysis Quiz
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
Exploiting CVE-2020-9854 on MacOS
https://objective-see.com/blog/blog_0x4D.html
iOS OAuth2 Vulnerablity
https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/
Limiting Location Data Exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
8/6/2020 • 6 minutes, 28 seconds
ISC StormCast for Thursday, August 6th 2020
Malware Analysis Quiz
https://isc.sans.edu/forums/diary/Traffic+Analysis+Quiz+Whats+the+Malware+From+This+Infection/26430/
Exploiting CVE-2020-9854 on MacOS
https://objective-see.com/blog/blog_0x4D.html
iOS OAuth2 Vulnerablity
https://www.computest.nl/en/knowledge-platform/blog/vulnerability-new-touchid-feature-iCloud-accounts-at-risk-breached/
Limiting Location Data Exposure
https://media.defense.gov/2020/Aug/04/2002469874/-1/-1/0/CSI_LIMITING_LOCATION_DATA_EXPOSURE_FINAL.PDF
8/6/2020 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, August 5th 2020
A Reminder to Patch CVE-2020-3452. Active Exploitation Seen
https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/
Internet Choke Points: Concentration of Authoritative Name Servers
https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
August Android Patches Released
https://source.android.com/security/bulletin/2020-08-01
Possible New iOS Jailbreak Affecting Secure Enclave
https://twitter.com/SparkZheng/status/1286599007834271744
8/5/2020 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, August 5th 2020
A Reminder to Patch CVE-2020-3452. Active Exploitation Seen
https://isc.sans.edu/forums/diary/Reminder+Patch+Cisco+ASA+FTD+Devices+CVE20203452+Exploitation+Continues/26426/
Internet Choke Points: Concentration of Authoritative Name Servers
https://isc.sans.edu/forums/diary/Internet+Choke+Points+Concentration+of+Authoritative+Name+Servers/26428/
August Android Patches Released
https://source.android.com/security/bulletin/2020-08-01
Possible New iOS Jailbreak Affecting Secure Enclave
https://twitter.com/SparkZheng/status/1286599007834271744
8/5/2020 • 6 minutes, 24 seconds
ISC StormCast for Tuesday, August 4th 2020
VBA Macro With Multiple Command and Control Channels
https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/
Boothole Patch Causes Unbootable Systems
https://access.redhat.com/solutions/5272311
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery
Disabling MacOS TCC
https://objective-see.com/blog/blog_0x4C.html
CISA Publishes Details about Chinese Malware
https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
8/4/2020 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, August 4th 2020
VBA Macro With Multiple Command and Control Channels
https://isc.sans.edu/forums/diary/Powershell+Bot+with+Multiple+C2+Protocols/26420/
Boothole Patch Causes Unbootable Systems
https://access.redhat.com/solutions/5272311
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/GRUB2SecureBootBypass#Recovery
Disabling MacOS TCC
https://objective-see.com/blog/blog_0x4C.html
CISA Publishes Details about Chinese Malware
https://us-cert.cisa.gov/ncas/current-activity/2020/08/03/chinese-malicious-cyber-activity
8/4/2020 • 5 minutes, 48 seconds
ISC StormCast for Monday, August 3rd 2020
Pages Hit By Bad Bots
https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/
KeePassRPC Vulnerablity
https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040
QNAP Updates Malware Remover
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
Android Phone Updates
https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
8/3/2020 • 5 minutes, 29 seconds
ISC StormCast for Monday, August 3rd 2020
Pages Hit By Bad Bots
https://isc.sans.edu/forums/diary/What+pages+do+bad+bots+look+for/26414/
KeePassRPC Vulnerablity
https://forum.kee.pm/t/a-critical-security-update-for-keepassrpc-is-available/3040
QNAP Updates Malware Remover
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
Android Phone Updates
https://www.theregister.com/2020/07/31/nearly_a_third_of_secondhand/
8/3/2020 • 5 minutes, 29 seconds
ISC StormCast for Friday, July 31st 2020
Python Developers: Prepare!
https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/
Office 365 Phishing Hiding in Google Ads
https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/
Zoom Brute Forcing Vulnerability
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
Netgear Vulnerabilities
https://www.kb.cert.org/vuls/id/576779
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
OPNSense Update
https://opnsense.org/opnsense-20-7/
Microsoft Retiring SHA1
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
7/31/2020 • 5 minutes, 49 seconds
ISC StormCast for Friday, July 31st 2020
Python Developers: Prepare!
https://isc.sans.edu/forums/diary/Python+Developers+Prepare/26408/
Office 365 Phishing Hiding in Google Ads
https://cofense.com/threat-actors-bypass-gateways-google-ad-redirects/
Zoom Brute Forcing Vulnerability
https://www.tomanthony.co.uk/blog/zoom-security-exploit-crack-private-meeting-passwords/
Netgear Vulnerabilities
https://www.kb.cert.org/vuls/id/576779
https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders
OPNSense Update
https://opnsense.org/opnsense-20-7/
Microsoft Retiring SHA1
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/sha-1-windows-content-to-be-retired-august-3-2020/ba-p/1544373
7/31/2020 • 5 minutes, 49 seconds
ISC StormCast for Thursday, July 30th 2020
Consumer VPNs: You May Be Fine Without It
https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/
Tails Update
https://tails.boum.org/news/version_4.9/index.en.html
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
Chrome Update
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
GRUB2 Vulnerability
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Facial Recognition With Masks
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
7/30/2020 • 6 minutes, 8 seconds
ISC StormCast for Thursday, July 30th 2020
Consumer VPNs: You May Be Fine Without It
https://isc.sans.edu/forums/diary/Consumer+VPNs+You+May+Be+Fine+Without/26404/
Tails Update
https://tails.boum.org/news/version_4.9/index.en.html
Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2020-30/
Chrome Update
https://chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop_27.html
GRUB2 Vulnerability
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Facial Recognition With Masks
https://nvlpubs.nist.gov/nistpubs/ir/2020/NIST.IR.8311.pdf
7/30/2020 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, July 29th 2020
New Datafeeds
https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/
Emotet Stealing Email Attachments
https://twitter.com/CofenseLabs/status/1288167724594671618
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Explosed Docker Servers Infected with More Malware
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
7/29/2020 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, July 29th 2020
New Datafeeds
https://isc.sans.edu/forums/diary/All+I+want+this+Tuesday+More+Data/26400/
Emotet Stealing Email Attachments
https://twitter.com/CofenseLabs/status/1288167724594671618
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-47.html
Explosed Docker Servers Infected with More Malware
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
7/29/2020 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, July 28th 2020
In Memory of Donald Smith
https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/
Analyzing Metasploit ASP .Net Payloads
https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/
Emotet Payloads Replaces with GIFs
https://twitter.com/GossiTheDog/status/1286271503005290497
QNAP Devices Attacked
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
7/28/2020 • 4 minutes, 38 seconds
ISC StormCast for Tuesday, July 28th 2020
In Memory of Donald Smith
https://isc.sans.edu/forums/diary/In+Memory+of+Donald+Smith/26396/
Analyzing Metasploit ASP .Net Payloads
https://isc.sans.edu/forums/diary/Analyzing+Metasploit+ASP+NET+Payloads/26392/
Emotet Payloads Replaces with GIFs
https://twitter.com/GossiTheDog/status/1286271503005290497
QNAP Devices Attacked
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
7/28/2020 • 4 minutes, 38 seconds
ISC StormCast for Monday, July 27th 2020
Compromized Desktop Applications By Web Technologies
https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/
Cracking Maldoc VBA Project Passwords
https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/
Cisco Patching Treck IP Stack Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Ubiquity Devices Breack Due to Malformed Feed
https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
7/27/2020 • 5 minutes, 33 seconds
ISC StormCast for Monday, July 27th 2020
Compromized Desktop Applications By Web Technologies
https://isc.sans.edu/forums/diary/Compromized+Desktop+Applications+by+Web+Technologies/26384/
Cracking Maldoc VBA Project Passwords
https://isc.sans.edu/forums/diary/Cracking+Maldoc+VBA+Project+Passwords/26390/
Cisco Patching Treck IP Stack Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-treck-ip-stack-JyBQ5GyC
Ubiquity Devices Breack Due to Malformed Feed
https://community.ui.com/questions/Threat-Management-rules-silently-disabled-for-users-as-of-July-17-2020/35221bd2-843d-41a3-a957-33f57d9a8468
7/27/2020 • 5 minutes, 33 seconds
ISC StormCast for Friday, July 24th 2020
Simple Blocklisting with MISP and pfSense
https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/
ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST)
https://isc.sans.edu/api/intelfeed?json
(also see isc.sans.edu/api )
ASUS RT-AC1900P Router Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440
DLink Leaks Firmware Encryption Key
https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
7/24/2020 • 6 minutes
ISC StormCast for Friday, July 24th 2020
Simple Blocklisting with MISP and pfSense
https://isc.sans.edu/forums/diary/Simple+Blocklisting+with+MISP+pfSense/26380/
ISC Intel Feed (Beta. DO NOT USE AS BLOCKLIST)
https://isc.sans.edu/api/intelfeed?json
(also see isc.sans.edu/api )
ASUS RT-AC1900P Router Vulnerability
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=27440
DLink Leaks Firmware Encryption Key
https://nstarke.github.io/0036-decrypting-dlink-proprietary-firmware-images.html
Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-ro-path-KJuQhB86
7/24/2020 • 6 minutes
ISC StormCast for Thursday, July 23rd 2020
A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092
https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/
PDF Signature Weaknesses
https://pdf-insecurity.org/
Sharepoint Vulnerabliity PoC CVE-2020-1147
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Twilio Compromise
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
7/23/2020 • 6 minutes, 28 seconds
ISC StormCast for Thursday, July 23rd 2020
A Few IoCs Releated to the F5 Vulnerablity CVE-2020-5092
https://isc.sans.edu/forums/diary/A+few+IoCs+related+to+CVE20205092/26378/
PDF Signature Weaknesses
https://pdf-insecurity.org/
Sharepoint Vulnerabliity PoC CVE-2020-1147
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Twilio Compromise
https://www.theregister.com/2020/07/21/twilio_sdk_code_injection/
7/23/2020 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, July 22nd 2020
Comparing Covid19 Remote Services in Different Countries
https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/
Adobe Patches Photoshop
https://helpx.adobe.com/security/products/bridge/apsb20-44.html
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Citrix Workspace App Vulnerability
https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/
Microsoft Publishes Sysinternals Procmon for Linux
https://github.com/microsoft/ProcMon-for-Linux
7/22/2020 • 4 minutes, 35 seconds
ISC StormCast for Wednesday, July 22nd 2020
Comparing Covid19 Remote Services in Different Countries
https://isc.sans.edu/forums/diary/Couple+of+interesting+Covid19+related+stats/26374/
Adobe Patches Photoshop
https://helpx.adobe.com/security/products/bridge/apsb20-44.html
https://helpx.adobe.com/security/products/photoshop/apsb20-45.html
Citrix Workspace App Vulnerability
https://www.pentestpartners.com/security-blog/raining-system-shells-with-citrix-workspace-app/
Microsoft Publishes Sysinternals Procmon for Linux
https://github.com/microsoft/ProcMon-for-Linux
7/22/2020 • 4 minutes, 35 seconds
ISC StormCast for Tuesday, July 21st 2020
Sextortion Follow the Money Wrapup
https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/
"BadPower" USB-C Charger Firmware Weakness (link in chinese)
https://xlab.tencent.com/cn/2020/07/16/badpower/
Zoom Phishing
https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/
Microsoft Office TLS 1.x Phaseout
https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
7/21/2020 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, July 21st 2020
Sextortion Follow the Money Wrapup
https://isc.sans.edu/forums/diary/Sextortion+Update+The+Final+Final+Chapter/26334/
"BadPower" USB-C Charger Firmware Weakness (link in chinese)
https://xlab.tencent.com/cn/2020/07/16/badpower/
Zoom Phishing
https://blog.checkpoint.com/2020/07/16/fixing-the-zoom-vanity-clause-check-point-and-zoom-collaborate-to-fix-vanity-url-issue/
Microsoft Office TLS 1.x Phaseout
https://docs.microsoft.com/en-us/microsoft-365/compliance/prepare-tls-1.2-in-office-365?view=o365-worldwide
7/21/2020 • 6 minutes, 11 seconds
ISC StormCast for Monday, July 20th 2020
#SigRed Update
https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Exploitation of ZeroShell Routers
https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
Zone.Identifier: A Coupe of Observations
https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/
Forgotten tcpdump Options
https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
7/20/2020 • 5 minutes, 48 seconds
ISC StormCast for Monday, July 20th 2020
#SigRed Update
https://isc.sans.edu/forums/diary/Hunting+for+SigRed+Exploitation/26362/
Cloudflare Outage
https://blog.cloudflare.com/cloudflare-outage-on-july-17-2020/
Exploitation of ZeroShell Routers
https://isc.sans.edu/forums/diary/Scanning+Activity+for+ZeroShell+Unauthenticated+Access/26368/
Zone.Identifier: A Coupe of Observations
https://isc.sans.edu/forums/diary/ZoneIdentifier+A+Coupe+Of+Observations/26366/
Forgotten tcpdump Options
https://showmethepackets.com/index.php/2020/07/18/a-few-forgotten-tcpdump-options/
7/20/2020 • 5 minutes, 48 seconds
ISC StormCast for Friday, July 17th 2020
Twitter Compromise
https://twitter.com/TwitterSupport/status/1283591846464233474?s=20
SIGRed PoC
hxxps://github.com/maxpl0it/CVE-2020-1350-DoS
Apple Updates
https://support.apple.com/en-us/HT201222
SAP PoC Exploit Code Published
https://github.com/chipik/SAP_RECON
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
SANS.edu Student: Aaron Elyard: KITT
https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655
KITT: https://github.com/intrepidtechie/KITT-O365-Tool
7/17/2020 • 13 minutes, 47 seconds
ISC StormCast for Friday, July 17th 2020
Twitter Compromise
https://twitter.com/TwitterSupport/status/1283591846464233474?s=20
SIGRed PoC
hxxps://github.com/maxpl0it/CVE-2020-1350-DoS
Apple Updates
https://support.apple.com/en-us/HT201222
SAP PoC Exploit Code Published
https://github.com/chipik/SAP_RECON
https://us-cert.cisa.gov/ncas/alerts/aa20-195a
SANS.edu Student: Aaron Elyard: KITT
https://www.sans.org/reading-room/whitepapers/OpenSource/improving-analyst-efficiency-office365-business-email-compromise-investigation-scenarios-implementation-open-source-tools-39655
KITT: https://github.com/intrepidtechie/KITT-O365-Tool
7/17/2020 • 13 minutes, 47 seconds
ISC StormCast for Thursday, July 16th 2020
MSFT DNS Server Vulnerability
https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/
https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120
Outlook Crashes After Patch Tuesday Updates
https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2020.html
Cisco Backdoors
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
7/16/2020 • 5 minutes, 15 seconds
ISC StormCast for Thursday, July 16th 2020
MSFT DNS Server Vulnerability
https://isc.sans.edu/forums/diary/PATCH+NOW+SIGRed+CVE20201350+Microsoft+DNS+Server+Vulnerability/26356/
https://www.sans.org/webcasts/about-windows-dns-vulnerability-cve-2020-1350-116120
Outlook Crashes After Patch Tuesday Updates
https://www.reddit.com/r/sysadmin/comments/hrq0mn/outlook_immediately_crashing_on_open_after/fy5nnx2/
Oracle Quarterly Critical Patch Update
https://www.oracle.com/security-alerts/cpujul2020.html
Cisco Backdoors
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities
Excel Spreadsheet Macro Kicks Off Formbook Infection
https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
Zoom Update Fixing Zoom on Windows 7 Vulnerability
https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020
DigiCert Replaces 50,000 EV Certificates
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement
Microsoft Warns of OAUTH consent Phishing
https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
7/13/2020 • 6 minutes, 50 seconds
ISC StormCast for Monday, July 13th 2020
Excel Spreadsheet Macro Kicks Off Formbook Infection
https://isc.sans.edu/forums/diary/Excel+spreasheet+macro+kicks+off+Formbook+infection/26332/
Zoom Update Fixing Zoom on Windows 7 Vulnerability
https://support.zoom.us/hc/en-us/articles/360046081271-New-updates-for-July-10-2020
DigiCert Replaces 50,000 EV Certificates
https://knowledge.digicert.com/alerts/DigiCert-ICA-Replacement
Microsoft Warns of OAUTH consent Phishing
https://www.microsoft.com/security/blog/2020/07/08/protecting-remote-workforce-application-attacks-consent-phishing/
7/13/2020 • 6 minutes, 50 seconds
ISC StormCast for Friday, July 10th 2020
Citrix Scanning
https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Google Releases Tsunami Security Scanner
https://github.com/google/tsunami-security-scanner
SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes
https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
7/10/2020 • 14 minutes, 16 seconds
ISC StormCast for Friday, July 10th 2020
Citrix Scanning
https://isc.sans.edu/forums/diary/Active+Exploit+Attempts+Targeting+Recent+Citrix+ADC+Vulnerabilities+CTX276688/26330/
https://www.youtube.com/watch?time_continue=6&v=1_D4_9BKHSc&feature=emb_logo
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Google Releases Tsunami Security Scanner
https://github.com/google/tsunami-security-scanner
SANS.edu Student Billy Wilson: Security Supercomputers with BPF Probes
https://www.sans.org/reading-room/whitepapers/detection/securing-soft-underbelly-supercomputer-bpf-probes-39635#__utma=56421037.1361558334.1422039453.1445264258.1445266863.510&__utmb=56421037.17.9.1445268558432&__utmc=56421037&__utmx=-&__utmz=56421037.1444729543.493.57.utmcsr=admin.sans.org|utmccn=%28referral%29|utmcmd=referral|utmcct=/account/madmin/account_manage
7/10/2020 • 14 minutes, 16 seconds
ISC StormCast for Thursday, July 9th 2020
Obfuscated Malware
https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/
PaloAlto Networks PAN-OS CVE-2020-2034
https://security.paloaltonetworks.com/CVE-2020-2034
Citrix Vulnerability Details (CVE-2020-8194)
https://dmaasland.github.io/posts/citrix.html
Mozilla Suspending Send Service
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
7/9/2020 • 6 minutes, 31 seconds
ISC StormCast for Thursday, July 9th 2020
Obfuscated Malware
https://isc.sans.edu/forums/diary/If+You+Want+Something+Done+Right+You+Have+To+Do+It+Yourself+Malware+Too/26320/
PaloAlto Networks PAN-OS CVE-2020-2034
https://security.paloaltonetworks.com/CVE-2020-2034
Citrix Vulnerability Details (CVE-2020-8194)
https://dmaasland.github.io/posts/citrix.html
Mozilla Suspending Send Service
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
7/9/2020 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, July 8th 2020
F5 Big IP Wrapup
https://twitter.com/NCCGroupInfosec/status/1280593966879125504
https://www.sans.org/webcasts/116065
Citrix ADC / Citrix Gateway Patches
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Microsoft Releases Free Memory Analysis Service
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
7/8/2020 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, July 8th 2020
F5 Big IP Wrapup
https://twitter.com/NCCGroupInfosec/status/1280593966879125504
https://www.sans.org/webcasts/116065
Citrix ADC / Citrix Gateway Patches
https://www.citrix.com/blogs/2020/07/07/citrix-provides-context-on-security-bulletin-ctx276688/
Microsoft Releases Free Memory Analysis Service
https://www.microsoft.com/en-us/research/blog/toward-trusted-sensing-for-the-cloud-introducing-project-freta/
7/8/2020 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, July 7th 2020
More BigIP Exploits
https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/
Special F5 BigIP Webcast
https://www.sans.org/webcasts/116065
Microsoft ATP Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445
Ouch Newsletter: Ransomware
https://www.sans.org/security-awareness-training/resources/ransomware
Extended Research Feed: Added Net Systems Research
https://isc.sans.edu/api/threatcategory/research
7/7/2020 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, July 7th 2020
More BigIP Exploits
https://isc.sans.edu/forums/diary/Summary+of+CVE20205902+F5+BIGIP+RCE+Vulnerability+Exploits/26316/
Special F5 BigIP Webcast
https://www.sans.org/webcasts/116065
Microsoft ATP Web Content Filtering
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/an-update-on-web-content-filtering/ba-p/1505445
Ouch Newsletter: Ransomware
https://www.sans.org/security-awareness-training/resources/ransomware
Extended Research Feed: Added Net Systems Research
https://isc.sans.edu/api/threatcategory/research
Alina PoS Malware Exfiltrating Data via DNS
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Evil Quest "Ransomware" Update
https://objective-see.com/blog/blog_0x59.html
IBM Cyber Resilient Organziation Report
https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
7/2/2020 • 4 minutes, 25 seconds
ISC StormCast for Thursday, July 2nd 2020
Alina PoS Malware Exfiltrating Data via DNS
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Evil Quest "Ransomware" Update
https://objective-see.com/blog/blog_0x59.html
IBM Cyber Resilient Organziation Report
https://www.ibm.com/account/reg/us-en/signup?formid=urx-45839
7/2/2020 • 4 minutes, 25 seconds
ISC StormCast for Wednesday, July 1st 2020
Window 10 / 2019 Server Out of Order Patch
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
MacOS Ransomare Arrives as Fake Little Snitch Software
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
VPN Privilege Escalation
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
DNSSEC Phishing Scam
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
7/1/2020 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, July 1st 2020
Window 10 / 2019 Server Out of Order Patch
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1425
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1457
MacOS Ransomare Arrives as Fake Little Snitch Software
https://blog.malwarebytes.com/mac/2020/06/new-mac-ransomware-spreading-through-piracy/
VPN Privilege Escalation
https://0xsha.io/posts/zombievpn-breaking-that-internet-security
DNSSEC Phishing Scam
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
MacOS 11 Security Changes
https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/
Certificate Lifetime Limited to 1 Year Starting September
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
https://support.apple.com/en-us/HT211025
https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
6/29/2020 • 7 minutes, 7 seconds
ISC StormCast for Monday, June 29th 2020
MacOS 11 Security Changes
https://www.sentinelone.com/blog/macos-big-sur-9-big-surprises-for-enterprise-security/
Certificate Lifetime Limited to 1 Year Starting September
https://chromium.googlesource.com/chromium/src/+/ae4d6809912f8171b23f6aa43c6a4e8e627de784
https://support.apple.com/en-us/HT211025
https://lists.cabforum.org/pipermail/servercert-wg/2020-June/002000.html
6/29/2020 • 7 minutes, 7 seconds
ISC StormCast for Friday, June 26th 2020
Recordings of the Tech Tuesday Workshop
https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
Credit Card Skimmers Hide Code in Favicon EXIF Data
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
GeoVision Scanners Vulnerabilities
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
Docker Images Containing Cryptojacking Malware
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
6/26/2020 • 16 minutes, 43 seconds
ISC StormCast for Friday, June 26th 2020
Recordings of the Tech Tuesday Workshop
https://isc.sans.edu/forums/diary/Tech+Tuesday+Recap+Recordings+Part+2+Installing+the+Honeypot+release/26280/
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
Credit Card Skimmers Hide Code in Favicon EXIF Data
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
GeoVision Scanners Vulnerabilities
https://thehackernews.com/2020/06/geovision-scanner-vulnerabilities.html
Docker Images Containing Cryptojacking Malware
https://unit42.paloaltonetworks.com/cryptojacking-docker-images-for-mining-monero/
SANS.edu Student Karim Lalji: https://www.sans.org/reading-room/whitepapers/threathunting/real-time-honeypot-forensic-investigation-german-organized-crime-network-39640
6/26/2020 • 16 minutes, 43 seconds
ISC StormCast for Thursday, June 25th 2020
Using Shell Links as zero-touch downloaders and to initiate network connections
https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Chrome Updates Released
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
QNAP Updates for Helpdesk
https://www.qnap.com/de-de/security-advisory/qsa-20-03
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-41.html
Attacks Against Microsoft Exchange Servers
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
6/25/2020 • 5 minutes, 49 seconds
ISC StormCast for Thursday, June 25th 2020
Using Shell Links as zero-touch downloaders and to initiate network connections
https://isc.sans.edu/forums/diary/Using+Shell+Links+as+zerotouch+downloaders+and+to+initiate+network+connections/26276/
Chrome Updates Released
https://chromereleases.googleblog.com/2020/06/stable-channel-update-for-desktop_22.html
QNAP Updates for Helpdesk
https://www.qnap.com/de-de/security-advisory/qsa-20-03
Magento Update
https://helpx.adobe.com/security/products/magento/apsb20-41.html
Attacks Against Microsoft Exchange Servers
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
6/25/2020 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, June 24th 2020
Analysis Of Traffic Targeting CyberBunker IP Space
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
Microsoft Offering Enterprise Security Products for Linux/Android
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344
Microsoft Safe Documents
https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
6/24/2020 • 5 minutes, 57 seconds
ISC StormCast for Wednesday, June 24th 2020
Analysis Of Traffic Targeting CyberBunker IP Space
https://isc.sans.edu/forums/diary/Cyberbunker+20+Analysis+of+the+Remnants+of+a+Bullet+Proof+Hosting+Provider/26266/
Microsoft Offering Enterprise Security Products for Linux/Android
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/announcing-microsoft-defender-atp-for-android/ba-p/1480787
https://techcommunity.microsoft.com/t5/microsoft-defender-atp/microsoft-defender-atp-for-linux-is-now-generally-available/ba-p/1482344
Microsoft Safe Documents
https://techcommunity.microsoft.com/t5/microsoft-365-blog/safe-documents-is-generally-available/ba-p/1480401
6/24/2020 • 5 minutes, 57 seconds
ISC StormCast for Tuesday, June 23rd 2020
Comparing Office Documents with WinMerge
https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/
VMWare Tools and Microsoft Office Updates for macOS
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229
Remote Code Execution Vulnerability in Bitdefender
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Google Analytics Used to Exfiltrate Data
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
6/23/2020 • 7 minutes, 13 seconds
ISC StormCast for Tuesday, June 23rd 2020
Comparing Office Documents with WinMerge
https://isc.sans.edu/forums/diary/Comparing+Office+Documents+with+WinMerge/26268/
VMWare Tools and Microsoft Office Updates for macOS
https://www.vmware.com/security/advisories/VMSA-2020-0014.html
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1225
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1226
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-1229
Remote Code Execution Vulnerability in Bitdefender
https://palant.info/2020/06/22/exploiting-bitdefender-antivirus-rce-from-any-website/
Google Analytics Used to Exfiltrate Data
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
6/23/2020 • 7 minutes, 13 seconds
ISC StormCast for Monday, June 22nd 2020
Sigma Rules! The Generic Signature Format for SIEM Systems
https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/
Pi Zero Honeypot
https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/
Ransomware Operators Lurk on Your Network
https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/
Discord Modified to Steal Accounts
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
6/22/2020 • 5 minutes, 24 seconds
ISC StormCast for Monday, June 22nd 2020
Sigma Rules! The Generic Signature Format for SIEM Systems
https://isc.sans.edu/forums/diary/Sigma+rules+The+generic+signature+format+for+SIEM+systems/26258/
Pi Zero Honeypot
https://isc.sans.edu/forums/diary/Pi+Zero+HoneyPot/26260/
Ransomware Operators Lurk on Your Network
https://www.bleepingcomputer.com/news/security/ransomware-operators-lurk-on-your-network-after-their-attack/
Discord Modified to Steal Accounts
https://www.bleepingcomputer.com/news/security/discord-modified-to-steal-accounts-by-new-nitrohack-malware/
Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation
https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/
Zoom Publishes End-to-End Encryption Whitepaper
https://github.com/zoom/zoom-e2e-whitepaper
Linux ACPI Bug Defeats UEFI Secure Boot
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/18/2020 • 7 minutes, 4 seconds
ISC StormCast for Thursday, June 18th 2020
Odd Protest Spam (Scam?) Targeting Atlanta Police Foundation
https://isc.sans.edu/forums/diary/Odd+Protest+Spam+Scam+Targeting+Atlanta+Police+Foundation/26248/
Zoom Publishes End-to-End Encryption Whitepaper
https://github.com/zoom/zoom-e2e-whitepaper
Linux ACPI Bug Defeats UEFI Secure Boot
https://git.zx2c4.com/american-unsigned-language/tree/american-unsigned-language-2.sh
Tech Tuesday Workshop: https://www.sans.org/webcasts/tech-tuesday-workshop-collaborating-scale-contribute-profit-internet-storm-center-115935
6/18/2020 • 7 minutes, 4 seconds
ISC StormCast for Wednesday, June 17th 2020
Sextortion to the Next Level
https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
TMobile Outage Due to Configuration Error
https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Track IP Stack Contains Multiple Vulnerabilities
https://www.kb.cert.org/vuls/id/257161
6/17/2020 • 6 minutes, 39 seconds
ISC StormCast for Wednesday, June 17th 2020
Sextortion to the Next Level
https://isc.sans.edu/forums/diary/Sextortion+to+The+Next+Level/26244/
TMobile Outage Due to Configuration Error
https://www.scmagazine.com/home/security-news/outages-draw-speculation-of-ddos-attack-on-u-s-but-reality-likely-more-boring/
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Track IP Stack Contains Multiple Vulnerabilities
https://www.kb.cert.org/vuls/id/257161
6/17/2020 • 6 minutes, 39 seconds
ISC StormCast for Tuesday, June 16th 2020
HTML Based Phishing Run
https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/
Major T-Mobile Outage (may affect other carriers as well)
https://twitter.com/NevilleRay/status/1272650750665953280
https://status.duo.com/incidents/txv7kq6tr0h8
Vulnerabilities in LTE and 5G Networks
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
SANSFIRE Handler Talks
Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420
Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
6/16/2020 • 6 minutes, 51 seconds
ISC StormCast for Tuesday, June 16th 2020
HTML Based Phishing Run
https://isc.sans.edu/forums/diary/HTML+based+Phishing+Run/26242/
Major T-Mobile Outage (may affect other carriers as well)
https://twitter.com/NevilleRay/status/1272650750665953280
https://status.duo.com/incidents/txv7kq6tr0h8
Vulnerabilities in LTE and 5G Networks
https://positive-tech.com/storage/articles/gtp-2020/threat-vector-gtp-2020-eng.pdf
SANSFIRE Handler Talks
Xavier Mertens: https://www.sans.org/webcasts/sansatmic-walk-logs-hell-115420
Bojan Zdrnja: https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerHTML Phishing
6/16/2020 • 6 minutes, 51 seconds
ISC StormCast for Monday, June 15th 2020
Fileless Excel Malware
https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/
Windows Update Issues
https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10
https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099
Privnote.com Phishing
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
SANS @Mic Talk: ISC Handler Bojan Zdrnja
https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
6/15/2020 • 6 minutes, 16 seconds
ISC StormCast for Monday, June 15th 2020
Fileless Excel Malware
https://isc.sans.edu/forums/diary/Malicious+Excel+Delivering+Fileless+Payload/26232/
Windows Update Issues
https://support.microsoft.com/en-us/help/4566779/usb-printer-port-missing-after-disconnecting-printer-while-windows-10
https://answers.microsoft.com/en-us/windows/forum/all/cumulative-updates-june-9th-2020/45a8a7f3-cb89-459e-acf1-32d9de15c099
Privnote.com Phishing
https://krebsonsecurity.com/2020/06/privnotes-com-is-phishing-bitcoin-from-users-of-private-messaging-service-privnote-com/
SANS @Mic Talk: ISC Handler Bojan Zdrnja
https://www.sans.org/webcasts/sansatmic-arcane-web-mobile-application-vulnerabilities-115425
6/15/2020 • 6 minutes, 16 seconds
ISC StormCast for Friday, June 12th 2020
Anti-Debugging JavaScript Techniques
https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
Facebook Messenger Desktop App Vulnerability
https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
Outlook Massmailing Macros
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?
Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580
Video: https://youtu.be/faoFx7Q3_aM
6/12/2020 • 7 minutes, 1 second
ISC StormCast for Friday, June 12th 2020
Anti-Debugging JavaScript Techniques
https://isc.sans.edu/forums/diary/AntiDebugging+JavaScript+Techniques/26228/
Facebook Messenger Desktop App Vulnerability
https://blog.reasonsecurity.com/2020/06/11/persistence-method-using-facebook-messenger-desktop-app/
Outlook Massmailing Macros
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
STI Student Research: Dennis Taggard; Ebb and Flow: Network Flow Logging as a Staple of Public Cloud Visibility or a Waning Imperative?
Paper: https://www.sans.org/reading-room/whitepapers/cloud/ebb-flow-network-flow-logging-staple-public-cloud-visibility-waning-imperative-39580
Video: https://youtu.be/faoFx7Q3_aM
6/12/2020 • 7 minutes, 1 second
ISC StormCast for Thursday, June 11th 2020
Job Application Themed Malspam Pushes ZLoader
https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/
More Expiring Root CAs
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Black Lives Matter Themed Malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
6/11/2020 • 6 minutes, 18 seconds
ISC StormCast for Thursday, June 11th 2020
Job Application Themed Malspam Pushes ZLoader
https://isc.sans.edu/forums/diary/Job+applicationthemed+malspam+pushes+ZLoader/26222/
More Expiring Root CAs
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Black Lives Matter Themed Malware
https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/
6/11/2020 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, June 10th 2020
Microsoft Patch Day
https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
SMBleed
https://github.com/ZecOps/CVE-2020-1206-POC
Adobe Patches
https://helpx.adobe.com/security.html
Intel Patch Day
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
6/10/2020 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, June 10th 2020
Microsoft Patch Day
https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
SMBleed
https://github.com/ZecOps/CVE-2020-1206-POC
Adobe Patches
https://helpx.adobe.com/security.html
Intel Patch Day
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/?linkId=100000012832617
Anti-Debugging Technique Based on Memory Protection
https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/
Suspending Suspicious Domain Feed/Update to Researcher IP Feed
https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/
Bank Transaction Comments Used for Abusive Messages
https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/
Android Security Bulletin
https://source.android.com/security/bulletin/2020-06-01
Android Wallpaper Crash
https://www.androidauthority.com/android-wallpaper-crash-1124577/
STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS
https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
6/5/2020 • 13 minutes, 14 seconds
ISC StormCast for Friday, June 5th 2020
Anti-Debugging Technique Based on Memory Protection
https://isc.sans.edu/forums/diary/AntiDebugging+Technique+based+on+Memory+Protection/26200/
Suspending Suspicious Domain Feed/Update to Researcher IP Feed
https://isc.sans.edu/forums/diary/Suspending+Suspicious+Domain+Feed+Update+to+Researcher+IP+Feed/26204/
Bank Transaction Comments Used for Abusive Messages
https://www.theregister.com/2020/06/04/commonwealth_bank_bans_indecent_transaction_descriptions/
Android Security Bulletin
https://source.android.com/security/bulletin/2020-06-01
Android Wallpaper Crash
https://www.androidauthority.com/android-wallpaper-crash-1124577/
STI Research Paper: Janusz Pazgier; Efficacy of UNIX HIDS
https://www.sans.org/reading-room/whitepapers/detection/efficacy-unix-hids-39565
6/5/2020 • 13 minutes, 14 seconds
ISC StormCast for Thursday, June 4th 2020
Polish Malspam Pushes ZLoader Malware
https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
Cisco Patches IP-in-IP Flaw
https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
Zoom Fixes Two Critical Flaws
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS
https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
6/4/2020 • 5 minutes, 59 seconds
ISC StormCast for Thursday, June 4th 2020
Polish Malspam Pushes ZLoader Malware
https://isc.sans.edu/forums/diary/Polish+malspam+pushes+ZLoader+malware/26196/
Cisco Patches IP-in-IP Flaw
https://securityaffairs.co/wordpress/104192/security/ip-in-ip-flaw-cisco.html
Zoom Fixes Two Critical Flaws
https://blog.talosintelligence.com/2020/06/vuln-spotlight-zoom-code-execution-june-2020.html
Firefox Disables Automatic DNS over HTTPS Selection to Prevent DDoS
https://www.mozilla.org/en-US/firefox/77.0.1/releasenotes/
6/4/2020 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, June 3rd 2020
Type 2 Strackstrings
https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/
More Details About AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
VMWare Cloud Director Vulnerability and Exploit
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
6/3/2020 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, June 3rd 2020
Type 2 Strackstrings
https://isc.sans.edu/forums/diary/Stackstrings+type+2/26192/
More Details About AddTrust External CA Root Expiration
https://www.agwa.name/blog/post/fixing_the_addtrust_root_expiration
VMWare Cloud Director Vulnerability and Exploit
https://citadelo.com/en/blog/full-infrastructure-takeover-of-vmware-cloud-director-CVE-2020-3956/
6/3/2020 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, June 2nd 2020
Apple Patches Unc0ver
https://support.apple.com/en-us/HT201222
Office 365 Adds Details About Malicious E-Mail Attachments
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570
Impact of Research on Our Data
https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
6/2/2020 • 7 minutes, 6 seconds
ISC StormCast for Tuesday, June 2nd 2020
Apple Patches Unc0ver
https://support.apple.com/en-us/HT201222
Office 365 Adds Details About Malicious E-Mail Attachments
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=64570
Impact of Research on Our Data
https://isc.sans.edu/forums/diary/The+Impact+of+Researchers+on+Our+Data/26182/
6/2/2020 • 7 minutes, 6 seconds
ISC StormCast for Monday, June 1st 2020
Sectigo AddTrust CA Expired
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Critical Sign In With Apple Flaw
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
DABANGG: Refined Flush Based Cache Attacks
https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf
New Website Explaining FIDO
https://loginwithfido.com/
6/1/2020 • 6 minutes, 15 seconds
ISC StormCast for Monday, June 1st 2020
Sectigo AddTrust CA Expired
https://support.sectigo.com/articles/Knowledge/Sectigo-AddTrust-External-CA-Root-Expiring-May-30-2020
Critical Sign In With Apple Flaw
https://bhavukjain.com/blog/2020/05/30/zeroday-signin-with-apple/
DABANGG: Refined Flush Based Cache Attacks
https://www.cse.iitk.ac.in/users/biswap/DABANGG.pdf
New Website Explaining FIDO
https://loginwithfido.com/
6/1/2020 • 6 minutes, 15 seconds
ISC StormCast for Friday, May 29th 2020
USBFuzz Finds Numerous USB Flaws
https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
5/29/2020 • 18 minutes, 43 seconds
ISC StormCast for Friday, May 29th 2020
USBFuzz Finds Numerous USB Flaws
https://www.nebelwelt.net/files/20SEC3.pdf
Cisco Products Vulnerable to Saltstack Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-salt-2vx545AG
Another Nail in the Coffin for SHA-1
https://eprint.iacr.org/2020/014.pdf
STI Student: Andy Piazza; Qualifying Threat Actor Assessments
https://www.sans.org/reading-room/whitepapers/threatintelligence/paper/39585
5/29/2020 • 18 minutes, 43 seconds
ISC StormCast for Thursday, May 28th 2020
Phishing With Google Cloud
https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/
Trend Micro AntiVirus Blocked by Microsoft
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
5/28/2020 • 6 minutes, 49 seconds
ISC StormCast for Thursday, May 28th 2020
Phishing With Google Cloud
https://isc.sans.edu/forums/diary/Frankensteins+phishing+using+Google+Cloud+Storage/26174/
Trend Micro AntiVirus Blocked by Microsoft
https://billdemirkapi.me/How-to-use-Trend-Micro-Rootkit-Remover-to-Install-a-Rootkit/
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
5/28/2020 • 6 minutes, 49 seconds
ISC StormCast for Wednesday, May 27th 2020
Where is SHA3
https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/
Apple Updates
https://support.apple.com/en-us/HT201222
Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-20-666/
https://www.zerodayinitiative.com/advisories/ZDI-20-665/
https://www.zerodayinitiative.com/advisories/ZDI-20-663/
https://www.zerodayinitiative.com/advisories/ZDI-20-662/
https://www.zerodayinitiative.com/advisories/ZDI-20-664/
Research into Phish Detection
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
5/27/2020 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, May 27th 2020
Where is SHA3
https://isc.sans.edu/forums/diary/Seriously+SHA3+where+art+thou/26170/
Apple Updates
https://support.apple.com/en-us/HT201222
Google ZDI Releases Details Regarding Unpatched Windows Vulnerabilities
https://www.zerodayinitiative.com/advisories/ZDI-20-666/
https://www.zerodayinitiative.com/advisories/ZDI-20-665/
https://www.zerodayinitiative.com/advisories/ZDI-20-663/
https://www.zerodayinitiative.com/advisories/ZDI-20-662/
https://www.zerodayinitiative.com/advisories/ZDI-20-664/
Research into Phish Detection
https://medium.com/@curtbraz/these-arent-the-phish-you-re-looking-for-7374c3986af5
Spike of Scans for Port 62234
https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB
Google Chrome 83 Released
https://chromereleases.googleblog.com/
QNAP Vulnerability Details Released
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
ISC YouTube Channel
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
5/20/2020 • 6 minutes, 32 seconds
ISC StormCast for Wednesday, May 20th 2020
Spike of Scans for Port 62234
https://isc.sans.edu/forums/diary/What+is+up+on+Port+62234/26144/
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-info-disclose-9eJtycMB
Google Chrome 83 Released
https://chromereleases.googleblog.com/
QNAP Vulnerability Details Released
https://medium.com/bugbountywriteup/qnap-pre-auth-root-rce-affecting-450k-devices-on-the-internet-d55488d28a05
ISC YouTube Channel
https://www.youtube.com/channel/UCfbOsqPmWg1H_34hTjKEW2A
5/20/2020 • 6 minutes, 32 seconds
ISC StormCast for Tuesday, May 19th 2020
Antivirus & Multiple Detections
https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
5/19/2020 • 6 minutes, 16 seconds
ISC StormCast for Tuesday, May 19th 2020
Antivirus & Multiple Detections
https://isc.sans.edu/forums/diary/Antivirus+Multiple+Detections/26134/
Office 365 Returning Search Results from Other Organizations
https://www.theregister.co.uk/2020/05/18/microsoft_office_365_internal_search_mixup/
MagicPairing Vulnerabilities
https://arxiv.org/pdf/2005.07255.pdf
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
5/19/2020 • 6 minutes, 16 seconds
ISC StormCast for Monday, May 18th 2020
OWA Scans
https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
5/18/2020 • 6 minutes, 19 seconds
ISC StormCast for Monday, May 18th 2020
OWA Scans
https://isc.sans.edu/forums/diary/Scanning+for+Outlook+Web+Access+OWA+Microsoft+Exchange+Control+Panel+ECP/26132/
Edison iOS E-Mail Client Leaks Data
https://www.theverge.com/2020/5/16/21260967/edison-mail-update-ios-security-bug
COMpfun Malware Uses Status Codes to Communicate
https://securelist.com/compfun-http-status-based-trojan/96874/
PAN OS Patches
https://securityaffairs.co/wordpress/103265/security/palo-alto-networks-pan-os-flaws.html
5/18/2020 • 6 minutes, 19 seconds
ISC StormCast for Friday, May 15th 2020
Rethinking Severity
https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
5/15/2020 • 6 minutes, 2 seconds
ISC StormCast for Friday, May 15th 2020
Rethinking Severity
https://isc.sans.edu/forums/diary/Patch+Tuesday+Revisited+CVE20201048+isnt+as+Medium+as+MS+Would+Have+You+Believe/26124/
Top Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
Zerodium Drops Payouts For iOS/Safari Exploits
https://twitter.com/Zerodium/status/1260541578747064326?s=20
BigIP Edge Client Vulenrability
https://support.f5.com/csp/article/K20346072
5/15/2020 • 6 minutes, 2 seconds
ISC StormCast for Thursday, May 14th 2020
Malspam with Links to ZIP Archives Pushes Dridex Malware
https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
5/14/2020 • 5 minutes, 58 seconds
ISC StormCast for Thursday, May 14th 2020
Malspam with Links to ZIP Archives Pushes Dridex Malware
https://isc.sans.edu/forums/diary/Malspam+with+links+to+zip+archives+pushes+Dridex+malware/26116/
Ramsay Cyber Espionage Toolkit
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Windows DNS over HTTPS Preview
https://techcommunity.microsoft.com/t5/networking-blog/windows-insiders-can-now-test-dns-over-https/ba-p/1381282#
ISC Handler Series (SANSFIRE)
https://www.sans.org/event/sansfire-2020/bonus-sessions/
5/14/2020 • 5 minutes, 58 seconds
ISC StormCast for Wednesday, May 13th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
5/13/2020 • 7 minutes, 3 seconds
ISC StormCast for Wednesday, May 13th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2020+Patch+Tuesday/26114/
Adobe Security Updates
https://helpx.adobe.com/security.html
Android Applications Expose Firebase Databases
https://www.comparitech.com/blog/information-security/firebase-misconfiguration-report/#What_data_is_exposed
More Magecart Sighted
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/
Glitter vs. Thunderspy
https://www.youtube.com/watch?v=vlK5rrlc44g
Scanning With NMAP NSE Scripts
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
5/8/2020 • 5 minutes, 47 seconds
ISC StormCast for Friday, May 8th 2020
Scanning With NMAP NSE Scripts
https://isc.sans.edu/forums/diary/Scanning+with+nmaps+NSE+scripts/26096/
iOS Psychic Paper Vulerability
https://siguza.github.io/psychicpaper/
World Password Day
https://www.microsoft.com/security/blog/2020/05/07/protect-accounts-smarter-ways-sign-in-world-passwordless-day
https://tails.boum.org/news/version_4.6/index.en.html
Cisco Kerberos Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-asa-kerberos-bypass-96Gghe2sS
5/8/2020 • 5 minutes, 47 seconds
ISC StormCast for Thursday, May 7th 2020
Keeping an Eye on Malicious Files Life Time
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
5/7/2020 • 5 minutes, 56 seconds
ISC StormCast for Thursday, May 7th 2020
Keeping an Eye on Malicious Files Life Time
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Malicious+Files+Life+Time/26092/
Fake Crypto Wallet Chrome Extensions
https://www.theregister.co.uk/2020/05/06/chrome_malicious_extensions/
Favicon Hides Credit Card Skimmer
https://blog.malwarebytes.com/threat-analysis/2020/05/credit-card-skimmer-masquerades-as-favicon/
WebEx Phishing
https://abnormalsecurity.com/blog/abnormal-attack-stories-cisco-webex-phishing/
5/7/2020 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, May 6th 2020
Do Cloud Security Features Replace Pesonnel Security Capabilities?
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
5/6/2020 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, May 6th 2020
Do Cloud Security Features Replace Pesonnel Security Capabilities?
https://isc.sans.edu/forums/diary/Cloud+Security+Features+Dont+Replace+the+Need+for+Personnel+Security+Capabilities/26088/
Citrix ShareFile Storage Zones Controller Update
https://support.citrix.com/article/CTX269106
Android Update
https://source.android.com/security/bulletin/2020-05-01
Firefox Update
https://www.mozilla.org/en-US/firefox/76.0/releasenotes/
Dell OS Recovery Image Insecure Inherited Permissions
https://www.dell.com/support/article/de-de/sln321036/dsa-2020-059-dell-os-recovery-image-insecure-inherited-permissions-vulnerability?lang=en
WordPress Update
https://wordpress.org/support/wordpress-version/version-5-4-1/#security-updates
5/6/2020 • 5 minutes, 14 seconds
ISC StormCast for Tuesday, May 5th 2020
Exploring the Sysmon 11 File Deletion Protection
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
5/5/2020 • 5 minutes, 24 seconds
ISC StormCast for Tuesday, May 5th 2020
Exploring the Sysmon 11 File Deletion Protection
https://isc.sans.edu/forums/diary/Sysmon+and+File+Deletion/26084/
Digicert CT Compromise
https://groups.google.com/a/chromium.org/forum/#!topic/ct-policy/aKNbZuJzwfM
WebLogic Flaw (new one..) Exploited in the Wild
https://blogs.oracle.com/security/apply-april-2020-cpu
5/5/2020 • 5 minutes, 24 seconds
ISC StormCast for Monday, May 4th 2020
ZIP Files and AES
https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
5/4/2020 • 5 minutes, 25 seconds
ISC StormCast for Monday, May 4th 2020
ZIP Files and AES
https://isc.sans.edu/forums/diary/ZIP+AES/26080/
Saltstack Vulnerability Exploited in the Wild
https://status.ghost.org/
Mobile Device Manager Compromise
https://research.checkpoint.com/2020/first-seen-in-the-wild-mobile-as-attack-vector-using-mdm/
5/4/2020 • 5 minutes, 25 seconds
ISC StormCast for Friday, May 1st 2020
Collecting IOCs from IMAP Folder
https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
5/1/2020 • 7 minutes, 15 seconds
ISC StormCast for Friday, May 1st 2020
Collecting IOCs from IMAP Folder
https://isc.sans.edu/forums/diary/Collecting+IOCs+from+IMAP+Folder/26070/
Attack Traffic on TCP Port 9673
https://isc.sans.edu/forums/diary/Attack+traffic+on+TCP+port+9673/26074/
Saltstack Authorization Bypass
https://labs.f-secure.com/advisories/saltstack-authorization-bypass
Mac Sandbox Escape
https://lapcatsoftware.com/articles/sandbox-escape.html
5/1/2020 • 7 minutes, 15 seconds
ISC StormCast for Thursday, April 30th 2020
Privacy Preserving Protocols to Trace Covid19 Exposure
https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
4/30/2020 • 6 minutes, 16 seconds
ISC StormCast for Thursday, April 30th 2020
Privacy Preserving Protocols to Trace Covid19 Exposure
https://isc.sans.edu/forums/diary/Privacy+Preserving+Protocols+to+Trace+Covid19+Exposure/26066/
Google Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_27.html
https://docs.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security
Updated Version of Sysmon
https://docs.microsoft.com/en-us/sysinternals/downloads/sysmon
https://techcommunity.microsoft.com/t5/sysinternals-blog/sysmon-v11-0-livekd-v5-63-process-explorer-v16-32-coreinfo-v3-5/ba-p/1345153
Shade Ransomware Keys Released
https://github.com/shade-team/keys/blob/master/README.md
Exploiting the Exploiters
https://medium.com/@curtbraz/exploiting-the-exploiters-46fd0d620fd8
4/30/2020 • 6 minutes, 16 seconds
ISC StormCast for Wednesday, April 29th 2020
Agent Tesla Delivered by the Same Phishing Campagin for Over a Year
https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
4/29/2020 • 4 minutes, 50 seconds
ISC StormCast for Wednesday, April 29th 2020
Agent Tesla Delivered by the Same Phishing Campagin for Over a Year
https://isc.sans.edu/forums/diary/Agent+Tesla+delivered+by+the+same+phishing+campaign+for+over+a+year/26062/
VMWare ESXi Patch
https://www.vmware.com/security/advisories/VMSA-2020-0008.html
Microsoft Guidance For Ransomware Response
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Adobe Security Patches
https://helpx.adobe.com/security.html
4/29/2020 • 4 minutes, 50 seconds
ISC StormCast for Tuesday, April 28th 2020
Powershell Payload Stored in a PSCredential Object
https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
4/28/2020 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, April 28th 2020
Powershell Payload Stored in a PSCredential Object
https://isc.sans.edu/forums/diary/Powershell+Payload+Stored+in+a+PSCredential+Object/26058/
Microsoft Teams Account Takeover Bug
https://www.cyberark.com/threat-research-blog/beware-of-the-gif-account-takeover-vulnerability-in-microsoft-teams/
USB Drives used to Spread Crypto Coin Mining Botnet
https://www.welivesecurity.com/2020/04/23/eset-discovery-monero-mining-botnet-disrupted/
GCC's New Security Analyzer Finds Flaw in OpenSSL
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
4/24/2020 • 7 minutes, 21 seconds
ISC StormCast for Friday, April 24th 2020
GCC's New Security Analyzer Finds Flaw in OpenSSL
https://developers.redhat.com/blog/2020/03/26/static-analysis-in-gcc-10/
IBM Spectrum Protect Server Stack Based Buffer Overflow
https://www.ibm.com/support/pages/node/6195706
Possible Issues With Cummulative Windows Updates
https://www.reddit.com/search/?q=KB4549951
Using a GPU as a Radio
https://duo.com/labs/research/finding-radio-sidechannels
Comparing Red Team Platforms
https://redcanary.com/blog/comparing-red-team-platforms/
4/24/2020 • 7 minutes, 21 seconds
ISC StormCast for Thursday, April 23rd 2020
iOS Mail 0Day
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
4/23/2020 • 6 minutes, 4 seconds
ISC StormCast for Thursday, April 23rd 2020
iOS Mail 0Day
https://blog.zecops.com/vulnerabilities/unassisted-ios-attacks-via-mobilemail-maild-in-the-wild/
Zoom 5 To Be Released Shortly Addressing Encryption Issues
https://blog.zoom.us/wordpress/2020/04/22/zoom-hits-milestone-on-90-day-security-plan-releases-zoom-5-0/
OpenSSL Fixes DOS Flaw
https://www.openssl.org/news/secadv/20200421.txt
4/23/2020 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, April 22nd 2020
SpectX: Log Parser for DFIR
https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
4/22/2020 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, April 22nd 2020
SpectX: Log Parser for DFIR
https://isc.sans.edu/forums/diary/SpectX+Log+Parser+for+DFIR/26040/
Microsoft Patches Autodesk Library in Office
https://www.autodesk.com/trust/security-advisories/adsk-sa-2020-0002
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200004
Stripe Data Collection
https://mtlynch.io/stripe-recording-its-customers/
IBM Data Risk Manager Vulnerabilities
https://github.com/pedrib/PoC/blob/master/advisories/IBM/ibm_drm/ibm_drm_rce.md
Weaponized RTF Document Generator Mailer in PowerShell
https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
4/20/2020 • 5 minutes, 34 seconds
ISC StormCast for Monday, April 20th 2020
Weaponized RTF Document Generator Mailer in PowerShell
https://isc.sans.edu/forums/diary/Weaponized+RTF+Document+Generator+Mailer+in+PowerShell/26030/
Microsoft Fixes Bad Anti-Malware Signatures
https://www.microsoft.com/en-us/wdsi/definitions/antimalware-definition-release-notes
Sophos Pulls Bad Firmware Update
https://community.sophos.com/kb/en-us/135383
Credentials Stolen from Pulse Secure VPN Abused
https://www.us-cert.gov/ncas/alerts/aa20-107a
Chrome Update
https://chromereleases.googleblog.com/2020/04/stable-channel-update-for-desktop_15.html
4/20/2020 • 5 minutes, 34 seconds
ISC StormCast for Friday, April 17th 2020
Applocker vs. Living off the Land Attacks
https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
4/17/2020 • 5 minutes, 50 seconds
ISC StormCast for Friday, April 17th 2020
Applocker vs. Living off the Land Attacks
https://isc.sans.edu/forums/diary/Using+AppLocker+to+Prevent+Living+off+the+Land+Attacks/26032/
Netlink GPON 0-Day
https://blog.netlab.360.com/multiple-fiber-routers-are-being-compromised-by-botnets-using-0-day-en/
Windows Security Crashing After Definition Update
https://www.askwoody.com/2020/reports-of-windows-security-nee-microsoft-security-essentials-crashing-after-installing-this-mornings-definition-updates/
700 Malicious Ruby Gems Found
https://thehackernews.com/2020/04/rubygem-typosquatting-malware.html
vCenter Exploit for CVE-2020-3952
https://www.guardicore.com/2020/04/pwning-vmware-vcenter-cve-2020-3952/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
4/15/2020 • 5 minutes
ISC StormCast for Wednesday, April 15th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+April+2020+Patch+Tuesday/26022/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
Microsoft Extending EOL For Windows 10 1709/1809
https://support.microsoft.com/en-us/help/4557164/lifecycle-changes-to-end-of-support-and-servicing-dates
Dell Safe BIOS
https://blog.dellemc.com/en-us/dell-technologies-bolsters-pc-security-todays-remote-workers/
4/15/2020 • 5 minutes
ISC StormCast for Tuesday, April 14th 2020
Comparing the same Phishing Campaign 3 Months Appart
https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
4/14/2020 • 6 minutes, 20 seconds
ISC StormCast for Tuesday, April 14th 2020
Comparing the same Phishing Campaign 3 Months Appart
https://isc.sans.edu/forums/diary/Look+at+the+same+phishing+campaign+3+months+apart/26018/
Setting 3D Printers On Fire
https://www.coalfire.com/The-Coalfire-Blog/April-2020/With-IoT-Common-Devices-Pose-New-Threats
Junos OS: vMX Default Credentials
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10998
DNS is Changing: So What? (@Mic Webinar)
https://www.sans.org/webcasts/113635
4/14/2020 • 6 minutes, 20 seconds
ISC StormCast for Monday, April 13th 2020
Dynamic Analysis Technique to Get Decrypted KPOT Malware
https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
4/13/2020 • 5 minutes, 18 seconds
ISC StormCast for Monday, April 13th 2020
Dynamic Analysis Technique to Get Decrypted KPOT Malware
https://isc.sans.edu/forums/diary/Reader+Analysis+Dynamic+analysis+technique+to+get+decrypted+KPOT+Malware/26010/
VMWare vCenter Server Vulnerability
https://www.vmware.com/security/advisories/VMSA-2020-0006.html
Sodinokibi Ransomware Switching to Monero
https://www.bleepingcomputer.com/news/security/sodinokibi-ransomware-to-stop-taking-bitcoin-to-hide-money-trail/
Malware Impersonates Security Researchers
https://www.bleepingcomputer.com/news/security/new-wiper-malware-impersonates-security-researchers-as-prank/
4/13/2020 • 5 minutes, 18 seconds
ISC StormCast for Friday, April 10th 2020
Spoofing OS Fingerprints
https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
4/10/2020 • 5 minutes, 45 seconds
ISC StormCast for Friday, April 10th 2020
Spoofing OS Fingerprints
https://isc.sans.edu/forums/diary/Performing+deception+to+OS+Fingerprint+Part+1+nmap/25960/
Dell iDRAC Patch
https://www.dell.com/support/article/de-de/sln320717/dsa-2020-063-idrac-buffer-overflow-vulnerability?lang=en
VISA Ends Magento 1 Support
https://usa.visa.com/content/dam/VCOM/global/support-legal/documents/acquirer-advisory-magento-migration.pdf
Slack WebRTC TURN Compromise
https://www.rtcsec.com/2020/04/01-slack-webrtc-turn-compromise/
COVID 19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
4/10/2020 • 5 minutes, 45 seconds
ISC StormCast for Thursday, April 9th 2020
German Malspam Pushes ZLoader Malware; Decrypting HTTPs
https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
4/9/2020 • 5 minutes, 54 seconds
ISC StormCast for Thursday, April 9th 2020
German Malspam Pushes ZLoader Malware; Decrypting HTTPs
https://isc.sans.edu/forums/diary/German+malspam+pushes+ZLoader+malware/25996/
Microsoft Purchases Corp.com
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Microsoft Delaying Removal of Basic Authentiation from Exchange Online
https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-and-exchange-online-april-2020-update/ba-p/1275508
Dark Nexus Botnet
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
4/9/2020 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, April 8th 2020
RDP Scanning Increase
https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
4/8/2020 • 5 minutes, 10 seconds
ISC StormCast for Wednesday, April 8th 2020
RDP Scanning Increase
https://isc.sans.edu/forums/diary/Increase+in+RDP+Scanning/25994/
Atlassian Advices Users To Secure Jira Service Desk
https://community.atlassian.com/t5/Jira-Service-Desk-articles/Tips-for-setting-customer-permissions-in-Jira-Service-Desk/ba-p/1340617
Android Updates
https://support.google.com/pixelphone/thread/38337876
4/8/2020 • 5 minutes, 10 seconds
ISC StormCast for Tuesday, April 7th 2020
ROSTELECOM Reroutes Traffic for Multiple Cloud Providers
https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
4/7/2020 • 6 minutes, 35 seconds
ISC StormCast for Tuesday, April 7th 2020
ROSTELECOM Reroutes Traffic for Multiple Cloud Providers
https://twitter.com/bgpmon/status/1246842916502302723
https://bgpstream.com/event/230837
Vuln Cost Security Scanner for VS Code
https://snyk.io/security-scanner-vuln-cost/
Microsoft Exchange Server Vulnerability still not Patched
https://blog.rapid7.com/2020/04/06/phishing-for-system-on-microsoft-exchange-cve-2020-0688/
Fake Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
4/7/2020 • 6 minutes, 35 seconds
ISC StormCast for Monday, April 6th 2020
New Bypass Technique or Corrupt Word Document
https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
4/6/2020 • 5 minutes, 44 seconds
ISC StormCast for Monday, April 6th 2020
New Bypass Technique or Corrupt Word Document
https://isc.sans.edu/forums/diary/New+Bypass+Technique+or+Corrupt+Word+Document/25984/
CitizenLab Analyzes Zoom Encryption
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
https://www.sans.org/webcasts/zomg-its-zoom-114670
Mozilla Patches Critical Firefox Flaws
https://www.mozilla.org/en-US/security/advisories/mfsa2020-11/
Malicious JavaScript injected into Discord
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-account-stealer-by-updated-malware/
4/6/2020 • 5 minutes, 44 seconds
ISC StormCast for Friday, April 3rd 2020
Twitter Cache Bug in Firefox
https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
4/3/2020 • 6 minutes, 34 seconds
ISC StormCast for Friday, April 3rd 2020
Twitter Cache Bug in Firefox
https://privacy.twitter.com/en/blog/2020/data-cache-firefox
MS-SQL Server Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
More Zoom Vulnerabilities
https://objective-see.com/blog/blog_0x56.html
Covid-19 Economic Impact Payments Scams
https://www.justice.gov/usao-edky/press-release/file/1265371/download
Safari Camera Access Bug
https://www.ryanpickren.com/webcam-hacking-overview
4/3/2020 • 6 minutes, 34 seconds
ISC StormCast for Thursday, April 2nd 2020
Quakbot Malspam Sent From an Infected Windows Host
https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
4/2/2020 • 6 minutes, 27 seconds
ISC StormCast for Thursday, April 2nd 2020
Quakbot Malspam Sent From an Infected Windows Host
https://isc.sans.edu/forums/diary/Qakbot+malspam+sent+from+an+infected+Windows+host/25972/
TPOT Cowrie to ISC Logs
https://isc.sans.edu/forums/diary/TPOTs+Cowrie+to+ISC+Logs/25976/
SSH Issues After MacOS Update
https://feed.tyler.io/so-uh-i-think-catalina-10154-broke-ssh/
Cloudflare DNS For Families
https://blog.cloudflare.com/introducing-1-1-1-1-for-families/
Zoom Leaks Windows Password Hashes via UNC Links
https://twitter.com/hackerfantastic/status/1245133371262619654
Crashing Windows Explorer Without a Click
https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
3/31/2020 • 6 minutes, 50 seconds
ISC StormCast for Tuesday, March 31st 2020
Crashing Windows Explorer Without a Click
https://isc.sans.edu/forums/diary/Crashing+explorerexe+without+a+click/25966/
Zoom Privacy Policy
https://blogs.harvard.edu/doc/2020/03/27/zoom/
Zoom Bombing
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
Zoom Related Domains Used for Phishing
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
3/31/2020 • 6 minutes, 50 seconds
ISC StormCast for Monday, March 30th 2020
Covid19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
3/30/2020 • 5 minutes, 38 seconds
ISC StormCast for Monday, March 30th 2020
Covid19 Domain Classifier
https://isc.sans.edu/covidclassifier.html
https://www.youtube.com/watch?v=yNIlyJ3gI-4
Attackers Mail Malicious USB Drives and Teddy Bears
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
HongKong News Sites Used to Install Malware on iOS Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/operation-poisoned-news-hong-kong-users-targeted-with-mobile-malware-via-local-news-links/
3/30/2020 • 5 minutes, 38 seconds
ISC StormCast for Friday, March 27th 2020
Very Large Sample as an Obfuscation Technique
https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
3/27/2020 • 5 minutes, 40 seconds
ISC StormCast for Friday, March 27th 2020
Very Large Sample as an Obfuscation Technique
https://isc.sans.edu/forums/diary/Very+Large+Sample+as+Evasion+Technique/25948/
iOS VPN Bypass
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
Free Covid19 Domain List
https://www.domaintools.com/resources/blog/free-covid-19-threat-list-domain-risk-assessments-for-coronavirus-threats
Linux Rubber Ducky Protection
https://opensource.googleblog.com/2020/03/usb-keystroke-injection-protection.html
3/27/2020 • 5 minutes, 40 seconds
ISC StormCast for Thursday, March 26th 2020
Dridex Update
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
3/26/2020 • 5 minutes, 23 seconds
ISC StormCast for Thursday, March 26th 2020
Dridex Update
https://isc.sans.edu/forums/diary/Recent+Dridex+activity/25944/
Covid-19 Ransom
https://twitter.com/johullrich/status/1242983197555789824
HP Enterprise SSD Firmware Bug
https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=a00097382en_us
Fake Google Chrome Update
https://news.drweb.com/show/?i=13746&lng=en
TrickBot Pushing a 2FA Bypass App in Germany
https://securityintelligence.com/posts/trickbot-pushing-a-2fa-bypass-app-to-bank-customers-in-germany/
3/26/2020 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, March 25th 2020
Updated Microsoft Advisory 200006
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
3/25/2020 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, March 25th 2020
Updated Microsoft Advisory 200006
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
Memcached Denial of Service Vulnerability
https://github.com/memcached/memcached/issues/629
Adobe Creative Cloud Desktop Application Patches
https://helpx.adobe.com/security/products/creative-cloud/apsb20-11.html
Microsoft Pausing Cumulative Updates Starting May
https://docs.microsoft.com/en-us/windows/release-information/windows-message-center#405
Apple Security Patches
https://support.apple.com/en-us/HT201222
OpenWRT Vulnerability Fixed
https://thehackernews.com/2020/03/openwrt-rce-vulnerability.html
3/25/2020 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, March 24th 2020
Windows Font Parsing 0-Day
https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
3/24/2020 • 6 minutes, 1 second
ISC StormCast for Tuesday, March 24th 2020
Windows Font Parsing 0-Day
https://isc.sans.edu/forums/diary/Windows+Zeroday+Actively+Exploited+Type+1+Font+Parsing+Remote+Code+Execution+Vulnerability/25936/
Covid-19 Malware Summary
https://github.com/parthdmaniar/coronavirus-covid-19-SARS-CoV-2-IoCs
Firefox Turns TLS 1.0/1.1 Back on
https://www.mozilla.org/en-US/firefox/74.0/releasenotes/
3/24/2020 • 6 minutes, 1 second
ISC StormCast for Monday, March 23rd 2020
More Covid19 Malware
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
3/23/2020 • 6 minutes, 41 seconds
ISC StormCast for Monday, March 23rd 2020
More Covid19 Malware
https://isc.sans.edu/forums/diary/More+COVID19+Themed+Malware/25930/
Working Exploit for the Kr00k Wifi Exploit
https://hexway.io/research/r00kie-kr00kie/
ZDI Pwn2Own Results
https://www.zerodayinitiative.com/blog/2020/3/17/welcome-to-pwn2own-2020-the-schedule-and-live-results
3/23/2020 • 6 minutes, 41 seconds
ISC StormCast for Friday, March 20th 2020
COVID-19 Themed Multistage Malware
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
3/20/2020 • 5 minutes, 9 seconds
ISC StormCast for Friday, March 20th 2020
COVID-19 Themed Multistage Malware
https://isc.sans.edu/forums/diary/COVID19+Themed+Multistage+Malware/25922/
Cisco SD-WAN Patches
https://tools.cisco.com/security/center/publicationListing.x
oPatch Selling Patches for Windows 7
https://twitter.com/0patch/status/1240602635205586945
LDAPFragger: Bypassing network restrictions using LDAP attributes
https://research.nccgroup.com/2020/03/19/ldapfragger-bypassing-network-restrictions-using-ldap-attributes/
A Quick Summary of Current Reflective DNS DDoS Attacks
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
3/18/2020 • 7 minutes, 45 seconds
ISC StormCast for Wednesday, March 18th 2020
A Quick Summary of Current Reflective DNS DDoS Attacks
https://isc.sans.edu/forums/diary/A+Quick+Summary+of+Current+Reflective+DNS+DDoS+Attacks/25916/
Trickbot gtag red5 distributed as DLL File
https://isc.sans.edu/forums/diary/Trickbot+gtag+red5+distributed+as+a+DLL+file/25918/
Is Cryptojacking Dead after Coinhive Shutdown
https://arxiv.org/pdf/2001.02975.pdf
Adobe Patches
https://helpx.adobe.com/security/products/acrobat/apsb20-13.html
3/18/2020 • 7 minutes, 45 seconds
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
3/17/2020 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, March 17th 2020
Desktop.ini as a post-exploitation tool
https://isc.sans.edu/forums/diary/Desktopini+as+a+postexploitation+tool/25912/
VMWAre Workstatation/Fusion Update
https://www.vmware.com/security/advisories/VMSA-2020-0004.html
Blackwater Malware Abuses Cloudflare Workers
https://www.bleepingcomputer.com/news/security/blackwater-malware-abuses-cloudflare-workers-for-c2-communication/
tcpdump Heap Based Buffer Over-Read
https://nvd.nist.gov/vuln/detail/CVE-2018-19325
Slack Account Takevoer Bug
https://hackerone.com/reports/737140
3/17/2020 • 5 minutes, 52 seconds
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
3/16/2020 • 6 minutes, 53 seconds
ISC StormCast for Monday, March 16th 2020
Phishing PDFs With Incremental Updates
https://isc.sans.edu/forums/diary/Phishing+PDF+With+Incremental+Updates/25904/
VPN Access and Active Monitoring
https://isc.sans.edu/forums/diary/VPN+Access+and+Activity+Monitoring/25906/
Capturing Invalid Ethernet Frames
https://isc.sans.edu/forums/diary/Not+all+Ethernet+NICs+are+Created+Equal+Trying+to+Capture+Invalid+Ethernet+Frames/25896/
Cookiethief Android Cookie Stealing Malware
https://securelist.com/cookiethief/96332/
SANS Security Awareness Deployment Kit for Securing Your Workforce at Home
https://www.sans.org/webcasts/113875
3/16/2020 • 6 minutes, 53 seconds
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
3/13/2020 • 6 minutes, 48 seconds
ISC StormCast for Friday, March 13th 2020
Microsoft Releases Patch for Windows SMBv3 Compression Vulnerability CVE-2020-0796
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0796
Hancitor Distributed Through Coronavirus-Themed Malspam
https://isc.sans.edu/forums/diary/Hancitor+distributed+through+coronavirusthemed+malspam/25892/
Avast Removes Vulnerable JavaScript Emulator From Products
https://github.com/taviso/avscript
Checkra1n Exploit Works Against T2 Equipped Macs
https://www.idownloadblog.com/2020/03/10/luca-todesco-teases-checkra1n-hacks-on-a-t2-equipped-macbook-pros-touch-bar/
3/13/2020 • 6 minutes, 48 seconds
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
3/12/2020 • 5 minutes, 45 seconds
ISC StormCast for Thursday, March 12th 2020
Mystery SMB3 Flaw Update
https://isc.sans.edu/forums/diary/Critical+SMBv3+Vulnerability+Remote+Code+Execution/25890/
COVID19 Malware
https://blog.reasonsecurity.com/2020/03/09/covid-19-info-stealer-the-map-of-threats-threat-analysis-report/
Agent Tesla Spread by Fake Canon EOS Notification Email
https://isc.sans.edu/forums/diary/Agent+Tesla+Delivered+via+Fake+Canon+EOS+Notification+on+Free+OwnCloud+Account/25884/
3/12/2020 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://isc.sans.edu/diary.html?storyid=25886
3/11/2020 • 5 minutes, 17 seconds
ISC StormCast for Wednesday, March 11th 2020
Microsoft Patch Tuesday
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV200005
https://isc.sans.edu/diary.html?storyid=25886
3/11/2020 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
3/10/2020 • 6 minutes, 45 seconds
ISC StormCast for Tuesday, March 10th 2020
Malicious Spreadsheet With Data Connection and Excel 4 Macros
https://isc.sans.edu/forums/diary/Malicious+Spreadsheet+With+Data+Connection+and+Excel+4+Macros/25880/
Take a Way: Exploring the Security Implications of AMD's Cache Way Predictors
https://mlq.me/download/takeaway.pdf
https://www.amd.com/en/corporate/product-security
Google Play Store Protect Fails Security Test
https://www.av-test.org/en/news/here-s-how-well-17-android-security-apps-provide-protection/
3/10/2020 • 6 minutes, 45 seconds
ISC StormCast for Monday, March 9th 2020
Excel Maldocs: Hidden Sheets
https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
3/9/2020 • 5 minutes, 30 seconds
ISC StormCast for Monday, March 9th 2020
Excel Maldocs: Hidden Sheets
https://isc.sans.edu/forums/diary/Excel+Maldocs+Hidden+Sheets/25876/
Wireshark 3.2.2. Released
https://www.wireshark.org/docs/relnotes/wireshark-3.2.2.html
Linux PPP Vulnerability
https://www.kb.cert.org/vuls/id/782301/
NordVPN Vulnerablity
https://www.theregister.co.uk/2020/03/06/nordvpn_no_auth_needed_view_user_payments/
Unpatched Android Devices
https://www.which.co.uk/news/2020/03/more-than-one-billion-android-devices-at-risk-of-malware-threats/
3/9/2020 • 5 minutes, 30 seconds
ISC StormCast for Friday, March 6th 2020
Survey Phish
https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
3/6/2020 • 6 minutes, 15 seconds
ISC StormCast for Friday, March 6th 2020
Survey Phish
https://isc.sans.edu/forums/diary/Will+You+Put+Your+Password+in+a+Survey/25866/
Healthcare.gov Sending E-Mail Looking Like Phishing
https://twitter.com/johullrich/status/1235740586717720577
Intel x86 Root of Trust: Loss of Trust
https://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Let's Encrypt Revises Revokation Plan
https://community.letsencrypt.org/t/2020-02-29-caa-rechecking-bug/114591/2
Trust Me, I'm Certified Podcast
https://www.giac.org/podcasts
3/6/2020 • 6 minutes, 15 seconds
ISC StormCast for Thursday, March 5th 2020
MSFT Subdomain Takeover
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Homoglyph Attacks in the News Again
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Coronavirus Phish
https://twitter.com/JCyberSec_/status/1234806881195044865
3/5/2020 • 6 minutes, 46 seconds
ISC StormCast for Thursday, March 5th 2020
MSFT Subdomain Takeover
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Homoglyph Attacks in the News Again
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Coronavirus Phish
https://twitter.com/JCyberSec_/status/1234806881195044865
3/5/2020 • 6 minutes, 46 seconds
ISC StormCast for Wednesday, March 4th 2020
Introduction to EvtxEcmd (Evtx Explorer)
https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/
Let's Encrypt Revoking Certificates
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
Using Smart Devices in the Home Securely (NCSC Version)
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Ransomware and Cloud Backups
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
SANS Coronavirus Training Guarantee
https://www.sans.org/training-guarantee
3/4/2020 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, March 4th 2020
Introduction to EvtxEcmd (Evtx Explorer)
https://isc.sans.edu/forums/diary/Introduction+to+EvtxEcmd+Evtx+Explorer/25858/
Let's Encrypt Revoking Certificates
https://community.letsencrypt.org/t/revoking-certain-certificates-on-march-4/114864
Using Smart Devices in the Home Securely (NCSC Version)
https://www.ncsc.gov.uk/guidance/smart-devices-in-the-home
Ransomware and Cloud Backups
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
SANS Coronavirus Training Guarantee
https://www.sans.org/training-guarantee
3/4/2020 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, March 3rd 2020
SSL Distribution by Country
https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/
Checkpoint Evasion Encyclopedia
https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/
OWASP Threat Dragon
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
SANS Free Things
https://sans.org/free
3/3/2020 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, March 3rd 2020
SSL Distribution by Country
https://isc.sans.edu/forums/diary/Secure+vs+cleartext+protocols+couple+of+interesting+stats/25854/
Checkpoint Evasion Encyclopedia
https://research.checkpoint.com/2020/cpr-evasion-encyclopedia-the-check-point-evasion-repository/
OWASP Threat Dragon
https://github.com/mike-goodwin/owasp-threat-dragon-desktop
SANS Free Things
https://sans.org/free
3/3/2020 • 5 minutes, 46 seconds
ISC StormCast for Monday, March 2nd 2020
Show me Your Clipboard Data!
https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/
Hazelcast IMDB Discover Scan
https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/
Microsoft Exchange Server Vulnerabilty Scans
https://twitter.com/GossiTheDog/status/1232369036438233088
Tomcat Ghostcat Vulnerability
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
3/2/2020 • 5 minutes, 6 seconds
ISC StormCast for Monday, March 2nd 2020
Show me Your Clipboard Data!
https://isc.sans.edu/forums/diary/Show+me+Your+Clipboard+Data/25846/
Hazelcast IMDB Discover Scan
https://isc.sans.edu/forums/diary/Hazelcast+IMDG+Discover+Scan/25850/
Microsoft Exchange Server Vulnerabilty Scans
https://twitter.com/GossiTheDog/status/1232369036438233088
Tomcat Ghostcat Vulnerability
https://lists.apache.org/thread.html/r7c6f492fbd39af34a68681dbbba0468490ff1a97a1bd79c6a53610ef%40%3Cannounce.tomcat.apache.org%3E
3/2/2020 • 5 minutes, 6 seconds
ISC StormCast for Friday, February 28th 2020
Ultrasonic Triggers for Cellphone Assistants.
https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
Comparing Information Leakage from Different Browsers
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Cloud Snooper Attack
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
2/28/2020 • 5 minutes, 33 seconds
ISC StormCast for Friday, February 28th 2020
Ultrasonic Triggers for Cellphone Assistants.
https://source.wustl.edu/2020/02/surfing-attack-hacks-siri-google-with-ultrasonic-waves/
Comparing Information Leakage from Different Browsers
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Cloud Snooper Attack
https://news.sophos.com/en-us/2020/02/25/cloud-snooper-attack-bypasses-firewall-security-measures/
Fraudulant Paypal Charges (links in German)
https://twitter.com/iblueconnection/status/1232259071602044928
https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html
https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/
Chrome Update
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Microsoft Public Preview For Azure AD Hybrid Environments
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
2/26/2020 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, February 26th 2020
Fraudulant Paypal Charges (links in German)
https://twitter.com/iblueconnection/status/1232259071602044928
https://www.heise.de/security/meldung/Google-Pay-Luecke-in-virtuellen-Kreditkarten-erlaubt-unberechtigte-Abbuchungen-4667527.html
https://stadt-bremerhaven.de/google-pay-virtuelle-paypal-kreditkarten-weisen-sicherheitsluecken-auf/
Chrome Update
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop_24.html
Microsoft Public Preview For Azure AD Hybrid Environments
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/public-preview-of-azure-ad-support-for-fido2-security-keys-in/ba-p/1187929
2/26/2020 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, February 25th 2020
ScrollToTextFragment Privacy Concerns in Google Chrome 80
https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989
https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx
Another OpenSMTPD Vulnerability
https://github.com/OpenSMTPD/OpenSMTPD/releases
WhatsApp Group Invite Links in Search Engines
https://twitter.com/JordanWildon/status/1230829082662842369
2/25/2020 • 7 minutes, 16 seconds
ISC StormCast for Tuesday, February 25th 2020
ScrollToTextFragment Privacy Concerns in Google Chrome 80
https://github.com/WICG/ScrollToTextFragment/issues/76#issue-538137989
https://docs.google.com/document/d/1YHcl1-vE_ZnZ0kL2almeikAj2gkwCq8_5xwIae7PVik/edit#heading=h.uoiwg23pt0tx
Another OpenSMTPD Vulnerability
https://github.com/OpenSMTPD/OpenSMTPD/releases
WhatsApp Group Invite Links in Search Engines
https://twitter.com/JordanWildon/status/1230829082662842369
2/25/2020 • 7 minutes, 16 seconds
ISC StormCast for Monday, February 24th 2020
Old Style Excel Macro Malware
https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/
Simple But Efficient VBScript Obfuscation
https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/
Let's Encrypt Beefs Up Validation
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Google Play Store Joker / Clicken Malware
https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
Google Warns of Microsoft Edge
https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
2/24/2020 • 6 minutes, 42 seconds
ISC StormCast for Monday, February 24th 2020
Old Style Excel Macro Malware
https://isc.sans.edu/forums/diary/Maldoc+Excel+4+Macros+in+OOXML+Format/25830/
Simple But Efficient VBScript Obfuscation
https://isc.sans.edu/forums/diary/Simple+but+Efficient+VBScript+Obfuscation/25828/
Let's Encrypt Beefs Up Validation
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Google Play Store Joker / Clicken Malware
https://research.checkpoint.com/2020/android-app-fraud-haken-clicker-and-joker-premium-dialer/
Google Warns of Microsoft Edge
https://www.heise.de/security/meldung/l-f-Google-findet-den-neuen-Edge-Browser-doof-und-unsicher-4665634.html
2/24/2020 • 6 minutes, 42 seconds
ISC StormCast for Friday, February 21st 2020
Enumerating Who "Owns" a Workstation for IR
https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/
Special Update for Adobe After Effects and Media Encoder
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Python ReDoS Bugs
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
2/21/2020 • 6 minutes, 42 seconds
ISC StormCast for Friday, February 21st 2020
Enumerating Who "Owns" a Workstation for IR
https://isc.sans.edu/forums/diary/Whodat+Enumerating+Who+owns+a+Workstation+for+IR/25822/
Special Update for Adobe After Effects and Media Encoder
https://helpx.adobe.com/security/products/after_effects/apsb20-09.html
https://helpx.adobe.com/security/products/media-encoder/apsb20-10.html
Cisco Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-on-prem-static-cred-sL8rDs8
Apple To No Longer Accept Certifcates as Valid that Exceed a Lifetime of 13 months
https://www.theregister.co.uk/2020/02/20/apple_shorter_cert_lifetime/
Python ReDoS Bugs
https://blog.r2c.dev/posts/finding-python-redos-bugs-at-scale-using-dlint-and-r2c/
2/21/2020 • 6 minutes, 42 seconds
ISC StormCast for Thursday, February 20th 2020
Sonicwall Vulnerabilities
https://psirt.global.sonicwall.com/vuln-list
https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
SQL Server RCE Exploit
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
Ransomware in Switzerland
https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html
Peripheral Vulnerabilities in Windows and Linux
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
2/20/2020 • 5 minutes, 46 seconds
ISC StormCast for Thursday, February 20th 2020
Sonicwall Vulnerabilities
https://psirt.global.sonicwall.com/vuln-list
https://blog.scrt.ch/2020/02/11/sonicwall-sra-and-sma-vulnerabilties/
SQL Server RCE Exploit
https://www.mdsec.co.uk/2020/02/cve-2020-0618-rce-in-sql-server-reporting-services-ssrs/
Ransomware in Switzerland
https://www.melani.admin.ch/melani/en/home/dokumentation/newsletter/sicherheitsrisiko-durch-ransomware.html
Peripheral Vulnerabilities in Windows and Linux
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
2/20/2020 • 5 minutes, 46 seconds
ISC StormCast for Wednesday, February 19th 2020
Discovering Contents of Folders Without Permission
https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/
Ring Enforces 2FA
https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/
Iranian's finally discover VPN Vulnerabilities
https://www.clearskysec.com/fox-kitten/
WordPress ThemeGrill Auth Bypass
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
2/19/2020 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, February 19th 2020
Discovering Contents of Folders Without Permission
https://isc.sans.edu/forums/diary/Discovering+contents+of+folders+in+Windows+without+permissions/25816/
Ring Enforces 2FA
https://blog.ring.com/2020/02/18/extra-layers-of-security-and-control/
Iranian's finally discover VPN Vulnerabilities
https://www.clearskysec.com/fox-kitten/
WordPress ThemeGrill Auth Bypass
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
2/19/2020 • 6 minutes, 12 seconds
ISC StormCast for Tuesday, February 18th 2020
More about Curl on Windows
https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
2/18/2020 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, February 18th 2020
More about Curl on Windows
https://isc.sans.edu/forums/diary/curl+and+SSPI/25812/
WHO Warns of Coronavirus Phishing
https://www.who.int/about/communications/cyber-security
DUO Security / Google Identify Malicous Chrome Extensions
https://duo.com/labs/research/crxcavator-malvertising-2020
2/18/2020 • 5 minutes, 41 seconds
ISC StormCast for Monday, February 17th 2020
Keep an Eye on Command-Line Browsers
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/
Old Tricks in New Bots: KBOT
https://securelist.com/kbot-sometimes-they-come-back/96157/
OpenSSH Now With Fido/U2F
http://www.openssh.com/txt/release-8.2
2/17/2020 • 5 minutes, 28 seconds
ISC StormCast for Monday, February 17th 2020
Keep an Eye on Command-Line Browsers
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+CommandLine+Browsers/25804/
Old Tricks in New Bots: KBOT
https://securelist.com/kbot-sometimes-they-come-back/96157/
OpenSSH Now With Fido/U2F
http://www.openssh.com/txt/release-8.2
2/17/2020 • 5 minutes, 28 seconds
ISC StormCast for Friday, February 14th 2020
Changes to Microsoft LDAP/AD And How to Cope with them
https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/
https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/
SweynTooth BLE Vulnerabilities
https://asset-group.github.io/disclosures/sweyntooth/
Symantec Endpoint Protection Multiple Issues
https://support.symantec.com/us/en/article.SYMSA1505.html
DNSSEC Root Key Signing Ceremony Delayed
https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
2/14/2020 • 6 minutes, 44 seconds
ISC StormCast for Friday, February 14th 2020
Changes to Microsoft LDAP/AD And How to Cope with them
https://isc.sans.edu/forums/diary/Authmageddon+deferred+but+not+averted+Microsoft+LDAP+Changes+now+slated+for+Q3Q4+2020/25800/
https://isc.sans.edu/forums/diary/March+Patch+Tuesday+is+Coming+the+LDAP+Changes+will+Change+Your+Life/25796/
SweynTooth BLE Vulnerabilities
https://asset-group.github.io/disclosures/sweyntooth/
Symantec Endpoint Protection Multiple Issues
https://support.symantec.com/us/en/article.SYMSA1505.html
DNSSEC Root Key Signing Ceremony Delayed
https://mm.icann.org/pipermail/root-dnssec-announce/2020/000121.html
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/
Adobe Patches
https://helpx.adobe.com/security.html
Ransomware Abuses Out of Date Driver
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
2/12/2020 • 22 minutes, 15 seconds
ISC StormCast for Wednesday, February 12th 2020
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+February+2020/25790/
Adobe Patches
https://helpx.adobe.com/security.html
Ransomware Abuses Out of Date Driver
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
2/12/2020 • 22 minutes, 15 seconds
ISC StormCast for Tuesday, February 11th 2020
Paypal Phish is Asking for Everything
https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/
Dell SupportAssist Client Uncontrolled Search Patch Vulnerability
https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
Lock My PC Used By Support Scammers
https://fspro.net/lock-pc/
https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/
Insecure Docker Registries
https://unit42.paloaltonetworks.com/leaked-docker-code/
2/11/2020 • 6 minutes, 23 seconds
ISC StormCast for Tuesday, February 11th 2020
Paypal Phish is Asking for Everything
https://isc.sans.edu/forums/diary/Current+PayPal+phishing+campaign+or+give+me+all+your+personal+information/25786/
Dell SupportAssist Client Uncontrolled Search Patch Vulnerability
https://www.dell.com/support/article/ro/ro/robsdt1/sln320101/dsa-2020-005-dell-supportassist-client-uncontrolled-search-path-vulnerability?lang=en
Lock My PC Used By Support Scammers
https://fspro.net/lock-pc/
https://www.bleepingcomputer.com/news/security/lock-my-pc-used-by-tech-support-scammers-dev-offers-free-recovery/
Insecure Docker Registries
https://unit42.paloaltonetworks.com/leaked-docker-code/
2/11/2020 • 6 minutes, 23 seconds
ISC StormCast for Monday, February 10th 2020
Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript
https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/
Emotet Spreads via Wifi
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Exploit Available for sudo pwfeedback bug
https://dylankatz.com/Analysis-of-CVE-2019-18634/
xiongmail/hisilicon Vulnerability
https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
2/10/2020 • 6 minutes, 32 seconds
ISC StormCast for Monday, February 10th 2020
Sandbox Detection Tricks and Nice Obfuscation in a Single VBScript
https://isc.sans.edu/forums/diary/Sandbox+Detection+Tricks+Nice+Obfuscation+in+a+Single+VBScript/25780/
Emotet Spreads via Wifi
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Exploit Available for sudo pwfeedback bug
https://dylankatz.com/Analysis-of-CVE-2019-18634/
xiongmail/hisilicon Vulnerability
https://censys.io/blog/probing-the-xiongmai-hisilicon-soc-vulnerability
2/10/2020 • 6 minutes, 32 seconds
ISC StormCast for Friday, February 7th 2020
Criticial Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
2/7/2020 • 5 minutes, 37 seconds
ISC StormCast for Friday, February 7th 2020
Criticial Bluetooth Vulnerability in Android (CVE-2020-0022)
https://insinuator.net/2020/02/critical-bluetooth-vulnerability-in-android-cve-2020-0022/
Wacom Tablets Reports Application Details to Google
https://robertheaton.com/2020/02/05/wacom-drawing-tablets-track-name-of-every-application-you-open/
Bitbucket Delivers Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Realtek HD Audio Driver Package DLL Preloading
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
2/7/2020 • 5 minutes, 37 seconds
ISC StormCast for Thursday, February 6th 2020
Fake Browser Updates installing NetSupport RAT
https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/
2/6/2020 • 5 minutes, 50 seconds
ISC StormCast for Thursday, February 6th 2020
Fake Browser Updates installing NetSupport RAT
https://isc.sans.edu/forums/diary/Fake+browser+update+pages+are+still+a+thing/25774/
Google Android Update
https://source.android.com/security/bulletin/2020-02-01#Google-Play-system-updates
5 Cisco Vulnerabilities
https://www.armis.com/cdpwn/
2/6/2020 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, February 5th 2020
Google Chrome 80 Released
https://www.chromium.org/updates/same-site
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
File Read Vulnerablity in WhatsApp
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
HiSilicon DVR Backdoor
https://habr.com/en/post/486856/
2/5/2020 • 6 minutes, 16 seconds
ISC StormCast for Wednesday, February 5th 2020
Google Chrome 80 Released
https://www.chromium.org/updates/same-site
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
File Read Vulnerablity in WhatsApp
https://chromereleases.googleblog.com/2020/02/stable-channel-update-for-desktop.html
HiSilicon DVR Backdoor
https://habr.com/en/post/486856/
Malware Using Text from Impeachment News Coverage
https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/
Coronavirus Themed Malware Targets Japan with Emotet
https://twitter.com/Cryptolaemus1/status/1222388971428294656
https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b
abuse.ch Offers new "I got phished" service
https://igotphished.abuse.ch/
OpenSMTPD RCE Vulnerability
https://www.openwall.com/lists/oss-security/2020/01/28/3
1/30/2020 • 6 minutes, 34 seconds
ISC StormCast for Thursday, January 30th 2020
Malware Using Text from Impeachment News Coverage
https://www.bleepingcomputer.com/news/security/malware-tries-to-trump-security-software-with-potus-impeachment/
Coronavirus Themed Malware Targets Japan with Emotet
https://twitter.com/Cryptolaemus1/status/1222388971428294656
https://exchange.xforce.ibmcloud.com/collection/18f373debc38779065a26f1958dc260b
abuse.ch Offers new "I got phished" service
https://igotphished.abuse.ch/
OpenSMTPD RCE Vulnerability
https://www.openwall.com/lists/oss-security/2020/01/28/3
1/30/2020 • 6 minutes, 34 seconds
ISC StormCast for Wednesday, January 29th 2020
Recent Emotet Infection installs Trickbot
https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
Apple Updates
https://support.apple.com/en-us/HT201222
Zoom Fixes Video Conferencing Brute Forcing Vulnerability
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Intel Fixes Yet Another Information Leakage Flaw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
https://cacheoutattack.com/
Avast Anti Virus Selling User's Browsing Data
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
1/29/2020 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, January 29th 2020
Recent Emotet Infection installs Trickbot
https://isc.sans.edu/forums/diary/Emotet+epoch+1+infection+with+Trickbot+gtag+mor84/25752/
Apple Updates
https://support.apple.com/en-us/HT201222
Zoom Fixes Video Conferencing Brute Forcing Vulnerability
https://www.theregister.co.uk/2020/01/28/zoom_eavesdrop_hack/
Intel Fixes Yet Another Information Leakage Flaw
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00329.html
https://cacheoutattack.com/
Avast Anti Virus Selling User's Browsing Data
https://www.vice.com/en_us/article/qjdkq7/avast-antivirus-sells-user-browsing-data-investigation
1/29/2020 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, January 28th 2020
Coronavirus Preparedness and Associated Scams
https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/
RD Gateway RCE Exploit Demoed
https://twitter.com/layle_ctf/status/1221514332049113095?s=12
Mitsubishi Electric Compromised via Trend Micro Vulnerability
http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
1/28/2020 • 4 minutes, 32 seconds
ISC StormCast for Tuesday, January 28th 2020
Coronavirus Preparedness and Associated Scams
https://isc.sans.edu/forums/diary/Network+Security+Perspective+on+Coronavirus+Preparedness/25750/
RD Gateway RCE Exploit Demoed
https://twitter.com/layle_ctf/status/1221514332049113095?s=12
Mitsubishi Electric Compromised via Trend Micro Vulnerability
http://www.mitsubishielectric.co.jp/news/2020/0120-b.pdf
https://www.zdnet.com/article/trend-micro-antivirus-zero-day-used-in-mitsubishi-electric-hack/
1/28/2020 • 4 minutes, 32 seconds
ISC StormCast for Monday, January 27th 2020
Citrix Releases ADC Updates For All Versions
https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/
Temporary Windows 0-Day Fix Breaks Printers
https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/
Critical Vulnerabilitiesin GE Medical Devices
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
1/27/2020 • 5 minutes, 50 seconds
ISC StormCast for Monday, January 27th 2020
Citrix Releases ADC Updates For All Versions
https://www.citrix.com/blogs/2020/01/24/citrix-releases-final-fixes-for-cve-2019-19781/
Temporary Windows 0-Day Fix Breaks Printers
https://www.reddit.com/r/sysadmin/comments/etumy7/microsoft_ie_zeroday_fix_breaks_hp_printing/
Critical Vulnerabilitiesin GE Medical Devices
https://www.us-cert.gov/ics/advisories/icsma-20-023-01
1/27/2020 • 5 minutes, 50 seconds
ISC StormCast for Friday, January 24th 2020
Simple vs. Complex Obfuscation
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
1/24/2020 • 7 minutes, 6 seconds
ISC StormCast for Friday, January 24th 2020
Simple vs. Complex Obfuscation
https://isc.sans.edu/forums/diary/Complex+Obfuscation+VS+Simple+Trick/25738/
RD Gateway PoC Exploit Release
https://github.com/ollypwn/BlueGate
Citrix ADC Compromise Scanner
https://github.com/citrix/ioc-scanner-CVE-2019-19781/
LastPass Accidentially Removes Extension from Chrome Web Store
https://twitter.com/LastPassStatus/status/1220122561989640192
1/24/2020 • 7 minutes, 6 seconds
ISC StormCast for Thursday, January 23rd 2020
German Malspam Pushing Ursnif
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
1/23/2020 • 5 minutes, 55 seconds
ISC StormCast for Thursday, January 23rd 2020
German Malspam Pushing Ursnif
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+Ursnif/25732/
Tracking Users Using Safari's Intelligent Tracking Prevention
https://arxiv.org/pdf/2001.07421.pdf
Muhstik Botnet Targeting Tomato Routers
https://unit42.paloaltonetworks.com/muhstik-botnet-attacks-tomato-routers-to-harvest-new-iot-devices/
Cisco Firepower Management Center LDAP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20200122-fmc-auth
1/23/2020 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, January 22nd 2020
DeepBlueCLI
https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
1/22/2020 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, January 22nd 2020
DeepBlueCLI
https://isc.sans.edu/forums/diary/DeepBlueCLI+Powershell+Threat+Hunting/25730/
https://github.com/sans-blue-team/DeepBlueCLI
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Fake Leak Compensation
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Criminals Use Fake Job Sites to Defraud Victims
https://www.ic3.gov/media/2020/200121.aspx
1/22/2020 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, January 21st 2020
Twist on Sextortion
https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
1/21/2020 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, January 21st 2020
Twist on Sextortion
https://www.dailymail.co.uk/sciencetech/article-7886055/Sextortion-campaign-targets-users-Google-Nest-smart-camera.html
Emotet Uses Extortion to Infect Systems
https://www.bleepingcomputer.com/news/security/emotet-malware-dabbles-in-extortion-with-new-spam-template/
Lastpass Outage
https://www.theregister.co.uk/2020/01/20/lastpass_outage/
Netgear Signed TLS Cert Private Key Disclosure
https://gist.github.com/nstarke/a611a19aab433555e91c656fe1f030a9
CVE-2020-0601 Update ("Curveball" , "Letsdecrypt")
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
1/17/2020 • 14 minutes, 23 seconds
ISC StormCast for Friday, January 17th 2020
CVE-2020-0601 Update ("Curveball" , "Letsdecrypt")
https://isc.sans.edu/forums/diary/Summing+up+CVE20200601+or+the+Lets+Decrypt+vulnerability/25720/
https://curveballtest.com
Certain Netscaler Devices Do Not Support Mitigation (article in dutch)
https://www.ncsc.nl/actueel/nieuws/2020/januari/16/door-citrix-geadviseerde-mitigerende-maatregelen-niet-altijd-effectief
Cable Haunt Vulnerability
https://cablehaunt.com/
STI Student Interview: Jon Michael Lacek
https://www.sans.org/reading-room/whitepapers/securecode/changing-devops-culture-security-scan-time-39125
Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw
Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
1/15/2020 • 10 minutes, 2 seconds
ISC StormCast for Wednesday, January 15th 2020
Microsoft January 2020 Patch Tuesday and #CryptoAPI Flaw
Webcast: https://sans.org/cryptoapi-isc
Diary: https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+for+January+2020/25710/
NSA Release: https://media.defense.gov/2020/Jan/14/2002234275/-1/-1/0/CSA-WINDOWS-10-CRYPT-LIB-20190114.PDF
1/15/2020 • 10 minutes, 2 seconds
ISC StormCast for Tuesday, January 14th 2020
Upcoming Critical MSFT Patch
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
1/14/2020 • 7 minutes, 22 seconds
ISC StormCast for Tuesday, January 14th 2020
Upcoming Critical MSFT Patch
https://krebsonsecurity.com/2020/01/cryptic-rumblings-ahead-of-first-2020-patch-tuesday/
SIM Swapping is Easy
https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf
Google Open Sources wombat dressing room npm publication proxy
https://opensource.googleblog.com/2020/01/wombat-dressing-room-npm-publication_10.html
1/14/2020 • 7 minutes, 22 seconds
ISC StormCast for Monday, January 13th 2020
Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised.
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
1/13/2020 • 7 minutes, 36 seconds
ISC StormCast for Monday, January 13th 2020
Citrix ADC Vulnerability Actively Exploited. Assume vulnerable systems are compromised.
Updated Citrix Advisory: https://support.citrix.com/article/CTX267027
Exploit Activity Summary: https://isc.sans.edu/forums/diary/Citrix+ADC+Exploits+are+Public+and+Heavily+Used+Attempts+to+Install+Backdoor/25700/
Vulnerablity Scanner: https://github.com/trustedsec/cve-2019-19781/
Special Webcast: https://i5c.us/citrix
YouTube Walk Through of the vulnerability: https://youtu.be/msslpqyf98c
1/13/2020 • 7 minutes, 36 seconds
ISC StormCast for Friday, January 10th 2020
Another Malicious Word Document
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
1/10/2020 • 10 minutes, 38 seconds
ISC StormCast for Friday, January 10th 2020
Another Malicious Word Document
https://isc.sans.edu/forums/diary/Quick+Analyzis+of+another+Maldoc/25694/
SHA1 Update
https://sha-mbles.github.io/
Cisco Updates
https://tools.cisco.com/security/center/publicationListing.x
Mandy Galante: Girls Go Cyberstart (register now. Play Jan 13th-31st)
https://www.girlsgocyberstart.org/
1/10/2020 • 10 minutes, 38 seconds
ISC StormCast for Thursday, January 9th 2020
Critical Firefox Update Fixing Exploited Bug
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
1/9/2020 • 5 minutes, 41 seconds
ISC StormCast for Thursday, January 9th 2020
Critical Firefox Update Fixing Exploited Bug
https://www.mozilla.org/en-US/security/advisories/mfsa2020-03/
3 Google Play Store Apps Exploit Android Zero-Day
https://blog.trendmicro.com/trendlabs-security-intelligence/first-active-attack-exploiting-cve-2019-2215-found-on-google-play-linked-to-sidewinder-apt-group/
Tails 4.2
https://tails.boum.org/news/version_4.2/index.en.html
TikTok Vulnerablities
https://research.checkpoint.com/2020/tik-or-tok-is-tiktok-secure-enough/
1/9/2020 • 5 minutes, 41 seconds
ISC StormCast for Wednesday, January 8th 2020
Citrix ADC Update
https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
1/8/2020 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, January 8th 2020
Citrix ADC Update
https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Pulse Secure SSLVPN Exploited
https://devco.re/blog/2019/09/02/attacking-ssl-vpn-part-3-the-golden-Pulse-Secure-ssl-vpn-rce-chain-with-Twitter-as-case-study/
https://www.darkreading.com/attacks-breaches/widely-known-flaw-in-pulse-secure-vpn-being-used-in-ransomware-attacks/d/d-id/1336729
Google Project Zero Changing Disclosure Policy
https://googleprojectzero.blogspot.com/2020/01/policy-and-disclosure-2020-edition.html
Google Updates Android
https://source.android.com/security/bulletin/2020-01-01
1/8/2020 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, January 7th 2020
Spoofed Scans from 103/8
https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
1/7/2020 • 5 minutes, 10 seconds
ISC StormCast for Tuesday, January 7th 2020
Spoofed Scans from 103/8
https://isc.sans.edu/forums/diary/Increase+in+Number+of+Sources+January+3rd+and+4th+spoofed/25678/
Iran Terror Threat
https://www.dhs.gov/sites/default/files/ntas/alerts/20_0104_ntas_bulletin.pdf
BusKill Laptop Kill Cord
https://tech.michaelaltfield.net/2020/01/02/buskill-laptop-kill-cord-dead-man-switch/
1/7/2020 • 5 minutes, 10 seconds
ISC StormCast for Monday, January 6th 2020
Quick Summary of the California Conumser Privacy Act
https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
1/6/2020 • 4 minutes, 31 seconds
ISC StormCast for Monday, January 6th 2020
Quick Summary of the California Conumser Privacy Act
https://isc.sans.edu/forums/diary/CCPA+Quick+Overview/25668/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
XiaoMi Camera Cache Bug
https://www.reddit.com/r/googlehome/comments/eine1m/when_i_load_the_xiaomi_camera_in_my_google_home/
1/6/2020 • 4 minutes, 31 seconds
ISC StormCast for Friday, January 3rd 2020
Ransomware written in JavaScript using Node.js
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
1/3/2020 • 8 minutes, 24 seconds
ISC StormCast for Friday, January 3rd 2020
Ransomware written in JavaScript using Node.js
https://isc.sans.edu/forums/diary/Ransomware+in+Nodejs/25664/
Landry Restaurant PoS Breach
https://www.landrysinc.com/CreditNotice/CANotice.asp
Holiday Hack Challenge
https://www.holidayhackchallenge.com
Citrix/NetScaler Vulnerability Special Webcast Recording
https://i5c.us/citrix
1/3/2020 • 8 minutes, 24 seconds
ISC StormCast for Tuesday, December 31st 2019
ISC API Update
https://isc.sans.edu/api
https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/
CCC Conference
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/
https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
12/31/2019 • 6 minutes, 37 seconds
ISC StormCast for Tuesday, December 31st 2019
ISC API Update
https://isc.sans.edu/api
https://isc.sans.edu/forums/diary/Miscellaneous+Updates+to+our+Threatfeed+API/25654/
CCC Conference
https://fahrplan.events.ccc.de/congress/2019/Fahrplan/
https://events.ccc.de/congress/2019/wiki/index.php/Main_Page
Extracting VBA Macros From .DWG Files
https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
12/23/2019 • 4 minutes, 34 seconds
ISC StormCast for Monday, December 23rd 2019
Extracting VBA Macros From .DWG Files
https://isc.sans.edu/forums/diary/Extracting+VBA+Macros+From+DWG+Files/25634/
Cisco PKI Self-Signed Certificate Expiration
https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html
AFRINIC IP Address Space Misappropriated By Insider
https://mybroadband.co.za/news/internet/330379-how-internet-resources-worth-r800-million-were-stolen-and-sold-on-the-black-market.html
12/23/2019 • 4 minutes, 34 seconds
ISC StormCast for Friday, December 20th 2019
More DNS over HTTPS Details
https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
12/20/2019 • 5 minutes, 12 seconds
ISC StormCast for Friday, December 20th 2019
More DNS over HTTPS Details
https://isc.sans.edu/forums/diary/More+DNS+over+HTTPS+Become+One+With+the+Packet+Be+the+Query+See+the+Query/25628/
Ransomware Outing Victims
https://krebsonsecurity.com/2019/12/ransomware-gangs-now-outing-victim-businesses-that-dont-pay-up/
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop_17.html
12/20/2019 • 5 minutes, 12 seconds
ISC StormCast for Thursday, December 19th 2019
An Emotet Update
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
12/19/2019 • 3 minutes, 46 seconds
ISC StormCast for Thursday, December 19th 2019
An Emotet Update
https://isc.sans.edu/forums/diary/Emotet+infection+with+spambot+activity/25622/
Emotet Used to Spread Malware From German Federal Agency Accounts (german)
https://www.bsi.bund.de/DE/Presse/Pressemitteilungen/Presse2019/Spam-Bundesbehoerden_181219.html
Joomla Patches SQL Injection
https://developer.joomla.org/security-centre.html
Unicode Mapping Problems
https://eng.getwisdom.io/hacking-github-with-unicode-dotless-i/
12/19/2019 • 3 minutes, 46 seconds
ISC StormCast for Wednesday, December 18th 2019
Discovering DNS over HTTPS
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
12/18/2019 • 6 minutes
ISC StormCast for Wednesday, December 18th 2019
Discovering DNS over HTTPS
https://isc.sans.edu/forums/diary/Is+it+Possible+to+Identify+DNS+over+HTTPs+Without+Decrypting+TLS/25616/
Ring Camera Weaknesses
https://www.vice.com/en_us/article/epg4xm/amazon-ring-camera-security
WhatsApp DoS Bug
https://research.checkpoint.com/2019/breakingapp-whatsapp-crash-data-loss-bug/
12/18/2019 • 6 minutes
ISC StormCast for Tuesday, December 17th 2019
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
12/17/2019 • 6 minutes, 17 seconds
ISC StormCast for Tuesday, December 17th 2019
Slack "Unshare" Not Working As Expected
https://www.theregister.co.uk/2019/12/16/slack_filesharing_vulnerability_post_sharing/
Google Making OAUTH Mandatory for GSuite
https://gsuiteupdates.googleblog.com/2019/12/less-secure-apps-oauth-google-username-password-incorrect.html
TPLink Authentication Bypass
https://securityintelligence.com/posts/tp-link-archer-router-vulnerability-voids-admin-password-can-allow-remote-takeover/
Factoring IoT RSA Keys
https://info.keyfactor.com/factoring-rsa-keys-in-the-iot-era
Malware Information Sharing
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
12/13/2019 • 14 minutes, 28 seconds
ISC StormCast for Friday, December 13th 2019
Malware Information Sharing
https://isc.sans.edu/forums/diary/Code+Data+Reuse+in+the+Malware+Ecosystem/25598/
Apple Improves Tracking Prevention Tracking in WebKit
https://webkit.org/blog/9661/preventing-tracking-prevention-tracking/
Google Verified SMS Messages
https://www.blog.google/products/messages/safer-conversations-messages-verified-sms-and-spam-protection/
Echobot Keeps Adding More Exploits
https://www.bleepingcomputer.com/news/security/new-echobot-variant-exploits-77-remote-code-execution-flaws/
STI Research Paper: Caleb Baker DNS Monitoring
https://www.sans.org/reading-room/whitepapers/dns/challenges-effective-dns-query-monitoring-39215
12/13/2019 • 14 minutes, 28 seconds
ISC StormCast for Thursday, December 12th 2019
German Malspam Installs Trickbot
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
12/12/2019 • 5 minutes, 17 seconds
ISC StormCast for Thursday, December 12th 2019
German Malspam Installs Trickbot
https://isc.sans.edu/forums/diary/German+language+malspam+pushes+yet+another+wave+of+Trickbot/25594/
Vulnerable KeyWe Smart Lock
https://labs.f-secure.com/advisories/keywe-smart-lock-unauthorized-access-traffic-interception
Google Chrome Update
https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html
iOS Spam Feature
https://support.apple.com/en-us/HT210756
https://kishanbagaria.com/airdos/
12/12/2019 • 5 minutes, 17 seconds
ISC StormCast for Wednesday, December 11th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
12/11/2019 • 6 minutes, 48 seconds
ISC StormCast for Wednesday, December 11th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2019+Patch+Tuesday/25592/
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
Apple Security Updates
https://support.apple.com/en-us/HT201222
Intel Plundervolt Update
https://blogs.intel.com/technology/2019/12/ipas-security-advisories-for-december-2019/
12/11/2019 • 6 minutes, 48 seconds
ISC StormCast for Tuesday, December 10th 2019
Another Word Maldoc
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
12/10/2019 • 7 minutes, 55 seconds
ISC StormCast for Tuesday, December 10th 2019
Another Word Maldoc
https://isc.sans.edu/forums/diary/Lazy+Sunday+Maldoc+Analysis/25586/
Snatch Ransomware Reboots System Into Safe Mode To Disable Anti Virus
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Ryuk Ransomware Decryptor May No Longer Work / Corrupt Documents
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
Extending Windows 7 Security Updates
https://www.ghacks.net/2019/12/07/someone-found-a-way-to-bypass-windows-7-extended-security-updates-checks/
Swift on Security Updates Sysmon Rules
https://github.com/SwiftOnSecurity/sysmon-config
RSA Webcast
https://www.rsaconference.com/industry-topics/webcast/36-five-most-dangerous-attacks-evolving
12/10/2019 • 7 minutes, 55 seconds
ISC StormCast for Monday, December 9th 2019
E-Mail Includes Entire HTML/Javascript Phishing Kit
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
12/9/2019 • 6 minutes, 9 seconds
ISC StormCast for Monday, December 9th 2019
E-Mail Includes Entire HTML/Javascript Phishing Kit
https://isc.sans.edu/forums/diary/Phishing+with+a+selfcontained+credentialsstealing+webpage/25580/
Great Canon / Red Canon Activated to Silence Pro Hongkong Forum
https://cybersecurity.att.com/blogs/labs-research/the-great-cannon-has-been-deployed-again
12/9/2019 • 6 minutes, 9 seconds
ISC StormCast for Friday, December 6th 2019
OpenBSD Authentication Bypass and Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
12/6/2019 • 14 minutes, 1 second
ISC StormCast for Friday, December 6th 2019
OpenBSD Authentication Bypass and Privilege Escalation Vulnerability
https://www.qualys.com/2019/12/04/cve-2019-19521/authentication-vulnerabilities-openbsd.txt?_ga=2.58244398.587934852.1575530822-682141427.1570559125
Hijacking Linux (and BSD) VPN Connections
https://seclists.org/oss-sec/2019/q4/122
RASP vs. WAF: Alexander Fry Research Paper
https://www.sans.org/reading-room/whitepapers/application/runtime-application-self-protection-rasp-investigation-effectiveness-rasp-solution-protecting-vulnerable-target-applications-38950
12/6/2019 • 14 minutes, 1 second
ISC StormCast for Thursday, December 5th 2019
Atlasian Companion App / IBM Aspera Cloud
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
12/5/2019 • 6 minutes, 1 second
ISC StormCast for Thursday, December 5th 2019
Atlasian Companion App / IBM Aspera Cloud
https://www.theregister.co.uk/2019/12/05/atlassian_zero_day_bug/
https://confluence.atlassian.com/doc/administering-the-atlassian-companion-app-958456281.html
https://twitter.com/tmslft/status/1202056063878606848?s=20
Fake Python Library in PyPi
https://github.com/dateutil/dateutil/issues/984
GoAhead Web Server Vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0888
12/5/2019 • 6 minutes, 1 second
ISC StormCast for Wednesday, December 4th 2019
Avast Online Security and Avast Secure Browser Blocked for Spying on Users
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
12/4/2019 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, December 4th 2019
Avast Online Security and Avast Secure Browser Blocked for Spying on Users
https://palant.de/2019/10/28/avast-online-security-and-avast-secure-browser-are-spying-on-you/
Google Android Updates
https://source.android.com/security/bulletin/2019-12-01
Strandhogg Vulnerability
https://promon.co/security-news/strandhogg/
Firefox 71 Released
https://www.mozilla.org/en-US/security/advisories/mfsa2019-34/
12/4/2019 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, December 3rd 2019
Increased Scans on Port 26
https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
12/3/2019 • 5 minutes, 53 seconds
ISC StormCast for Tuesday, December 3rd 2019
Increased Scans on Port 26
https://isc.sans.edu/forums/diary/Next+up+whats+up+with+TCP+port+26/25564/
Recent Ursnif Malspam
https://isc.sans.edu/forums/diary/Ursnif+infection+with+Dridex/25566/
Windows 7 Extended Security Updates
https://www.microsoft.com/microsoft-365/partners/news/article/announcing-paid-windows-7-extended-security-updates
QNAP Patches Photo Station
https://www.qnap.com/en/security-advisory/nas-201911-25
12/3/2019 • 5 minutes, 53 seconds
ISC StormCast for Monday, December 2nd 2019
Agent Tesla Malware Sample Analysis
https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
12/2/2019 • 6 minutes, 43 seconds
ISC StormCast for Monday, December 2nd 2019
Agent Tesla Malware Sample Analysis
https://isc.sans.edu/forums/diary/Finding+an+Agent+Tesla+malware+sample/25554/
Search With SauronEye
https://isc.sans.edu/forums/diary/ISC+Snapshot+Search+with+SauronEye/25558/
Splunk Y2K20 Patch
https://docs.splunk.com/Documentation/Splunk/8.0.0/ReleaseNotes/FixDatetimexml2020
Google TAG Quarterly Summary
https://blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
12/2/2019 • 6 minutes, 43 seconds
ISC StormCast for Wednesday, November 27th 2019
Playing With Phishing
https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
11/27/2019 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, November 27th 2019
Playing With Phishing
https://isc.sans.edu/forums/diary/Lessons+learned+from+playing+a+willing+phish/25552/
HPE SSD Drives will Stop Working in 3 years
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
Malicious Android SDK Captures Social Media Data
https://help.twitter.com/en/sdk-issue
Kasperski API Exposed to Websites
https://palant.de/2019/11/26/internal-kaspersky-api-exposed-to-websites/
Malicious Ad Statistics
https://www.confiant.com/Demand-Quality-Report-Q3-2019
11/27/2019 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, November 26th 2019
DNS over HTTPS (DoH) in SOHO Networks
https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
11/26/2019 • 4 minutes, 38 seconds
ISC StormCast for Tuesday, November 26th 2019
DNS over HTTPS (DoH) in SOHO Networks
https://isc.sans.edu/forums/diary/My+Little+DoH+Setup/25548/
Fortinet Weak Crypto
https://sec-consult.com/en/blog/advisories/weak-encryption-cipher-and-hardcoded-cryptographic-keys-in-fortinet-products/
Tracking Web Users via DNS
https://github.com/uBlockOrigin/uBlock-issues/issues/780
11/26/2019 • 4 minutes, 38 seconds
ISC StormCast for Monday, November 25th 2019
Web Filter Misconfiguration Abused for Recognisance
https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
11/25/2019 • 5 minutes, 21 seconds
ISC StormCast for Monday, November 25th 2019
Web Filter Misconfiguration Abused for Recognisance
https://isc.sans.edu/forums/diary/Abusing+Web+Filters+Misconfiguration+for+Reconnaissance/25538/
Local Malware Analysis with Malice
https://isc.sans.edu/forums/diary/Local+Malware+Analysis+with+Malice/25544/
Multiple Vulnerabilities in VNC
https://www.kaspersky.com/blog/vnc-vulnerabilities/31462/
11/25/2019 • 5 minutes, 21 seconds
ISC StormCast for Friday, November 22nd 2019
Weaknesses in Memory Encryption Solutions
https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
11/22/2019 • 6 minutes, 16 seconds
ISC StormCast for Friday, November 22nd 2019
Weaknesses in Memory Encryption Solutions
https://arxiv.org/abs/1908.11680
GetMonero Wallet Compromised
https://web.getmonero.org/2019/11/19/warning-compromised-binaries.html
RIPlace Ransomware Detection Bypass
https://www.nyotron.com/blog/nyotron-discovers-potentially-unstoppable-ransomware-evasion-technique-riplace/
Microsoft Office Remote Content Triggers in Preview Pane
https://medium.com/@curtbraz/getting-malicious-office-documents-to-fire-with-protected-view-4de18668c386
11/22/2019 • 6 minutes, 16 seconds
ISC StormCast for Thursday, November 21st 2019
Latest Hancitor Malspam Update
https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
11/21/2019 • 6 minutes, 7 seconds
ISC StormCast for Thursday, November 21st 2019
Latest Hancitor Malspam Update
https://isc.sans.edu/forums/diary/Hancitor+infection+with+Pony+Evil+Pony+Ursnif+and+Cobalt+Strike/25532/
Oracle Payday Vulnerabilities Exploited
https://www.onapsis.com/blog/oracle-payday-vulnerabilities
Google Chrome Update
https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html
NSA Publishes Guide About the Risks of Inspecting TLS
https://media.defense.gov/2019/Nov/18/2002212783/-1/-1/0/MANAGING%20RISK%20FROM%20TLS%20INSPECTION_20191106.PDF
Unbound Command Execution Vulnerability
https://nlnetlabs.nl/projects/unbound/security-advisories/#vulnerability-in-ipsec-module
11/21/2019 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, November 20th 2019
JAWS DVR Bot
https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
11/20/2019 • 6 minutes, 23 seconds
ISC StormCast for Wednesday, November 20th 2019
JAWS DVR Bot
https://isc.sans.edu/forums/diary/Cheap+Chinese+JAWS+of+DVR+Exploitability+on+Port+60001/25530/
TianFu Cup
https://twitter.com/TianfuCup
Microsoft Access Hotfix
https://support.microsoft.com/en-us/help/4484198/november-18-2019-update-for-office-2016-kb4484198
Windows 10 DNS over HTTPS
https://techcommunity.microsoft.com/t5/Networking-Blog/Windows-will-improve-user-privacy-with-DNS-over-HTTPS/ba-p/1014229
Android Camera Permission Mixup
https://www.checkmarx.com/blog/how-attackers-could-hijack-your-android-camera
11/20/2019 • 6 minutes, 23 seconds
ISC StormCast for Tuesday, November 19th 2019
Carriers Filter SMS Messages Sent By Applications
https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
11/19/2019 • 5 minutes, 38 seconds
ISC StormCast for Tuesday, November 19th 2019
Carriers Filter SMS Messages Sent By Applications
https://isc.sans.edu/forums/diary/SMS+and+2FA+Another+Reason+to+Move+away+from+It/25526/
Intel Removing BIOS Downloads for EOL Hardware
https://www.vogons.org/viewtopic.php?f=46&t=69184
https://news.ycombinator.com/item?id=21563309
Outlook 365 Remains Top Phishing Target
https://info.phishlabs.com/blog/active-office-365-phishing-campaign-targeting-admin-credentials
11/19/2019 • 5 minutes, 38 seconds
ISC StormCast for Monday, November 18th 2019
TPM Fail Update
https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
11/18/2019 • 5 minutes, 55 seconds
ISC StormCast for Monday, November 18th 2019
TPM Fail Update
https://downloadcenter.intel.com/download/28632
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00241.html
Office November Update Issues
https://borncity.com/win/2019/11/13/office-november-2019-updates-are-causing-access-error-3340/
WhatsApp Stack Based Buffer Overflow
https://nvd.nist.gov/vuln/detail/CVE-2019-11931
Android Qualcom Data Exfiltration Bug
https://research.checkpoint.com/the-road-to-qualcomm-trustzone-apps-fuzzing/
Nextcloud Ransomware NextCry
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
11/18/2019 • 5 minutes, 55 seconds
ISC StormCast for Friday, November 15th 2019
LokiBot Update (November 2019)
https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
11/15/2019 • 7 minutes, 15 seconds
ISC StormCast for Friday, November 15th 2019
LokiBot Update (November 2019)
https://isc.sans.edu/forums/diary/An+example+of+malspam+pushing+Lokibot+malware+November+2019/25518/
Some Packet-Fu with Zeek
https://isc.sans.edu/forums/diary/Some+packetfu+with+Zeek+previously+known+as+bro/25510/
TPM Leaks
http://tpm.fail/
Zombieload 2.0 Vulnerability
https://zombieloadattack.com/
11/15/2019 • 7 minutes, 15 seconds
ISC StormCast for Wednesday, November 13th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
11/13/2019 • 6 minutes, 44 seconds
ISC StormCast for Wednesday, November 13th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2019+Microsoft+Patch+Tuesday/25516/
Adobe Update
https://helpx.adobe.com/security.html
Facebook Camera Bug
https://www.cnet.com/news/facebook-bug-has-camera-activated-while-people-are-using-the-app
McAfee Anti Virus Bypass and Persistance
https://safebreach.com/Post/McAfee-All-Editions-MTP-AVP-MIS-Self-Defense-Bypass-and-Potential-Usages-CVE-2019-3648
11/13/2019 • 6 minutes, 44 seconds
ISC StormCast for Tuesday, November 12th 2019
Are We Going Back to TheMoon And How is Liquor Involved
https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
11/12/2019 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, November 12th 2019
Are We Going Back to TheMoon And How is Liquor Involved
https://isc.sans.edu/forums/diary/Are+We+Going+Back+to+TheMoon+and+How+is+Liquor+Involved/25512/
New Update for Magento Shopping Cart
https://magento.com/security/patches/latest-magento-security-update-helps-protect-recently-reported-rce-vulnerability
https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
ZoneAlarm vBulletin Forum Breached
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
CSS Injection in Slack to Log Keystrokes
https://fletchto99.dev/2019/november/slack-vulnerability/
11/12/2019 • 5 minutes, 45 seconds
ISC StormCast for Monday, November 11th 2019
Microsoft Applications Diverted from Their Main Use
https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
11/11/2019 • 6 minutes, 46 seconds
ISC StormCast for Monday, November 11th 2019
Microsoft Applications Diverted from Their Main Use
https://isc.sans.edu/forums/diary/Microsoft+Apps+Diverted+from+Their+Main+Use/25502/
Did Bluekeep Malware Afect Patching
https://isc.sans.edu/forums/diary/Did+the+recent+malicious+BlueKeep+campaign+have+any+positive+impact+when+it+comes+to+patching/25506/
Pwn2Own Summary
https://www.zerodayinitiative.com/blog/2019/11/7/pwn2own-tokyo-2019-day-two-final-results
State of Javascript Framework Security
https://snyk.io/wp-content/uploads/snyk-javascript_report_2019.pdf
DShield/ISC Honeypot Update
https://isc.sans.edu/honeypot.html
11/11/2019 • 6 minutes, 46 seconds
ISC StormCast for Friday, November 8th 2019
Adobe Mobile SDK Update Fixes TLS Defaults
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
11/8/2019 • 6 minutes, 33 seconds
ISC StormCast for Friday, November 8th 2019
Adobe Mobile SDK Update Fixes TLS Defaults
https://wwws.nightwatchcybersecurity.com/2019/11/06/insecure-defaults-in-adobes-mobile-sdks/
QNAP Updates QSnatch Advisory
https://www.qnap.com/en/security-advisory/nas-201911-01
Double Loaded ZIP Files Delivery Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/double-loaded-zip-file-delivers-nanocore/
Ring Video Doorbell Leaks Wifi Password
https://labs.bitdefender.com/2019/11/ring-video-doorbell-pro-under-the-scope/
11/8/2019 • 6 minutes, 33 seconds
ISC StormCast for Thursday, November 7th 2019
Google Improving PlayStore Security With Partners
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
11/7/2019 • 5 minutes, 19 seconds
ISC StormCast for Thursday, November 7th 2019
Google Improving PlayStore Security With Partners
https://security.googleblog.com/2019/11/the-app-defense-alliance-bringing.html
Xen Security Advisories
https://xenbits.xen.org/xsa/
npcap pool corruption vulnerability
https://github.com/nmap/nmap/issues/1568
TrendMicro Employee Selling Customer Data to Tech Support Scammers
https://blog.trendmicro.com/trend-micro-discloses-insider-threat-impacting-some-of-its-consumer-customers/
SANS Security Awareness Newsletter
https://www.sans.org/security-awareness-training/resources/shopping-online-securely-1
11/7/2019 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, November 6th 2019
Formbook Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
11/6/2019 • 6 minutes, 22 seconds
ISC StormCast for Wednesday, November 6th 2019
Formbook Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Honeypot Update
https://github.com/DShield-ISC/dshield
Office on Mac XLM Macros
https://kb.cert.org/vuls/id/125336/
Firefox Browser Lock Bug Exploited
https://bugzilla.mozilla.org/show_bug.cgi?id=1593795
libarchive use after free vulnerability
https://medium.com/@social_62682/new-libarchive-use-after-free-vulnerability-36c4b141fe89
11/6/2019 • 6 minutes, 22 seconds
ISC StormCast for Tuesday, November 5th 2019
Clam AV Vulnerability
https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
11/5/2019 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, November 5th 2019
Clam AV Vulnerability
https://twitter.com/hackerfantastic/status/1190685521153937408
https://pastebin.com/cfP7X89m
XCode Vulnerability
https://support.apple.com/en-is/HT210729
MikroTik DNS Cache Poisoning
https://blog.mikrotik.com/security/dns-cache-poisoning-vulnerability.html
11/5/2019 • 6 minutes, 18 seconds
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
11/4/2019 • 5 minutes, 59 seconds
ISC StormCast for Monday, November 4th 2019
Critical Google Chrome Update Fixes Exploited Vulnerability
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_31.html
Blue Keep Vulnerability Mass Exploited to Install Crypto Coin Miner
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
rConfig Vulnerabilities
https://shells.systems/rconfig-v3-9-2-authenticated-and-unauthenticated-rce-cve-2019-16663-and-cve-2019-16662/
11/4/2019 • 5 minutes, 59 seconds
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365
https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or
MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
11/1/2019 • 5 minutes, 52 seconds
ISC StormCast for Friday, November 1st 2019
Phishing Made Easy With EML Files and Outlook 365
https://isc.sans.edu/forums/diary/EML+attachments+in+O365+a+recipe+for+phishing/25474/
Microsoft TLS Security Enhancements Lead to Timeouts
https://support.microsoft.com/en-us/help/4528489/transport-layer-security-tls-connections-might-intermittently-fail-or
MESSAGETAP: Who's Reading Your Text Messages
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Amazon Authentication Failure for 3rd Party Devices
https://old.reddit.com/r/sysadmin/comments/dpbt3t/the_perils_of_security_and_how_i_finally_resolved/
11/1/2019 • 5 minutes, 52 seconds
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released
https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
10/31/2019 • 6 minutes, 34 seconds
ISC StormCast for Thursday, October 31st 2019
Apple Security Updates Details Released
https://support.apple.com/en-us/HT201222
Untitled Goose Deserialization
https://pulsesecurity.co.nz/advisories/untitled-goose-game-deserialization
Insecure Pagers Leak Medical Data
https://techcrunch.com/2019/10/30/nhs-pagers-medical-health-data/
Kibana Vulnerablity
https://research.securitum.com/prototype-pollution-rce-kibana-cve-2019-7609/
10/31/2019 • 6 minutes, 34 seconds
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
10/30/2019 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, October 30th 2019
xHelper Android Malware
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Counterstrike Game Keys Used for Money Laundry
https://blog.counter-strike.net/index.php/2019/10/26113/
Greating PCAP Files From YAML
https://isc.sans.edu/forums/diary/Generating+PCAP+Files+from+YAML/25464/
10/30/2019 • 5 minutes, 36 seconds
ISC StormCast for Tuesday, October 29th 2019
PHP 7 Remote Code Execution Vulnerability Exploited
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
10/29/2019 • 4 minutes, 49 seconds
ISC StormCast for Tuesday, October 29th 2019
PHP 7 Remote Code Execution Vulnerability Exploited
https://lab.wallarm.com/php-remote-code-execution-0-day-discovered-in-real-world-ctf-exercise/
https://github.com/neex/phuip-fpizdam
Finding Shellcode with scdbg
https://isc.sans.edu/forums/diary/Using+scdbg+to+Find+Shellcode/25460/
Apple iOS / tvOS / Safari Updates
https://support.apple.com/en-us/HT201222
Sextortion Attempts Are Targeting Blogs
https://www.bleepingcomputer.com/news/security/blogger-and-wordpress-sites-hacked-to-show-sextortion-scams/
10/29/2019 • 4 minutes, 49 seconds
ISC StormCast for Monday, October 28th 2019
Odd Double Base64 Endoded "BS_REAL_IP" Header
https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
10/28/2019 • 5 minutes, 49 seconds
ISC StormCast for Monday, October 28th 2019
Odd Double Base64 Endoded "BS_REAL_IP" Header
https://isc.sans.edu/forums/diary/Unusual+Activity+with+Double+Base64+Encoding/25458/
DNS Archeology With PowerShell
https://isc.sans.edu/forums/diary/More+on+DNS+Archeology+with+PowerShell/25452/
iOS Appstore Malware
https://www.wandera.com/mobile-security/ios-trojan-malware/
British Law Enforcement Misses Malware Reports Due to Anti-Malware
https://www.theregister.co.uk/2019/10/24/hmicfrs_report_cyber_crime/
10/28/2019 • 5 minutes, 49 seconds
ISC StormCast for Friday, October 25th 2019
XML External Entity Vuln in LSP4XML Affects Various Developer Tools
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
10/25/2019 • 6 minutes, 55 seconds
ISC StormCast for Friday, October 25th 2019
XML External Entity Vuln in LSP4XML Affects Various Developer Tools
https://www.shielder.it/blog/dont-open-that-xml-xxe-to-rce-in-xml-plugins-for-vs-code-eclipse-theia/?preview=true
Google Chrome Will Make "SameSite" Default
https://blog.chromium.org/2019/10/developers-get-ready-for-new.html
Leftover Gigamon Configurations
https://isc.sans.edu/forums/diary/Your+Supply+Chain+Doesnt+End+At+Receiving+How+Do+You+Decommission+Network+Equipment/25448/
10/25/2019 • 6 minutes, 55 seconds
ISC StormCast for Thursday, October 24th 2019
FTC Issues SIM Swapping Guidance
https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
10/24/2019 • 5 minutes, 3 seconds
ISC StormCast for Thursday, October 24th 2019
FTC Issues SIM Swapping Guidance
https://www.consumer.ftc.gov/blog/2019/10/sim-swap-scams-how-protect-yourself
Discord Used as Info Stealer Backdoor
https://www.bleepingcomputer.com/news/security/discord-turned-into-an-info-stealing-backdoor-by-new-malware/
Cisco Exploit Code
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
Tails 4.0 Released
https://tails.boum.org/news/version_4.0/index.en.html
10/24/2019 • 5 minutes, 3 seconds
ISC StormCast for Wednesday, October 23rd 2019
Testing TLS 1.3 And Supported Ciphers
https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
10/23/2019 • 7 minutes, 9 seconds
ISC StormCast for Wednesday, October 23rd 2019
Testing TLS 1.3 And Supported Ciphers
https://isc.sans.edu/forums/diary/Testing+TLSv13+and+supported+ciphers/25442/
Google Chrome 78 Released
https://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html
Firefox 70 Released
https://www.mozilla.org/en-US/firefox/70.0/releasenotes/
Cache Poisoning DoS
https://cpdos.org/
10/23/2019 • 7 minutes, 9 seconds
ISC StormCast for Tuesday, October 22nd 2019
DNS over TLS Scans
https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
10/22/2019 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, October 22nd 2019
DNS over TLS Scans
https://isc.sans.edu/forums/diary/Whats+up+with+TCP+853+DNS+over+TLS/25438/
NordVPN and Others Compromised
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/
https://twitter.com/hexdefined/status/1186106695073726466
Trend Micro Bypass
http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-ANTI-THREAT-TOOLKIT-(ATTK)-REMOTE-CODE-EXECUTION.txt
Realtek Linux Wifi Driver Buffer Overflow
https://twitter.com/nicowaisman/status/1184864519316758535
10/22/2019 • 5 minutes, 41 seconds
ISC StormCast for Monday, October 21st 2019
Attacks Against NVMS-9000 DVR Web Vulnerability
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
10/21/2019 • 6 minutes, 52 seconds
ISC StormCast for Monday, October 21st 2019
Attacks Against NVMS-9000 DVR Web Vulnerability
https://isc.sans.edu/forums/diary/Scanning+Activity+for+NVMS9000+Digital+Video+Recorder/25434/
Pixel 4 Face Unlock Works with Eyes Shut
https://www.bbc.com/news/technology-50085630
Samsung Galaxy S10 Fingerprint Unlock Bug
https://www.bbc.com/news/technology-50080586
Alexa/Google Home Phishing
https://srlabs.de/bites/smart-spies/
10/21/2019 • 6 minutes, 52 seconds
ISC StormCast for Friday, October 18th 2019
Phishing E-Mail Spoofing SPF Protected Domain
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
10/18/2019 • 16 minutes, 41 seconds
ISC StormCast for Friday, October 18th 2019
Phishing E-Mail Spoofing SPF Protected Domain
https://isc.sans.edu/forums/diary/Phishing+email+spoofing+SPFenabled+domain/25426/
Purchased Domain Arrives with Paypal Accounts Linked to it
https://www.theregister.co.uk/2019/10/17/paypal_account_domain/
Typosquatting Attacks Affect 2020 Presidential Election
https://www.digitalshadows.com/blog-and-research/typosquatting-and-the-2020-u-s-presidential-election/
STI Student: Christopher Hurless Exploring Osquery, Fleet, and Elastic Stack as an Open-source solution to Endpoint Detection and Response
https://www.sans.org/reading-room/whitepapers/detection/paper/39165
10/18/2019 • 16 minutes, 41 seconds
ISC StormCast for Thursday, October 17th 2019
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
10/17/2019 • 5 minutes, 31 seconds
ISC StormCast for Thursday, October 17th 2019
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
Jackson-Databind Vulnerablity
https://github.com/FasterXML/jackson-databind/issues/2387
VMWare Cloud Foundation and VMware Harbor Container Registry Patch
https://www.vmware.com/security/advisories/VMSA-2019-0016.html
Wordpress Update
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
Cryptominers Hiding in WAV Files
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
sudo vulnerability
https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
10/15/2019 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, October 15th 2019
sudo vulnerability
https://www.sudo.ws/alerts/minus_1_uid.html
Apple Safebrowsing Controversy
https://blog.cryptographyengineering.com/2019/10/13/dear-apple-safe-browsing-might-not-be-that-safe/
Streaming Service Tracking Behaviour
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
10/15/2019 • 6 minutes, 3 seconds
ISC StormCast for Monday, October 14th 2019
YARA Update
https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
10/14/2019 • 3 minutes, 37 seconds
ISC StormCast for Monday, October 14th 2019
YARA Update
https://isc.sans.edu/forums/diary/YARA+v3110+released/25408/
Hacking Back Against Ransomware
https://www.zdnet.com/article/white-hat-hacks-muhstik-ransomware-gang-and-releases-decryption-keys/
Fake Crypto Trading Software
https://www.bleepingcomputer.com/news/security/attackers-create-elaborate-crypto-trading-scheme-to-install-malware/
10/14/2019 • 3 minutes, 37 seconds
ISC StormCast for Friday, October 11th 2019
Mining Live Networks for OUI Data Oddness
https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
10/11/2019 • 6 minutes, 14 seconds
ISC StormCast for Friday, October 11th 2019
Mining Live Networks for OUI Data Oddness
https://isc.sans.edu/forums/diary/Mining+Live+Networks+for+OUI+Data+Oddness/25404/
iTerm2 Vulnerability
https://groups.google.com/forum/#!topic/iterm2-discuss/57k_AuLdQa4
Apple Updater Exploited in Bitpaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
10/11/2019 • 6 minutes, 14 seconds
ISC StormCast for Thursday, October 10th 2019
What Data Does Vidar Malware Steal
https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
10/10/2019 • 5 minutes, 35 seconds
ISC StormCast for Thursday, October 10th 2019
What Data Does Vidar Malware Steal
https://isc.sans.edu/forums/diary/What+data+does+Vidar+malware+steal+from+an+infected+host/25398/
NTLM MIC Bypass
https://www.preempt.com/blog/drop-the-mic-2-active-directory-open-to-more-ntlm-attacks/
Threats on Google Play
https://news.drweb.com/show/review/?i=13446#google
10/10/2019 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, October 9th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
10/9/2019 • 5 minutes, 22 seconds
ISC StormCast for Wednesday, October 9th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+October+2019+Patch+Tuesday/25396/
Android Update
https://source.android.com/security/bulletin/2019-10-01
vBulletin Update
https://forum.vbulletin.com/forum/vbulletin-announcements/vbulletin-announcements_aa/4423646-vbulletin-5-5-x-5-5-2-5-5-3-and-5-5-4-security-patch-level-2
10/9/2019 • 5 minutes, 22 seconds
ISC StormCast for Tuesday, October 8th 2019
Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
10/8/2019 • 6 minutes
ISC StormCast for Tuesday, October 8th 2019
Cloudflare Warp + NordVPN on iOS Leads to Traffic in the Clear
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
WhatsApp Bug
https://awakened1712.github.io/hacking/hacking-whatsapp-gif-rce/
MacOS Catalina and Safari Update Released
https://www.macrumors.com/2019/10/07/apple-releases-macos-catalina/
https://support.apple.com/en-us/HT201222 (nothing new yet)
Magecart Still Going Strong
https://www.theregister.co.uk/2019/10/04/magecart/
(original RiskIQ report requires Registration)
10/8/2019 • 6 minutes
ISC StormCast for Monday, October 7th 2019
visNetwork for Network Data
https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
10/7/2019 • 5 minutes, 18 seconds
ISC StormCast for Monday, October 7th 2019
visNetwork for Network Data
https://isc.sans.edu/forums/diary/visNetwork+for+Network+Data/25390/
Android Priv. Escalation Vulnerability Exploited in the Wild
https://bugs.chromium.org/p/project-zero/issues/detail?id=1942
Signal Evesdropping Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1943
10/7/2019 • 5 minutes, 18 seconds
ISC StormCast for Friday, October 4th 2019
Last Files Ransomware is Back With New Ruse
https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
10/4/2019 • 15 minutes, 10 seconds
ISC StormCast for Friday, October 4th 2019
Last Files Ransomware is Back With New Ruse
https://isc.sans.edu/forums/diary/LostFiles+Ransomware/25382/
tcpdump vulnerabilities
https://www.tcpdump.org/tcpdump-changes.txt
TLS Manipulating Malware
https://securelist.com/compfun-successor-reductor/93633/
Luasz Cyra: Pass the Hash in Windows 10
https://www.sans.org/reading-room/whitepapers/testing/paper/39170
PDF Encryption Flaw
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
10/2/2019 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, October 2nd 2019
PDF Encryption Flaw
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
Windows 7 Security Updates Beyond 2020
https://www.microsoft.com/en-us/microsoft-365/blog/2019/10/01/windows-small-midsize-businesses-stay-secure-current/
ODT Documents Used to Distribute Malware
https://blog.talosintelligence.com/2019/09/odt-malware-twist.html
10/2/2019 • 6 minutes, 4 seconds
ISC StormCast for Tuesday, October 1st 2019
Maldoc, PowerShell and BITS
https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
10/1/2019 • 4 minutes, 51 seconds
ISC StormCast for Tuesday, October 1st 2019
Maldoc, PowerShell and BITS
https://isc.sans.edu/forums/diary/Maldoc+PowerShell+BITS/25372/
Yet Another Critical Exim Flaw
https://nvd.nist.gov/vuln/detail/CVE-2019-16928
CISCO Introduces Semianual Patch Day
https://tools.cisco.com/security/center/viewErp.x?alertId=ERP-72547
Windows 2019 to make it easier to disable legacy TLS Versions
https://www.microsoft.com/security/blog/2019/09/30/tls-version-enforcement-capabilities-now-available-certificate-binding-windows-server-2019
10/1/2019 • 4 minutes, 51 seconds
ISC StormCast for Monday, September 30th 2019
Polycom Scans
https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
9/30/2019 • 5 minutes, 52 seconds
ISC StormCast for Monday, September 30th 2019
Polycom Scans
https://isc.sans.edu/forums/diary/New+Scans+for+Polycom+Autoconfiguration+Files/25366/
Apple Security Details
https://support.apple.com/en-us/HT201222
iOS Jailbreak
https://github.com/axi0mX/ipwndfu
9/30/2019 • 5 minutes, 52 seconds
ISC StormCast for Friday, September 27th 2019
vBulletin Botnet
https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
9/27/2019 • 5 minutes, 39 seconds
ISC StormCast for Friday, September 27th 2019
vBulletin Botnet
https://twitter.com/bad_packets/status/1177256656322695168
Cisco Industrial Router Security Bulletin
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190925-ios-gos-auth
Sniffle Bluetooth Sniffer
https://github.com/nccgroup/sniffle
Outlook on the web blocking more extensions
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Changes-to-File-Types-Blocked-in-Outlook-on-the-web/ba-p/874451
9/27/2019 • 5 minutes, 39 seconds
ISC StormCast for Thursday, September 26th 2019
Malspam Pushing Quasar RAT
https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
9/26/2019 • 4 minutes, 35 seconds
ISC StormCast for Thursday, September 26th 2019
Malspam Pushing Quasar RAT
https://isc.sans.edu/forums/diary/Malspam+pushing+Quasar+RAT/25354/
vBulletin 0-Day Exploit Update
https://www.bleepingcomputer.com/news/security/vbulletin-zero-day-exploited-for-years-gets-unofficial-patch/
Fake Veteran Employment Site
https://blog.talosintelligence.com/2019/09/tortoiseshell-fake-veterans.html
9/26/2019 • 4 minutes, 35 seconds
ISC StormCast for Wednesday, September 25th 2019
Remotewebaccess.com Domain in Certificate Transparency Logs
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
9/25/2019 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, September 25th 2019
Remotewebaccess.com Domain in Certificate Transparency Logs
https://isc.sans.edu/forums/diary/Huge+Amount+of+remotewebaccesscom+Sites+Found+in+Certificate+Transparency+Logs/25352/
Adobe Releases Emergency ColdFusion Patch
https://blogs.adobe.com/psirt/?p=1789
Apple Releases Additional Updates for iOS/iPadOS
https://support.apple.com/en-us/HT201222
vBulletin Vulnerability 0-Day Exploit Released
https://seclists.org/fulldisclosure/2019/Sep/31
9/25/2019 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, September 24th 2019
Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
9/24/2019 • 5 minutes, 30 seconds
ISC StormCast for Tuesday, September 24th 2019
Microsoft Releases Special Patch for Exploited Vulnerability in Internet Explorer
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1367
Cloudflare Adding "Bot Fight" option
https://blog.cloudflare.com/cleaning-up-bad-bots/
iOS Bluetooth Access Feature
https://www.theverge.com/2019/9/19/20867286/ios-13-bluetooth-permission-privacy-feature-apps
Forcepoint VPN Update
https://support.forcepoint.com/KBArticle?id=000017525
9/24/2019 • 5 minutes, 30 seconds
ISC StormCast for Monday, September 23rd 2019
Popular Android Selfie Apps Act as Adware
https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
9/23/2019 • 5 minutes, 29 seconds
ISC StormCast for Monday, September 23rd 2019
Popular Android Selfie Apps Act as Adware
https://www.wandera.com/mobile-security/google-play-adware/
Wireshark Update
https://www.wireshark.org/docs/relnotes/wireshark-3.0.5.html
Harbor Privilege Escalation
https://unit42.paloaltonetworks.com/critical-vulnerability-in-harbor-enables-privilege-escalation-from-zero-to-admin-cve-2019-16097/
9/23/2019 • 5 minutes, 29 seconds
ISC StormCast for Friday, September 20th 2019
Agent Tesla
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
9/20/2019 • 5 minutes, 8 seconds
ISC StormCast for Friday, September 20th 2019
Agent Tesla
https://isc.sans.edu/forums/diary/Agent+Tesla+Trojan+Abusing+Corporate+Email+Accounts/25336/
Apple Updates
https://support.apple.com/en-us/HT201222
https://developer.apple.com/documentation/safari_release_notes/safari_13_release_notes
SAMBA 4.11 Released
https://www.samba.org/samba/history/samba-4.11.0.html
GitHub Security Updates
https://github.blog/2019-09-18-securing-software-together/
9/20/2019 • 5 minutes, 8 seconds
ISC StormCast for Thursday, September 19th 2019
Analyzing a Current Emotet Sample
https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
9/19/2019 • 6 minutes, 16 seconds
ISC StormCast for Thursday, September 19th 2019
Analyzing a Current Emotet Sample
https://isc.sans.edu/forums/diary/Emotet+malspam+is+back/25330/
Windows Defender "Scan Now" Failed Bug Fix
https://www.bleepingcomputer.com/news/microsoft/windows-defender-antivirus-scans-broken-after-new-update/
https://borncity.com/win/2019/09/18/defender-antimalware-version-4-18-1908-7-released/
QEMU Vulnerablity
https://www.openwall.com/lists/oss-security/2019/09/17/1
VMWare Vulnerabilty
https://blogs.vmware.com/security/2019/09/amd-display-driver-security-updates-address-cve-2019-5685.html
New CWE Top 25 Released
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
9/19/2019 • 6 minutes, 16 seconds
ISC StormCast for Wednesday, September 18th 2019
Investigating Gaps in Windows Event Logs
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
9/18/2019 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, September 18th 2019
Investigating Gaps in Windows Event Logs
https://isc.sans.edu/forums/diary/Investigating+Gaps+in+your+Windows+Event+Logs/25328/
SOHOpelesly Broken 2
https://www.securityevaluators.com/whitepaper/sohopelessly-broken-2/
HP Printer Privacy
https://robertheaton.com/2019/09/15/hp-printers-send-data-on-what-you-print-back-to-hp/
9/18/2019 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, September 17th 2019
Encrypted Sextortion
https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
9/17/2019 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, September 17th 2019
Encrypted Sextortion
https://isc.sans.edu/forums/diary/Encrypted+Sextortion+PDFs/25324/
SimJacker
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
LastPass Password Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=1930
Microsoft Extends EoL For Exchange Server 2010
https://techcommunity.microsoft.com/t5/Exchange-Team-Blog/Microsoft-Extending-End-of-Support-for-Exchange-Server-2010-to/ba-p/753591
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
9/11/2019 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, September 11th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+2019+Patch+Tuesday/25310/
Adobe Patches
https://helpx.adobe.com/security.html
Intel SSH Side Channel Vulnerability
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
9/11/2019 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, September 10th 2019
Firefox to Enable DNS over HTTPs by Default in September
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
9/10/2019 • 6 minutes, 26 seconds
ISC StormCast for Tuesday, September 10th 2019
Firefox to Enable DNS over HTTPs by Default in September
https://blog.mozilla.org/futurereleases/2019/09/06/whats-next-in-making-dns-over-https-the-default/
Telegram Fixes Privacy Bug
https://www.inputzero.io/2019/09/telegram-privacy-fails-again.html
PsiXBot Uses DoH
https://www.proofpoint.com/us/threat-insight/post/psixbot-now-using-google-dns-over-https-and-possible-new-sexploitation-module
9/10/2019 • 6 minutes, 26 seconds
ISC StormCast for Monday, September 9th 2019
Unidentified Scanning Activity Likely Associated with Mirai/Successors
https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
9/9/2019 • 4 minutes, 49 seconds
ISC StormCast for Monday, September 9th 2019
Unidentified Scanning Activity Likely Associated with Mirai/Successors
https://isc.sans.edu/forums/diary/Unidentified+Scanning+Activity/25304/
Bluekeep Exploit Now in Metasploit
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
How to Remove GMail Calendar Spam
https://support.google.com/calendar/answer/6084018?co=GENIE.Platform%3DDesktop&hl=en
Exim SNI TLS Vulnerability
https://exim.org/static/doc/security/CVE-2019-15846.txt
9/9/2019 • 4 minutes, 49 seconds
ISC StormCast for Wednesday, September 4th 2019
Tricky Link Retrieves Trick Bot
https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
9/4/2019 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, September 4th 2019
Tricky Link Retrieves Trick Bot
https://isc.sans.edu/forums/diary/Guest+Diary+Tricky+LNK+points+to+TrickBot/25290/
Supermicro Virtual USB Vulnerability
https://eclypsium.com/2019/09/03/usbanywhere-bmc-vulnerability-opens-servers-to-remote-attack/
Facebook Free Basics Key Used to Sign Unrelated Android Apps
https://www.androidpolice.com/2019/08/29/cryptographic-key-used-to-sign-one-of-facebooks-android-apps-compromised/
iOS Exploits in the Wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
9/2/2019 • 5 minutes, 18 seconds
ISC StormCast for Monday, September 2nd 2019
iOS Exploits in the Wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Twitter CEO's Twitter Account Hijacked
https://twitter.com/TwitterComms/status/1167528672523210752
9/2/2019 • 5 minutes, 18 seconds
ISC StormCast for Friday, August 30th 2019
Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself;
https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
8/30/2019 • 6 minutes, 24 seconds
ISC StormCast for Friday, August 30th 2019
Malware Samples Compiling Their Next Stage On PremiseMalware Compiling Itself;
https://isc.sans.edu/forums/diary/Malware+Samples+Compiling+Their+Next+Stage+on+Premise/25278/
CERT-Bund Attempts to Notify Users of Vulnerable Home Automation Systems
https://www.heise.de/security/meldung/CERT-Bund-warnt-vor-offenen-Smarthome-Systemen-4509977.html
French Authorities Shut Down Coinminer Botnet
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/
8/30/2019 • 6 minutes, 24 seconds
ISC StormCast for Thursday, August 29th 2019
Open Redirects: A Small But Very Common Vulnerability
https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
8/29/2019 • 5 minutes, 55 seconds
ISC StormCast for Thursday, August 29th 2019
Open Redirects: A Small But Very Common Vulnerability
https://isc.sans.edu/forums/diary/Guest+Diary+Open+Redirect+A+Small+But+Very+Common+Vulnerability/25276/
CamScanner Malicious Download Component
https://securelist.com/dropper-in-google-play/92496/
Ares ADB Botnet
https://www.wootcloud.com/blogs/ars_botnet.html
Cisco REST API Container for IOS XE Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190828-iosxe-rest-auth-bypass
8/29/2019 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, August 28th 2019
Is it "Safe" To Require TLS 1.2 for Email
https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
8/28/2019 • 6 minutes, 40 seconds
ISC StormCast for Wednesday, August 28th 2019
Is it "Safe" To Require TLS 1.2 for Email
https://isc.sans.edu/forums/diary/Is+it+Safe+to+Require+TLS+12+for+EMail/25270/
Android Trojan Infects Tens of Thousands of Devices in 4 Months
https://www.bleepingcomputer.com/news/security/android-trojan-infects-tens-of-thousands-of-devices-in-4-months/
LYCEUM Threat Group Targeting Middle East
https://www.secureworks.com/blog/lyceum-takes-center-stage-in-middle-east-campaign
8/28/2019 • 6 minutes, 40 seconds
ISC StormCast for Tuesday, August 27th 2019
Apple Patches Jailbreak Vulnerability
https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
8/27/2019 • 4 minutes, 55 seconds
ISC StormCast for Tuesday, August 27th 2019
Apple Patches Jailbreak Vulnerability
https://support.apple.com/en-us/HT210549
Scanning for Pulse Secure VPN Endpoints
https://badpackets.net/over-14500-pulse-secure-vpn-endpoints-vulnerable-to-cve-2019-11510/
Emotet is Back
https://www.bleepingcomputer.com/news/security/emotet-botnet-is-back-servers-active-across-the-world/
8/27/2019 • 4 minutes, 55 seconds
ISC StormCast for Monday, August 26th 2019
Simple Mimikatz And RDPWrapper Dropper
https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
8/26/2019 • 5 minutes, 22 seconds
ISC StormCast for Monday, August 26th 2019
Simple Mimikatz And RDPWrapper Dropper
https://isc.sans.edu/forums/diary/Simple+Mimikatz+RDPWrapper+Dropper/25262/
Malware Impersonating IRS
https://www.irs.gov/newsroom/security-summit-warns-of-new-irs-impersonation-email-scam-reminds-taxpayers-the-irs-does-not-send-unsolicited-emails
Instagram Phishing with 2FA Codes
https://nakedsecurity.sophos.com/2019/08/23/instagram-phishing-uses-2fa-as-a-lure/
GitHub Adding WebAuthn Support
https://www.theregister.co.uk/2019/08/23/github_upgrades_its_twofactor_authentication_with_webauthn_support/
Lenovo Solution Center Privilege Escalation
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
8/26/2019 • 5 minutes, 22 seconds
ISC StormCast for Friday, August 23rd 2019
Steam Zero Days and Bug Bounty Controversy
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
8/23/2019 • 5 minutes, 49 seconds
ISC StormCast for Friday, August 23rd 2019
Steam Zero Days and Bug Bounty Controversy
https://www.theregister.co.uk/2019/08/22/valve_bug_bounty_steam_u_turn/
bb-builder malicious npm Package
https://blog.reversinglabs.com/blog/the-npm-package-that-walked-away-with-all-your-passwords
Phishers Customize Branded Outlook 365 Login Pages
https://www.bleepingcomputer.com/news/security/phishing-attacks-scrape-branded-microsoft-365-login-pages/
8/23/2019 • 5 minutes, 49 seconds
ISC StormCast for Thursday, August 22nd 2019
KAPE vs. Commando VM: Red vs. Blue
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
8/22/2019 • 5 minutes, 38 seconds
ISC StormCast for Thursday, August 22nd 2019
KAPE vs. Commando VM: Red vs. Blue
https://isc.sans.edu/forums/diary/KAPE+Kroll+Artifact+Parser+and+Extractor/25258/
Attacks against Exposed Sphinx Servers
https://www.bsi.bund.de/EN/Topics/IT-Crisis-Management/CERT-Bund/CERT-Reports/HOWTOs/Open-Sphinx-Server/open-Sphinx-server_node.html
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=50#~Vulnerabilities
Newly Registered Domains Most Dangerous
https://unit42.paloaltonetworks.com/newly-registered-domains-malicious-abuse-by-bad-actors/
8/22/2019 • 5 minutes, 38 seconds
ISC StormCast for Wednesday, August 21st 2019
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
8/21/2019 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, August 21st 2019
Guildma Malware is Now Using Facebook and YouTube as Update Channel
https://isc.sans.edu/forums/diary/Guildma+malware+is+now+accessing+Facebook+andYouTube+to+keep+uptodate/25222/
Supply Chain Issues: rest-client ruby gem backdoored
https://www.theregister.co.uk/2019/08/20/ruby_gem_hacked/
8/21/2019 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, August 20th 2019
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
8/20/2019 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, August 20th 2019
iOS 12.4 Jailbreak Released after Reindruced Vulnerability form 12.2
https://github.com/pwn20wndstuff/Undecimus/releases
SHA2-Signed Updates for Windows Not Available with Symantec Endpoint Protection
https://support.symantec.com/us/en/article.tech255857.html
Attacking and Downgrading Bluetooth Key Negotiation
https://knobattack.com
8/20/2019 • 5 minutes, 32 seconds
ISC StormCast for Monday, August 19th 2019
Large Number of VoIP System Vulnerabilities Released
https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
8/19/2019 • 5 minutes, 4 seconds
ISC StormCast for Monday, August 19th 2019
Large Number of VoIP System Vulnerabilities Released
https://www.sit.fraunhofer.de/en/cve/
Confidential Company Documents Leaked in Public Sandboxes
https://blog.cylab.co/2019/08/16/confidential-company-documents-exposed-in-public-sandboxes/
https://www.sit.fraunhofer.de/en/news-events/latest/press-releases/details/news-article/show/gefahr-uebers-telefon/
Trend Micro Password Manager DLL Hijacking
https://esupport.trendmicro.com/en-us/home/pages/technical-support/1123396.aspx
Firefox Password Manager May Leak Passwords
https://www.mozilla.org/en-US/security/advisories/mfsa2019-24/#CVE-2019-11733
8/19/2019 • 5 minutes, 4 seconds
ISC StormCast for Friday, August 16th 2019
Analysis of a Spearphishing Maldoc
https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
8/16/2019 • 6 minutes, 21 seconds
ISC StormCast for Friday, August 16th 2019
Analysis of a Spearphishing Maldoc
https://isc.sans.edu/forums/diary/Analysis+of+a+Spearphishing+Maldoc/25242/
IoT Security Stagnation
https://securityledger.com/2019/08/huge-survey-of-firmware-finds-no-security-gains-in-15-years/
Kaspersky Insecurity
https://www.heise.de/ct/artikel/Kasper-Spy-Kaspersky-Anti-Virus-puts-users-at-risk-4496138.html
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
8/14/2019 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, August 14th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/August+2019+Microsoft+Patch+Tuesday/25236/
Adobe Patches
https://helpx.adobe.com/security.html
Windows Text Services Vulnerabilities
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html#ftnt2
100% JavaScript Phishing Page
https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
8/12/2019 • 5 minutes, 28 seconds
ISC StormCast for Monday, August 12th 2019
100% JavaScript Phishing Page
https://isc.sans.edu/forums/diary/100+JavaScript+Phishing+Page/25220/
Vulnerabilities in DSLR Cameras
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
https://global.canon/en/support/security/d-camera.html
Turning Tesla into Surveilance Platform
https://github.com/tevora-threat/scout
Basic Electron Framework Exploitation
https://www.contextis.com/en/blog/basic-electron-framework-exploitation
8/12/2019 • 5 minutes, 28 seconds
ISC StormCast for Friday, August 9th 2019
Kubernetes Security Audit Published
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
8/9/2019 • 6 minutes, 27 seconds
ISC StormCast for Friday, August 9th 2019
Kubernetes Security Audit Published
https://github.com/kubernetes/community/blob/master/wg-security-audit/findings/Kubernetes%20Final%20Report.pdf
https://www.cncf.io/blog/2019/08/06/open-sourcing-the-kubernetes-security-audit/
Apple Expands Bug Bounty
https://www.blackhat.com/us-19/briefings/schedule/index.html#behind-the-scenes-of-ios-and-mac-security-17220
https://www.forbes.com/sites/thomasbrewster/2019/08/08/apple-confirms-1-million-reward-for-hackers-who-find-serious-iphone-vulnerabilities/
0-Day Privilege Escalation in Steam Client
https://amonitoring.ru/article/steamclient-0day/
Actual Sextortion Trojan
https://www.welivesecurity.com/2019/08/08/varenyky-spambot-campaigns-france/
8/9/2019 • 6 minutes, 27 seconds
ISC StormCast for Thursday, August 8th 2019
AT&T Insiders Bribed to Obtain Unlock Codes
https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
8/8/2019 • 6 minutes, 31 seconds
ISC StormCast for Thursday, August 8th 2019
AT&T Insiders Bribed to Obtain Unlock Codes
https://www.justice.gov/usao-wdwa/press-release/file/1191031/download
Older RDP Vulnerability Can be Used for HyperV VM Escape
https://www.microsoft.com/security/blog/2019/08/07/a-case-study-in-industry-collaboration-poisoned-rdp-vulnerability-disclosure-and-response/
Cisco Patches Smart Switch 220 Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x
Firefox for Android Supporting WebAuthn
https://blog.mozilla.org/security/2019/08/05/web-authentication-in-firefox-for-android/
8/8/2019 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, August 7th 2019
Corporate IoT Used in Intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
8/7/2019 • 6 minutes, 15 seconds
ISC StormCast for Wednesday, August 7th 2019
Corporate IoT Used in Intrusion
https://msrc-blog.microsoft.com/2019/08/05/corporate-iot-a-path-to-intrusion/
New Spectre Variant: SWAPGS
https://www.bitdefender.com/business/swapgs-attack.html
New WPA3 Weaknesses
https://wpa3.mathyvanhoef.com/#new
8/7/2019 • 6 minutes, 15 seconds
ISC StormCast for Tuesday, August 6th 2019
Sexploitation E-Mail: Where did the winnings go
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
8/6/2019 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, August 6th 2019
Sexploitation E-Mail: Where did the winnings go
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+The+Final+Chapter/25204/
VMWare Update
https://www.vmware.com/security/advisories/VMSA-2019-0012.html
Android Update Fixes Qualcom Bug
https://source.android.com/security/bulletin/2019-08-01.html
https://blade.tencent.com/en/advisories/qualpwn/
8/6/2019 • 5 minutes, 39 seconds
ISC StormCast for Monday, August 5th 2019
Misconfigured JIRA Leaks User Details
https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
8/5/2019 • 5 minutes, 52 seconds
ISC StormCast for Monday, August 5th 2019
Misconfigured JIRA Leaks User Details
https://medium.com/@logicbomb_1/one-misconfig-jira-to-leak-them-all-including-nasa-and-hundreds-of-fortune-500-companies-a70957ef03c7
Google, Amazon, Apple modify policy on listening in on Assistant Recordings
https://datenschutz-hamburg.de/assets/pdf/2019-08-01_press-release-Google_Assistant.pdf
https://www.bloomberg.com/news/articles/2019-08-02/amazon-gives-option-to-disable-human-review-of-alexa-recordings
https://www.theverge.com/2019/8/2/20751270/apple-stops-contractors-siri-voice-recordings-privacy-opt-out
https://www.blog.google/products/assistant/more-information-about-our-processes-safeguard-speech-data/
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4841/kw/Security%20Bulletin
Detecting Incognito Mode in Google Chrome 76
https://blog.jse.li/posts/chrome-76-incognito-filesystem-timing/
8/5/2019 • 5 minutes, 52 seconds
ISC StormCast for Friday, August 2nd 2019
What Is Listening On Port 9527/TCP
https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
8/2/2019 • 5 minutes, 31 seconds
ISC StormCast for Friday, August 2nd 2019
What Is Listening On Port 9527/TCP
https://isc.sans.edu/forums/diary/What+is+Listening+On+Port+9527TCP/25194/
PowerShell Empire Abandonded
https://github.com/EmpireProject/Empire
https://twitter.com/xorrior/status/1156626182978383874
Cryptomining via GitHub/PasteBin C&C
https://unit42.paloaltonetworks.com/rockein-the-netflow/
8/2/2019 • 5 minutes, 31 seconds
ISC StormCast for Thursday, August 1st 2019
Phishing Attack Targeting Financial Sector
https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
8/1/2019 • 6 minutes, 27 seconds
ISC StormCast for Thursday, August 1st 2019
Phishing Attack Targeting Financial Sector
https://isc.sans.edu/forums/diary/Targeted+Phishing+Attacks+in+the+Financial+Industry+Fire3+Phishing+Kit/25188/
Enterprise Software Phoneing Home
https://www.extrahop.com/company/press-releases/2019/extrahop-issues-warning-about-phoning-home/
Google Stripping www and https again
https://bugs.chromium.org/p/chromium/issues/detail?id=883038#c114
Bypassing VISA Contactless Limits
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
8/1/2019 • 6 minutes, 27 seconds
ISC StormCast for Wednesday, July 31st 2019
Luno Phishing E-Mail and Badly Implemented 2FA
https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
7/31/2019 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, July 31st 2019
Luno Phishing E-Mail and Badly Implemented 2FA
https://isc.sans.edu/forums/diary/Can+You+Spell+2FA+A+Luno+Phish+Example/25186/
Google Chrome Update
https://w3c.github.io/webappsec-fetch-metadata/
https://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html
Apple Re-Releases 2019-004 Security Update for Sierra/High Sierra
https://support.apple.com/en-us/HT210348
Disabling Server Side Recording of Apple Siri Commands
https://github.com/jankais3r/Siri-NoLoggingPLS
DVRIP Port 34567 Uptick
https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
7/29/2019 • 7 minutes, 13 seconds
ISC StormCast for Monday, July 29th 2019
DVRIP Port 34567 Uptick
https://isc.sans.edu/forums/diary/DVRIP+Port+34567+Uptick/25174/
LibreOffice LibreLogo Macro Python Code Injection
https://insinuator.net/2019/07/libreoffice-a-python-interpreter-code-execution-vulnerability-cve-2019-9848/
Extracting Private Key From Amazon Music Application
https://koen.io/2019/07/26/underscoring-the-private-in-private-key/
7/29/2019 • 7 minutes, 13 seconds
ISC StormCast for Friday, July 26th 2019
When Users Attack: Users and Admins Thwarting Security Controls
https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
7/26/2019 • 6 minutes, 22 seconds
ISC StormCast for Friday, July 26th 2019
When Users Attack: Users and Admins Thwarting Security Controls
https://isc.sans.edu/forums/diary/When+Users+Attack+Users+and+Admins+Thwarting+Security+Controls/25170/
Immunity's Canvas Now Includes BlueKeep Exploit
https://twitter.com/Immunityinc/status/1153752470130221057
Johannesburg Power Outages Due To Ransomware
https://twitter.com/CityofJoburgZA
https://www.theregister.co.uk/2019/07/25/johannesburg_ransomware_infection/
Darkmatter Intermediate Certificate Trust Removed From Google Chrome
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/7-oKhDBLetQ
7/26/2019 • 6 minutes, 22 seconds
ISC StormCast for Thursday, July 25th 2019
VLC not Vulnerable to libebml Vulnerablity
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
7/25/2019 • 5 minutes, 48 seconds
ISC StormCast for Thursday, July 25th 2019
VLC not Vulnerable to libebml Vulnerablity
https://threader.app/thread/1153963312981389312
Cryptominer With BlueKeep Scanner
https://www.intezer.com/blog-watching-the-watchbog-new-bluekeep-scanner-and-linux-exploits/
Elasticsearch Vulnerabilities used to install DDoS Bot
https://blog.trendmicro.com/trendlabs-security-intelligence/multistage-attack-delivers-billgates-setag-backdoor-can-turn-elasticsearch-databases-into-ddos-botnet-zombies/
May People Be Considered As IOC?
https://isc.sans.edu/forums/diary/May+People+Be+Considered+as+IOC/25166/
7/25/2019 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, July 24th 2019
TLS Configuration
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
7/24/2019 • 6 minutes, 1 second
ISC StormCast for Wednesday, July 24th 2019
TLS Configuration
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+configuration+part+1/25162/
https://www.sans.org/webcasts/beast-poodle-celebrating-sweet32-111400
Apple Updates Everything
https://support.apple.com/en-us/HT201222
QNAP/Synology Update Security Advise
https://www.qnap.com/en-us/security-advisory/nas-201907-11
https://www.facebook.com/synologydeutschland/photos/a.1594837477441905/2417134061878905/
New Bluekeep Writeup
https://github.com/0xeb-bp/bluekeep
Analysis of DNS TXT Records
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
7/18/2019 • 6 minutes, 16 seconds
ISC StormCast for Thursday, July 18th 2019
Analysis of DNS TXT Records
https://isc.sans.edu/forums/diary/Analyzis+of+DNS+TXT+Records/25142/
Evil Gnome Linux Malware
https://www.intezer.com/blog-evilgnome-rare-malware-spying-on-linux-desktop-users/
New American Express Phishing Attacks
https://cofense.com/phishing-attacker-takes-american-express-victims-credentials/
7/18/2019 • 6 minutes, 16 seconds
ISC StormCast for Wednesday, July 17th 2019
Zoom/Apple Patches Additional Software
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
7/17/2019 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, July 17th 2019
Zoom/Apple Patches Additional Software
https://www.theverge.com/2019/7/16/20696529/apple-mac-silent-update-zoom-ringcentral-zhumu-vulnerabilty-patched
Lenovo/IOMega NAS API Vulnerability
https://www.theregister.co.uk/2019/07/16/iomega_nas_boxes/
Amadeus Vulnerability Allows Access to Boarding Passes
https://www.7elements.co.uk/resources/technical-advisories/insecure-direct-object-reference-within-amadeus-check-in-application/
FBI Releases GandGrab Master Keys
https://www.documentcloud.org/documents/6199678-GandCrab-Master-Decryption-Keys-FLASH.html
Android Media File Jacking
https://www.symantec.com/blogs/expert-perspectives/symantec-mobile-threat-defense-attackers-can-manipulate-your-whatsapp-and-telegram-media
7/17/2019 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, July 16th 2019
isodump.py and malicious ISO files
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
7/16/2019 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, July 16th 2019
isodump.py and malicious ISO files
https://isc.sans.edu/forums/diary/isodumppy+and+Malicious+ISO+Files/25134/
Atlassian Crowd Vulnerability Details
https://www.corben.io/atlassian-crowd-rce/
Scrapy Vulnerabilities
https://medium.com/alertot/web-scraping-considered-dangerous-leaking-files-from-the-spiders-host-bd508f81d498
iOS URL Scheme Susceptible to Hijacking
https://blog.trendmicro.com/trendlabs-security-intelligence/ios-url-scheme-susceptible-to-hijacking/
7/16/2019 • 6 minutes, 30 seconds
ISC StormCast for Monday, July 15th 2019
Magecart Targets S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
7/15/2019 • 6 minutes, 6 seconds
ISC StormCast for Monday, July 15th 2019
Magecart Targets S3 Buckets
https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets/
Atlassian Jira Vulnerability
https://confluence.atlassian.com/jira/jira-security-advisory-2019-07-10-973486595.html
Microsoft to Detect Phishing in Forms
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=52927
Tracking Anonymized Bluetooth Devices
https://petsymposium.org/2019/files/papers/issue3/popets-2019-0036.pdf
7/15/2019 • 6 minutes, 6 seconds
ISC StormCast for Friday, July 12th 2019
Analysis of a Recent AZORult Sample
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
7/12/2019 • 13 minutes, 23 seconds
ISC StormCast for Friday, July 12th 2019
Analysis of a Recent AZORult Sample
https://isc.sans.edu/forums/diary/Recent+AZORult+activity/25120/
Apple Delete Zoom Web Server
https://www.macrumors.com/2019/07/10/apple-update-remove-zoom-server/
Apple Disables Walkie Talkie App
https://techcrunch.com/2019/07/10/apple-disables-walkie-talkie-app-due-to-vulnerability-that-could-allow-iphone-eavesdropping/
Windows PXE Devices May Fail to Boot After Recent Update
https://support.microsoft.com/en-in/help/4512816/devices-that-start-up-using-preboot-execution-environment-pxe-images-f
Sean Goodwin: Attackers Inside the WAlls: Detecting Malicious Activity
https://www.sans.org/reading-room/whitepapers/detection/paper/39055
7/12/2019 • 13 minutes, 23 seconds
ISC StormCast for Thursday, July 11th 2019
Samba Project Disabling SMBv1 By Default
https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
7/11/2019 • 5 minutes, 3 seconds
ISC StormCast for Thursday, July 11th 2019
Samba Project Disabling SMBv1 By Default
https://isc.sans.edu/forums/diary/Samba+Project+tells+us+Whats+New+SMBv1+Disabled+by+Default+finally/25116/
GnuPG Will No Longer Import Signatures From Keyservers
https://lists.gnupg.org/pipermail/gnupg-announce/2019q3/000439.html
eChOraix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
Canonical Github Hack
https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
7/9/2019 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, July 9th 2019
Canonical Github Hack
https://news.ycombinator.com/item?id=20373009
New Wave of Magecart Attacks
https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a
Facebook's Libra Crpto Currency Already Impersonated
https://www.digitalshadows.com/blog-and-research/facebooks-libra-cryptocurrency-cybercriminals-tipping-the-scales-in-their-favor/
7/9/2019 • 5 minutes, 27 seconds
ISC StormCast for Monday, July 8th 2019
Does "Godlua" Use DNS over HTTPS or Not?
https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
7/8/2019 • 5 minutes, 40 seconds
ISC StormCast for Monday, July 8th 2019
Does "Godlua" Use DNS over HTTPS or Not?
https://www.golem.de/news/verschluesseltes-dns-falschmeldung-in-propagandaschlacht-um-dns-ueber-https-1907-142358.html
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Exploit for Cisco Authentication Bypass and RCE
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/cisco-dcnm-rce.txt
Magento RCE Exploit
https://blog.ripstech.com/2019/magento-rce-via-xss/
Malicous XSL Files
https://isc.sans.edu/forums/diary/Malicious+XSL+Files/25098/
7/8/2019 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, July 3rd 2019
Zipato SmartHub Vulnerabilities
https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
7/3/2019 • 6 minutes, 9 seconds
ISC StormCast for Wednesday, July 3rd 2019
Zipato SmartHub Vulnerabilities
https://blackmarble.sh/zipato-smart-hub/
Blocking DNS over HTTPS
https://github.com/bambenek/block-doh
Cloudflare Outage
https://www.cloudflarestatus.com/incidents/tx4pgxs6zxdr
Android Update
https://source.android.com/security/bulletin/2019-07-01
Powershell Kill Switch Commands
https://isc.sans.edu/forums/diary/Using+Powershell+in+Basic+Incident+Response+A+Domain+Wide+KillSwitch/25088/
7/3/2019 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, July 2nd 2019
Maldoc Payloads in User Forms
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
7/2/2019 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, July 2nd 2019
Maldoc Payloads in User Forms
https://isc.sans.edu/forums/diary/Maldoc+Payloads+in+User+Forms/25084/
Zyxel Vulnerabilities
https://www.zyxel.com/support/vulnerabilities-related-to-the-Free-Time-feature.shtml
AMD SEV DH Key Recovery
https://seclists.org/fulldisclosure/2019/Jun/46
Card Enrollment Service Fraud
https://www.advanced-intel.com/post/card-enrollment-services-highly-effective-fraud-methodology-offered-in-russian-underground
7/2/2019 • 5 minutes, 21 seconds
ISC StormCast for Sunday, June 30th 2019
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide
https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
6/30/2019 • 6 minutes, 43 seconds
ISC StormCast for Sunday, June 30th 2019
Collecting Hashes of Running Processes and verifying them with Virustotal Domain wide
https://isc.sans.edu/forums/diary/Verifying+Running+Processes+against+VirusTotal+DomainWide/25078/
Mozilla Server Side TLS Guide Updates
https://wiki.mozilla.org/Security/Server_Side_TLS
SKS Keyserver DoS Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
QR Code Phishing
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
6/30/2019 • 6 minutes, 43 seconds
ISC StormCast for Friday, June 28th 2019
New Brickerbot (Silex) Sightings
https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
6/27/2019 • 16 minutes, 42 seconds
ISC StormCast for Friday, June 28th 2019
New Brickerbot (Silex) Sightings
https://twitter.com/_larry0/status/1143532888538984448
Supply Chain Attacks Against Telco Providers
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
GreenFlash Sundown Malwaretising Campaign
https://blog.malwarebytes.com/threat-analysis/2019/06/greenflash-sundown-exploit-kit-expands-via-large-malvertising-campaign/
TrackThis Demonstrates How Advertisers Track You
https://trackthis.link
Geoff Parker: Automating Phsh Reporting Resposne
http://www.sans.org/reading-room/whitepapers/email/automating-response-phish-reporting-39000
SSH Will Start Encrypting Secret Keys in Memory
https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
6/23/2019 • 5 minutes, 33 seconds
ISC StormCast for Monday, June 24th 2019
SSH Will Start Encrypting Secret Keys in Memory
https://marc.info/?l=openbsd-cvs&m=156109087822676&w=2
Bluekeep Patchrate at 83.4%
https://twitter.com/RavivTamir/status/1141788586922119168
Android ADB/SSH Botnet
https://www.bleepingcomputer.com/news/security/botnet-uses-ssh-and-adb-to-create-android-cryptomining-army/
6/23/2019 • 5 minutes, 33 seconds
ISC StormCast for Friday, June 21st 2019
Updates for Dell Support Assistant
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
6/21/2019 • 14 minutes, 32 seconds
ISC StormCast for Friday, June 21st 2019
Updates for Dell Support Assistant
https://www.dell.com/support/article/us/en/04/sln317291/dsa-2019-084-dell-supportassist-for-business-pcs-and-dell-supportassist-for-home-pcs-security-update-for-pc-doctor-vulnerability?lang=en
Critical Cisco Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
LoudMiner Comes with VM
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
STI Student Dave Todd: Overcoming the Comliance Challenges in Biometrics
https://www.sans.org/reading-room/whitepapers/legal/paper/38970
6/21/2019 • 14 minutes, 32 seconds
ISC StormCast for Thursday, June 20th 2019
Critical Patch For WebLogic
https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
6/20/2019 • 5 minutes, 35 seconds
ISC StormCast for Thursday, June 20th 2019
Critical Patch For WebLogic
https://isc.sans.edu/forums/diary/Critical+Actively+Exploited+WebLogic+Flaw+Patched+CVE20192729/25050/
Exim Exploits Against Other Mail Servers
https://isc.sans.edu/forums/diary/Quick+Detect+Exim+Return+of+the+Wizard+Attack/25052/
SANS Fire Presentations (to be published soon)
https://isc.sans.edu/presentations
6/20/2019 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, June 19th 2019
Critical Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
6/19/2019 • 5 minutes, 7 seconds
ISC StormCast for Wednesday, June 19th 2019
Critical Firefox Update
https://www.mozilla.org/en-US/security/advisories/mfsa2019-18/#CVE-2019-11707
Bitdefender Releases GandCrap Decryptor
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Google Launches New Deceptive Site Protections in Chrome
https://blog.chromium.org/2019/06/new-chrome-protections-from-deception.html
6/19/2019 • 5 minutes, 7 seconds
ISC StormCast for Tuesday, June 18th 2019
TCP SACK Panic DoS in Linux
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
6/18/2019 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, June 18th 2019
TCP SACK Panic DoS in Linux
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md
https://tools.ietf.org/html/rfc879
Logitech Pointer Recall
https://www.heise.de/security/meldung/Angreifbare-Logitech-Presenter-Hersteller-tauscht-gefaehrliche-USB-Empfaenger-aus-4423627.html
An Infection from the Rig Exploit Kit
https://isc.sans.edu/forums/diary/An+infection+from+Rig+exploit+kit/25040/
6/18/2019 • 5 minutes, 45 seconds
ISC StormCast for Monday, June 17th 2019
Whats App Phishing
https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
6/17/2019 • 5 minutes, 36 seconds
ISC StormCast for Monday, June 17th 2019
Whats App Phishing
https://www.heise.de/newsticker/meldung/Phishing-Mails-gaukeln-Ende-von-WhatsApp-Abonnement-vor-4447165.html
Encrypted EMail Phishing
https://www.bleepingcomputer.com/news/security/phishing-scam-asks-you-to-login-to-read-encrypted-message/
Android Apps Link to Fake Sites
https://news.drweb.com/show/?i=13313&lng=en&c=5
Precomputed Hash Tables
https://a.ndronic.us/pre-computed-hash-table-v-1-0/
6/17/2019 • 5 minutes, 36 seconds
ISC StormCast for Friday, June 14th 2019
Exim Flaw Exploited
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
6/14/2019 • 15 minutes, 15 seconds
ISC StormCast for Friday, June 14th 2019
Exim Flaw Exploited
https://www.cybereason.com/blog/new-pervasive-worm-exploiting-linux-exim-server-vulnerability
Yubico Recalling FIPS Certified Yubikeys
https://www.yubico.com/support/security-advisories/ysa-2019-02/
Vulnerable Infusion Pumps
https://www.bd.com/en-us/support/product-security-and-privacy/product-security-bulletins/alaris-gateway-workstation-unauthorized-firmware
Telegram DDoS Attack
https://twitter.com/telegram/status/1138768124914929664
Ghidra Tips for IDA Users: Function Call Graphs
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+4+function+call+graphs/25032/
Joel Chapman: Security Consideration for Voice over Wifi (VoWifi) Systems
https://www.sans.org/reading-room/whitepapers/telephone/paper/38945
Microsoft Patches
https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
6/12/2019 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, June 12th 2019
Microsoft Patches
https://isc.sans.edu/forums/diary/MSFT+June+2019+Patch+Tuesday/25024/
Adobe Patches
https://helpx.adobe.com/security.html
SAP Security Notes
https://www.onapsis.com/blog/sap-patch-notes-june-2019
Intel Updates
https://www.us-cert.gov/ncas/current-activity/2019/06/11/Intel-Releases-Security-Updates-Mitigations-Multiple-Products
Microsoft Certificate DoS
https://bugs.chromium.org/p/project-zero/issues/detail?id=1804
GPS Receiver Woes
https://www.flightglobal.com/news/articles/collins-gps-outage-grounds-regional-flights-458819/
RAMBleed Attack
https://www.documentcloud.org/documents/6150180-RamBleed-attack-CVE-2019-0174.html
6/12/2019 • 6 minutes, 13 seconds
ISC StormCast for Tuesday, June 11th 2019
Interesting JavaScript Obfuscation Example
https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
6/11/2019 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, June 11th 2019
Interesting JavaScript Obfuscation Example
https://isc.sans.edu/forums/diary/Interesting+JavaScript+Obfuscation+Example/25020/
Spam Taking Advantage of DNS over HTTPS
https://myonlinesecurity.co.uk/it-looks-like-another-dns-compromise-hack-happening/
European Mobile Operator Traffic Leaked to China
https://arstechnica.com/information-technology/2019/06/bgp-mishap-sends-european-mobile-traffic-through-china-telecom-for-2-hours/?comments=1
VLC Update Patches Various Security Flaws
http://www.jbkempf.com/blog/post/2019/VLC-3.0.7-and-security
6/11/2019 • 6 minutes, 9 seconds
ISC StormCast for Monday, June 10th 2019
Keep An Eye On Your WMI Logs
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
6/10/2019 • 7 minutes, 37 seconds
ISC StormCast for Monday, June 10th 2019
Keep An Eye On Your WMI Logs
https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+WMI+Logs/25012/
Sysmon DNS Query Logging
https://isc.sans.edu/forums/diary/Tip+Sysmon+Will+Log+DNS+Queries/25016/
Komodo Agama Vulnerability and Breach
https://komodoplatform.com/update-agama-vulnerability/
Lessons Learned From Microsoft SOC
https://www.microsoft.com/security/blog/2019/06/06/lessons-learned-from-the-microsoft-soc-part-2b-career-paths-and-readiness/
Vulnerability in Notepad
https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
6/5/2019 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, June 5th 2019
Vulnerability in Notepad
https://threatpost.com/researcher-exploits-microsofts-notepad-to-pop-a-shell/145242/
Vulnerability in vim/neovim
https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
RDP Session Hijack Vulnerability
https://kb.cert.org/vuls/id/576688/
6/5/2019 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, June 4th 2019
Bypassing macOS Synthetic Click Protection
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
6/4/2019 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, June 4th 2019
Bypassing macOS Synthetic Click Protection
https://www.wired.com/story/apple-macos-bug-synthetic-clicks/
Intel Microcode Updates for Older Windows 10 Versions
https://support.microsoft.com/en-us/help/4494454/kb4494454-intel-microcode-updates
Fake AntiVirus Adds in Microsoft Games
https://answers.microsoft.com/en-us/windows/forum/all/malvertising-attack-on-microsoft-games/ced7ab87-7e0e-422b-97b7-fbfaed2b68a0
GandGrab Shutting Down
https://www.zdnet.com/article/gandcrab-ransomware-operation-says-its-shutting-down/
6/4/2019 • 5 minutes, 27 seconds
ISC StormCast for Monday, June 3rd 2019
Google Outage
https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
6/3/2019 • 5 minutes, 57 seconds
ISC StormCast for Monday, June 3rd 2019
Google Outage
https://status.cloud.google.com/incident/compute/19003
Major Vulnerability in Siemens LOGO Controllers
https://cert-portal.siemens.com/productcert/pdf/ssa-542701.pdf
Exposing TOR Users Via Cache Poisoning
https://blog.duszynski.eu/tor-ip-disclosure-through-http-301-cache-poisoning/
nginx njs Vulnerability
https://github.com/nginx/njs/issues/131
6/3/2019 • 5 minutes, 57 seconds
ISC StormCast for Friday, May 31st 2019
Analysing Shell Code with scdbg
https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
5/31/2019 • 6 minutes, 43 seconds
ISC StormCast for Friday, May 31st 2019
Analysing Shell Code with scdbg
https://isc.sans.edu/forums/diary/Analyzing+First+Stage+Shellcode/24984/
GitHub Automating Security Patches
https://help.github.com/en/articles/configuring-automated-security-fixes
Exposed Docker Containers Uses for Cryptocoin Mining
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Mozilla Objecting To Web Packaging
https://docs.google.com/document/d/1ha00dSGKmjoEh2mRiG8FIA5sJ1KihTuZe-AXX1r8P-8/preview#
5/31/2019 • 6 minutes, 43 seconds
ISC StormCast for Thursday, May 30th 2019
Behavioural Malware Analysis With Microsoft Attack Surface Analyzer
https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
5/30/2019 • 6 minutes, 7 seconds
ISC StormCast for Thursday, May 30th 2019
Behavioural Malware Analysis With Microsoft Attack Surface Analyzer
https://isc.sans.edu/forums/diary/Behavioural+Malware+Analysis+with+Microsoft+ASA/24980/
Docker Symlink Race Attack
https://seclists.org/oss-sec/2019/q2/131
Nanshu Campaign Using Signed Rootkit
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Dangers of Custom URL Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
5/24/2019 • 6 minutes, 5 seconds
ISC StormCast for Friday, May 24th 2019
Dangers of Custom URL Schemes
https://zeropwn.github.io/2019-05-22-fun-with-uri-handlers/
Update on Phyiscal Skimmer Market
https://www.advanced-intel.com/blog/skimming-threat-landscape-technology-advances-lower-barriers-of-entry-for-novice-skimming-operators
Apple Supplemental Update For masOS 10.14.5
https://support.apple.com/kb/DL2005?locale=en_US
Microsoft Releases Advanced Threat Protection for MacOS
https://techcommunity.microsoft.com/t5/Windows-Defender-ATP/Microsoft-Defender-ATP-for-Mac-now-in-open-public-preview/ba-p/634603
5/24/2019 • 6 minutes, 5 seconds
ISC StormCast for Thursday, May 23rd 2019
An Update on the Microsoft Windows RDP BlueKeep Vulnerablity
https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
5/22/2019 • 6 minutes, 18 seconds
ISC StormCast for Thursday, May 23rd 2019
An Update on the Microsoft Windows RDP BlueKeep Vulnerablity
https://isc.sans.edu/forums/diary/An+Update+on+the+Microsoft+Windows+RDP+Bluekeep+Vulnerability+CVE20190708+now+with+pcaps/24960/
New Zero Day Exploits by SandboxEscaper
https://github.com/SandboxEscaper/polarbearrepo
Signed Exploit Code
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
5/22/2019 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, May 22nd 2019
Setting Up Shodan Monitoring
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
5/21/2019 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, May 22nd 2019
Setting Up Shodan Monitoring
https://isc.sans.edu/forums/diary/Using+Shodan+Monitoring/24956/
Fingerprinting Smartphones With Gyroscope Data
https://sensorid.cl.cam.ac.uk/
20% of Linux Docker Containers Without Password
https://www.kennasecurity.com/20-of-the-1000-most-popular-docker-containers-have-no-root-password/
RDP #bluekeep Signature For Snort/Suricata
https://github.com/nccgroup/Cyber-Defence/blob/master/Signatures/suricata/2019_05_rdp_cve_2019_0708.txt
Google Analyzes Vendor Response to 0-Day Exploits
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
5/19/2019 • 5 minutes, 38 seconds
ISC StormCast for Monday, May 20th 2019
Google Analyzes Vendor Response to 0-Day Exploits
https://googleprojectzero.blogspot.com/p/0day.html
ASUS WebStorage Abused For Malware Distribution
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Vulnerabilities in Apple Air Drop
https://www.usenix.org/system/files/sec19fall_stute_prepub.pdf
5/19/2019 • 5 minutes, 38 seconds
ISC StormCast for Friday, May 17th 2019
The Risk of Authenticated Vulnerability Scans
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
5/17/2019 • 6 minutes, 1 second
ISC StormCast for Friday, May 17th 2019
The Risk of Authenticated Vulnerability Scans
https://isc.sans.edu/forums/diary/The+Risk+of+Authenticated+Vulnerability+Scans/24942/
ARIN Revokes about 735,000 IP Addresses
https://www.arin.net/vault/about_us/media/releases/20190513.html
More Cisco Patches (Prime Infrastructure, EPN Manager)
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190515-pi-rce
Instrument Landing Systems Spoofing
https://aanjhan.com/assets/ils_usenix2019.pdf
5/17/2019 • 6 minutes, 1 second
ISC StormCast for Thursday, May 16th 2019
Forbes Website Infected by Magecart
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
5/16/2019 • 5 minutes, 12 seconds
ISC StormCast for Thursday, May 16th 2019
Forbes Website Infected by Magecart
https://twitter.com/bad_packets/status/1128517905765683201
Malware Randomizes TLS Ciphers
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Google Recalls Titan Security Keys
https://security.googleblog.com/2019/05/titan-keys-update.html
SAMBA Update
https://www.samba.org/samba/security/CVE-2018-16860.html
SAP Patches
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032
5/16/2019 • 5 minutes, 12 seconds
ISC StormCast for Wednesday, May 15th 2019
New Intel CPU Vulnerabilities
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
5/15/2019 • 6 minutes, 14 seconds
ISC StormCast for Wednesday, May 15th 2019
New Intel CPU Vulnerabilities
https://cpu.fail/
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+May+2019+Patch+Tuesday/24934/
Apple Updates
https://support.apple.com/en-us/HT201222
Broken Trustseal
https://twitter.com/gwillem/status/1127890329175244800
https://twitter.com/bestoftheweb/status/1128036593208524800
5/15/2019 • 6 minutes, 14 seconds
ISC StormCast for Tuesday, May 14th 2019
Linux Remote Code Execution When Closing TCP Sockets
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
5/14/2019 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, May 14th 2019
Linux Remote Code Execution When Closing TCP Sockets
https://github.com/torvalds/linux/commit/cb66ddd156203daefb8d71158036b27b0e2caf63
WhatsApp Buffer Overflow Exploited to Install Spyware
https://www.facebook.com/security/advisories/cve-2019-3568
Cisco Vulnerabilities Lead to Trust Anchor Module Exploit
https://thrangrycat.com/
Linksys Unauthenticated Information Leak
https://badpackets.net/over-25000-linksys-smart-wi-fi-routers-vulnerable-to-sensitive-information-disclosure-flaw/
5/14/2019 • 5 minutes, 33 seconds
ISC StormCast for Monday, May 13th 2019
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
5/13/2019 • 5 minutes, 9 seconds
ISC StormCast for Monday, May 13th 2019
DSSuite - A Docker Container with Didier's Tools
https://isc.sans.edu/forums/diary/DSSuite+A+Docker+Container+with+Didiers+Tools/24926/
Sqlite3 Vulnerability
https://www.talosintelligence.com/vulnerability_reports/TALOS-2019-0777
NVidia Updates
https://nvidia.custhelp.com/app/answers/detail/a_id/4797
Windows 10 FIDO2 Certified
https://fidoalliance.org/microsoft-achieves-fido2-certification-for-windows-hello/
Google May Remove ADB Backup/Restore from Future Android Versions
https://www.xda-developers.com/adb-backup-and-restore-depreciated/
5/13/2019 • 5 minutes, 9 seconds
ISC StormCast for Friday, May 10th 2019
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
5/10/2019 • 5 minutes, 33 seconds
ISC StormCast for Friday, May 10th 2019
US DHS Warns of North Korean ELECTRICFISH Malware
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Fake KeePass Site Spreading Malware
https://twitter.com/berkcgoksel/status/1125727590440931329
Google Android Security Bulletin
https://source.android.com/security/bulletin/2019-05-01
Three Anti-Virus Companies Breached
https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
5/10/2019 • 5 minutes, 33 seconds
ISC StormCast for Thursday, May 9th 2019
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
5/9/2019 • 5 minutes, 45 seconds
ISC StormCast for Thursday, May 9th 2019
EMail Roulette May 2019
https://isc.sans.edu/forums/diary/Email+roulette+May+2019/24918/
Turla Lightneuron
https://www.welivesecurity.com/wp-content/uploads/2019/05/ESET-LightNeuron.pdf
Alpine Linux Docker Image root User Hard Coded Credentials
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0782
Worpress 5.2 Adds Digitially Signed Updates
https://wordpress.org/support/wordpress-version/version-5-2/
5/9/2019 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, May 8th 2019
Jenkins Exploit Mines Cryptocurrencies
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
5/8/2019 • 4 minutes, 59 seconds
ISC StormCast for Wednesday, May 8th 2019
Jenkins Exploit Mines Cryptocurrencies
https://isc.sans.edu/forums/diary/Vulnerable+Apache+Jenkins+exploited+in+the+wild/24916/
Confluence Vulnerablity Exploited to Delivery Cryptocurrency Miner with Rootkit
https://blog.trendmicro.com/trendlabs-security-intelligence/cve-2019-3396-redux-confluence-vulnerability-exploited-to-deliver-cryptocurrency-miner-with-rootkit/
Cisco Elastic Services Controller REST API Authentication Bypass
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190507-esc-authbypass
Google Chrome History Manipulation Prevention
https://groups.google.com/a/chromium.org/forum/?#!msg/blink-dev/T8d4_BRb2xQ/WSdOiOFcBAAJ
5/8/2019 • 4 minutes, 59 seconds
ISC StormCast for Tuesday, May 7th 2019
Decoding UTF-16 in UDF Files
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
5/7/2019 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, May 7th 2019
Decoding UTF-16 in UDF Files
https://isc.sans.edu/forums/diary/Text+and+TNULeNULxNULtNUL/24912/
VMWare Fusion 11 Guest VM RCE
https://theevilbit.github.io/posts/vmware_fusion_11_guest_vm_rce_cve-2019-5514/
Hackers Are Using Bad Passwords Too
https://www.ankitanubhav.info/post/c2bruting
Amazon S3 Discontinues Path Style Access
https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/
New SAP Exploits Used to Target Exposed
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
5/3/2019 • 6 minutes, 8 seconds
ISC StormCast for Friday, May 3rd 2019
New SAP Exploits Used to Target Exposed
https://www.onapsis.com/10kblaze
Cisco Patches SSH Default Credential Vulnerability in Nexus 9000 Switches
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190501-nexus9k-sshkey
Current State of JavaScript Crypto Jacking
https://blog.malwarebytes.com/cybercrime/2019/05/cryptojacking-in-the-post-coinhive-era/
D-Link Camera Vulnerabilities
https://www.welivesecurity.com/2019/05/02/d-link-camera-vulnerability-video-stream/
Securepairs Promotes "Right to Repair"
https://securepairs.org/
5/3/2019 • 6 minutes, 8 seconds
ISC StormCast for Thursday, May 2nd 2019
RCE Vulnerability in Dell Support Assist
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
5/2/2019 • 5 minutes, 57 seconds
ISC StormCast for Thursday, May 2nd 2019
RCE Vulnerability in Dell Support Assist
https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/
Creston Multiple Vulnerabilities
https://www.crestron.com/en-US/Security/Security_Advisories
Polymorphic Skimmer Targeting 57 different Payment Gateways
https://labs.sansec.io/2019/04/29/polymorphic-skimmer-57-payment-gateways/
More Attacks Against S/Mime and PGP Signed Email
https://github.com/RUB-NDS/Johnny-You-Are-Fired/blob/master/paper/johnny-fired.pdf
iLnkP2P Allows Access To Millions of Security Cameras
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
4/30/2019 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, April 30th 2019
iLnkP2P Allows Access To Millions of Security Cameras
https://hacked.camera
Windows 10 Users Not Applying October Update
https://reports.adduplex.com/#/r/2019-04
iFrame "Ransom Support" Attacks
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
Unpatched Vulnerablity in WebLogic Exploited
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
4/26/2019 • 5 minutes, 25 seconds
ISC StormCast for Friday, April 26th 2019
Unpatched Vulnerablity in WebLogic Exploited
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+Alert+WebLogic+Zero+Day/24880/
Collecting Windows Service Accounts
https://isc.sans.edu/forums/diary/Service+Accounts+Redux+Collecting+Service+Accounts+with+PowerShell/24882/
Confluence Vulnerablity Exploited by GandGrab
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
New Micrsoft Security Baseline for Windows 10 / Windows Server
https://blogs.technet.microsoft.com/secguide/2019/04/24/security-baseline-draft-for-windows-10-v1903-and-windows-server-v1903/
4/26/2019 • 5 minutes, 25 seconds
ISC StormCast for Thursday, April 25th 2019
Rooting Out Unwanted Domain Admins With Powershell
https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
4/25/2019 • 7 minutes, 28 seconds
ISC StormCast for Thursday, April 25th 2019
Rooting Out Unwanted Domain Admins With Powershell
https://isc.sans.edu/forums/diary/Where+have+all+the+Domain+Admins+gone+Rooting+out+Unwanted+Domain+Administrators/24874/
Mac OS X-Protect Now Covering Windows Malware
https://twitter.com/patrickwardle/status/1120771284286103552
Wifi Finder Leaks Hotspot Passwords
https://techcrunch.com/2019/04/22/hotspot-password-leak/
Github Hosting Phishing Pages
https://www.proofpoint.com/us/threat-insight/post/threat-actors-abuse-github-service-host-variety-phishing-kits
RSA Webinar: The Five Most Dangerous New Attack Techniques and How to Counter Them
https://www.rsaconference.com/videos/rsac-2019-the-five-most-dangerous-new-attack-techniques-and-how-to-counter-them-continued
4/25/2019 • 7 minutes, 28 seconds
ISC StormCast for Wednesday, April 24th 2019
Decoding Malicious VBA Office Document Without Source Code
https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
4/24/2019 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, April 24th 2019
Decoding Malicious VBA Office Document Without Source Code
https://isc.sans.edu/forums/diary/Malicious+VBA+Office+Document+Without+Source+Code/24870/
More Updates on "ShadowHammer" Supply Chain Attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
A Malicious Sight in Google Sites
https://www.netskope.com/blog/malicious-google-sites
4/24/2019 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, April 23rd 2019
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250
https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
4/22/2019 • 5 minutes, 44 seconds
ISC StormCast for Tuesday, April 23rd 2019
.rar Files Exploiting ACE Vulneraiblity CVE-2018-20250
https://isc.sans.edu/forums/diary/rar+Files+and+ACE+Exploit+CVE201820250/24864/
Malware Senders Become Younger and Less Sophisticated (in German)
https://www.heise.de/security/meldung/Malware-Verteiler-werden-immer-juenger-infizieren-sich-oft-selbst-4403823.html
McAfee Antivirus Affected by April Windows Update Crashes
http://kc.mcafee.com/corporate/index?page=content&id=KB91465
Rules to Protect Against Azure Blog Phishing in Outlook 365
https://malware-research.org/simple-rule-to-protect-against-spoofed-windows-net-phishing-attacks/
Windows 7 End of Support Messages
https://www.windowslatest.com/2019/04/20/windows-7-users-are-now-receiving-the-end-of-support-notifications/
4/22/2019 • 5 minutes, 44 seconds
ISC StormCast for Monday, April 22nd 2019
Analyzing UDF Files Using Python
https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
4/22/2019 • 6 minutes, 53 seconds
ISC StormCast for Monday, April 22nd 2019
Analyzing UDF Files Using Python
https://isc.sans.edu/forums/diary/Analyzing+UDF+Files+with+Python/24860/
HTML Ping To Be Adopted By All Major Browsers
https://webkit.org/blog/8821/link-click-analytics-and-privacy/
Microsoft to Modify Edge User Agent for Some Sites
https://www.onmsft.com/news/new-edge-insider-browser-can-change-user-agent-strings-based-on-what-website-youre-visiting
French Government Chat System Used Weak User Management
https://m.heise.de/security/meldung/Tchap-Frankreichs-nicht-so-exklusiver-Regierungschat-4403961.html
4/22/2019 • 6 minutes, 53 seconds
ISC StormCast for Friday, April 19th 2019
Malware Delivered As a UDF .img file
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
4/19/2019 • 6 minutes, 50 seconds
ISC StormCast for Friday, April 19th 2019
Malware Delivered As a UDF .img file
https://isc.sans.edu/forums/diary/Malware+Sample+Delivered+Through+UDF+Image/24854/
Facebook Stored Passwords in Plain Text
https://newsroom.fb.com/news/2019/03/keeping-passwords-secure/
Iranian Statesponsored Malware and Data Leaked
https://misterch0c.blogspot.com/2019/04/apt34-oilrig-leak.html
Windows 8 Live Tiles Domain Takeover
https://www.golem.de/news/subdomain-takeover-microsoft-verliert-kontrolle-ueber-windows-kacheln-1904-140709.html
4/19/2019 • 6 minutes, 50 seconds
ISC StormCast for Thursday, April 18th 2019
DNS Hijacking by Sea Turtle
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
4/18/2019 • 5 minutes, 28 seconds
ISC StormCast for Thursday, April 18th 2019
DNS Hijacking by Sea Turtle
https://blog.talosintelligence.com/2019/04/seaturtle.html
Broadcom Wifi Driver Vulnerabilities
https://www.kb.cert.org/vuls/id/166939/
NamPoHyu Virus Infects Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/
Increased Attacks on Confluence
https://twitter.com/DFNCERT/status/1118468599230943233
4/18/2019 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, April 17th 2019
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian)
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
4/17/2019 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, April 17th 2019
PoC Exploit for Windows 10 DHCP Client Vulnerability CVE-2019-0726 (russian)
https://habr.com/ru/company/pt/blog/448378/
Oracle April 2019 Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
WiPro Breached Via Phishing Attacks
https://krebsonsecurity.com/2019/04/experts-breach-at-it-outsourcing-giant-wipro/
IDA and GHydra Part 2 (Strings And Parameters)
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+2+strings+and+parameters/24848/
4/17/2019 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, April 16th 2019
Common "False Positives" in DNS Query Logs
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/
Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
4/16/2019 • 7 minutes, 4 seconds
ISC StormCast for Tuesday, April 16th 2019
Common "False Positives" in DNS Query Logs
https://isc.sans.edu/forums/diary/Odd+DNS+Requests+that+are+Normal/24844/
Adblock Plus Allows Filter List Providers to Inject Code in Pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Executables in Polyglot DICOM Images
https://github.com/d00rt/pedicom/blob/master/doc/Attacking_Digital_Imaging_and_Communication_in_Medicine_(DICOM)_file_format_standard_-_Markel_Picado_Ortiz_(d00rt).pdf
Malicious/Misleading VPN Ads
https://www.bleepingcomputer.com/news/security/mobile-vpns-promoted-by-you-are-infected-or-hacked-ads/
4/16/2019 • 7 minutes, 4 seconds
ISC StormCast for Monday, April 15th 2019
Configuring MTA-STS
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
4/15/2019 • 6 minutes, 24 seconds
ISC StormCast for Monday, April 15th 2019
Configuring MTA-STS
https://isc.sans.edu/forums/diary/Configuring+MTASTS+and+TLS+Reporting+For+Your+Domain/24840/
How to Find Hidden Cameras in Your AirBNB
https://isc.sans.edu/forums/diary/How+to+Find+Hidden+Cameras+in+your+AirBNB/24834/
Insecure Storage of VPN Credentials
https://www.kb.cert.org/vuls/id/192371/
Microsoft Patch Problems
https://support.microsoft.com/en-us/help/4493472/windows-7-update-kb4493472
https://support.microsoft.com/en-us/help/4493446/windows-8-1-update-kb4493446
Internet Explorer XML External Entity Vulnerability
http://hyp3rlinx.altervista.org/advisories/MICROSOFT-INTERNET-EXPLORER-v11-XML-EXTERNAL-ENTITY-INJECTION-0DAY.txt
4/15/2019 • 6 minutes, 24 seconds
ISC StormCast for Friday, April 12th 2019
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
4/12/2019 • 6 minutes, 16 seconds
ISC StormCast for Friday, April 12th 2019
GMail Will Be Supporting MTA-STS and SMTP TLS Reporting
https://tools.ietf.org/html/rfc8461
https://tools.ietf.org/html/rfc8460
https://www.zdnet.com/article/gmail-becomes-first-major-email-provider-to-support-mta-sts-and-tls-reporting/
Juniper Patch Fixes Static Password in Junos OS
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10923&actp=METADATA
Uniden Commercial IP Camera Site Hosting Malware
https://twitter.com/JayTHL/status/1116200014630596609
4/12/2019 • 6 minutes, 16 seconds
ISC StormCast for Thursday, April 11th 2019
WPA3 Dragonblood Vulnerability
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
4/11/2019 • 7 minutes, 37 seconds
ISC StormCast for Thursday, April 11th 2019
WPA3 Dragonblood Vulnerability
http://papers.mathyvanhoef.com/dragonblood.pdf
North Korean Trojan: HOPLIGHT
https://www.us-cert.gov/ncas/analysis-reports/AR19-100A
Gaza Cybergang Group1 "SneakyPastes"
https://securelist.com/gaza-cybergang-group1-operation-sneakypastes/90068/
4/11/2019 • 7 minutes, 37 seconds
ISC StormCast for Wednesday, April 10th 2019
Microsoft and Adobe Patches
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
4/9/2019 • 6 minutes, 41 seconds
ISC StormCast for Wednesday, April 10th 2019
Microsoft and Adobe Patches
https://isc.sans.edu/forums/diary/Microsoft+April+2019+Patch+Tuesday/24826/
https://helpx.adobe.com/security.html
Fake "Food Poisoning" emails in Germany (in german)
https://www.polizei-praevention.de/aktuelles/erneut-mails-mit-schadsoftware-gegen-gewerbetreibende-im-umlauf.html
Vulnerability in Apache Axis
https://rhinosecuritylabs.com/application-security/cve-2019-0227-expired-domain-rce-apache-axis/
Golang DLL Injection Vulnerability
https://www.openwall.com/lists/oss-security/2019/04/09/1
4/9/2019 • 6 minutes, 41 seconds
ISC StormCast for Tuesday, April 9th 2019
GHidra vs. IDA
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
4/9/2019 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, April 9th 2019
GHidra vs. IDA
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+1+the+decompilerunreachable+code/24822/
TrendMicro Patch
https://success.trendmicro.com/solution/1122250
Dovecot Patch
https://dovecot.org/list/dovecot-news/2019-March/000403.html
Apache CVE-2019-0211 Exploit
https://github.com/cfreal/exploits/tree/master/CVE-2019-0211-apache
Using JavaScript in Exploits
https://www.youtube.com/watch?v=HfpnloZM61I
New Waves of Scans Detected By An Old Rule
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
4/4/2019 • 5 minutes, 47 seconds
ISC StormCast for Friday, April 5th 2019
New Waves of Scans Detected By An Old Rule
https://isc.sans.edu/forums/diary/New+Waves+of+Scans+Detected+by+an+Old+Rule/24812/
Xiaomi GuardApp Vulnerable to Man in the Middle
https://blog.checkpoint.com/2019/04/04/xiaomi-vulnerability-when-security-is-not-what-it-seems/
Xwo Web Scanner Hunting for MongoDB
https://www.alienvault.com/blogs/labs-research/xwo-a-python-based-bot-scanner
Vulnerable SmartWatches "Defaced"
https://api.heise.de/svc/embetty/tweet/1112326532939374593-images-0
https://www.heise.de/newsticker/meldung/Vidimensio-Smartwatches-Der-Sicherheits-Alptraum-geht-weiter-4359967.html
4/4/2019 • 5 minutes, 47 seconds
ISC StormCast for Thursday, April 4th 2019
Ghidra tips for IDA users: Automatic Comments for API Call Parameters
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
4/4/2019 • 5 minutes, 47 seconds
ISC StormCast for Thursday, April 4th 2019
Ghidra tips for IDA users: Automatic Comments for API Call Parameters
https://isc.sans.edu/forums/diary/A+few+Ghidra+tips+for+IDA+users+part+0+automatic+comments+for+API+call+parameters/24806/
Security Awareness Newsletter: Making Passwords Simple
https://www.sans.org/security-awareness-training/resources/making-passwords-simple
IRS Themed Phishing Emails
https://www.proofpoint.com/us/threat-insight/post/tax-themed-email-campaigns-target-2019-filers
Large Leak of Facebook User Data via 3rd Party App
https://www.upguard.com/breaches/facebook-user-data-leak
Arbitrary Command Execution in PostgreSQL
https://medium.com/greenwolf-security/authenticated-arbitrary-command-execution-on-postgresql-9-3-latest-cd18945914d5
4/4/2019 • 5 minutes, 47 seconds
ISC StormCast for Wednesday, April 3rd 2019
Compromised LaCie Drive Spread Fake AntiVirus
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
4/3/2019 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, April 3rd 2019
Compromised LaCie Drive Spread Fake AntiVirus
https://isc.sans.edu/forums/diary/Fake+AV+is+Back+LaCie+Network+Drives+Used+to+Spread+Malware/24802/
Unpatched SOP Vulnerability in Internet Explorer/Edge
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Apache Fixes Privilege Escalation Flaw
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
Verizon Users Phished for Credentials
https://blog.lookout.com/mobile-phishing-verizon
4/3/2019 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, April 2nd 2019
Common "OpenAction" False Positive in PDFs Created by OpenOffice
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
4/2/2019 • 4 minutes, 38 seconds
ISC StormCast for Tuesday, April 2nd 2019
Common "OpenAction" False Positive in PDFs Created by OpenOffice
https://isc.sans.edu/forums/diary/Analysis+of+PDFs+Created+with+OpenOfficeLibreOffice/24798/
Android Monthly Update
https://source.android.com/security/bulletin/2019-04-01#2019-04-01-details
Malicious Android App Forwards Banking Calls to Attacker
https://www.blackhat.com/asia-19/briefings/schedule/index.html#when-voice-phishing-met-malicious-android-app-13419
Google Allowing WebAuthn Login from Firefox/Edge
https://twitter.com/christiaanbrand/status/1111430192596025347
All Your Data Are Belong to Us: Defending Against Credential Stuffing Attacks
https://www.sans.org/webcasts/data-belong-us-defend-credential-stuffing-110340
4/2/2019 • 4 minutes, 38 seconds
ISC StormCast for Monday, April 1st 2019
Annotating Golang Binaries with Cutter and Jupyter
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
3/31/2019 • 5 minutes, 36 seconds
ISC StormCast for Monday, April 1st 2019
Annotating Golang Binaries with Cutter and Jupyter
https://isc.sans.edu/forums/diary/Annotating+Golang+binaries+with+Cutter+and+Jupyter/24790/
ASUS Targeted MAC Addresses Available for Download
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
Weaponized Version of New Zealand Attack Manifesto
https://bluehexagon.ai/blog/weaponized-version-of-new-zealand-terror-suspects-manifesto-discovered-in-the-wild/
Kubernetes Directory Traversal
https://www.twistlock.com/labs-blog/disclosing-directory-traversal-vulnerability-kubernetes-copy-cve-2019-1002101/
VMWare Patches
https://www.vmware.com/security/advisories/VMSA-2019-0005.html
3/31/2019 • 5 minutes, 36 seconds
ISC StormCast for Friday, March 29th 2019
Creating Your Own Passive DNS Logs
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
3/28/2019 • 4 minutes, 30 seconds
ISC StormCast for Friday, March 29th 2019
Creating Your Own Passive DNS Logs
https://isc.sans.edu/forums/diary/Running+your+Own+Passive+DNS+Service/24784/
Incomplete Patch for Cisco RV320 Routers
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-003/-cisco-rv320-unauthenticated-configuration-export
https://www.redteam-pentesting.de/en/advisories/rt-sa-2019-004/-cisco-rv320-unauthenticated-diagnostic-data-retrieval
TPLink Debug Port Vulnerability
https://twitter.com/mjg59/status/1111106885736787975
https://pastebin.com/GAzccR95
3/28/2019 • 4 minutes, 30 seconds
ISC StormCast for Thursday, March 28th 2019
Microsoft Releases Application Guard for Firefox and Chrome
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
3/27/2019 • 5 minutes, 5 seconds
ISC StormCast for Thursday, March 28th 2019
Microsoft Releases Application Guard for Firefox and Chrome
https://blogs.windows.com/windowsexperience/2019/03/15/announcing-windows-10-insider-preview-build-18358/
New Set of LTE Vulnerabilities
https://syssec.kaist.ac.kr/pub/2019/kim_sp_2019.pdf
NVidia Privilege Escalation
https://rhinosecuritylabs.com/application-security/nvidia-arbitrary-file-writes-to-command-execution-cve-2019-5674/
3/27/2019 • 5 minutes, 5 seconds
ISC StormCast for Wednesday, March 27th 2019
Apple Updates
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
3/26/2019 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, March 27th 2019
Apple Updates
https://support.apple.com/en-us/HT201222
ASUS Response to Kaspersky Report
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Firefox Importing Windows Root Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1533397
UC Webbrowser MITM Vulnerability
https://www.bleepingcomputer.com/news/security/uc-browser-for-android-desktop-exposes-500-million-users-to-mitm-attacks/
3/26/2019 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, March 26th 2019
ASUS Live Update "ShadowHammer" Backdoor
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883
3/25/2019 • 5 minutes, 19 seconds
ISC StormCast for Tuesday, March 26th 2019
ASUS Live Update "ShadowHammer" Backdoor
https://www.kaspersky.com/blog/shadow-hammer-teaser
https://shadowhammer.kaspersky.com/
Telegram Unsent Feature
https://techcrunch.com/2019/03/25/going-going-gone/
F5 Big IP Updates
https://support.f5.com/csp/article/K14812883
3/25/2019 • 5 minutes, 19 seconds
ISC StormCast for Monday, March 25th 2019
Reversing Malware Written In Golang
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
3/24/2019 • 6 minutes, 8 seconds
ISC StormCast for Monday, March 25th 2019
Reversing Malware Written In Golang
https://isc.sans.edu/forums/diary/Introduction+to+analysing+Go+binaries/24770/
More "VelvetSweatshop" Maldocs
https://isc.sans.edu/forums/diary/VelvetSweatshop+Maldocs/24772/
Reading QR Codes in Python
https://isc.sans.edu/forums/diary/Decoding+QR+Codes+with+Python/24774/
Pwn2Own Contest: Firefox, Safari, Edge and others fall
https://www.zdnet.com/article/tesla-car-hacked-at-pwn2own-contest/
Norwegian Nokia Phones Sent Data to China (Article in Norwegian)
https://nrkbeta.no/2019/03/21/norske-telefoner-sendte-personopplysninger-til-kina/
Java Card Vulnerabilities
https://seclists.org/fulldisclosure/2019/Mar/35
3/24/2019 • 6 minutes, 8 seconds
ISC StormCast for Thursday, March 21st 2019
Google Photo Cross-Site-Leak Exposes Picture Meta Data
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
3/21/2019 • 5 minutes, 29 seconds
ISC StormCast for Thursday, March 21st 2019
Google Photo Cross-Site-Leak Exposes Picture Meta Data
https://www.imperva.com/blog/now-patched-google-photos-vulnerability-let-hackers-track-your-friends-and-location-history/
Fake CDC EMails Spread GandCrab Ransomware
https://myonlinesecurity.co.uk/fake-cdc-flu-pandemic-warning-delivers-gandcrab-5-2-ransomware/
Atlassian Sourcetree Vulnerability
https://confluence.atlassian.com/sourcetreekb/sourcetree-security-advisory-2019-03-06-966678691.html
Microsoft Defender for MacOS
https://www.theregister.co.uk/2019/03/21/microsoft_defender_atp/
3/21/2019 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, March 20th 2019
Using Active Directory (AD) To Find Hosts That Are Not in AD
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
3/20/2019 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, March 20th 2019
Using Active Directory (AD) To Find Hosts That Are Not in AD
https://isc.sans.edu/forums/diary/Using+AD+to+find+hosts+that+arent+in+AD+fun+with+the+IPAddress+construct/24762/
Microsoft Anti Malware Crashing Windows
https://social.technet.microsoft.com/Forums/en-US/18ab60a3-3b26-4a07-b68d-84085ce66ce5/scep-crashing-pcs?forum=ConfigMgrCompliance&prof=required
Reduction in DDoS Attacks
https://www.nexusguard.com/threat-report-q4-2018
3/20/2019 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, March 20th 2019
Cloudflare Releases Proxy Detection Tools
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
3/19/2019 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, March 20th 2019
Cloudflare Releases Proxy Detection Tools
https://blog.cloudflare.com/monsters-in-the-middleboxes/
Business Email Compromise Moving to SMS
https://www.agari.com/email-security-blog/bec-goes-mobile/
JavaScript Requests Without Same Origin Policy Limitations
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
Discovering IPv6 Hosts With UPNP
https://blog.talosintelligence.com/2019/03/ipv6-unmasking-via-upnp.html#more
3/19/2019 • 6 minutes, 7 seconds
ISC StormCast for Monday, March 18th 2019
Putty Updates
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
3/18/2019 • 5 minutes, 41 seconds
ISC StormCast for Monday, March 18th 2019
Putty Updates
https://www.chiark.greenend.org.uk/~sgtatham/putty/
Fujitsu Wireless Keyboard Vulnerabilities
https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2018-033.txt
Signed Malware Goes Undetected
https://twitter.com/malwrhunterteam/status/1104082562216062978/photo/1?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1104082562216062978&ref_url=https%3A%2F%2Fwww.theregister.co.uk%2F2019%2F03%2F18%2Fsecurity_roundup_150319%2F
Free Support for Ubuntu 14.04 LTS Ends in April
https://lists.ubuntu.com/archives/ubuntu-announce/2019-March/000241.html
Latest Mirai Version with Even More Exploits
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
3/18/2019 • 5 minutes, 41 seconds
ISC StormCast for Sunday, March 17th 2019
Binary Analysis With Jupyter and Radare2
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
3/17/2019 • 7 minutes, 2 seconds
ISC StormCast for Sunday, March 17th 2019
Binary Analysis With Jupyter and Radare2
https://isc.sans.edu/forums/diary/Binary+Analysis+with+Jupyter+and+Radare2/24748/
IMAP Brute Forcing against Cloud Accounts
https://www.proofpoint.com/us/threat-insight/post/threat-actors-leverage-credential-dumps-phishing-and-legacy-email-protocols
Google Allows GSuite Users to Disable SMS/Voice Authentication
https://gsuiteupdates.googleblog.com/2019/03/more-control-over-2-step-verification-security-phone-sms.html
Sniffing Bitlocker Keys from TPM
https://pulsesecurity.co.nz/articles/TPM-sniffing
3/17/2019 • 7 minutes, 2 seconds
ISC StormCast for Friday, March 15th 2019
Analyzing ZIP Files in Ghydra
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
3/15/2019 • 5 minutes, 13 seconds
ISC StormCast for Friday, March 15th 2019
Analyzing ZIP Files in Ghydra
https://isc.sans.edu/forums/diary/Tip+Ghidra+ZIP+Files/24732/
64 Bit Certificate Serial Number Revocation
https://adamcaudill.com/2019/03/09/tls-64bit-ish-serial-numbers-mass-revocation/
Cisco Default Account Problem
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190313-cspcscv
Intel Patches
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00185.html
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00191.html
DevOps Tool StackStorm Vulnerability
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
3/12/2019 • 5 minutes, 5 seconds
ISC StormCast for Tuesday, March 12th 2019
DevOps Tool StackStorm Vulnerability
https://quitten.github.io/StackStorm/
Developers Will Not Code Secure By Default
https://net.cs.uni-bonn.de/fileadmin/user_upload/naiakshi/Naiakshina_Password_Study.pdf
Gaming Industry Supply Chain Attack
https://www.welivesecurity.com/2019/03/11/gaming-industry-scope-attackers-asia/
3/12/2019 • 5 minutes, 5 seconds
ISC StormCast for Monday, March 11th 2019
Reversing HTA Files
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
3/10/2019 • 6 minutes, 50 seconds
ISC StormCast for Monday, March 11th 2019
Reversing HTA Files
https://isc.sans.edu/forums/diary/Quick+and+Dirty+Malicious+HTA+Analysis/24728/
Apache SOLR Patch
https://issues.apache.org/jira/browse/SOLR-13301
Windows 7 + Google Chrome Exploit in the Wild
https://security.googleblog.com/2019/03/disclosing-vulnerabilities-to-protect.html
Vulnerable Car Alarms
https://www.pentestpartners.com/security-blog/gone-in-six-seconds-exploiting-car-alarms/
More Resume Malspam. Now With Trickbot and EternalBlue
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
3/7/2019 • 6 minutes, 25 seconds
ISC StormCast for Thursday, March 7th 2019
More Resume Malspam. Now With Trickbot and EternalBlue
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+word+docs+still+pushing+IcedID+Bokbot+with+Trickbot/24708/
Cloudflare Deploys Rules to Protect Against Recent Drupal Exploit
https://www.bleepingcomputer.com/news/security/cloudflare-deploys-firewall-rule-to-block-new-drupal-exploits/
Cisco DoS Vulnerability Activity Exploited
https://www.pentestpartners.com/security-blog/cisco-rv130-its-2019-but-yet-strcpy/
MonitorKit uses macOS Game Engine to Analyze Security Events
https://github.com/objective-see
3/7/2019 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, March 6th 2019
Comcast Uses same "0000" PIN For All Number Porting Requests
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
3/6/2019 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, March 6th 2019
Comcast Uses same "0000" PIN For All Number Porting Requests
https://nakedsecurity.sophos.com/2019/03/05/comcast-security-nightmare-default-0000-pin-on-everybodys-account/
NSA Releases Ghidra Reverse Analysis Tool
https://ghidra-sre.org/
Recent Google Chrome Vulnerability Being Exploited
https://chromereleases.googleblog.com/2019/03/stable-channel-update-for-desktop.html?m=1
Android Monthly Security Bulletin
https://source.android.com/security/bulletin/2019-03-01
3/6/2019 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, March 5th 2019
MacOS Unpatched Privilge Escalation Vulnerability made Public
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
3/5/2019 • 5 minutes, 50 seconds
ISC StormCast for Tuesday, March 5th 2019
MacOS Unpatched Privilge Escalation Vulnerability made Public
https://bugs.chromium.org/p/project-zero/issues/detail?id=1726
Windows Exploit Suggester Next Generation Released
https://github.com/bitsadmin/wesng
Docker Vulnerability used for Crypto Miners
https://www.imperva.com/blog/hundreds-of-vulnerable-docker-hosts-exploited-by-cryptocurrency-miners/
Russian GPS Jamming Exercises
https://thebarentsobserver.com/en/security/2019/03/russian-military-officials-arrive-oslo-norway-provides-facts-gps-jamming
3/5/2019 • 5 minutes, 50 seconds
ISC StormCast for Monday, March 4th 2019
Cisco Router Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
3/4/2019 • 5 minutes, 39 seconds
ISC StormCast for Monday, March 4th 2019
Cisco Router Patch
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190227-rmi-cmd-ex
Coldfusion Patch and Exploit
https://www.carehart.org/blog/client/index.cfm/2019/3/1/urgent_CF_security_update_Part_1
Ransomware Impersonates Protonmail
https://twitter.com/demonslay335/status/1097866931762282498
eBay Site Used for eBay Phish (article in German)
https://www.heise.de/security/meldung/eBay-Phishing-auf-eBay-Seite-4324266.html
Coinhive Shutting Down
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
2/28/2019 • 5 minutes, 8 seconds
ISC StormCast for Thursday, February 28th 2019
Coinhive Shutting Down
https://coinhive.com/blog/en/discontinuation-of-coinhive
Azure Blob Storage Phishing
https://www.edgewave.com/phishing/feeling-blue-about-phishing/
Old 2014 Elastic Search Vulnerability Exploited
https://blog.talosintelligence.com/2019/02/cisco-talos-honeypot-analysis-reveals.html
Latest Drupal Vulnerability Exploited
https://www.imperva.com/blog/latest-drupal-rce-flaw-used-by-cryptocurrency-miners-and-other-attackers/
F5 Big IP Patches
https://support.f5.com/csp/article/K91026261
2/28/2019 • 5 minutes, 8 seconds
ISC StormCast for Wednesday, February 27th 2019
Thunderbolt "Thunderclap" Vulnerabilities
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
2/27/2019 • 5 minutes
ISC StormCast for Wednesday, February 27th 2019
Thunderbolt "Thunderclap" Vulnerabilities
https://thunderclap.io/thunderclap-paper-ndss2019.pdf
Altering Signed PDF Documents
https://www.pdf-insecurity.org/
NVidia Patches
https://nvidia.custhelp.com/app/answers/detail/a_id/4772
2/27/2019 • 5 minutes
ISC StormCast for Tuesday, February 26th 2019
WinRAR ACE Vulnerabilty used in Malspam
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
2/26/2019 • 7 minutes, 9 seconds
ISC StormCast for Tuesday, February 26th 2019
WinRAR ACE Vulnerabilty used in Malspam
https://twitter.com/360TIC/status/1099987939818299392
Sextortion Email With QR Code
https://isc.sans.edu/forums/diary/Sextortion+Email+Variant+With+QR+Code/24686/
ICANN Pushes DNSSEC to Defend Against DNS Zone Manipulation
https://www.icann.org/news/announcement-2019-02-22-en
Android FIDO2 Certification
https://fidoalliance.org/android-now-fido2-certified-accelerating-global-migration-beyond-passwords/
2/26/2019 • 7 minutes, 9 seconds
ISC StormCast for Monday, February 25th 2019
B0ront0k Linux Server Ransomware
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
2/25/2019 • 5 minutes, 29 seconds
ISC StormCast for Monday, February 25th 2019
B0ront0k Linux Server Ransomware
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Cr1pt0r Ransomware Targets DLink NAS Devices
https://www.bleepingcomputer.com/forums/t/691852/cr1ptt0r-ransomware-files-encrypted-readmetxt-support-topic/page-3
LinkedIn Messages Used to Push Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
2/25/2019 • 5 minutes, 29 seconds
ISC StormCast for Friday, February 22nd 2019
Adobe Re-Patches Reader/Acrobat Data Leakage Bug
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
2/22/2019 • 6 minutes, 34 seconds
ISC StormCast for Friday, February 22nd 2019
Adobe Re-Patches Reader/Acrobat Data Leakage Bug
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
Microsoft Releases Fix for DoS Vulnerability in IIS
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV190005
Drupal Fixes Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2019-003
Linux Kernel Code Execution Vulnerablity
https://nvd.nist.gov/vuln/detail/CVE-2019-8912
MikroTik Unauthenticated Proxy
https://medium.com/tenable-techblog/mikrotik-firewall-nat-bypass-b8d46398bf24
2/22/2019 • 6 minutes, 34 seconds
ISC StormCast for Thursday, February 21st 2019
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
2/21/2019 • 6 minutes, 7 seconds
ISC StormCast for Thursday, February 21st 2019
Microsoft Edge Whitelists Facebook to Run Flash
https://bugs.chromium.org/p/project-zero/issues/detail?id=1722
Chinese Android Banking App Stores Screenshots of Other Apps
https://jqknews.com/news/141073-Jingdong_Finance_denied_stealing_user_information_saying_that_the_image_cache_was_only_local.html
Password Manager Vulnerabilities
https://www.securityevaluators.com/casestudies/password-manager-hacking/
2/21/2019 • 6 minutes, 7 seconds
ISC StormCast for Wednesday, February 20th 2019
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
2/20/2019 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, February 20th 2019
Russian Malspam Pushing Shade/Troldesh Ransomware
https://isc.sans.edu/forums/diary/More+Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24668/
Bitdefender Releases GandCrab Decrypter
https://labs.bitdefender.com/2019/02/new-gandcrab-v5-1-decryptor-available-now/
Bank Infrastructure Used in Phishing Attacks (russian)
https://www.group-ib.ru/blog/incident
SHA-2 Patch For Windows 7 / 2008 R2 SP1
https://support.microsoft.com/en-us/help/4472027/2019-sha-2-code-signing-support-requirement-for-windows-and-wsus
2/20/2019 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, February 19th 2019
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
2/19/2019 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, February 19th 2019
Know What You Are Logging
https://isc.sans.edu/forums/diary/Know+What+You+Are+Logging/24656/
Spectre Software Mitigation Insufficient
https://arxiv.org/pdf/1902.05178.pdf
VMWare Releases Update To Address runc Vulnerability
https://www.vmware.com/security/advisories/VMSA-2019-0001.html
Swedish Healthcare Breach Leaks Phone call Recordings
https://computersweden.idg.se/2.2683/1.714787/inspelade-samtal-1177-vardguiden-oskyddade-internet
2/19/2019 • 5 minutes, 29 seconds
ISC StormCast for Monday, February 18th 2019
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
2/18/2019 • 5 minutes, 5 seconds
ISC StormCast for Monday, February 18th 2019
Snap Patches Available
https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/SnapSocketParsing
Finding Property Values in Office Documents
https://isc.sans.edu/forums/diary/Finding+Property+Values+in+Office+Documents/24652/
Bro-Sysmon
https://engineering.salesforce.com/test-out-bro-sysmon-a6fad1c8bb88
Cryptojacking Apps in Microsoft App Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
2/18/2019 • 5 minutes, 5 seconds
ISC StormCast for Friday, February 15th 2019
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
2/15/2019 • 5 minutes, 47 seconds
ISC StormCast for Friday, February 15th 2019
PDF includes SMB Link
https://isc.sans.edu/forums/diary/Suspicious+PDF+Connecting+to+a+Remote+SMB+Share/24646/
QNAP Malware
https://www.qnap.com/en/security-advisory/nas-201902-13
Bomb Threat Spammers Arrested
https://www.justice.gov/usao-cdca/pr/members-hacker-collective-face-federal-charges-attacking-computer-systems-emailing-mass
Managed Service Providers Targeted By Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-attacks-target-msps-to-mass-infect-customers/
2/15/2019 • 5 minutes, 47 seconds
ISC StormCast for Thursday, February 14th 2019
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
2/14/2019 • 5 minutes, 50 seconds
ISC StormCast for Thursday, February 14th 2019
Fake Updates Campaign Still Active in 2019
https://isc.sans.edu/forums/diary/Fake+Updates+campaign+still+active+in+2019/24640/
macOS Malware (Shlayer) Disables Gatekeeper
https://www.carbonblack.com/2019/02/12/tau-threat-intelligence-notification-new-macos-malware-variant-of-shlayer-osx-discovered/
Microsoft Exchange Server Patch (Errata for yesterday's podcast)
https://support.microsoft.com/en-ca/help/4490060/exchange-web-services-push-notifications-can-provide-unauthorized-acce
Cisco Network Assurance Engine Password Synchronization Issue
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20190212-nae-dos
VFEMail Backup Failure
https://www.vfemail.net/
2/14/2019 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, February 13th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
2/13/2019 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, February 13th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+February+2019+Patch+Tuesday/24638/
Adobe Updates
https://helpx.adobe.com/security.html
Ubuntu Linux snapd "dirty_sock" exploit
https://shenaniganslabs.io/2019/02/13/Dirty-Sock.html
2/13/2019 • 5 minutes, 24 seconds
ISC StormCast for Tuesday, February 12th 2019
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
2/12/2019 • 4 minutes, 54 seconds
ISC StormCast for Tuesday, February 12th 2019
Severe Docker runc Vulnerability
https://seclists.org/oss-sec/2019/q1/119
MacOS Mojave Privacy Flaw
https://lapcatsoftware.com/articles/mojave-privacy3.html
Android Malware Steals Crypto Addresses from Clipboard
https://www.welivesecurity.com/2019/02/08/first-clipper-malware-google-play/
Not An E-Mail Virus, Just Intersting Malware
https://isc.sans.edu/forums/diary/Have+You+Seen+an+Email+Virus+Recently/24634/
2/12/2019 • 4 minutes, 54 seconds
ISC StormCast for Monday, February 11th 2019
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
2/11/2019 • 6 minutes, 49 seconds
ISC StormCast for Monday, February 11th 2019
Phishing Kit with JavaScript Keylogger
https://isc.sans.edu/forums/diary/Phishing+Kit+with+JavaScript+Keylogger/24622/
Phishing Via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
iPhone Apps Record Screens
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Packet Challenge
https://johannes.homepc.org/packet10.txt
2/11/2019 • 6 minutes, 49 seconds
ISC StormCast for Friday, February 8th 2019
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
2/8/2019 • 5 minutes, 28 seconds
ISC StormCast for Friday, February 8th 2019
Value of UAC
https://isc.sans.edu/forums/diary/UAC+is+not+all+that+bad+really/24620/
Apple Releases Facetime Patch
https://support.apple.com/en-us/HT201222
Skype Video Now Allows For Blurred Background
https://blogs.skype.com/news/2019/02/06/introducing-background-blur-in-skype/
Microsoft Exchange Server Advisory
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/adv190007
Mitigations against Mimikatz Style Attacks
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
2/6/2019 • 6 minutes, 42 seconds
ISC StormCast for Wednesday, February 6th 2019
Mitigations against Mimikatz Style Attacks
https://isc.sans.edu/forums/diary/Mitigations+against+Mimikatz+Style+Attacks/24612/
LibreOffice Macro Vulnerability
https://insert-script.blogspot.com/2019/02/libreoffice-cve-2018-16858-remote-code.html
Firefox 65 Breaks HTTPS AV Scanning
https://bugzilla.mozilla.org/show_bug.cgi?id=1523701
RDP Client Vulnerabilities
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
DNS "Lookingglass"
https://isc.sans.edu/tools/dnslookup.html
2/6/2019 • 6 minutes, 42 seconds
ISC StormCast for Tuesday, February 5th 2019
Exploiting Struts in vCenter
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
2/5/2019 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, February 5th 2019
Exploiting Struts in vCenter
https://isc.sans.edu/forums/diary/Struts+Vulnerability+CVE20175638+on+VMware+vCenter+the+Gift+that+Keeps+on+Giving/24606/
Wikipedia Tech Support Scam
https://isc.sans.edu/forums/diary/Wikipedia+Articles+as+part+of+Tech+Support+Scamming+Campaigns/24608/
Stealing MacOS Keychain
https://www.youtube.com/watch?v=nYTBZ9iPqsU
Beauty Camera Ads for Android include Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/various-google-play-beauty-camera-apps-sends-users-pornographic-content-redirects-them-to-phishing-websites-and-collects-their-pictures/
2/5/2019 • 5 minutes, 21 seconds
ISC StormCast for Monday, February 4th 2019
Sextortion EMail Update
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
2/4/2019 • 7 minutes, 43 seconds
ISC StormCast for Monday, February 4th 2019
Sextortion EMail Update
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money+Part+3+The+cashout+begins/24592/
Ubiquity Devices Used in DDoS Attack
https://blog.rapid7.com/2019/02/01/ubiquiti-discovery-service-exposures/?fbclid=IwAR0OUPQIfSV7YsBLvkjoC2WIbe_E4p9WGAM4LCTsL9TKr30I7aQ2Qwqoins
Google Chrome Experimenting with Typo Domain Detection
https://www.usenix.org/conference/enigma2019/presentation/stark
YouTube Copyright Extortion
https://www.youtube.com/watch?v=Q0i-sLESXqo
2/4/2019 • 7 minutes, 43 seconds
ISC StormCast for Friday, February 1st 2019
Tracking DNS Changes
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
2/1/2019 • 6 minutes, 3 seconds
ISC StormCast for Friday, February 1st 2019
Tracking DNS Changes
https://isc.sans.edu/forums/diary/Tracking+Unexpected+DNS+Changes/24596/
SystemD/JournalD PoC Exploit
https://capsule8.com/blog/exploiting-systemd-journald-part-1/
Windows Defender Boot Issues
https://support.microsoft.com/en-us/help/4052623/update-for-windows-defender-antimalware-platform
Mac Malware Steals Crytocurrency Exchange Cookies
https://unit42.paloaltonetworks.com/mac-malware-steals-cryptocurrency-exchanges-cookies/
2/1/2019 • 6 minutes, 3 seconds
ISC StormCast for Thursday, January 31st 2019
Chrome Update
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
1/31/2019 • 5 minutes, 50 seconds
ISC StormCast for Thursday, January 31st 2019
Chrome Update
https://www.zdnet.com/article/google-chrome-72-removes-hpkp-deprecates-tls-1-0-and-tls-1-1/
Firefox Update
https://techdows.com/2019/01/firefox-to-disable-extensions-in-private-browsing-mode-by-default.html
Facebook (and Google) Research VPN
https://techcrunch.com/2019/01/29/facebook-project-atlas/
https://www.macrumors.com/2019/01/30/google-exploiting-apple-enterprise-certificate/
RCE In Samsung Store via "evilgrade"
https://www.adyta.pt/en/2019/01/29/writeup-samsung-app-store-rce-via-mitm-2/
1/31/2019 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, January 30th 2019
Phishing Not Ready for IPv6
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
1/30/2019 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, January 30th 2019
Phishing Not Ready for IPv6
https://isc.sans.edu/forums/diary/A+Not+So+Well+Done+Phish+Why+Attackers+need+to+Implement+IPv6+Now/24582/
Apple Disables Facetime Group Messages
https://www.apple.com/support/systemstatus/
Outlook 365 Safe Link Errors
https://twitter.com/Swiss_Jay/status/1090271197193940992
1/30/2019 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, January 29th 2019
Relaying Exchange's NTLM Autentication to Become Domain Admin
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
1/29/2019 • 5 minutes, 9 seconds
ISC StormCast for Tuesday, January 29th 2019
Relaying Exchange's NTLM Autentication to Become Domain Admin
https://isc.sans.edu/forums/diary/Relaying+Exchanges+NTLM+authentication+to+domain+admin+and+more/24578/
Facetime Bug Allows Users to Receive Audio before Call is Accepted
https://9to5mac.com/2019/01/28/facetime-bug-hear-audio/
AZORult Fake (signed) Google Update
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
DHS Emergency Directive Regarding DNS Tampering
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
1/24/2019 • 5 minutes, 11 seconds
ISC StormCast for Thursday, January 24th 2019
DHS Emergency Directive Regarding DNS Tampering
https://cyber.dhs.gov/ed/19-01/
Abuse of Trusted Microsoft Azure Domains
https://github.com/MicrosoftDocs/OfficeDocs-Enterprise/issues/233
Tech Support Scammers Unmasked
https://www.fidusinfosec.com/turning-the-tables-on-virgin-media-twitter-scammers/
1/24/2019 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, January 23rd 2019
Turning MISP Data into RPZs
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
1/23/2019 • 7 minutes, 8 seconds
ISC StormCast for Wednesday, January 23rd 2019
Turning MISP Data into RPZs
https://isc.sans.edu/forums/diary/DNS+Firewalling+with+MISP/24556/
Man in the Middle Vulnerablity in apt
https://justi.cz/security/2019/01/22/apt-rce.html
PHP PEAR Compromised Package
http://pear.php.net
Apple Security Updates
https://support.apple.com/en-us/HT201222
1/23/2019 • 7 minutes, 8 seconds
ISC StormCast for Tuesday, January 22nd 2019
Suspicious GET Request: Do you know what it is?
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
1/22/2019 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, January 22nd 2019
Suspicious GET Request: Do you know what it is?
https://isc.sans.edu/forums/diary/Suspicious+GET+Request+Do+You+Know+What+This+Is/24552/
DNS Flag Day
https://dnsflagday.net/
1/22/2019 • 5 minutes, 31 seconds
ISC StormCast for Monday, January 21st 2019
Drupal Patches
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
1/21/2019 • 6 minutes, 13 seconds
ISC StormCast for Monday, January 21st 2019
Drupal Patches
https://www.drupal.org/sa-core-2019-002
https://www.drupal.org/sa-core-2019-001
WPML User Data Compromised and Used in EMail To Customers
https://wpml.org/2019/01/wpml-org-site-back-to-normal-after-an-attack-during-the-weekend/
Targeted Attack Uses Google Drive for Exfiltration
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Packet Challenge Solution
https://johannes.homepc.org/packet8.txt
1/21/2019 • 6 minutes, 13 seconds
ISC StormCast for Friday, January 18th 2019
Android Malware Uses Motion Detection to Evade Analysis
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
1/18/2019 • 6 minutes, 20 seconds
ISC StormCast for Friday, January 18th 2019
Android Malware Uses Motion Detection to Evade Analysis
https://blog.trendmicro.com/trendlabs-security-intelligence/google-play-apps-drop-anubis-banking-malware-use-motion-based-evasion-tactics/
Twitter for Android Bug
https://help.twitter.com/en/protected-tweets-android
Introduction to WebAuthn/FIDO2
https://medium.com/@herrjemand/introduction-to-webauthn-api-5fd1fb46c285
Ransomware As a Service
https://www.bleepingcomputer.com/news/security/blackrouter-ransomware-promoted-as-a-raas-by-iranian-developer/
1/18/2019 • 6 minutes, 20 seconds
ISC StormCast for Thursday, January 17th 2019
Emotet and Other Malspam Campaigns Resume After Holiday Break
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
1/17/2019 • 5 minutes, 54 seconds
ISC StormCast for Thursday, January 17th 2019
Emotet and Other Malspam Campaigns Resume After Holiday Break
https://isc.sans.edu/forums/diary/Emotet+infections+and+followup+malware/24532/
Magecart Delivered Via Compromised Advertising Sites
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Premisys Identicard Vulnerabilities
https://www.tenable.com/security/research/tra-2019-01
ES File Explorer Open Port Vulnerability
https://github.com/fs0c131y/ESFileExplorerOpenPortVuln
1/17/2019 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, January 16th 2019
MSFT Skype/Team Foundation Server Patches
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
1/16/2019 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, January 16th 2019
MSFT Skype/Team Foundation Server Patches
https://isc.sans.edu/forums/diary/Microsoft+Publishes+Patches+for+Skype+for+Business+and+Team+Foundation+Server/24540/
SCP Client Vulnerabilities
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt
Server Hosting Companies Trivilally Hacked
https://www.websiteplanet.com/blog/report-popular-hosting-hacked/
Vulnerabilities in Industrial Remote Controls
https://www.trendmicro.com/vinfo/us/security/news/vulnerabilities-and-exploits/attacks-against-industrial-machines-via-vulnerable-radio-remote-controllers-security-analysis-and-recommendations
Oracle Quarterly Critical Patch Update
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
1/16/2019 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, January 15th 2019
Microsoft LAPS - Blue Team / Red Team
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
1/14/2019 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, January 15th 2019
Microsoft LAPS - Blue Team / Red Team
https://isc.sans.edu/forums/diary/Microsoft+LAPS+Blue+Team+Red+Team/24528/
Intel SGX Platform Update
https://www.intel.com/content/www/us/en/security-center/advisory/INTEL-SA-00203.html
Godaddy Injecting JavaScript
https://www.igorkromin.net/index.php/2019/01/13/godaddy-is-sneakily-injecting-javascript-into-your-website-and-how-to-stop-it/
Play with Docker Vulnerability
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
1/14/2019 • 5 minutes, 59 seconds
ISC StormCast for Monday, January 14th 2019
Government Website TLS Certificates Expire due to Partial Shutdown
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
1/14/2019 • 5 minutes, 51 seconds
ISC StormCast for Monday, January 14th 2019
Government Website TLS Certificates Expire due to Partial Shutdown
https://news.netcraft.com/archives/2019/01/10/gov-security-falters-during-u-s-shutdown.html
Firefox EOL Plan for Flash
https://bugzilla.mozilla.org/show_bug.cgi?id=1519434
Fake Movie File Malware
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/
Microsoft Windows Patch Breaks Access 97
https://borncity.com/win/2019/01/11/windows-january-2019-updates-breaks-access-to-access-dbs/
Snorpy Assists in Snort Rule Writing
https://isc.sans.edu/forums/diary/Snorpy+a+Web+Base+Tool+to+Build+SnortSuricata+Rules/24522/
Packet Challenge
1/14/2019 • 5 minutes, 51 seconds
ISC StormCast for Friday, January 11th 2019
Old Tricks still work: I love you Malspam
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
1/11/2019 • 5 minutes, 41 seconds
ISC StormCast for Friday, January 11th 2019
Old Tricks still work: I love you Malspam
https://isc.sans.edu/forums/diary/Heartbreaking+Emails+Love+You+Malspam/24512/
Juniper Updates Released
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10916&cat=SIRT_1&actp=LIST
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10918&cat=SIRT_1&actp=LIST
New Systemd/Journald Exploit Release
https://www.qualys.com/2019/01/09/system-down/system-down.txt
Global DNS Hijacking
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
1/11/2019 • 5 minutes, 41 seconds
ISC StormCast for Thursday, January 10th 2019
Simple Mechanism for Creating Certificates
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
1/10/2019 • 5 minutes, 54 seconds
ISC StormCast for Thursday, January 10th 2019
Simple Mechanism for Creating Certificates
https://blog.filippo.io/mkcert-valid-https-certificates-for-localhost/
Review of Smartphone Face Recognition
https://www.consumentenbond.nl/veilig-internetten/gezichtsherkenning-te-hacken
Google Public DNS now supports DNS-over-TLS
https://security.googleblog.com/2019/01/google-public-dns-now-supports-dns-over.html
Malwarebytes Freezes Windows 7
https://forums.malwarebytes.com/topic/241223-malwarebytes-for-windows-and-windows-7-freezelock-up/
German Police Looking for MAC Address
https://polizei.brandenburg.de/pressemeldung/f8-e0-79-af-57-eb-cyber-fahndung-nach-ma/1310909
1/10/2019 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, January 9th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
1/9/2019 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, January 9th 2019
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+January+2019+Patch+Tuesday/24504/
https://patchtuesdaydashboard.com/
Adobe Updates
https://helpx.adobe.com/security.html
Google Play Store Adware
https://blog.trendmicro.com/trendlabs-security-intelligence/adware-disguised-as-game-tv-remote-control-apps-infect-9-million-google-play-users/
Ethereum Classic 51% Attack
https://blog.coinbase.com/ethereum-classic-etc-is-currently-being-51-attacked-33be13ce32de
1/9/2019 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, January 8th 2019
Malware of the Day: Encrypted Word Document
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
1/8/2019 • 7 minutes, 2 seconds
ISC StormCast for Tuesday, January 8th 2019
Malware of the Day: Encrypted Word Document
https://isc.sans.edu/forums/diary/Analyzing+Encrypted+Malicious+Office+Documents/24498/
Apple iOS Apps Reaching Out to Malware Server
https://www.wandera.com/risky-apps/
NCSC Offers Assistance Against Attacks from Foreign Governments
https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-awareness-materials
Hardware Agnostic Side Channel Attacks
https://arxiv.org/abs/1901.01161
1/8/2019 • 7 minutes, 2 seconds
ISC StormCast for Monday, January 7th 2019
Malware in TAR Files
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
1/7/2019 • 6 minutes, 42 seconds
ISC StormCast for Monday, January 7th 2019
Malware in TAR Files
https://isc.sans.edu/forums/diary/Malicious+tar+Attachments/24496/
ReiKey MacOS Keystoke Logger Detector
https://objective-see.com/products/reikey.html
Phishing Tool Kit uses Simple Substituion Fonts
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
1/7/2019 • 6 minutes, 42 seconds
ISC StormCast for Friday, January 4th 2019
Malware Leaks Victim Data via FTP
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
1/4/2019 • 6 minutes, 7 seconds
ISC StormCast for Friday, January 4th 2019
Malware Leaks Victim Data via FTP
https://isc.sans.edu/forums/diary/Malicious+Script+Leaking+Data+via+FTP/24484/
Hijacking Dormant Twitter Accounts
https://techcrunch.com/2019/01/02/hackers-islamic-state-propaganda-twitter/
Android Authentication Bypass via Skype
https://www.youtube.com/watch?v=EiEcwOfTFqI
Critical Adobe Updates
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
FilesLocker Ransomware Master Key Published
https://www.bleepingcomputer.com/news/security/master-decryption-key-released-for-fileslocker-ransomware/
1/4/2019 • 6 minutes, 7 seconds
ISC StormCast for Thursday, January 3rd 2019
Gift Card Scams
https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/
WiFi Chipset Exploit
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
1/3/2019 • 5 minutes, 51 seconds
ISC StormCast for Thursday, January 3rd 2019
Gift Card Scams
https://isc.sans.edu/forums/diary/Gift+Card+Scams+on+the+rise/24482/
WiFi Chipset Exploit
https://2018.zeronights.ru/wp-content/uploads/materials/19-Researching-Marvell-Avastar-Wi-Fi.pdf?fbclid=IwAR07FmZGKLKdJAKI4g0o-Wm-dLGwclV8Hhi-L4_HRlklldY8UC6WY72AdAw
1/3/2019 • 5 minutes, 51 seconds
ISC StormCast for Wednesday, January 2nd 2019
Bypassing Vein Scanner Authentication (in german)
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
1/2/2019 • 7 minutes, 15 seconds
ISC StormCast for Wednesday, January 2nd 2019
Bypassing Vein Scanner Authentication (in german)
https://media.ccc.de/v/35c3-9545-venenerkennung_hacken
Hacking Smart Lightbulbs and Firmware Exploits
https://media.ccc.de/v/35c3-9723-smart_home_-_smart_hack
European Union Offers Bug Bounty for Open Source Software
https://juliareda.eu/fossa/
Bypassing Google ReCaptcha
https://github.com/ecthros/uncaptcha2
1/2/2019 • 7 minutes, 15 seconds
ISC StormCast for Friday, December 28th 2018
Phishing Attack Uses IP Counter
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
12/28/2018 • 6 minutes, 4 seconds
ISC StormCast for Friday, December 28th 2018
Phishing Attack Uses IP Counter
https://isc.sans.edu/forums/diary/Matryoshka+Phish/24460/
JungleSec Ransomware Attacks via IPMI
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Microsoft Edge PoC RCE Exploit
https://github.com/phoenhex/files/blob/master/pocs/cve-2018-8629-chakra.js
Windows 0-Day PoC Published: Arbitrary File Read as System
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
12/21/2018 • 5 minutes, 44 seconds
ISC StormCast for Friday, December 21st 2018
Windows 0-Day PoC Published: Arbitrary File Read as System
https://sandboxescaper.blogspot.com/2018/12/readfile-0day.html
Attacks Against 2FA in the Middle East
https://www.amnesty.org/en/latest/research/2018/12/when-best-practice-is-not-good-enough/
FBI Shuts Down Booter Services
http://www.documentcloud.org/documents/5648950-DOJ-indictments-in-booter-cases.html
Intel VISA Undocumented Debug Feature
https://www.blackhat.com/asia-19/briefings/schedule/index.html#intel-visa-through-the-rabbit-hole-13513
12/21/2018 • 5 minutes, 44 seconds
ISC StormCast for Thursday, December 20th 2018
Microsoft Publishes Emergency Patch for Internet Explorer
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
12/20/2018 • 4 minutes, 16 seconds
ISC StormCast for Thursday, December 20th 2018
Microsoft Publishes Emergency Patch for Internet Explorer
https://isc.sans.edu/forums/diary/Microsoft+OOB+Patch+for+Internet+Explorer+Scripting+Engine+Memory+Corruption+Vulnerability/24438/
Restricting PowerShell Capabilities with NetSh
https://isc.sans.edu/forums/diary/Restricting+PowerShell+Capabilities+with+NetSh/24434/
Remotely Bricking a Server
https://eclypsium.com/2018/12/19/remotely-bricking-a-server/
12/20/2018 • 4 minutes, 16 seconds
ISC StormCast for Wednesday, December 19th 2018
ASUS Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
12/19/2018 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, December 19th 2018
ASUS Vulnerabilities
https://www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
GIGABYTE Vulnerabilities
https://www.secureauth.com/labs/advisories/gigabyte-drivers-elevation-privilege-vulnerabilities
Apple App Store Phishing
https://www.bleepingcomputer.com/news/security/widespread-apple-id-phishing-attack-pretends-to-be-app-store-receipts
Kibana Vulnerability Exploited
https://www.cyberark.com/threat-research-blog/execute-this-i-know-you-have-it/
Decrypter for InsaneCrypt and Everbe 1
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-the-insanecrypt-or-everbe-1-family-of-ransomware/
http://id-ransomware.malwarehunterteam.com/
SANS Holiday Hack Challenge
https://www.kringlecon.com
12/19/2018 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, December 18th 2018
Password Protected ZIP with Maldoc
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
12/18/2018 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, December 18th 2018
Password Protected ZIP with Maldoc
https://isc.sans.edu/forums/diary/Password+Protected+ZIP+with+Maldoc/24426/
Memes Used as Covert Command and Control Channel
https://blog.trendmicro.com/trendlabs-security-intelligence/cybercriminals-use-malicious-memes-that-communicate-with-malware/
Shamoon Disk Whipper Malware is Back
https://unit42.paloaltonetworks.com/shamoon-3-targets-oil-gas-organization/
Yet Another DOSfuscation Sample
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
12/13/2018 • 4 minutes, 55 seconds
ISC StormCast for Thursday, December 13th 2018
Yet Another DOSfuscation Sample
https://isc.sans.edu/forums/diary/Yet+Another+DOSfuscation+Sample/24408/
OpenSSH Backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Android Malware Bypasses 2FA For Paypal
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
12/13/2018 • 4 minutes, 55 seconds
ISC StormCast for Wednesday, December 12th 2018
Microsoft December 2018 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
12/12/2018 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, December 12th 2018
Microsoft December 2018 Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+December+2018+Patch+Tuesday/24404/
Adobe Patch Tuesday
https://helpx.adobe.com/security/products/acrobat/apsb18-41.html
Certificate Authority Weaknesses
https://i.blackhat.com/eu-18/Thu-Dec-6/eu-18-Heftrig-Off-Path-Attacks-Against-PKI.pdf
12/12/2018 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, December 11th 2018
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
12/11/2018 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, December 11th 2018
Kubernetes Unauthenticated PoC Exploit for CVE-2018-1002105
https://github.com/evict/poc_CVE-2018-1002105#unauthenticated-poc
WebAssembly Brings Buffer Overflows to Browsers
https://www.forcepoint.com/blog/security-labs/new-whitepaper-memory-safety-old-vulnerabilities-become-new-webassembly
Increased Ethereum Miner Attacks
https://isc.sans.edu/port.html?port=8545
https://www.zdnet.com/article/hackers-ramp-up-attacks-on-mining-rigs-before-ethereum-price-crashes-into-the-gutter
Android Click Fraud Apps are Emulating iPhones for Higher Revenue
https://www.bleepingcomputer.com/news/security/android-clickfraud-op-impersonates-iphones-to-bump-ad-premiums/
12/11/2018 • 5 minutes, 45 seconds
ISC StormCast for Monday, December 10th 2018
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
12/10/2018 • 5 minutes, 45 seconds
ISC StormCast for Monday, December 10th 2018
Analyzing Malicious Docker Images
https://isc.sans.edu/forums/diary/A+Dive+into+malicious+Docker+Containers/24388/
Arrest of Huawei CFO Inspires Advance Fee Scam
https://isc.sans.edu/forums/diary/Arrest+of+Huawei+CFO+Inspires+Advance+Fee+Scam/24396/
Sextortion Messages Leading to Ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
WebKit Exploit Released
https://github.com/LinusHenze/WebKit-RegEx-Exploit
Implants Found in Russian Banks
https://securelist.com/darkvishnya/89169/
12/10/2018 • 5 minutes, 45 seconds
ISC StormCast for Friday, December 7th 2018
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
12/7/2018 • 21 minutes, 33 seconds
ISC StormCast for Friday, December 7th 2018
Adobe Vulnerability PoC Released
https://isc.sans.edu/forums/diary/Is+it+Time+to+Uninstall+Flash+If+you+havent+already/24382/
WatchOS Update
https://support.apple.com/en-us/HT209343
Data Exfiltration During Pentests
https://isc.sans.edu/forums/diary/Data+Exfiltration+in+Penetration+Tests/24354/
PoC Exploit for Kubernetes Vulnerability
https://github.com/evict/poc_CVE-2018-1002105
Preston Ackerman: Marketing 2FA
https://www.sans.org/reading-room/whitepapers/authentication/swipe-tap-marketing-easier-2fa-increase-adoption-38695
12/7/2018 • 21 minutes, 33 seconds
ISC StormCast for Thursday, December 6th 2018
Adobe Releases Emergency Flash Patch
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
12/6/2018 • 5 minutes, 6 seconds
ISC StormCast for Thursday, December 6th 2018
Adobe Releases Emergency Flash Patch
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
Apple Updates Everything (but not WatchOS)
https://support.apple.com/en-us/HT201222
New Privacy Issues Affecting 3G-5G protocols
https://eprint.iacr.org/2018/1175
12/6/2018 • 5 minutes, 6 seconds
ISC StormCast for Wednesday, December 5th 2018
Fake Ransomware Decryption Service
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
12/5/2018 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, December 5th 2018
Fake Ransomware Decryption Service
https://www.theregister.co.uk/2018/12/04/ransomware_helper_was_middleman_dr_shifro/
Latest Lokibot Malspam
https://isc.sans.edu/forums/diary/Malspam+pushing+Lokibot+malware/24372/
Chrome 71 Released
https://www.bleepingcomputer.com/news/google/chrome-71-released-with-abusive-ad-filtering-and-audio-blocking/
RSA Followup Webcast
https://www.rsaconference.com/videos/virtual-session-the-5-most-dangerous-new-attack-techniques-and-whats-to-come
12/5/2018 • 6 minutes, 25 seconds
ISC StormCast for Tuesday, December 4th 2018
Word Maldoc: Yet Another Place to Hide a Command
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
12/4/2018 • 4 minutes, 54 seconds
ISC StormCast for Tuesday, December 4th 2018
Word Maldoc: Yet Another Place to Hide a Command
https://isc.sans.edu/forums/diary/Word+maldoc+yet+another+place+to+hide+a+command/24370/
US-Cert Releases SamSam Alerts
https://www.us-cert.gov/ncas/alerts/AA18-337A
Kubernetes Patches
https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
Malicious iOS App Tricks User in Payment
https://www.welivesecurity.com/2018/12/03/scam-ios-apps-promise-fitness-steal-money-instead/
Russian Language Malspam Pushing Shade (Troldesh) Ransomware
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
11/30/2018 • 13 minutes, 59 seconds
ISC StormCast for Friday, November 30th 2018
Russian Language Malspam Pushing Shade (Troldesh) Ransomware
https://isc.sans.edu/forums/diary/Russian+language+malspam+pushing+Shade+Troldesh+ransomware/24358/
Scamclub Malvertising Against iOS Users
https://blog.confiant.com/malvertising-attack-hijacks-300-million-sessions-over-48-hours-9d0218fe02cd
Andre Shori: To Block Or Not To Block? Impact and Analysis of Actively Blocking Shodan Scans
http://www.sans.org/reading-room/whitepapers/networksecurity/block-block-impact-analysis-actively-blocking-shodan-scans-38645
Obfuscated QNAP bash Malware;
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
11/28/2018 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, November 28th 2018
Obfuscated QNAP bash Malware;
https://isc.sans.edu/forums/diary/Obfuscated+bash+script+targeting+QNap+boxes/24348/
Half of All Phishing Sites Use HTTPS
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Chrome and Firefox to Remove FTP Support
https://www.bleepingcomputer.com/news/google/chrome-and-firefox-developers-aim-to-remove-support-for-ftp/
California Wildfire Used in BEC Scams
https://www.agari.com/identity-intelligence-blog/california-wildfire-email-scams/
11/28/2018 • 5 minutes, 24 seconds
ISC StormCast for Tuesday, November 27th 2018
ViperMonkey: VBA Maldoc Deobfuscation
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
11/27/2018 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, November 27th 2018
ViperMonkey: VBA Maldoc Deobfuscation
https://isc.sans.edu/forums/diary/ViperMonkey+VBA+maldoc+deobfuscation/24346/
Malicious NPM Libraries
https://medium.com/@cnorthwood/todays-javascript-trash-fire-and-pile-on-f3efcf8ac8c7
Turning Your BMC Into A Revolving Door
https://www.synacktiv.com/ressources/zeronights_2018_turning_your_bmc_into_a_revolving_door.pdf
11/27/2018 • 6 minutes, 7 seconds
ISC StormCast for Monday, November 26th 2018
Attacks Against Docker API
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
11/26/2018 • 5 minutes, 53 seconds
ISC StormCast for Monday, November 26th 2018
Attacks Against Docker API
https://isc.sans.edu/forums/diary/Moby+the+Shark/24340/
Mirai Like Attack Hitting Hadoop
https://asert.arbornetworks.com/mirai-not-just-for-iot-anymore/
New Rowhammer Variant Effects ECC Memory
https://www.vusec.net/projects/eccploit/
11/26/2018 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, November 21st 2018
Critical Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
11/21/2018 • 3 minutes, 12 seconds
ISC StormCast for Wednesday, November 21st 2018
Critical Flash Update
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
Thanksgiving Lure for Emotet
https://www.forcepoint.com/blog/security-labs/thanks-giving-emotet
11/21/2018 • 3 minutes, 12 seconds
ISC StormCast for Tuesday, November 20th 2018
Google Play Malware
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
11/20/2018 • 4 minutes, 43 seconds
ISC StormCast for Tuesday, November 20th 2018
Google Play Malware
https://twitter.com/LukasStefanko
ATM Vulnerabilities
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Nagios XI Update
https://www.tenable.com/security/research/tra-2018-37
11/20/2018 • 4 minutes, 43 seconds
ISC StormCast for Monday, November 19th 2018
Multipurpose PCAP Analysis Tool
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
11/18/2018 • 5 minutes, 29 seconds
ISC StormCast for Monday, November 19th 2018
Multipurpose PCAP Analysis Tool
https://isc.sans.edu/forums/diary/Multipurpose+PCAP+Analysis+Tool/24322/
Quickly Investigating Websites with Lookyloo
https://isc.sans.edu/forums/diary/Quickly+Investigating+Websites+with+Lookyloo/24320/
From Field Spoofing in GMail
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f?gi=ce61de4cb006
11/18/2018 • 5 minutes, 29 seconds
ISC StormCast for Friday, November 16th 2018
Emotet Spreading IcedID Banking Malware
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
11/16/2018 • 14 minutes, 59 seconds
ISC StormCast for Friday, November 16th 2018
Emotet Spreading IcedID Banking Malware
https://isc.sans.edu/forums/diary/Emotet+infection+with+IcedID+banking+Trojan/24312/
Crypto Miners Abusing Insecure Docker Installs
https://forums.juniper.net/t5/Threat-Research/Container-Malware-Miners-Go-Docker-Hunting-In-The-Cloud/ba-p/400587
GPS Watches Can Be Used To Track Kids
https://www.pentestpartners.com/security-blog/tracking-and-snooping-on-a-million-kids/
Firefox Will Notify Users of Breached Sites
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
David Kennel: All-Seeing Eye or Blind Man? Understanding the Linux Kernel Auditing System
https://www.sans.org/reading-room/whitepapers/linux/all-seeing-eye-blind-man-understanding-linux-kernel-auditing-system-38605
11/16/2018 • 14 minutes, 59 seconds
ISC StormCast for Thursday, November 15th 2018
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
11/15/2018 • 5 minutes, 48 seconds
ISC StormCast for Thursday, November 15th 2018
Details about Zero Day Exploit Taking Advantage of Win32k Vuln.
https://securelist.com/a-new-exploit-for-zero-day-vulnerability-cve-2018-8589/88845/
PacSec Pwn2Own Results
https://www.zerodayinitiative.com/blog/2018/11/13/pwn2own-tokyo-2018-day-one-results
https://www.zerodayinitiative.com/blog/2018/11/14/pwn2own-tokyo-2018-day-two-results-and-master-of-pwn
More Spectre/Meltdown Flaws
https://arxiv.org/pdf/1811.05441.pdf
11/15/2018 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, November 14th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
11/14/2018 • 5 minutes, 6 seconds
ISC StormCast for Wednesday, November 14th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2018+Microsoft+Patch+Tuesday/24308/
Adobe Security Bulletins
https://helpx.adobe.com/security.html
11/14/2018 • 5 minutes, 6 seconds
ISC StormCast for Tuesday, November 13th 2018
Google BGP Hijack via Russia
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
11/13/2018 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, November 13th 2018
Google BGP Hijack via Russia
https://twitter.com/thousandeyes/status/1062102171506765825
https://www.wsj.com/articles/google-internet-traffic-is-briefly-misdirected-through-russia-china-1542068392
Microcode Bootloader USB
https://www.techpowerup.com/forums/threads/intel-microcode-boot-loader.248858/
Wordpress GDPR Tool Vulnerable
https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
11/13/2018 • 5 minutes, 17 seconds
ISC StormCast for Monday, November 12th 2018
Cloudflare Releases Mobile Apps To Use 1.1.1.1
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
11/12/2018 • 6 minutes, 28 seconds
ISC StormCast for Monday, November 12th 2018
Cloudflare Releases Mobile Apps To Use 1.1.1.1
https://blog.cloudflare.com/1-thing-you-can-do-to-make-your-internet-safer-and-faster/
Crypto Coin Miners Now With Rootkits
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Google Play Protect Reduces Malware
https://security.googleblog.com/2018/11/introducing-android-ecosystem-security.html
11/12/2018 • 6 minutes, 28 seconds
ISC StormCast for Friday, November 9th 2018
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
11/9/2018 • 17 minutes, 10 seconds
ISC StormCast for Friday, November 9th 2018
Cisco Security Bulletins
https://tools.cisco.com/security/center/publicationListing.x
Ruby Deserialization
https://www.elttam.com.au/blog/ruby-deserialization/
Ouch Newsletter: Am I Hacked?
https://www.sans.org/security-awareness-training/resources/am-i-hacked
Jonathan Sweeny: Smart Contract Botnets
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
https://www.sans.org/reading-room/whitepapers/warfare/tearing-smart-contract-botnets-38650
11/9/2018 • 17 minutes, 10 seconds
ISC StormCast for Thursday, November 8th 2018
VirtualBox 0 Day Guest Escape Exploit Released
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
11/8/2018 • 6 minutes, 41 seconds
ISC StormCast for Thursday, November 8th 2018
VirtualBox 0 Day Guest Escape Exploit Released
https://github.com/MorteNoir1/virtualbox_e1000_0day
WooCommerce / Wordpress Bug Leads to RCE
https://blog.ripstech.com/2018/wordpress-design-flaw-leads-to-woocommerce-rce/
Bing Advertises Fake Version of Notepad2
https://www.bleepingcomputer.com/news/security/beware-of-unofficial-sites-pushing-notepad2-adware-bundles/
Jacksonville BSides
https://bsidesjax.org
11/8/2018 • 6 minutes, 41 seconds
ISC StormCast for Wednesday, November 7th 2018
China Telecom's Internet Traffic Misdirection
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
11/7/2018 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, November 7th 2018
China Telecom's Internet Traffic Misdirection
https://internetintel.oracle.com/blog-single.html?id=China+Telecom%27s+Internet+Traffic+Misdirection
Android Security Updates; Last for Nexus
https://source.android.com/security/bulletin/2018-11-01#framework
PoC Facetime Exploit
https://bugs.chromium.org/p/project-zero/issues/detail?id=1641
Vulnerability in U-Boot Bootloader
https://github.com/inversepath/usbarmory/blob/master/software/secure_boot/Security_Advisory-Ref_IPVR2018-0001.txt
Beyond good ol' LaunchAgents
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
11/5/2018 • 5 minutes, 18 seconds
ISC StormCast for Monday, November 5th 2018
Beyond good ol' LaunchAgents
https://isc.sans.edu/forums/diary/Beyond+good+ol+LaunchAgent+part+1/24274/
Dissecting a CVE-2017-11882 Exploit
https://isc.sans.edu/forums/diary/Dissecting+a+CVE201711882+Exploit/24272/
Microsoft Edge Exploit About to Be Released
https://twitter.com/Yux1xi
Portsmash Vulnerability
https://github.com/bbbrumley/portsmash
RC4 (Arcfour) Depreciation in SSH
https://tools.ietf.org/html/draft-ietf-curdle-rc4-die-die-die-12
11/5/2018 • 5 minutes, 18 seconds
ISC StormCast for Friday, November 2nd 2018
Windows Defender Sandboxing Bug
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
11/1/2018 • 5 minutes, 29 seconds
ISC StormCast for Friday, November 2nd 2018
Windows Defender Sandboxing Bug
https://isc.sans.edu/forums/diary/Windows+Defenders+Sandbox/24266/
Bleedingbit Bluetooth Low Energy Vulnerability
https://armis.com/bleedingbit/
Cisco ASA/Firepower DoS Vulnerability Actively Exploited
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos
Change in Strategy for Hancitor Malware
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
10/31/2018 • 4 minutes, 36 seconds
ISC StormCast for Wednesday, October 31st 2018
Change in Strategy for Hancitor Malware
https://isc.sans.edu/forums/diary/Campaign+evolution+Hancitor+malspam+starts+pushing+Ursnif+this+week/24256/
Apple Updates
https://support.apple.com/en-us/HT201222
Telegram Stores Conversations Locally
https://twitter.com/nathanielrsuchy
10/31/2018 • 4 minutes, 36 seconds
ISC StormCast for Tuesday, October 30th 2018
Maldoc Duplicating PowerShell
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
10/30/2018 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, October 30th 2018
Maldoc Duplicating PowerShell
https://isc.sans.edu/forums/diary/Maldoc+Duplicating+PowerShell+Prior+to+Use/24254/
New File Types Emerge in Malware Spam Attachments
https://blog.trendmicro.com/trendlabs-security-intelligence/same-old-yet-brand-new-new-file-types-emerge-in-malware-spam-attachments/
Malicious Mac Crypto Currency Tracker Installs Backdoor
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-cryptocurrency-ticker-app-installs-backdoors/
Sandbox For Windows Defender
https://cloudblogs.microsoft.com/microsoftsecure/2018/10/26/windows-defender-antivirus-can-now-run-in-a-sandbox/
10/30/2018 • 6 minutes, 3 seconds
ISC StormCast for Monday, October 29th 2018
Dissecting Malicious Office Documents in Linux
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
10/29/2018 • 4 minutes, 55 seconds
ISC StormCast for Monday, October 29th 2018
Dissecting Malicious Office Documents in Linux
https://isc.sans.edu/forums/diary/Dissecting+Malicious+Office+Documents+with+Linux/24248/
Analyzing Compressed RTF Documents
https://isc.sans.edu/forums/diary/Detecting+Compressed+RTF/24250/
SystemD DHCPv6 Remote Code Executing Vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-15688
Cryptominers Scan for Docker Engine
https://blog.trendmicro.com/trendlabs-security-intelligence/misconfigured-container-abused-to-deliver-cryptocurrency-mining-malware
DemonBot Targeting Hadoop
https://blog.radware.com/security/2018/10/new-demonbot-discovered/
10/29/2018 • 4 minutes, 55 seconds
ISC StormCast for Friday, October 26th 2018
Scam Calls Targeting Chinese Living in the US
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
10/26/2018 • 5 minutes, 13 seconds
ISC StormCast for Friday, October 26th 2018
Scam Calls Targeting Chinese Living in the US
https://isc.sans.edu/forums/diary/Fake+BankPost+Office+Phone+Calls+Targeting+Chinese+Immigrants/24244/
X.org Privilege Elevation Flaw
https://lists.x.org/archives/xorg-announce/2018-October/002927.html
Remote Videos in Office Documents
https://blog.cymulate.com/abusing-microsoft-office-online-video
Mac Malware Injects Ads
https://blog.malwarebytes.com/threat-analysis/2018/10/mac-malware-intercepts-encrypted-web-traffic-for-ad-injection/
10/26/2018 • 5 minutes, 13 seconds
ISC StormCast for Thursday, October 25th 2018
Reversing AutoIT
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
10/25/2018 • 5 minutes, 24 seconds
ISC StormCast for Thursday, October 25th 2018
Reversing AutoIT
https://isc.sans.edu/forums/diary/Diving+into+Malicious+AutoIT+Code/24238/
Arcserve Vulnerabilities
https://www.digitaldefense.com/blog/zero-day-alerts/arcserve-disclosure/
WebExec Vulnerability
https://webexec.org/
More ALPC Flaws from Sandbox Escaper
https://twitter.com/SandboxEscaper/status/1054744201244692485
https://twitter.com/mkolsek/status/1054794984908562432
10/25/2018 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, October 24th 2018
Malware Uses Decoy Picture
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
10/24/2018 • 5 minutes, 56 seconds
ISC StormCast for Wednesday, October 24th 2018
Malware Uses Decoy Picture
https://isc.sans.edu/forums/diary/Malicious+Powershell+using+a+Decoy+Picture/24234/
DNS over HTTPS Pushback
https://twitter.com/paulvixie/status/1053765281917661184
Signal Desktop Leaves Encryption Key Exposed
https://twitter.com/nathanielrsuchy
Firefox 63 Allows Less Tracking
https://blog.mozilla.org/security/2018/10/23/firefox-63-lets-users-block-tracking-cookies/
10/24/2018 • 5 minutes, 56 seconds
ISC StormCast for Tuesday, October 23rd 2018
MSG Files: Compressed RTF
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
10/23/2018 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, October 23rd 2018
MSG Files: Compressed RTF
https://isc.sans.edu/forums/diary/MSG+Files+Compressed+RTF/24228/
FreeRTOS TCP/IP Stack Vulnerabilities
https://blog.zimperium.com/freertos-tcpip-stack-vulnerabilities-put-wide-range-devices-risk-compromise-smart-homes-critical-infrastructure-systems/
VLC/Live555 RTSP Server Vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Microsoft Yammer Update
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2018-8569#ID0EGB
Abandoned "NewShareCount" Twitter Counter abused
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
10/18/2018 • 5 minutes, 22 seconds
ISC StormCast for Thursday, October 18th 2018
Abandoned "NewShareCount" Twitter Counter abused
https://blog.sucuri.net/2018/10/malicious-redirects-from-newsharecounts-com-tweet-counter.html
Multiple D-Link Vulnerabilities
https://seclists.org/fulldisclosure/2018/Oct/36
RID Hacking in Windows
https://www.romhack.io/slides/RomHack%202018%20-%20Sebastian%20Castro%20-%20Windows%20RID%20Hijacking:%20Maintaining%20Access%20on%20Windows%20Machines.pdf
10/18/2018 • 5 minutes, 22 seconds
ISC StormCast for Wednesday, October 17th 2018
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
10/17/2018 • 5 minutes, 42 seconds
ISC StormCast for Wednesday, October 17th 2018
Oracle CPU
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
libssh vulnerability
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
Vending Machine Mobile App Compromise
https://hackernoon.com/how-i-hacked-modern-vending-machines-43f4ae8decec
Browsers Announce Timeline to Discontinue TLS1.0/1.1 support
https://blogs.windows.com/msedgedev/2018/10/15/modernizing-tls-edge-ie11/
https://security.googleblog.com/2018/10/modernizing-transport-security.html
https://blog.mozilla.org/security/2018/10/15/removing-old-versions-of-tls/
https://webkit.org/blog/8462/deprecation-of-legacy-tls-1-0-and-1-1-versions/
10/17/2018 • 5 minutes, 42 seconds
ISC StormCast for Tuesday, October 16th 2018
Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
10/16/2018 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, October 16th 2018
Proof Of Concept Exploit for Microsoft Edge Vulnerability CVE-2018-8495
https://leucosite.com/Microsoft-Edge-RCE/
Fake Mining Apps
https://www.fortinet.com/blog/threat-research/fortinet-discovers-new-android-apps-that-mine-the-unminable.html
Fake Google Photo App Turns out to be Ad-Clicker
https://www.geeklatest.com/developer-tricks-microsoft-publishes-app-under-google-llc-name-in-windows-store/
10/16/2018 • 5 minutes, 34 seconds
ISC StormCast for Monday, October 15th 2018
Many Large Websites Affected by Branch.io XSS Flaw
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
10/15/2018 • 6 minutes, 17 seconds
ISC StormCast for Monday, October 15th 2018
Many Large Websites Affected by Branch.io XSS Flaw
https://www.vpnmentor.com/blog/dom-xss-bug-affecting-tinder-shopify-yelp/
Medtronics Pacemakers Disable Remote Update
https://www.medtronic.com/content/dam/medtronic-com/us-en/corporate/documents/REV-Medtronic-2090-Security-Bulletin_FNL.pdf
IBM Updates WebSphere Update
https://www-01.ibm.com/support/docview.wss?uid=swg22016254
Incomplete JET Database Patch
https://blog.0patch.com/2018/10/patching-re-patching-and-meta-patching.html
10/15/2018 • 6 minutes, 17 seconds
ISC StormCast for Friday, October 12th 2018
New Campaign Using Old Equation Editor Vulnerability
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
10/11/2018 • 5 minutes, 51 seconds
ISC StormCast for Friday, October 12th 2018
New Campaign Using Old Equation Editor Vulnerability
https://isc.sans.edu/forums/diary/New+Campaign+Using+Old+Equation+Editor+Vulnerability/24196/
Root Access Vulnerability in SONY Smart TVs
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
MicroTik RouterOS Vulnerablities
https://github.com/tenable/routeros/blob/master/bug_hunting_in_routeros_derbycon_2018.pdf
Reverse Analysis of WebAssembly
https://www.forcepoint.com/blog/security-labs/manual-reverse-engineering-webassembly-static-code-analysis
Firefox Delays Symantec Certificate Distrust
https://www.theregister.co.uk/2018/10/11/firefox_symantec_certs_delay/
10/11/2018 • 5 minutes, 51 seconds
ISC StormCast for Thursday, October 11th 2018
Remote Code Execution Vulnerability in WhatsApp
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
10/11/2018 • 6 minutes, 24 seconds
ISC StormCast for Thursday, October 11th 2018
Remote Code Execution Vulnerability in WhatsApp
https://bugs.chromium.org/p/project-zero/issues/detail?id=1654
Salesforce Releases hashh Library
https://github.com/salesforce/hassh
CVE-2018-8453 Details from Kaspersky
https://securelist.com/cve-2018-8453-used-in-targeted-attacks/88151/
Juniper Patches
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
Experian Vulnerability Could Have Leaked Credit Freeze PINs
https://www.nerdwallet.com/blog/finance/security-flaw-at-experian-allows-easy-access-to-pin-to-unlock-credit-freeze/
Apple Updates iOS and iCloud for Windows
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
10/9/2018 • 4 minutes, 44 seconds
ISC StormCast for Tuesday, October 9th 2018
Apple Updates iOS and iCloud for Windows
https://support.apple.com/en-ca/HT209162
https://support.apple.com/en-ca/HT209141
Intel Adds Spectre/Meltdown Mitigation to 9th Generation CPUs
https://www.bleepingcomputer.com/news/security/spectre-and-meltdown-hardware-protection-added-to-intels-9th-gen-cpus/
Windows October Update File Deleting Issues
https://support.microsoft.com/en-us/help/4464619/windows-10-update-history
https://blogs.technet.microsoft.com/filecab/2018/08/30/9205/
macOS Code Signing Vulnerabilities
https://www.virusbulletin.com/conference/vb2018/abstracts/code-signing-flaw-macos
Does the Chinese Military Manipulate Supermicro Motherboards?
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
10/5/2018 • 7 minutes, 18 seconds
ISC StormCast for Friday, October 5th 2018
Does the Chinese Military Manipulate Supermicro Motherboards?
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
Cloudflare IPFS Gateway Used For Phishing
https://www.bleepingcomputer.com/news/security/phishing-attacks-distributed-through-cloudflares-ipfs-gateway/
DNSSEC Root Key Signing Key Rollover
https://www.icann.org/resources/pages/ksk-rollover
https://www.icann.org/news/blog/2018-ksk-rollover-operator-preparedness-survey
10/5/2018 • 7 minutes, 18 seconds
ISC StormCast for Thursday, October 4th 2018
Identifying a Phisher
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
10/4/2018 • 6 minutes
ISC StormCast for Thursday, October 4th 2018
Identifying a Phisher
https://isc.sans.edu/forums/diary/Identifying+a+phisher/24164/
Phishing via Azure Blob Storage
https://www.netskope.com/blog/phishing-in-the-public-cloud
Zoho Domains Used for Phishing and Keyloggers
https://cofense.com/staggering-amount-stolen-data-heading-zoho-domains/
Dell iDRAC Exploit
https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/
10/4/2018 • 6 minutes
ISC StormCast for Wednesday, October 3rd 2018
How to Write Yara Rules
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
10/3/2018 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, October 3rd 2018
How to Write Yara Rules
https://isc.sans.edu/forums/diary/Developing+YARA+Rules+a+Practical+Example/24158/
GhostDNS DNS Changer Malware
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Foxit PDF Reader Vulnerabilities
https://www.foxitsoftware.com/support/security-bulletins.php
Apple Laptops Shipped With CPU in Manufacturing Mode
http://blog.ptsecurity.com/2018/10/intel-me-manufacturing-mode-macbook.html
10/3/2018 • 5 minutes, 11 seconds
ISC StormCast for Tuesday, October 2nd 2018
Update About Facebook Breach
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
10/2/2018 • 6 minutes, 10 seconds
ISC StormCast for Tuesday, October 2nd 2018
Update About Facebook Breach
https://newsroom.fb.com/news/2018/09/security-update/
Adobe Acrobat/Reader Update
https://helpx.adobe.com/security/products/acrobat/apsb18-30.html
SMTP MTA Strict Transport Security (MTA-STS)
https://www.rfc-editor.org/rfc/rfc8461.txt
10/2/2018 • 6 minutes, 10 seconds
ISC StormCast for Monday, October 1st 2018
Facebook Leaks more than 50 Million Accounts
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
10/1/2018 • 6 minutes, 11 seconds
ISC StormCast for Monday, October 1st 2018
Facebook Leaks more than 50 Million Accounts
https://newsroom.fb.com/news/2018/09/security-update/
Telegram Leaks Local IP Address By Default
https://www.inputzero.io/2018/09/bug-bounty-telegram-cve-2018-17780.html
Site Tricks Users Into Subscribing to Browser Notifications
https://www.bleepingcomputer.com/news/security/sites-trick-users-into-subscribing-to-browser-notification-spam/
DDE Code Injection
https://isc.sans.edu/forums/diary/More+Excel+DDE+Code+Injection/24150/
10/1/2018 • 6 minutes, 11 seconds
ISC StormCast for Friday, September 28th 2018
Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
9/28/2018 • 5 minutes, 34 seconds
ISC StormCast for Friday, September 28th 2018
Enriching Radare2 and x64dbg malware analysis with statically decoded strings
https://isc.sans.edu/forums/diary/Enriching+Radare2+and+x64dbg+malware+analysis+with+statically+decoded+strings/24146/
Weaknesses in Apple's Mobile Device Management
https://duo.com/labs/research/mdm-me-maybe
LoJax UEFI Rootkit
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
9/28/2018 • 5 minutes, 34 seconds
ISC StormCast for Thursday, September 27th 2018
Emotet Malware Delivery Service Update
https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
9/27/2018 • 5 minutes, 2 seconds
ISC StormCast for Thursday, September 27th 2018
Emotet Malware Delivery Service Update
https://isc.sans.edu/forums/diary/One+Emotet+infection+leads+to+three+followup+malware+infections/24140/
Fedora Crypto Policy Update Causes SSH Issues
https://bugzilla.redhat.com/show_bug.cgi?id=1631970
Android Banking Trojan Impersonates QRecorder
https://lukasstefanko.com/2018/09/banking-trojan-found-on-google-play-stole-10000-euros-from-victims.html
Google Reverts Changes to Chrome
https://www.blog.google/products/chrome/product-updates-based-your-feedback/amp/
Odd DNS Requests from Firewalls
https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
9/24/2018 • 4 minutes, 30 seconds
ISC StormCast for Monday, September 24th 2018
Odd DNS Requests from Firewalls
https://isc.sans.edu/forums/diary/Suspicious+DNS+Requests+Issued+by+a+Firewall/24128/
Securing API Connections
https://isc.sans.edu/forums/diary/The+danger+of+sending+information+for+API+consumption+without+adequate+security+measures/24130/
Microsoft JET Database 0day
https://www.zerodayinitiative.com/advisories/ZDI-18-1075/
Western Digital Releases Patch for MyCloud Drives
https://support.wdc.com/knowledgebase/answer.aspx?ID=25952&s
Job Offers With Malware Attachment
https://www.bleepingcomputer.com/news/security/malware-disguised-as-job-offers-distributed-on-freelance-sites/
9/24/2018 • 4 minutes, 30 seconds
ISC StormCast for Friday, September 21st 2018
Hunting for Suspicious Processes with OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
9/21/2018 • 12 minutes, 33 seconds
ISC StormCast for Friday, September 21st 2018
Hunting for Suspicious Processes with OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Suspicious+Processes+with+OSSEC/24122/
NSSLabs Sues Crowdstrike, Symantec, ESET
https://www.nsslabs.com/blog/company/advancing-transparency-and-accountability-in-the-cybersecurity-industry/
Bitcoin Core Vulnerability
https://motherboard.vice.com/amp/en_us/article/qvakp3/a-major-bug-in-bitcoin-software-could-have-crashed-the-currency?__twitter_impression=true
WebAuthn Standard
https://paragonie.com/blog/2018/08/security-concerns-surrounding-webauthn-don-t-implement-ecdaa-yet
https://fidoalliance.org/
9/21/2018 • 12 minutes, 33 seconds
ISC StormCast for Thursday, September 20th 2018
Adobe Releases Special Patch for Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
9/20/2018 • 5 minutes, 24 seconds
ISC StormCast for Thursday, September 20th 2018
Adobe Releases Special Patch for Acrobat and Reader
https://helpx.adobe.com/security/products/acrobat/apsb18-34.html
Akamai State of the Internet Report
https://www.akamai.com/us/en/about/our-thinking/state-of-the-internet-report/global-state-of-the-internet-security-ddos-attack-reports.jsp
Peekabo DVR Vulnerability
https://www.tenable.com/blog/tenable-research-advisory-peekaboo-critical-vulnerability-in-nuuo-network-video-recorder
9/20/2018 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, September 19th 2018
Certificate Transparency Tools
https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
9/19/2018 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, September 19th 2018
Certificate Transparency Tools
https://isc.sans.edu/forums/diary/Using+Certificate+Transparency+as+an+Attack+Defense+Tool/24114/
Kodi Malicious Add-Ons
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Cloudflare Making DNSSEC Adoption Easier
https://blog.cloudflare.com/automatically-provision-and-maintain-dnssec/
Western Digital MyCloud Unauthenticated Admin Access
https://www.securify.nl/advisory/SFY20180102/authentication-bypass-vulnerability-in-western-digital-my-cloud-allows-escalation-to-admin-privileges.html
9/19/2018 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, September 18th 2018
Analyzing Office Docs
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
9/18/2018 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, September 18th 2018
Analyzing Office Docs
https://isc.sans.edu/forums/diary/Dissecting+Malicious+MS+Office+Docs/24108/
Apple Updates Everything but macOS
https://support.apple.com/en-us/HT201220
FBot Botnet
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Related STI Paper: Botnet Reciliency via Private Blockchain (Jonathan Sweeny)
https://www.sans.org/reading-room/whitepapers/covert/botnet-resiliency-private-blockchains-38050
9/18/2018 • 5 minutes, 26 seconds
ISC StormCast for Monday, September 17th 2018
Reversing Visual Basic Shortcuts
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
9/17/2018 • 5 minutes, 26 seconds
ISC StormCast for Monday, September 17th 2018
Reversing Visual Basic Shortcuts
https://isc.sans.edu/forums/diary/2020+malware+vision/24104/
Not So Random User Agent
https://isc.sans.edu/forums/diary/User+Agent+String+uatoolsrandom/24102/
Safari DoS
https://gist.github.com/pwnsdx/ce64de2760996a6c432f06d612e33aea
Webroot SecureAnywhere macOS Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-16962--Webroot-SecureAnywhere-macOS-Kernel-Level-Memory-Corruption/
Intel Patches Management Engine Encryption Vulnerability
http://blog.ptsecurity.com/2018/09/intel-me-encryption-vulnerability.html
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
9/13/2018 • 6 minutes, 47 seconds
ISC StormCast for Thursday, September 13th 2018
So What is Going on With IPv4 Fragments these Days?
https://isc.sans.edu/forums/diary/So+What+is+Going+on+With+IPv4+Fragments+these+Days/24092/
Magacart Javascript Injection Attacks
https://www.bleepingcomputer.com/news/security/feedify-service-compromised-with-magecart-information-stealing-script/
Bypassing CSP using Polyglot JPEGs
https://portswigger.net/blog/bypassing-csp-using-polyglot-jpegs
9/13/2018 • 6 minutes, 47 seconds
ISC StormCast for Wednesday, September 12th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
9/12/2018 • 4 minutes, 44 seconds
ISC StormCast for Wednesday, September 12th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+September+Patch+Tuesday+Summary/24088/
Adobe Patches
https://helpx.adobe.com/security.html
Safari/Edge URL Bar Spoofing
https://www.rafaybaloch.com/2018/09/apple-safari-microsoft-edge-browser.html
Exploit Search Engine
https://sploitus.com
9/12/2018 • 4 minutes, 44 seconds
ISC StormCast for Tuesday, September 11th 2018
"findstr" used to extract malware from LNK files
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
9/10/2018 • 4 minutes, 46 seconds
ISC StormCast for Tuesday, September 11th 2018
"findstr" used to extract malware from LNK files
https://isc.sans.edu/forums/diary/What+is+dikona+or+glirote3/24084/
Tor Browser Javascript Vulnerability
https://www.bleepingcomputer.com/news/security/exploit-affecting-tor-browser-burned-in-a-tweet/
Trend Micro App Leaks Data / Removed from Appstore
https://forums.malwarebytes.com/topic/217353-get-rid-of-open-any-files-rar-support/?tab=comments#comment-1194838
Chrome removes Subdomains from URL Bar
https://bugs.chromium.org/p/chromium/issues/detail?id=881410
9/10/2018 • 4 minutes, 46 seconds
ISC StormCast for Sunday, September 9th 2018
Crypto Mining in a Windows Headless Browser
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
9/9/2018 • 6 minutes, 33 seconds
ISC StormCast for Sunday, September 9th 2018
Crypto Mining in a Windows Headless Browser
https://isc.sans.edu/forums/diary/Crypto+Mining+in+a+Windows+Headless+Browser/24078/
MacOS Adware Doctor Stealing Browser History
https://twitter.com/privacyis1st/status/1031428304543395840
https://objective-see.com/blog/blog_0x37.html
VPN Applications with Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Keybase Extension Allws Access By Scripts from Any Site
https://palant.de/2018/09/06/keybase-our-browser-extension-subverts-our-encryption-but-why-should-we-care
9/9/2018 • 6 minutes, 33 seconds
ISC StormCast for Friday, September 7th 2018
Malware Uses Powershell to Comple C# Code on the Fly
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
9/6/2018 • 4 minutes, 43 seconds
ISC StormCast for Friday, September 7th 2018
Malware Uses Powershell to Comple C# Code on the Fly
https://isc.sans.edu/forums/diary/Malicious+PowerShell+Compiling+C+Code+on+the+Fly/24072/
Stealing WiFi Credentials in Google Chrome
https://www.surecloud.com/sc-blog/wifi-hijacking
DNS Spoofing and Certificate Authority Domain Validation
https://www.theregister.co.uk/2018/09/06/boffins_break_cas_domain_validation/
Cisco Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=30#~Vulnerabilities
9/6/2018 • 4 minutes, 43 seconds
ISC StormCast for Thursday, September 6th 2018
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
9/5/2018 • 5 minutes, 6 seconds
ISC StormCast for Thursday, September 6th 2018
MEGA Chrome Extension Replaced with Password Stealer
https://serhack.me/articles/mega-chrome-extension-hacked
Python Package Installer May Execute Code
https://github.com/mschwager/0wned
Windows Scheduler Exploit Used in the Wild
https://www.welivesecurity.com/2018/09/05/powerpool-malware-exploits-zero-day-vulnerability/
Where Have All My Certificates Gone?
https://isc.sans.edu/forums/diary/Where+have+all+my+Certificates+gone+And+when+do+they+expire/24066/
9/5/2018 • 5 minutes, 6 seconds
ISC StormCast for Wednesday, September 5th 2018
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
9/4/2018 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, September 5th 2018
Some More Interesting MicroTik Router Exploits
https://blog.netlab.360.com/7500-mikrotik-routers-are-forwarding-owners-traffic-to-the-attackers-how-is-yours-en/
Exposed .git Directories
https://lynt.cz/blog/global-scan-exposed-git
SSL Certificates Expose Tor Servers
https://www.bleepingcomputer.com/news/security/public-ip-addresses-of-tor-sites-exposed-via-ssl-certificates/
9/4/2018 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, September 4th 2018
Reversing and Modifying the Medium Mobile App
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
9/4/2018 • 4 minutes, 42 seconds
ISC StormCast for Tuesday, September 4th 2018
Reversing and Modifying the Medium Mobile App
https://hackernoon.com/dont-publish-yet-reverse-engineering-the-medium-app-and-making-all-stories-in-it-free-48c8f2695687
Active Directory Leaks via Azure
https://www.blackhillsinfosec.com/red-teaming-microsoft-part-1-active-directory-leaks-via-azure/
Google Restricts Tech Support Ads
https://www.blog.google/products/ads/restricting-ads-third-party-tech-support-services/?mod=article_inline
9/4/2018 • 4 minutes, 42 seconds
ISC StormCast for Sunday, September 2nd 2018
OSX/MacOS and Dangerous of Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
9/2/2018 • 4 minutes, 45 seconds
ISC StormCast for Sunday, September 2nd 2018
OSX/MacOS and Dangerous of Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Philips e-Alert Vulnerability
https://ics-cert.us-cert.gov/advisories/ICSA-18-242-01
9/2/2018 • 4 minutes, 45 seconds
ISC StormCast for Friday, August 31st 2018
Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
8/30/2018 • 5 minutes, 59 seconds
ISC StormCast for Friday, August 31st 2018
Cryptocoin Miners are More Popular Than Ever and Dominate in Attacks
https://isc.sans.edu/forums/diary/Crypto+Mining+Is+More+Popular+Than+Ever/24050/
Cryptocoin Miners Deployed via Struts Vulnerability
https://www.volexity.com/blog/2018/08/27/active-exploitation-of-new-apache-struts-vulnerability-cve-2018-11776-deploys-cryptocurrency-miner/
Mimecast Identifies Weaknesses in Existing EMail Filters
https://www.mimecast.com/resources/ebooks/dates/2018/7/the-state-of-email-security-2018-report/
Android Leaks Information to Processes
https://wwws.nightwatchcybersecurity.com/2018/08/29/sensitive-data-exposure-via-wifi-broadcasts-in-android-os-cve-2018-9489/
8/30/2018 • 5 minutes, 59 seconds
ISC StormCast for Thursday, August 30th 2018
More Octoprint Details
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
8/29/2018 • 6 minutes, 12 seconds
ISC StormCast for Thursday, August 30th 2018
More Octoprint Details
https://isc.sans.edu/forums/diary/3D+Printers+in+The+Wild+What+Can+Go+Wrong/24044/
Packagist Remote Code Injection Vulnerability
https://justi.cz/security/2018/08/28/packagist-org-rce.html
More OpenSSH User Enumeration Issues
http://seclists.org/oss-sec/2018/q3/180
Two new TPM Vulnerabilities
https://www.usenix.org/system/files/conference/usenixsecurity18/sec18-han.pdf
8/29/2018 • 6 minutes, 12 seconds
ISC StormCast for Wednesday, August 29th 2018
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
8/28/2018 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, August 29th 2018
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
https://www.kb.cert.org/vuls/id/906424
3D Printers Exposed to Internet
https://isc.sans.edu/forums/diary/OctoPrint+3D+Web+Interfaces+EXPOSED+Port+5000+default/24038/
Firefox Nightly Built Removes Trust From Symantec Certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=1460062
https://bugzilla.mozilla.org/show_bug.cgi?id=1484006
8/28/2018 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, August 28th 2018
H-Worm Variant Notes Infection Date in Registry
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
8/27/2018 • 4 minutes, 27 seconds
ISC StormCast for Tuesday, August 28th 2018
H-Worm Variant Notes Infection Date in Registry
https://isc.sans.edu/forums/diary/When+was+this+machine+infected/24032/
CentOS / Ubuntu Turn Off Gnome "Bubblewrap" Sandbox
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
Fortnite Android Arbitrary Code Install Vulnerability
https://www.bleepingcomputer.com/news/security/ubuntu-and-centos-are-undoing-a-gnome-security-feature/
8/27/2018 • 4 minutes, 27 seconds
ISC StormCast for Monday, August 27th 2018
Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample)
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
8/26/2018 • 6 minutes, 2 seconds
ISC StormCast for Monday, August 27th 2018
Struts Exploits for CVE-2018-11776 on Github (there are more. just a sample)
https://github.com/mazen160/struts-pwn_CVE-2018-11776
https://github.com/jiguang7/CVE-2018-11776
Publisher Malware
https://isc.sans.edu/forums/diary/Microsoft+Publisher+Files+Delivering+Malware/24024/
https://isc.sans.edu/forums/diary/Microsoft+Publisher+malware+static+analysis/24026/
AT Commands
https://atcommands.org/atdb/vendors
Using a Microphone to Read Screen Content
https://www.cs.tau.ac.il/~tromer/synesthesia/synesthesia.pdf
8/26/2018 • 6 minutes, 2 seconds
ISC StormCast for Friday, August 24th 2018
Simple Phishing Through formcrafts.com
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
8/23/2018 • 6 minutes, 9 seconds
ISC StormCast for Friday, August 24th 2018
Simple Phishing Through formcrafts.com
https://isc.sans.edu/forums/diary/Simple+Phishing+Through+formcraftscom/24020/
Facebook's Onavo VPN removed from Apple AppStore
https://www.wsj.com/articles/facebook-to-remove-data-security-app-from-apple-store-1534975340?mod=e2tw (paywall)
https://medium.com/@chronic_9612/notes-on-analytics-and-tracking-in-onavo-protect-for-ios-904bdff346c0
Phishing False Alarm
https://www.cnn.com/2018/08/23/politics/dnc-hack-false-alarm/index.html
Fake Crypto Trading App Stealing Crypot Currency From Mac Users
https://www.businesswire.com/news/home/20180823005093/en/AppleJeus-Lazarus-Group-Hunts-Cryptocurrency-Exchanges-macOS
Intel Simplifies Microcode License
https://twitter.com/imadsousou/status/1032680311753072640
8/23/2018 • 6 minutes, 9 seconds
ISC StormCast for Thursday, August 23rd 2018
New Critical Apache Struts Vulnerability (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
8/22/2018 • 5 minutes, 18 seconds
ISC StormCast for Thursday, August 23rd 2018
New Critical Apache Struts Vulnerability (CVE-2018-11776)
https://semmle.com/news/apache-struts-CVE-2018-11776
https://cwiki.apache.org/confluence/display/WW/S2-057
Hardening Apache Struts With SELinux
https://doublepulsar.com/hardening-apache-struts-with-selinux-db3a9cd1a10c?gi=f23fc884264a
Ghostscript Code Execution Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
Photoshop CC Patch
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
8/22/2018 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, August 22nd 2018
Malicious DDL Loaded Through AutoIT
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
8/21/2018 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, August 22nd 2018
Malicious DDL Loaded Through AutoIT
https://isc.sans.edu/forums/diary/Malicious+DLL+Loaded+Through+AutoIT/24008/
Traefik Fixes TLS Private Key Exposure
https://github.com/containous/traefik/issues/3651
TLS Certificates Survive Domain Ownership
https://insecure.design
Intel Microcode License Update Causes Problems for Debian Linux
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=906158#14
8/21/2018 • 5 minutes, 19 seconds
ISC StormCast for Tuesday, August 21st 2018
Regular Expression DDoS in Javascript
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
8/20/2018 • 5 minutes, 17 seconds
ISC StormCast for Tuesday, August 21st 2018
Regular Expression DDoS in Javascript
http://mp.binaervarianz.de/ReDoS_TR_Dec2017.pdf
OpenSSH User Enumeration Update
https://isc.sans.edu/forums/diary/OpenSSH+user+enumeration+CVE201815473/24004
Turning (Page) Tables Exploit Technique
https://cdn2.hubspot.net/hubfs/487909/Turning%20(Page)%20Tables_Slides.pdf
8/20/2018 • 5 minutes, 17 seconds
ISC StormCast for Monday, August 20th 2018
Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
8/19/2018 • 5 minutes, 53 seconds
ISC StormCast for Monday, August 20th 2018
Fragmentsmack Summary
https://isc.sans.edu/forums/diary/Back+to+the+90s+FragmentSmack/23998/
HP Does Not Release Patches for Non-Windows Users
https://www.intego.com/mac-security-blog/exclusive-hp-leaves-mac-users-vulnerable-to-fax-hacks/
More about VB Script 0-Day Vulnerability and "Dark Hotel" (chinese only)
https://ti.360.net/blog/articles/analyzing-attack-of-cve-2018-8373-and-darkhotel/
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
PHP Deserialization Vulnerability Code Execution
https://cdn2.hubspot.net/hubfs/3853213/us-18-Thomas-It's-A-PHP-Unserialization-Vulnerability-Jim-But-Not-As-We-....pdf?
8/19/2018 • 5 minutes, 53 seconds
ISC StormCast for Friday, August 17th 2018
Anonymize PCAPS
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
8/17/2018 • 6 minutes, 34 seconds
ISC StormCast for Friday, August 17th 2018
Anonymize PCAPS
https://isc.sans.edu/forums/diary/Truncating+Payloads+and+Anonymizing+PCAP+files/23990/
OpenSSH User Enumeration Vulnerability
http://seclists.org/oss-sec/2018/q3/124
VoiceXML XML External Entity Vulnerability
https://hackerone.com/reports/395296
Skimreaper Credit Card Skimmer Detector
http://skimreaper.com
8/17/2018 • 6 minutes, 34 seconds
ISC StormCast for Thursday, August 16th 2018
Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
8/16/2018 • 5 minutes, 45 seconds
ISC StormCast for Thursday, August 16th 2018
Password Protected Word Documents Push AZORult and Hermes Ransomware
https://isc.sans.edu/forums/diary/More+malspam+pushing+passwordprotected+Word+docs+for+AZORult+and+Hermes+Ransomware/23992/
Linux IP Fragmentation DoS
https://www.kb.cert.org/vuls/id/641765
Scripting Mouse Clicks to Bypass macOS Security
https://speakerdeck.com/patrickwardle/the-mouse-is-mightier-than-the-sword
Concentration of Coinhive Miners
https://arxiv.org/pdf/1808.00811.pdf
8/16/2018 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, August 15th 2018
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
8/15/2018 • 6 minutes, 11 seconds
ISC StormCast for Wednesday, August 15th 2018
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+August+2018+Patch+Tuesday/23986/
Oracle Database Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2018-3110-5032149.html
Intel Fixes Three More CPU Flaws
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
8/15/2018 • 6 minutes, 11 seconds
ISC StormCast for Tuesday, August 14th 2018
New Sextorition Wave Using Partial Phone Numbers
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
8/14/2018 • 5 minutes, 3 seconds
ISC StormCast for Tuesday, August 14th 2018
New Sextorition Wave Using Partial Phone Numbers
New Extortion Tricks: Now Including Your (Partial) Phone Number!
Intel Releases Patch for Puma Modem Chips
https://www.dslreports.com/forum/r32071020-Internet-Rogers-modem-router-rebooting-on-wan-scans-by-design
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-000097.html
Bluetooth Low Energy Attack Tool
https://github.com/virtualabs/btlejack
Tesla Will Fix Cars if Researcher Breaks it While Hacking
https://twitter.com/bitquark/status/1028373178421309440
8/14/2018 • 5 minutes, 3 seconds
ISC StormCast for Monday, August 13th 2018
VIA C3 "God Mode"
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
8/13/2018 • 6 minutes, 7 seconds
ISC StormCast for Monday, August 13th 2018
VIA C3 "God Mode"
https://github.com/xoreaxeaxeax/rosenbridge
Apple MDM Vulnerablity
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Peeking into MSG Files
https://isc.sans.edu/forums/diary/Peeking+into+msg+files+revisited/23974/
Hunting SSL/TLS Clients Using JA3
https://isc.sans.edu/forums/diary/Hunting+SSLTLS+clients+using+JA3/23972/
Mobile Payment Terminal Vulnerabilities
https://www.blackhat.com/us-18/briefings.html#for-the-love-of-money-finding-and-exploiting-vulnerabilities-in-mobile-point-of-sales-systems
8/13/2018 • 6 minutes, 7 seconds
ISC StormCast for Friday, August 10th 2018
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
8/10/2018 • 5 minutes, 13 seconds
ISC StormCast for Friday, August 10th 2018
Vulnerabilities in Pacemaker Programmer and Insulin Pumps
https://arstechnica.com/information-technology/2018/08/lack-of-encryption-makes-hacks-on-life-saving-pacemakers-shockingly-easy/
"Panic Attacks" Against City Infrastructure
https://www.bbc.com/news/technology-45128053
Kaspersky VPN Leaks DNS Traffic
https://www.inputzero.io/2018/08/kaspersky-vpn-leaks-dns-address.html
Osiris Dropper Uses Process Dopplegaenging
https://blog.malwarebytes.com/threat-analysis/2018/08/osiris-using-process-doppelganging/
Linux TCP DoS Vulnerability
https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
8/8/2018 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, August 8th 2018
Linux TCP DoS Vulnerability
https://www.kb.cert.org/vuls/id/962459
Let's Encrypt Now Trusted By All Major Root CA Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Android Updates
https://source.android.com/security/bulletin/2018-08-01
OpenEMR Vulnerabilities
https://insecurity.sh/assets/reports/openemr.pdf
New WPA Attack
https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
8/6/2018 • 5 minutes, 30 seconds
ISC StormCast for Monday, August 6th 2018
New WPA Attack
https://hashcat.net/forum/thread-7717.html
Fake Techsupport Uses More Intelligent Call Routing
https://www.symantec.com/blogs/threat-intelligence/tech-support-scam-call-optimization
HP Printer Updates
https://support.hp.com/us-en/document/c06097712
8/6/2018 • 5 minutes, 30 seconds
ISC StormCast for Friday, August 3rd 2018
Malware in Animated GIF Files
https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
8/3/2018 • 6 minutes, 30 seconds
ISC StormCast for Friday, August 3rd 2018
Malware in Animated GIF Files
https://isc.sans.edu/forums/diary/DHLthemed+malspam+reveals+embedded+malware+in+animated+gif/23944/
MikroTik Miner Botnet
https://www.trustwave.com/Resources/SpiderLabs-Blog/Mass-MikroTik-Router-Infection-%E2%80%93-First-we-cryptojack-Brazil,-then-we-take-the-World-/
Microsoft Edge Vulnerability
https://www.netsparker.com/blog/web-security/stealing-local-files-with-simple-html-file/
8/3/2018 • 6 minutes, 30 seconds
ISC StormCast for Thursday, August 2nd 2018
Facebook Smishing Attack
https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
8/2/2018 • 6 minutes, 26 seconds
ISC StormCast for Thursday, August 2nd 2018
Facebook Smishing Attack
https://isc.sans.edu/forums/diary/Facebook+Phishing+via+SMS/23940/
Port 52869 UPNP Attacks
https://isc.sans.edu/forums/diary/When+Cameras+and+Routers+attack+Phones+Spike+in+CVE20148361+Exploits+Against+Port+52869/23942/
Microsoft Improves Account Security for Midterm Elections
https://www.bleepingcomputer.com/news/microsoft/microsoft-accountguard-service-offers-protection-for-political-and-election-orgs/
Google Improves "Government Sponsored Attacks" Alert for GSuite
https://9to5google.com/2018/08/01/g-suite-admins-government-based-attackers/
8/2/2018 • 6 minutes, 26 seconds
ISC StormCast for Wednesday, August 1st 2018
Powershell Inside Certificates
https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
8/1/2018 • 6 minutes, 24 seconds
ISC StormCast for Wednesday, August 1st 2018
Powershell Inside Certificates
https://blog.nviso.be/2018/07/31/powershell-inside-a-certificate-part-1/
TEMPEST is Back
http://youtu.be/BpNP9b3aIfY?a
Big Star Labs Spyware
https://adguard.com/en/blog/big-star-labs-spyware/
Summary of Earchings in Recent Sextortion Attack
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
7/30/2018 • 7 minutes, 10 seconds
ISC StormCast for Monday, July 30th 2018
Summary of Earchings in Recent Sextortion Attack
https://isc.sans.edu/forums/diary/Sextortion+Follow+the+Money/23922/
Adware Distributed with Legitimate Applications
https://www.bleepingcomputer.com/news/security/fake-websites-for-keepass-7zip-audacity-others-found-pushing-adware/
https://twitter.com/JusticeRage
PDF Editor Supply Chain Exploit
https://cloudblogs.microsoft.com/microsoftsecure/2018/07/26/attack-inception-compromised-supply-chain-within-a-supply-chain-poses-new-risks/
7/30/2018 • 7 minutes, 10 seconds
ISC StormCast for Friday, July 27th 2018
NetSpectre: Read Arbitrary Memory over the Network
https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
7/27/2018 • 15 minutes, 52 seconds
ISC StormCast for Friday, July 27th 2018
NetSpectre: Read Arbitrary Memory over the Network
https://misc0110.net/web/files/netspectre.pdf
Google Play Store Bans Crypto Miners
https://play.google.com/about/developer-content-policy-print/
Japanese Calendar Issues
https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/
Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html?m=1
Times Change and Your Training Data Should Too: The Effect of Training Data Recency on Twitter Classifiers. Ryan O'Grady
https://www.sans.org/reading-room/whitepapers/artificialintelligence/times-change-training-data-too-effect-training-data-recency-twitter-classifiers-38500
7/27/2018 • 15 minutes, 52 seconds
ISC StormCast for Thursday, July 26th 2018
Etherscan.io XSS Vulnerability
https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
7/26/2018 • 5 minutes, 19 seconds
ISC StormCast for Thursday, July 26th 2018
Etherscan.io XSS Vulnerability
https://scotthelme.co.uk/xss-on-etherscan-io/
Tomcat Vulnerabilities Patched
https://www.us-cert.gov/ncas/current-activity/2018/07/23/Apache-Releases-Security-Updates-Apache-Tomcat
DNS over HTTPS Standard Finalized
https://datatracker.ietf.org/wg/doh/about/
ERP Systems Targeted in Recent Attacks
https://www.us-cert.gov/ncas/current-activity/2018/07/25/Malicious-Cyber-Activity-Targeting-ERP-Applications
7/26/2018 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, July 25th 2018
Emotet Update
https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
7/25/2018 • 5 minutes, 13 seconds
ISC StormCast for Wednesday, July 25th 2018
Emotet Update
https://isc.sans.edu/forums/diary/Recent+Emotet+activity/23908/
Clear Text Phone Tracking
https://isc.sans.edu/forums/diary/Cell+Phone+Monitoring+Who+is+Watching+the+Watchers/23910/
Bluetooth Bug
https://www.kb.cert.org/vuls/id/304725
Apache OpenWhisk Vulnerability
https://www.puresec.io/blog/Apache_OpenWhisk_Mutability_Weakness?hs_preview=EpJUmSoY-5972289702
7/25/2018 • 5 minutes, 13 seconds
ISC StormCast for Tuesday, July 24th 2018
More Spectre
https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
7/24/2018 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, July 24th 2018
More Spectre
https://arxiv.org/pdf/1807.07940.pdf
July IE Patch Fixed older Remote Code Exec. Bug
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
Google Chrome 68 Released Today. HTTP sites marked as "insecure"
https://support.google.com/chrome/a/answer/7679408?hl=en
DNS Rebinding Vulnerablity Common in IoT
https://www.armis.com/dns-rebinding-exposes-half-a-billion-iot-devices-in-the-enterprise/
7/24/2018 • 6 minutes, 21 seconds
ISC StormCast for Monday, July 23rd 2018
New WebLogic Vulnerability Already Exploited
https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
7/23/2018 • 5 minutes, 15 seconds
ISC StormCast for Monday, July 23rd 2018
New WebLogic Vulnerability Already Exploited
https://isc.sans.edu/forums/diary/Weblogic+Exploit+Code+Made+Public+CVE20182893/23896/
Microsoft Edge Turns off XSS Protection
https://portswigger.net/daily-swig/xss-protection-disappears-from-microsoft-edge
Intel Management Engine Vulnerabilities
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00112.html
User Tracking With TLS 1.2 Certificates
http://tma.ifip.org/wordpress/wp-content/uploads/2017/06/tma2017_paper2.pdf
7/23/2018 • 5 minutes, 15 seconds
ISC StormCast for Friday, July 20th 2018
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
7/20/2018 • 5 minutes, 14 seconds
ISC StormCast for Friday, July 20th 2018
Cisco Patches
https://tools.cisco.com/security/center/publicationListing.x
Diqee Smart Vacuum Vulnerabilities
http://en.diqee.com/goods/1994.html
Instagram About To Release 2FA Update
https://techcrunch.com/2018/07/17/instagram-2-factor/
Reporting Malicious Websites
https://isc.sans.edu/forums/diary/Reporting+Malicious+Websites+in+2018/23892/
7/20/2018 • 5 minutes, 14 seconds
ISC StormCast for Thursday, July 19th 2018
Increase in scans for port 15454
https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
7/19/2018 • 5 minutes, 20 seconds
ISC StormCast for Thursday, July 19th 2018
Increase in scans for port 15454
https://isc.sans.edu/forums/diary/Request+for+Packets+Port+15454/23888/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
Venmo Public Transaction API
https://publicbydefault.fyi
Credential Stuffing Responsible for Majority of Login Attempts
http://info.shapesecurity.com/2018-Credential-Spill-Report-by-Shape-Security
7/19/2018 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, July 18th 2018
Searching for Geographically Improbably Login Attempts
https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
7/18/2018 • 5 minutes, 25 seconds
ISC StormCast for Wednesday, July 18th 2018
Searching for Geographically Improbably Login Attempts
https://isc.sans.edu/forums/diary/Searching+for+Geographically+Improbable+Login+Attempts/23882/
Typo3 CMS Update
https://typo3.org/article/typo3-931-8717-and-7630-security-releases-published/
GitHub Expands Security Scanner to Python
https://blog.github.com/2018-07-12-security-vulnerability-alerts-for-python/
Money Laundry Scheme Exposed by Open Mongo database.
https://kromtech.com/blog/security-center/digital-laundry
7/18/2018 • 5 minutes, 25 seconds
ISC StormCast for Tuesday, July 17th 2018
Encrypted SNI in TLS 1.3
https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426
Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
7/17/2018 • 7 minutes, 54 seconds
ISC StormCast for Tuesday, July 17th 2018
Encrypted SNI in TLS 1.3
https://tools.ietf.org/html/draft-rescorla-tls-esni-00
Microsoft to Retire "Delta Updates"
https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-quality-updates-explained-amp-the-end-of-delta/ba-p/214426
Practical GPS Spoofing of Navigation Devices
https://www.microsoft.com/en-us/research/uploads/prod/2018/06/security18gps.pdf
7/17/2018 • 7 minutes, 54 seconds
ISC StormCast for Monday, July 16th 2018
Processing JSON
https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
7/16/2018 • 7 minutes, 12 seconds
ISC StormCast for Monday, July 16th 2018
Processing JSON
https://isc.sans.edu/forums/diary/Video+Retrieving+and+processing+JSON+data+BTC+example/23874/
Cryptocoin Mining Javascript (yet again)
https://isc.sans.edu/forums/diary/Cryptominer+Delivered+Though+Compromized+JavaScript+File/23870/
Dahua Passwords Leaked/Cached by Search Engine
https://www.bleepingcomputer.com/news/security/passwords-for-tens-of-thousands-of-dahua-devices-cached-in-iot-search-engine/
MDM Used in Targeted Attack Against iPhone Users
https://blog.talosintelligence.com/2018/07/Mobile-Malware-Campaign-uses-Malicious-MDM.html
7/16/2018 • 7 minutes, 12 seconds
ISC StormCast for Friday, July 13th 2018
Extortion Claims Include Leaked Passwords to Appear more Plausiable
https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
7/13/2018 • 5 minutes, 54 seconds
ISC StormCast for Friday, July 13th 2018
Extortion Claims Include Leaked Passwords to Appear more Plausiable
https://isc.sans.edu/forums/diary/New+Extortion+Tricks+Now+Including+Your+Password/23866/
npm Package Compromised and Used To Steal Credentials
https://github.com/eslint/eslint-scope/issues/39#issuecomment-404533026
CIRCL IMAP Proxy
https://github.com/CIRCL/IMAP-Proxy
Checkpoint Names "Dorkbot" As A Top Threat (Signup required)
https://research.checkpoint.com/cyber-attack-trends-2018-mid-year-report/
7/13/2018 • 5 minutes, 54 seconds
ISC StormCast for Thursday, July 12th 2018
Hello Peppa Followup
https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
7/12/2018 • 5 minutes, 46 seconds
ISC StormCast for Thursday, July 12th 2018
Hello Peppa Followup
https://isc.sans.edu/forums/diary/Well+Hello+Again+Peppa/23860/
Spectre 1.1 and 1.2
https://people.csail.mit.edu/vlk/spectre11.pdf
Internet Exchanges Band Together against BGP Hijacking
https://dyn.com/blog/shutting-down-the-bgp-hijack-factory/
Google Enabled Site Isolation in Chrome
https://www.bleepingcomputer.com/news/security/google-enables-site-isolation-feature-for-99-percent-of-chrome-desktop-users/
Reverse Shell via Weblogic Flaw
https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
7/10/2018 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, July 10th 2018
Reverse Shell via Weblogic Flaw
https://isc.sans.edu/forums/diary/Criminals+Dont+Read+Instructions+or+Use+Strong+Passwords/23850/
Apple Patches Everything Again
https://isc.sans.edu/forums/diary/Apple+Patches+Everything+Again/23852/
Microsoft Offers Better Azure AD Password Protection
http://www.longevitytech.us/2018/07/09/azure-ad-password-protection-the-cloud-security-service-your-active-directory-needs-now/
7/10/2018 • 5 minutes, 43 seconds
ISC StormCast for Monday, July 9th 2018
Trivial Exploit For HP iLO 4 (patched last August)
https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
7/9/2018 • 4 minutes, 22 seconds
ISC StormCast for Monday, July 9th 2018
Trivial Exploit For HP iLO 4 (patched last August)
https://airbus-seclab.github.io/ilo/SSTIC2018-Article-subverting_your_server_through_its_bmc_the_hpe_ilo4_case-gazet_perigaud_czarny.pdf
Flexible Miner/Ransomware
https://securelist.com/to-crypt-or-to-mine-that-is-the-question/86307/
Hacker Steals Gas From Gas Station
https://gizmodo.com/hackers-reportedly-stole-600-gallons-of-gas-from-detroi-1827433411
7/9/2018 • 4 minutes, 22 seconds
ISC StormCast for Friday, July 6th 2018
Gentoo GitHub Breach Post Morten
https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
7/6/2018 • 5 minutes, 6 seconds
ISC StormCast for Friday, July 6th 2018
Gentoo GitHub Breach Post Morten
https://wiki.gentoo.org/wiki/Github/2018-06-28
Hamas Sets World Cup Trap for Israeli Soldiers
https://www.reuters.com/article/us-israel-palestinians-cyber/israel-says-hamas-tried-to-snare-soldiers-in-world-cup-cyber-trap-idUSKBN1JT1ZX
7/6/2018 • 5 minutes, 6 seconds
ISC StormCast for Thursday, July 5th 2018
Progress Indication For Scripts in Windows
https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
7/5/2018 • 3 minutes, 13 seconds
ISC StormCast for Thursday, July 5th 2018
Progress Indication For Scripts in Windows
https://isc.sans.edu/forums/diary/Progress+indication+for+scripts+on+Windows/23830/
Stylish Extension Steals History
https://robertheaton.com/2018/07/02/stylish-browser-extension-steals-your-internet-history/
Data Leaks From Android Apps
https://recon.meddle.mobi/panoptispy/
7/5/2018 • 3 minutes, 13 seconds
ISC StormCast for Tuesday, July 3rd 2018
Odd PHP Exploit Attempt
https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
7/2/2018 • 5 minutes, 22 seconds
ISC StormCast for Tuesday, July 3rd 2018
Odd PHP Exploit Attempt
https://isc.sans.edu/forums/diary/Hello+Peppa+PHP+Scans/23826/
Diameter Security Report
https://www.ptsecurity.com/ww-en/premium/diameter-2018/
Attack Against Trezor via DNS or BGP
https://blog.trezor.io/psa-phishing-alert-fake-trezor-wallet-website-3bcfdfc3eced
Symantec Offers VPNFilter Check
http://www.symantec.com/filtercheck/
7/2/2018 • 5 minutes, 22 seconds
ISC StormCast for Monday, July 2nd 2018
MacOS Malware Targeting Slack/Dicord Crypto Comunities
https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
7/2/2018 • 6 minutes, 29 seconds
ISC StormCast for Monday, July 2nd 2018
MacOS Malware Targeting Slack/Dicord Crypto Comunities
https://isc.sans.edu/forums/diary/Crypto+community+target+of+MacOS+malware/23816/
New LTE Attacks Made Public
https://alter-attack.net
Rowhammer Attacks Against Android
https://rampageattack.com
Netflix Phishing Sites Using TLS
https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/[email protected]/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
6/21/2018 • 6 minutes, 50 seconds
ISC StormCast for Thursday, June 21st 2018
Netflix Phishing Sites Using TLS
https://isc.sans.edu/forums/diary/Secure+Phishing+Netflix+Phishing+Goes+TLS/23786/
OpenBSD Disables Hyperthreading By Default
https://www.mail-archive.com/[email protected]/msg99141.html
Bithumb Cyrpto Currency Exchnage Breached Again
https://www.bleepingcomputer.com/news/security/bithumb-hacked-second-time-in-a-year-hackers-steal-31-million/
Microsoft Edge CORS Bypass via Audio Files
https://jakearchibald.com/2018/i-discovered-a-browser-bug/
Microsoft Releases a Special Patch for Oracle Outside-In Libraries
https://support.microsoft.com/en-us/help/4092041/description-of-the-security-update-for-microsoft-exchange-server-2013
6/21/2018 • 6 minutes, 50 seconds
ISC StormCast for Wednesday, June 20th 2018
PowerShell ScriptBlock Loggin Bypass in the Wild
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
6/19/2018 • 5 minutes, 31 seconds
ISC StormCast for Wednesday, June 20th 2018
PowerShell ScriptBlock Loggin Bypass in the Wild
https://isc.sans.edu/forums/diary/PowerShell+ScriptBlock+Logging+Or+Not/23782/
Virustotal "False Positive" Alert
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Cloud Environments Explosed to the Internet
https://info.lacework.com/hubfs/Containers%20At-Risk_%20A%20Review%20of%2021,000%20Cloud%20Environments.pdf
Google Home DNS Rebinding Attack Reveals Geolocation
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
6/19/2018 • 5 minutes, 31 seconds
ISC StormCast for Tuesday, June 19th 2018
Obfuscated JavaScript Targeting Mobile Devices
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
6/19/2018 • 5 minutes, 53 seconds
ISC StormCast for Tuesday, June 19th 2018
Obfuscated JavaScript Targeting Mobile Devices
https://isc.sans.edu/forums/diary/Malicious+JavaScript+Targeting+Mobile+Browsers/23778/
Axis Camera Vulnerabilities
https://blog.vdoo.com/2018/06/18/vdoo-discovers-significant-vulnerabilities-in-axis-cameras/
Apple Caches Confidential Data on Unencrypted Drives
https://wojciechregula.blog/your-encrypted-photos-in-macos-cache/
Andy Emulator Infected With CryptoMiner
https://www.reddit.com/r/emulators/comments/8rj8g5/warning_andy_android_emulator_andyos_andyroid/
6/19/2018 • 5 minutes, 53 seconds
ISC StormCast for Monday, June 18th 2018
SMTP Strangeness - Possible C2
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
6/18/2018 • 6 minutes, 32 seconds
ISC StormCast for Monday, June 18th 2018
SMTP Strangeness - Possible C2
https://isc.sans.edu/forums/diary/SMTP+Strangeness+Possible+C2/23770/
Encrypted Office Documents
https://isc.sans.edu/forums/diary/Encrypted+Office+Documents/23774/
Recent Port 8000 Scans
https://www.bleepingcomputer.com/news/security/all-that-port-8000-traffic-this-week-yeah-thats-satori-looking-for-new-bots/
New Clipboard Cryptocoin Stealing Bot
https://blog.360totalsecurity.com/en/new-cryptominer-hijacks-your-bitcoin-transaction-over-300000-computers-have-been-attacked/
WebUSB Weakness
https://pwnaccelerator.github.io/2018/webusb-yubico-disclosure.html
6/18/2018 • 6 minutes, 32 seconds
ISC StormCast for Friday, June 15th 2018
Analyzing a Compromised Wordpress Site
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
6/15/2018 • 12 minutes, 14 seconds
ISC StormCast for Friday, June 15th 2018
Analyzing a Compromised Wordpress Site
https://isc.sans.edu/forums/diary/A+Bunch+of+Compromized+Wordpress+Sites/23764/
Breacking Bluetooth Low Energy Smart Padlock
https://www.pentestpartners.com/security-blog/totally-pwning-the-tapplock-smart-lock/
WIM Disk Image Vulnerability
https://blog.talosintelligence.com/2018/06/vulnerability-spotlight-talos-2018-0545.html
Extracting Timely Sign-In Data from Office 365 Logs
https://www.sans.org/reading-room/whitepapers/logging/extracting-timely-sign-in-data-office-365-logs-38435
6/15/2018 • 12 minutes, 14 seconds
ISC StormCast for Thursday, June 14th 2018
From MicroTik With Love: Yet Another Router Botnet?
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
6/14/2018 • 5 minutes, 53 seconds
ISC StormCast for Thursday, June 14th 2018
From MicroTik With Love: Yet Another Router Botnet?
https://isc.sans.edu/forums/diary/From+Microtik+with+Love/23762/
Using Cortana To Compromise Windows 10
https://securingtomorrow.mcafee.com/mcafee-labs/want-to-break-into-a-locked-windows-10-device-ask-cortana-cve-2018-8140/
Compromised Docker Images
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Lazy FPU Save/Restore Allows Malware Access to FPU
https://access.redhat.com/solutions/3485131
6/14/2018 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, June 13th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
6/13/2018 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, June 13th 2018
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+June+2018+Patch+Tuesday/23758/
Apple Code Signing Verification Vulnerability
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
Google Chrome Restricting Inline Extension Install
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
6/13/2018 • 5 minutes, 50 seconds
ISC StormCast for Tuesday, June 12th 2018
More Malspam Pushing Lokibot
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
6/12/2018 • 4 minutes, 46 seconds
ISC StormCast for Tuesday, June 12th 2018
More Malspam Pushing Lokibot
https://isc.sans.edu/forums/diary/More+malspam+pushing+Lokibot/23754/
Ethereum JSON RPC Theft
https://twitter.com/360Netlab/status/1006065566728085504
CryptoCurrency Miner Plays hide-and-seek
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Apple Outlaws Crypto Currency Miners in App Store
https://developer.apple.com/app-store/review/guidelines/#hardware-compatibility
FBI Arrests Suspect in BEC Investigation
https://www.fbi.gov/news/stories/international-bec-takedown-061118
6/12/2018 • 4 minutes, 46 seconds
ISC StormCast for Monday, June 11th 2018
The Seven Properties of Highly Secure Devices
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
6/11/2018 • 5 minutes, 30 seconds
ISC StormCast for Monday, June 11th 2018
The Seven Properties of Highly Secure Devices
https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Finding Deserialisation Issues With Burp
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/june/finding-deserialisation-issues-has-never-been-easier-freddy-the-serialisation-killer/
FTC Starts Looking Into Cryptojacking
https://www.consumer.ftc.gov/blog/2018/06/protecting-your-devices-cryptojacking
Drupal Disputes Number of Vulnerable Sites
https://groups.drupal.org/node/520149
Analysis of a Post Exploit Script
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
6/6/2018 • 5 minutes, 41 seconds
ISC StormCast for Wednesday, June 6th 2018
Analysis of a Post Exploit Script
Malicious Post-Exploitation Batch File
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
Redis Exploits
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Drupalgeddon 2 Update
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
6/6/2018 • 5 minutes, 41 seconds
ISC StormCast for Tuesday, June 5th 2018
Running Only Signed Code. Does it work in Windows 10?
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
6/5/2018 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, June 5th 2018
Running Only Signed Code. Does it work in Windows 10?
https://isc.sans.edu/forums/diary/Digging+into+Authenticode+Certificates/23731/
Misconfigured G-Suite Mailing Lists
https://www.kennasecurity.com/widespread-google-groups-misconfiguration-exposes-sensitive-information/
Microsoft Releases Open Source Post Quantum VPN
https://github.com/Microsoft/PQCrypto-VPN
6/5/2018 • 6 minutes, 2 seconds
ISC StormCast for Monday, June 4th 2018
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
6/4/2018 • 5 minutes, 29 seconds
ISC StormCast for Monday, June 4th 2018
Apple Patches Everything
https://isc.sans.edu/forums/diary/Apple+Security+Updates/23727/
VPNFilter Makes a Comeback
https://jask.com/from-russia-with-love/
Reverse Analysis with Radare2
https://isc.sans.edu/forums/diary/Binary+analysis+with+Radare2/23723/
Pet Location Tracker Vulnerabilities
https://threatpost.com/pet-trackers-open-to-mitm-attacks-interception/132291/
6/4/2018 • 5 minutes, 29 seconds
ISC StormCast for Friday, June 1st 2018
Safely Resetting Routers
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
6/1/2018 • 5 minutes, 45 seconds
ISC StormCast for Friday, June 1st 2018
Safely Resetting Routers
https://isc.sans.edu/forums/diary/Resetting+Your+Router+the+Paranoid+Right+Way/23719/
CSS mix-blend-mode Side Channel Attack
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
New ActiveX Exploit Seen in the Wild
https://www.krcert.or.kr/data/secNoticeView.do?bulletin_writing_sequence=27263
Apple iMessage Security
https://support.apple.com/en-us/HT202303
10 Year Old Vulnerability in Steam Discovered
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
6/1/2018 • 5 minutes, 45 seconds
ISC StormCast for Thursday, May 31st 2018
Windows JScript Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
5/31/2018 • 4 minutes, 45 seconds
ISC StormCast for Thursday, May 31st 2018
Windows JScript Vulnerability
https://www.zerodayinitiative.com/advisories/ZDI-18-534/
Two Git Vulnerabilities Patched
https://marc.info/?l=git&m=152761328506724&w=2
https://blogs.msdn.microsoft.com/devops/2018/05/29/announcing-the-may-2018-git-security-vulnerability/
SpamCannibal Blacklist Temporarily Marks All IPs as "Spam"
https://twitter.com/GossiTheDog/status/1001778042400854016
QRadar Remote Code Execution
https://blogs.securiteam.com/index.php/archives/3689
5/31/2018 • 4 minutes, 45 seconds
ISC StormCast for Wednesday, May 30th 2018
New DNS Features
https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
5/29/2018 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, May 30th 2018
New DNS Features
https://isc.sans.edu/forums/diary/DNS+is+Changing+Are+you+Ready/23711/
Apple Updates
https://support.apple.com/en-us/HT201222
Scans For Misconfigured EOS Blockchain Nodes
https://www.bleepingcomputer.com/news/security/misconfigured-eos-blockchain-nodes-under-attack/
NPM Bug Causes Update Failures / Application Crashes
https://github.com/npm/npm/issues/20791#issuecomment-392648459
MnuBot Exfiltrates Data Via MSSQL
https://securityintelligence.com/new-banking-trojan-mnubot-discovered-by-ibm-x-force-research/
5/29/2018 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, May 29th 2018
Ultrasound Mobile Location Tracking
https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
5/29/2018 • 5 minutes, 56 seconds
ISC StormCast for Tuesday, May 29th 2018
Ultrasound Mobile Location Tracking
https://isc.sans.edu/forums/diary/Do+you+hear+Laurel+or+Yanny+or+is+it+OnOff+Keying/23707/
Analyzing Malware Created with NSIS
https://isc.sans.edu/forums/diary/Quick+analysis+of+malware+created+with+NSIS/23703/
Obfuscated Word Macro
https://isc.sans.edu/forums/diary/Antivirus+Evasion+Easy+as+123/23701/
Z-Wave Attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
https://www.silabs.com/community/blog.entry.html/2018/05/23/tl_dr_your_door_is-g1zC
Electron Framework Protocol Handler Patch Bypass
https://blog.doyensec.com/2018/05/24/electron-win-protocol-handler-bug-bypass.html
5/29/2018 • 5 minutes, 56 seconds
ISC StormCast for Friday, May 25th 2018
GDPR Going Into Effect May 25th
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
5/25/2018 • 4 minutes, 39 seconds
ISC StormCast for Friday, May 25th 2018
GDPR Going Into Effect May 25th
https://en.wikipedia.org/wiki/General_Data_Protection_Regulation
Bitcoin Gold Double Spent Attack
https://forum.bitcoingold.org/t/double-spend-attack-on-exchanges/1362
Amazon Alexa Forwards Random Conversations
https://www.kiro7.com/news/local/woman-says-her-amazon-device-recorded-private-conversation-sent-it-out-to-random-contact/755507974
Verge Crypto Coin Attacked Again
https://www.bleepingcomputer.com/news/security/verge-cryptocurrency-network-falls-victim-to-same-attack-even-after-hard-fork/
Malicious SYLK Files Used to Execute Code in Excel
https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
5/23/2018 • 4 minutes, 50 seconds
ISC StormCast for Wednesday, May 23rd 2018
Malicious SYLK Files Used to Execute Code in Excel
https://isc.sans.edu/forums/diary/Malware+Distributed+via+slk+Files/23687/
BMW Releases Patches for Several Cars
https://keenlab.tencent.com/en/Experimental_Security_Assessment_of_BMW_Cars_by_KeenLab.pdf
Mac Crypto Miners
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
VMWare Spectre Updates
https://www.vmware.com/security/advisories/VMSA-2018-0012.html
5/23/2018 • 4 minutes, 50 seconds
ISC StormCast for Tuesday, May 22nd 2018
Spectre NG Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
5/22/2018 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, May 22nd 2018
Spectre NG Patches
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180012
https://bugs.chromium.org/p/project-zero/issues/detail?id=1528
New "Moon" Variant
http://blog.netlab.360.com/gpon-exploit-in-the-wild-iv-themoon-botnet-join-in-with-a-0day/
https://isc.sans.edu/forums/diary/Something+Wicked+this+way+comes/23681/
Extracting Keys From Windows ssh-agent
https://blog.ropnop.com/extracting-ssh-private-keys-from-windows-10-ssh-agent/
Claymore Miner Attack
https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x
5/18/2018 • 5 minutes, 42 seconds
ISC StormCast for Friday, May 18th 2018
Claymore Miner Attack
https://isc.sans.edu/diary/Insecure+Claymore+Miner+Management+API+Exploited+in+the+Wild/23665/
PCI DSS Version 3.2.1. Released
https://isc.sans.edu/forums/diary/PCI+DSS+version+321+is+out/23667/
Keeper Releases Update
https://keepersecurity.com/blog/2018/05/15/response-may-15-seclists-report/
Cisco Security Update
https://tools.cisco.com/security/center/publicationListing.x
5/18/2018 • 5 minutes, 42 seconds
ISC StormCast for Thursday, May 17th 2018
Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7
https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
5/16/2018 • 6 minutes, 27 seconds
ISC StormCast for Thursday, May 17th 2018
Critical DHCP Client Vulnerability in RedHat Enterprise Server 6/7
https://access.redhat.com/security/vulnerabilities/3442151
UPnP Misconfiguration DDoS Attack
https://www.theregister.co.uk/2018/05/16/upnp_amplifies_ddos_attacks/
Ubuntu Snap Store Miner Incident Followup
https://blog.ubuntu.com/2018/05/15/trust-and-security-in-the-snap-store
iOS / Android "Zipper Down" Vulnerability
https://zipperdown.org/
5/16/2018 • 6 minutes, 27 seconds
ISC StormCast for Wednesday, May 16th 2018
PDF Exploit (and Windows Priv. Escalation) Leaked
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
5/16/2018 • 6 minutes, 56 seconds
ISC StormCast for Wednesday, May 16th 2018
PDF Exploit (and Windows Priv. Escalation) Leaked
https://www.welivesecurity.com/2018/05/15/tale-two-zero-days/
Possible Vulnerability in Keeper Password Manager
http://seclists.org/fulldisclosure/2018/May/41
MyEtherWallet Phishing
https://isc.sans.edu/forums/diary/Phishing+emails+for+fake+MyEtherWallet+login+page/23655/
Odd njRat Like Scans
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
5/14/2018 • 5 minutes, 53 seconds
ISC StormCast for Monday, May 14th 2018
Odd njRat Like Scans
Reversed C2 traffic from China
Signal Vulnerability (Possibly in Electron, which affects Skype/Slack/others)
https://twitter.com/ortegaalfredo/status/995017143002509313
Electron Vulnerability
https://www.trustwave.com/Resources/SpiderLabs-Blog/CVE-2018-1000136---Electron-nodeIntegration-Bypass/
Cryptocoin Miner Found in Ubuntu Snap Store
https://github.com/canonical-websites/snapcraft.io/issues/651
5/14/2018 • 5 minutes, 53 seconds
ISC StormCast for Friday, May 11th 2018
DNS Exfiltration in Windows
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
5/11/2018 • 5 minutes, 14 seconds
ISC StormCast for Friday, May 11th 2018
DNS Exfiltration in Windows
https://isc.sans.edu/forums/diary/Exfiltrating+data+from+very+isolated+environments/23645/
Fake Electrun Wallet
https://github.com/spesmilo/electrum-docs/blob/master/decompiling_guide.md
Treasure Hunter PoS Malware Source Code Leaked
https://www.flashpoint-intel.com/blog/treasurehunter-source-code-leaked/
More Malicious Chrome Extensions Spreading via Facebook
https://blog.radware.com/security/2018/05/nigelthorn-malware-abuses-chrome-extensions/
5/11/2018 • 5 minutes, 14 seconds
ISC StormCast for Thursday, May 10th 2018
Loyds Bank Phish Leads to Trickbot
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
5/10/2018 • 4 minutes, 1 second
ISC StormCast for Thursday, May 10th 2018
Loyds Bank Phish Leads to Trickbot
https://isc.sans.edu/forums/diary/Nice+Phishing+Sample+Delivering+Trickbot/23641/
Firefox Group Policy Engine
https://www.bleepingcomputer.com/news/software/group-policy-support-coming-to-firefox-60/
OS Vendors Fix Intel Debug Flaw
https://www.kb.cert.org/vuls/id/631579
Cryptocoin Miner in Excel
https://charles.dardaman.com/js_coinhive_in_excel
Parsing Windows Job Files
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
5/8/2018 • 4 minutes, 51 seconds
ISC StormCast for Tuesday, May 8th 2018
Parsing Windows Job Files
https://isc.sans.edu/forums/diary/Adding+Persistence+Via+Scheduled+Tasks/23633/
SYN-ACK Ransomware Uses Dobbleganging Technique
https://securelist.com/synack-targeted-ransomware-uses-the-doppelganging-technique/85431/
More Drupal Compromises
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Russia vs. Telegram
https://twitter.com/instasegv/status/993521755192020992
https://www.bleepingcomputer.com/news/government/russia-blocks-50-vpns-and-proxy-services-providing-access-to-telegram/
5/8/2018 • 4 minutes, 51 seconds
ISC StormCast for Monday, May 7th 2018
Malicious NPM Library Stopped
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
5/7/2018 • 5 minutes, 20 seconds
ISC StormCast for Monday, May 7th 2018
Malicious NPM Library Stopped
https://blog.npmjs.org/post/173526807575/reported-malicious-module-getcookies
Popular GDPR Shield
http://gdpr-shield.io (currently down)
More Spectre Flaws
https://www.heise.de/ct/artikel/Exclusive-Spectre-NG-Multiple-new-Intel-CPU-flaws-revealed-several-serious-4040648.html
5/7/2018 • 5 minutes, 20 seconds
ISC StormCast for Friday, May 4th 2018
More WebLogic Exploits
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
5/4/2018 • 14 minutes, 48 seconds
ISC StormCast for Friday, May 4th 2018
More WebLogic Exploits
https://isc.sans.edu/forums/diary/WebLogic+Exploited+in+the+Wild+Again/23617/
Ouch! GDPR Newsletter
https://www.sans.org/security-awareness-training/ouch-newsletter
GitHub / Twitter Password Storage Issues
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
https://www.zdnet.com/article/github-says-bug-exposed-account-passwords/
Facebook adds Homegraph Alert to Certificate Transparency log monitoring
https://www.facebook.com/notes/protect-the-graph/phishing-domain-detection/2037453483161459/
Disrupting the Empire: Identifying PowerShell Empire Command and Control Activity
https://www.sans.org/reading-room/whitepapers/forensics/disrupting-empire-identifying-powershell-empire-command-control-activity-38315
5/4/2018 • 14 minutes, 48 seconds
ISC StormCast for Thursday, May 3rd 2018
GPS Jamming Becoming More Common
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
5/3/2018 • 6 minutes, 2 seconds
ISC StormCast for Thursday, May 3rd 2018
GPS Jamming Becoming More Common
https://www.avweb.com/avwebflash/news/GPS-Jamming-Major-Threat-to-Drone-230749-1.html
https://www.heise.de/newsticker/meldung/GPS-unter-Beschuss-Jamming-und-Spoofing-nehmen-zu-4038137.html
Windows Command Line References
https://isc.sans.edu/forums/diary/Windows+Commands+Reference+An+InfoSec+Must+Have/23613/
LoJack Laptop Anti-Theft Software "Phones Home" to Russia
https://asert.arbornetworks.com/lojack-becomes-a-double-agent/
Google Maps Can Be Used as a URL Shortener
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Retrieving DVR Credentials via "Admin Cookie"
https://github.com/ezelf/CVE-2018-9995_dvr_credentials
5/3/2018 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, May 2nd 2018
Creating Malicious Office Documents
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
5/2/2018 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, May 2nd 2018
Creating Malicious Office Documents
https://isc.sans.edu/forums/diary/Diving+into+a+Simple+Maldoc+Generator/23609/
Google (and Amazon) Disable Domain Fronting
https://arstechnica.com/information-technology/2018/04/google-disables-domain-fronting-capability-used-to-evade-censors/
Google Chrome To Enforce Certificate Transparency
https://groups.google.com/a/chromium.org/forum/#!msg/ct-policy/wHILiYf31DE/iMFmpMEkAQAJ
5/2/2018 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, May 1st 2018
April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
5/1/2018 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, May 1st 2018
April WebLogic Patch Incomplete and Intense Scanning for WebLogic Under Way
https://www.bleepingcomputer.com/news/security/hackers-scan-the-web-for-vulnerable-weblogic-servers-after-oracle-botches-patch/
Facex Worm Spreads Malicious Chrome Extensions via Facebook
https://blog.trendmicro.com/trendlabs-security-intelligence/facexworm-targets-cryptocurrency-trading-platforms-abuses-facebook-messenger-for-propagation/
$15 DTV Transmitter as a SDR
https://hackernoon.com/osmo-fl2k-a-15-dtv-transmitter-fm-radio-hijack-and-gps-spoofing-device-68ac08ba7d76
5/1/2018 • 5 minutes, 40 seconds
ISC StormCast for Monday, April 30th 2018
A Few Sample #Drupal Exploits including CVE-2018-7602
https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
4/30/2018 • 6 minutes, 33 seconds
ISC StormCast for Monday, April 30th 2018
A Few Sample #Drupal Exploits including CVE-2018-7602
https://isc.sans.edu/forums/diary/More+Threat+Hunting+with+User+Agent+and+Drupal+Exploits/23597/
Triggering SMB Connections to Steal NTLM Credentials via PDFs
https://research.checkpoint.com/ntlm-credentials-theft-via-pdf-files/
NTFS Crash DoS Exploit Published for Windwos 10 and 7
https://github.com/mtivadar/windows10_ntfs_crash_dos
Apple HomeKit / Secure Element Problems
https://www.youtube.com/watch?v=1CNAMgctAp0
Azucar Assessing Azure Security
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2018/april/introducing-azucar/
4/30/2018 • 6 minutes, 33 seconds
ISC StormCast for Friday, April 27th 2018
HP iLO Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
4/27/2018 • 7 minutes, 12 seconds
ISC StormCast for Friday, April 27th 2018
HP iLO Ransomware
https://www.bleepingcomputer.com/news/security/ransomware-hits-hpe-ilo-remote-management-interfaces/
Total Meltdown Exploit Available
https://blog.xpnsec.com/total-meltdown-cve-2018-1038/
WD My Cloud EX2 Access Control Bypass
https://www.trustwave.com/Resources/SpiderLabs-Blog/WD-My-Cloud-EX2-Serves-Your-Files-to-Anyone/
Hyperoptic ZTE Home Router Hardcoded Account
https://www.contextis.com/resources/advisories/hyperoptic-zte-home-routers
4/27/2018 • 7 minutes, 12 seconds
ISC StormCast for Thursday, April 26th 2018
New Drupal Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
4/26/2018 • 5 minutes, 21 seconds
ISC StormCast for Thursday, April 26th 2018
New Drupal Remote Code Execution Vulnerability
https://www.drupal.org/sa-core-2018-004
Malicious Network Traffic From /bin/bash
https://isc.sans.edu/forums/diary/Malicious+Network+Traffic+From+binbash/23591/
Insecure Hotel Locks
https://safeandsavvy.f-secure.com/2018/04/25/researchers-find-way-to-generate-master-keys-to-hotels/
Amazon Echo As Evesdropping Device (signin required)
https://info.checkmarx.com/wp-alexa
4/26/2018 • 5 minutes, 21 seconds
ISC StormCast for Monday, March 12th 2018
Paying For Ransomware Often Fails to Recover Files
https://cyber-edge.com/cdr/#about-this-report
Microtik Router Malware Infects Sysadmin PCs
https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
CNNVD Held Back Vulnerabilities
https://www.recordedfuture.com/chinese-mss-vulnerability-influence/
Keeper Exposes S3 Bucket
http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/
Chip and Pin Clones
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
3/12/2018 • 7 minutes, 34 seconds
ISC StormCast for Monday, March 12th 2018
Paying For Ransomware Often Fails to Recover Files
https://cyber-edge.com/cdr/#about-this-report
Microtik Router Malware Infects Sysadmin PCs
https://s3-eu-west-1.amazonaws.com/khub-media/wp-content/uploads/sites/43/2018/03/09133534/The-Slingshot-APT_report_ENG_final.pdf
CNNVD Held Back Vulnerabilities
https://www.recordedfuture.com/chinese-mss-vulnerability-influence/
Keeper Exposes S3 Bucket
http://www.zdnet.com/article/password-manager-maker-keeper-hit-by-another-security-snafu/
https://keepersecurity.com/blog/2018/03/10/keepers-response-zdnets-article-regarding-s3-bucket-configuration-issue/
Chip and Pin Clones
https://www.kaspersky.com/blog/chip-n-pin-cloning/21502/
Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there
https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/
How to Break Encryption
https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/
Bypassing Adobe Flash Security Protections
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
Hundreds of Bitcoin Mining Servers Stolen in Iceland
https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland
Several Android Mail Apps Send Password To Developer (article in German)
https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
3/8/2018 • 5 minutes, 49 seconds
ISC StormCast for Thursday, March 8th 2018
Ransomware News: GlobeImposter Gets A Facelift, GandCrab is Still Out there
https://isc.sans.edu/forums/diary/Ransomware+news+GlobeImposter+gets+a+facelift+GandCrab+is+still+out+there/23417/
How to Break Encryption
https://blog.malwarebytes.com/threat-analysis/2018/03/encryption-101-how-to-break-encryption/
Bypassing Adobe Flash Security Protections
https://securingtomorrow.mcafee.com/mcafee-labs/hackers-bypassed-adobe-flash-protection-mechanism/
Hundreds of Bitcoin Mining Servers Stolen in Iceland
https://www.theguardian.com/world/2018/mar/07/hundreds-of-bitcoin-mining-servers-stolen-in-iceland
Several Android Mail Apps Send Password To Developer (article in German)
https://www.kuketz-blog.de/mail-apps-zahlreiche-android-apps-uebermitteln-login-passwort/
3/8/2018 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, March 7th 2018
Exploit for CVE-2018-6789
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Microsoft Fixes USB Issues Introduced By February Patches
https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251
123 Reg Looses Backups
https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/
Android March Security Bulletin
https://source.android.com/security/bulletin/2018-03-01#media-framework
3/7/2018 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, March 7th 2018
Exploit for CVE-2018-6789
https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
Microsoft Fixes USB Issues Introduced By February Patches
https://support.microsoft.com/en-us/help/4090913/march5-2018kb4090913osbuild16299-251
123 Reg Looses Backups
https://www.bleepingcomputer.com/news/business/123-reg-backup-snafu-causes-clients-to-lose-files-since-august-2017/
Android March Security Bulletin
https://source.android.com/security/bulletin/2018-03-01#media-framework
3/7/2018 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, March 6th 2018
Malicious Bash Script with Multiple Features
https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/
More Memcached DDoS Attacks
https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/
Spring Framework Vulnerability
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046
LTE Vulnerabilities
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
3/6/2018 • 6 minutes, 49 seconds
ISC StormCast for Tuesday, March 6th 2018
Malicious Bash Script with Multiple Features
https://isc.sans.edu/forums/diary/Malicious+Bash+Script+with+Multiple+Features/23411/
More Memcached DDoS Attacks
https://www.arbornetworks.com/blog/asert/netscout-arbor-confirms-1-7-tbps-ddos-attack-terabit-attack-era-upon-us/
Spring Framework Vulnerability
https://lgtm.com/blog/spring_data_rest_CVE-2017-8046
LTE Vulnerabilities
http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE_NDSS18_paper.pdf
3/6/2018 • 6 minutes, 49 seconds
ISC StormCast for Monday, March 5th 2018
Protective Malicious Monero Crypto Coin Miners
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
memcached DDoS Attacks Ask For Ransom
https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html
Cheap Android Trojans Come PreInstalled With Banking Malware
https://news.drweb.com/show/?lng=en&i=11749&c=5
RedDrop Android Malware Installed via 3rd Party App Stores
https://www.wandera.com/blog/reddrop-malware/
3/5/2018 • 5 minutes, 30 seconds
ISC StormCast for Monday, March 5th 2018
Protective Malicious Monero Crypto Coin Miners
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
memcached DDoS Attacks Ask For Ransom
https://blogs.akamai.com/2018/03/memcached-now-with-extortion.html
Cheap Android Trojans Come PreInstalled With Banking Malware
https://news.drweb.com/show/?lng=en&i=11749&c=5
RedDrop Android Malware Installed via 3rd Party App Stores
https://www.wandera.com/blog/reddrop-malware/
3/5/2018 • 5 minutes, 30 seconds
ISC StormCast for Friday, March 2nd 2018
Censoring Images At Scale in #WeChat
https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/
Trustico Update: Certificate Revocation List Monitor
https://isc.sans.edu/crls.html
Memcached Update: Github Attack
https://githubengineering.com/ddos-incident-report/
http://powerofcommunity.net/poc2017/shengbao.pdf
Microsoft Releases Intel Spectre Microcode Updates
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
3/2/2018 • 8 minutes, 1 second
ISC StormCast for Friday, March 2nd 2018
Censoring Images At Scale in #WeChat
https://isc.sans.edu/forums/diary/Why+Does+Emperor+Xi+Dislike+Winnie+the+Pooh+and+Scrambled+Eggs/23395/
Trustico Update: Certificate Revocation List Monitor
https://isc.sans.edu/crls.html
Memcached Update: Github Attack
https://githubengineering.com/ddos-incident-report/
http://powerofcommunity.net/poc2017/shengbao.pdf
Microsoft Releases Intel Spectre Microcode Updates
https://support.microsoft.com/en-us/help/4090007/intel-microcode-updates
3/2/2018 • 8 minutes, 1 second
ISC StormCast for Thursday, March 1st 2018
How Did This Memcache Thing Happen?
https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/
Trustico TLS Certificate Revocation
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
Flash on Its Way Out
https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/
DNSSEC Is Getting Better But Still Struggeling
http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/
Smart TV Firmware Flaws
https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
3/1/2018 • 6 minutes, 8 seconds
ISC StormCast for Thursday, March 1st 2018
How Did This Memcache Thing Happen?
https://isc.sans.edu/forums/diary/How+did+this+Memcache+thing+happen/23391/
Trustico TLS Certificate Revocation
https://groups.google.com/forum/#!msg/mozilla.dev.security.policy/wxX4Yv0E3Mk/QZt8UPhKAwAJ
Flash on Its Way Out
https://www.bleepingcomputer.com/news/security/google-chrome-flash-usage-declines-from-80-percent-in-2014-to-under-8-percent-today/
DNSSEC Is Getting Better But Still Struggeling
http://www.theregister.co.uk/2018/02/28/dutch_name_authority_dnssec_validation_errors_can_be_eliminated/
Smart TV Firmware Flaws
https://www.av-comparatives.org/wp-content/uploads/2018/02/avc_sigma_medion_201802.pdf
3/1/2018 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, February 28th 2018
Memcached Servers Used in Reflective DDoS Attacks
https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/
Malspam Pushing Formbook Info Stealer
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Various SAML Parsers Affected by Comment Parsing Vulnerability
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
2/28/2018 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, February 28th 2018
Memcached Servers Used in Reflective DDoS Attacks
https://isc.sans.edu/forums/diary/Why+we+Dont+Deserve+the+Internet+Memcached+Reflected+DDoS+Attacks/23389/
Malspam Pushing Formbook Info Stealer
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/23387/
Various SAML Parsers Affected by Comment Parsing Vulnerability
https://duo.com/blog/duo-finds-saml-vulnerabilities-affecting-multiple-implementations
2/28/2018 • 5 minutes, 48 seconds
ISC StormCast for Tuesday, February 27th 2018
Enumerating S3 Buckets
https://github.com/jordanpotti/AWSBucketDump
Creating AWS Network Diagrams
https://github.com/duo-labs/cloudmapper
Selling Macs and "Find my Mac" Feature
https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf
Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista
https://support.apple.com/en-us/HT208104
2/27/2018 • 4 minutes, 44 seconds
ISC StormCast for Tuesday, February 27th 2018
Enumerating S3 Buckets
https://github.com/jordanpotti/AWSBucketDump
Creating AWS Network Diagrams
https://github.com/duo-labs/cloudmapper
Selling Macs and "Find my Mac" Feature
https://medium.com/@mulligan/how-i-sold-an-old-mac-and-unknowingly-tracked-its-location-for-over-3-years-9a35cd3ca4cf
Apple Stopping Support for 1st Gen Apple TV and iTunes on Windows XP / Vista
https://support.apple.com/en-us/HT208104
2/27/2018 • 4 minutes, 44 seconds
ISC StormCast for Monday, February 26th 2018
Retrieving Malware Over Tor On Windows (Update)
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/
Blackholing Advertising Sites with Pi-Hole
https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/
Taxslayer Consent Degree with FTC
https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/
Fortinet (OMG) Mirai
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
2/26/2018 • 5 minutes, 33 seconds
ISC StormCast for Monday, February 26th 2018
Retrieving Malware Over Tor On Windows (Update)
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor+on+Windows/23379/
Blackholing Advertising Sites with Pi-Hole
https://isc.sans.edu/forums/diary/Blackhole+Advertising+Sites+with+Pihole/23377/
Taxslayer Consent Degree with FTC
https://biglawbusiness.com/cybersecurity-enforcers-wake-up-to-unauthorized-computer-access-via-credential-stuffing/
Fortinet (OMG) Mirai
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
2/26/2018 • 5 minutes, 33 seconds
ISC StormCast for Friday, February 2nd 2018
Adobe Flash 0-Day
https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/
Adaptive Phishing Kit
https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/
Crypto Miners "Payload of Choice"
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Autosploit Links Shodan to Metasploit
https://github.com/NullArray/AutoSploit
2/2/2018 • 5 minutes, 31 seconds
ISC StormCast for Friday, February 2nd 2018
Adobe Flash 0-Day
https://isc.sans.edu/forums/diary/Adobe+Flash+0Day+Used+Against+South+Korean+Targets/23301/
Adaptive Phishing Kit
https://isc.sans.edu/forums/diary/Adaptive+Phishing+Kit/23299/
Crypto Miners "Payload of Choice"
http://blog.talosintelligence.com/2018/01/malicious-xmr-mining.html
Autosploit Links Shodan to Metasploit
https://github.com/NullArray/AutoSploit
2/2/2018 • 5 minutes, 31 seconds
ISC StormCast for Thursday, February 1st 2018
Tax Phishing Season Starts
https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
2/1/2018 • 6 minutes, 50 seconds
ISC StormCast for Thursday, February 1st 2018
Tax Phishing Season Starts
https://isc.sans.edu/forums/diary/Tax+Phishing+Time/23295/
Using FLIR In Incident Response
https://isc.sans.edu/forums/diary/Using+FLIR+in+Incident+Response/23291/
Oracle MICROS POS Vulnerability
https://erpscan.com/press-center/blog/oracle-micros-pos-breached/
Analyzing a Word Document Used in a Pentest
https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
1/29/2018 • 6 minutes, 10 seconds
ISC StormCast for Monday, January 29th 2018
Analyzing a Word Document Used in a Pentest
https://isc.sans.edu/forums/diary/Is+this+a+pentest/23283/
Analyzing BITS Activity
https://isc.sans.edu/forums/diary/Investigating+Microsoft+BITS+Activity/23281/
CryptoJacking on YouTube due to Malicious Ads
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Coincheck Hack Nets 400M USD
https://coincheck.com/en/blog/4673
PHPBB Mirror Compromissed
https://www.phpbb.com/community/viewtopic.php?f=14&t=2456896
Microsoft Disables Sepctre Variant 2 Patches
https://support.microsoft.com/en-us/help/4078130/update-to-disable-mitigation-against-spectre-variant-2
1/29/2018 • 6 minutes, 10 seconds
ISC StormCast for Friday, January 26th 2018
Ransomware As a Service
https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
1/25/2018 • 17 minutes, 42 seconds
ISC StormCast for Friday, January 26th 2018
Ransomware As a Service
https://isc.sans.edu/forums/diary/Ransomware+as+a+Service/23277/
libcurl Vulnerability
http://seclists.org/oss-sec/2018/q1/94
Hide 'N Seek IoT Botnet
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Container Intrusions: Assessing the Efficacy of Intrusion Detection and Analysis Methods for Linux Container Environments
https://www.sans.org/reading-room/whitepapers/detection/container-intrusions-assessing-efficacy-intrusion-detection-analysis-methods-linux-container-environments-38245
1/25/2018 • 17 minutes, 42 seconds
ISC StormCast for Thursday, January 25th 2018
RTF Files For Hancitor Utilize Exploit for CVE-2017-11882
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
1/25/2018 • 5 minutes, 36 seconds
ISC StormCast for Thursday, January 25th 2018
RTF Files For Hancitor Utilize Exploit for CVE-2017-11882
https://isc.sans.edu/forums/diary/RTF+files+for+Hancitor+utilize+exploit+for+CVE201711882/23271/
Electron Fixes Protocol Handlers Flaw
https://electronjs.org/blog/protocol-handler-fix
Xerox Workcenters Fudge Numbers
http://www.dkriesel.com/en/blog/2013/0802_xerox-workcentres_are_switching_written_numbers_when_scanning?
Tracking Users Using CSS
https://github.com/jbtronics/CrookedStyleSheets
1/25/2018 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, January 24th 2018
Apple Patches Everything, Again
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
1/24/2018 • 5 minutes, 30 seconds
ISC StormCast for Wednesday, January 24th 2018
Apple Patches Everything, Again
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23269/
OpenSSL Introduces its Version of a "Patch Tuesday"
https://www.openssl.org/blog/blog/2018/01/18/f2f-london/
"Rapid" Ransomware
https://id-ransomware.blogspot.ru/2018/01/rapid-ransomware.html (Russian)
https://www.bleepingcomputer.com/forums/t/667032/rapid-ransomware-rapid-paymeme-how-recovery-filestxt-support-topic/page-2
1/24/2018 • 5 minutes, 30 seconds
ISC StormCast for Tuesday, January 23rd 2018
HTTPs on Every Port
https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
1/23/2018 • 5 minutes, 4 seconds
ISC StormCast for Tuesday, January 23rd 2018
HTTPs on Every Port
https://isc.sans.edu/forums/diary/HTTPS+on+every+port/23261/
Curl over TOR
https://isc.sans.edu/forums/diary/Retrieving+malware+over+Tor/23257/
Spectre/Meltdown Microcode Patch Problems
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
https://lkml.org/lkml/2018/1/21/192
DNS Rebinding Attacks Against Geth
https://ret2got.wordpress.com/2018/01/19/how-your-ethereum-can-be-stolen-using-dns-rebinding/
Chinese Quantum Cryptography Satellite Link Transmits Intercontinental Videolink
https://journals.aps.org/prl/abstract/10.1103/PhysRevLett.120.030501
1/23/2018 • 5 minutes, 4 seconds
ISC StormCast for Monday, January 22nd 2018
Analyzing an RTF Phishing Document
https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
1/22/2018 • 5 minutes, 16 seconds
ISC StormCast for Monday, January 22nd 2018
Analyzing an RTF Phishing Document
https://isc.sans.edu/forums/diary/An+RTF+phish/23255/
Satori Variant Steals ETH from Miners
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Evrial Trojan Modifies Copy / Pasted Bitcoin Addresses
https://twitter.com/malwrhunterteam/status/953313514629853184
Legal Challenges of Bug Bounties
https://www.heise.de/security/meldung/US-Bug-Bountys-lassen-gute-Hacker-in-die-Falle-tappen-3946508.html
1/22/2018 • 5 minutes, 16 seconds
ISC StormCast for Friday, January 19th 2018
Oracle E-Business Suite Server Can Be Attackt via WebLogic
https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
1/19/2018 • 5 minutes, 9 seconds
ISC StormCast for Friday, January 19th 2018
Oracle E-Business Suite Server Can Be Attackt via WebLogic
https://www.onapsis.com/blog/oracle-january-cpu-analysis-64-patches-affect-business-critical-applications
Microsoft Resumes Patches for AMD Systems
https://www.amd.com/en/corporate/speculative-execution
Speculations About Yet Another CPU Attack
https://skyfallattack.com
Smiths Medfusion 4000 Vulnerabilities
https://github.com/sgayou/medfusion-4000-research/blob/master/doc/README.md#summary
1/19/2018 • 5 minutes, 9 seconds
ISC StormCast for Thursday, January 18th 2018
Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB
https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
1/18/2018 • 5 minutes, 13 seconds
ISC StormCast for Thursday, January 18th 2018
Reviewing the Spam Filters: Malspam Pushing Gozi-ISFB
https://isc.sans.edu/forums/diary/Reviewing+the+spam+filters+Malspam+pushing+GoziISFB/23245/
Auditing Secure USB Keys
https://www.j-michel.org/blog/2018/01/16/attacking-secure-usb-keys-behind-the-scene
Malicious Open Graph title Tag Crashes iMessage
https://www.macrumors.com/2018/01/16/malicious-link-ios-mac-freezes/
BIND Fixes DoS Vulnerablity
https://kb.isc.org/article/AA-01542
1/18/2018 • 5 minutes, 13 seconds
ISC StormCast for Tuesday, January 9th 2018
WebLogic Flaw Used to Install Monero Crypto Coin Miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
1/9/2018 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, January 9th 2018
WebLogic Flaw Used to Install Monero Crypto Coin Miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Fake Anti-Virus Pages Poppding Up Like Weeds
https://isc.sans.edu/forums/diary/Fake+antivirus+pages+popping+up+like+weeds/23207/
Apple Spectre/Meltdown Patches
https://support.apple.com/en-us/HT201222
Meltdown Patch Fallout
https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB43600/?l=en_US&fs=Search&pn=1&atype=
https://forums.sandboxie.com/phpBB3/viewtopic.php?t=25114
https://support.microsoft.com/en-us/help/4072699/january-3-2018-windows-security-updates-and-antivirus-software
WPA3 Announced
https://www.wi-fi.org/news-events/newsroom/wi-fi-alliance-introduces-security-enhancements
1/9/2018 • 5 minutes, 27 seconds
ISC StormCast for Monday, January 8th 2018
Campaign is using a recently released WebLogic exploit to deploy a Monero miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
1/8/2018 • 5 minutes, 14 seconds
ISC StormCast for Monday, January 8th 2018
Campaign is using a recently released WebLogic exploit to deploy a Monero miner
https://isc.sans.edu/forums/diary/Campaign+is+using+a+recently+released+WebLogic+exploit+to+deploy+a+Monero+miner/23191/
Misc News about Meltdown and Spectre
https://www.qualcomm.com/company/product-security/bulletins
AMD Processor Flaw
http://seclists.org/fulldisclosure/2018/Jan/12
Western Digital MyCloud Backdoor
http://gulftech.org/advisories/WDMyCloud%20Multiple%20Vulnerabilities/125
1/8/2018 • 5 minutes, 14 seconds
ISC StormCast for Friday, January 5th 2018
SANS Special Webcast
https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
1/5/2018 • 7 minutes, 44 seconds
ISC StormCast for Friday, January 5th 2018
SANS Special Webcast
https://www.sans.org/webcast/recording/citrix/106815/138095
ISC Diary with Links to Patches
https://isc.sans.edu/forums/diary/Spectre+and+Meltdown+What+You+Need+to+Know+Right+Now/23193/
1/5/2018 • 7 minutes, 44 seconds
ISC StormCast for Thursday, January 4th 2018
Intel CPU Vulnerablity
https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
1/4/2018 • 7 minutes, 33 seconds
ISC StormCast for Thursday, January 4th 2018
Intel CPU Vulnerablity
https://meltdownattack.com
Crypto Coin Mining Pool IP List
https://isc.sans.edu/api/threatlist/miner
Phishing to Rural America Leads to Six-figure Wire Fraud Losses
https://isc.sans.edu/forums/diary/Phishing+to+Rural+America+Leads+to+Sixfigure+Wire+Fraud+Losses/23185/
1/4/2018 • 7 minutes, 33 seconds
ISC StormCast for Wednesday, January 3rd 2018
Extracting URLs From PDFs
https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
1/3/2018 • 6 minutes, 46 seconds
ISC StormCast for Wednesday, January 3rd 2018
Extracting URLs From PDFs
https://isc.sans.edu/forums/diary/PDF+documents+URLs+update/23167/
Priviledge Escalation Exploit for macOS
https://siguza.github.io/IOHIDeous/
34C3: Chaos Communications Congress
https://media.ccc.de/c/34c3
Vulnerabilities in Online Geolocation Services
https://0x0.li/trackmageddon/
Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS
http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
12/22/2017 • 6 minutes, 16 seconds
ISC StormCast for Friday, December 22nd 2017
Critical Flaw in SMBv1 Implementation of Dell EMC Data Domain DD OS
http://seclists.org/fulldisclosure/2017/Dec/79
Facebook Enables Feature To Review All E-Mails Sent By Facebook
https://www.facebook.com/notes/facebook-security/new-security-feature-reveals-if-facebook-mails-are-legit/10154983636230766/
EtherDelta DNS Attack
https://twitter.com/etherdelta
Enigmail Vulnerability
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Example of "MouseOver" Link in a Powerpoint File
https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
12/20/2017 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, December 20th 2017
Example of "MouseOver" Link in a Powerpoint File
https://isc.sans.edu/forums/diary/Example+of+MouseOver+Link+in+a+Powerpoint+File/23149/
Adups Malware Still Haunting Android Phones
https://blog.malwarebytes.com/cybercrime/2017/12/mobile-menace-monday-upping-the-ante-on-adups-fwupgradeprovider/
Popular Wordpress Captcha Included Backdoor
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
Comparing DNS Filters
https://medium.com/@nykolas.z/dns-security-filters-compared-quad9-x-opendns-x-comodo-secure-x-norton-connectsafe-x-yandex-safe-a00ace3bf21f
12/20/2017 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, December 19th 2017
Not So Malicious Word Doc
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
12/19/2017 • 5 minutes, 16 seconds
ISC StormCast for Tuesday, December 19th 2017
Not So Malicious Word Doc
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+1/23141/
https://isc.sans.edu/forums/diary/Phish+or+scam+Part+2/23145/
AMF Descerializer Vulnerability
http://codewhitesec.blogspot.com/2017/04/amf.html?m=1
Windows "Keeper" Password Manager Vulnerable
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481&desc=3
Android Malware Destroys Device
https://securelist.com/jack-of-all-trades/83470/
12/19/2017 • 5 minutes, 16 seconds
ISC StormCast for Monday, December 18th 2017
Microsoft Office VBA Macro Obfuscation via Metadata
https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
12/18/2017 • 5 minutes, 44 seconds
ISC StormCast for Monday, December 18th 2017
Microsoft Office VBA Macro Obfuscation via Metadata
https://isc.sans.edu/forums/diary/Microsoft+Office+VBA+Macro+Obfuscation+via+Metadata/23139/
Large Scale BGP Attack
https://bgpmon.net/popular-destinations-rerouted-to-russia/
HSTS and HPKP Weaknesses in Firefox, IE/Edge and Chrome
http://blog.en.elevenpaths.com/2017/12/breaking-out-hsts-and-hpkp-on-firefox.html
12/18/2017 • 5 minutes, 44 seconds
ISC StormCast for Friday, December 15th 2017
Citizen Lab Security Planner
https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
12/15/2017 • 5 minutes, 24 seconds
ISC StormCast for Friday, December 15th 2017
Citizen Lab Security Planner
https://securityplanner.org/
Apple Update to iOS/tvOS/iCloud (Windows)
https://support.apple.com/en-us/HT201222
Fortinet Client Credentials Shared Key
https://www.sec-consult.com/en/blog/advisories/vpn-credentials-disclosure-in-fortinet-forticlient/index.html
Fox-It Victim of a Man-in-the-Middle Attack
https://blog.fox-it.com/2017/12/14/lessons-learned-from-a-man-in-the-middle-attack/
12/15/2017 • 5 minutes, 24 seconds
ISC StormCast for Thursday, December 14th 2017
Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
12/14/2017 • 5 minutes, 14 seconds
ISC StormCast for Thursday, December 14th 2017
Tracking Newly Registered Domains
https://isc.sans.edu/forums/diary/Tracking+Newly+Registered+Domains/23127/
Critical Palo Alto Firewall Flaws Allow RCE as root
http://seclists.org/fulldisclosure/2017/Dec/38
Hiding Changes from git-diff
https://www.twistlock.com/2017/12/13/hiding-content-git-escape-sequence-twistlock-labs-experiment/
Apple Airport Update
https://support.apple.com/en-us/HT208354
12/14/2017 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, December 13th 2017
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
12/13/2017 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, December 13th 2017
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/December+Microsoft+Patch+Tuesday+Summary/23123/
EV Certificate Model Broken?
https://stripe.ian.sh
ROBOT Attack Against TLS
https://robotattack.org
12/13/2017 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, December 12th 2017
Pornographic Spam Messages Used to Deliver Crypto Coin Miner
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
12/12/2017 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, December 12th 2017
Pornographic Spam Messages Used to Deliver Crypto Coin Miner
https://isc.sans.edu/forums/diary/Pornographic+malspam+pushes+coin+miner+malware/23119/
Microsoft Leaks Secret SSL Key For Dynamics 365
https://medium.com/matthias-gliwka/microsoft-leaks-tls-private-key-for-cloud-erp-product-10b56f7d648
Proxy Botnet Used to Launch Variety of Web Application Attacks
https://news.drweb.com/show/?i=11627&lng=en
FoxIT Releases Utility to Recover Manipulated Windows Logs
https://github.com/fox-it/danderspritz-evtx
12/12/2017 • 6 minutes, 31 seconds
ISC StormCast for Monday, December 11th 2017
Sometimes An RTF Document is Just an RTF Document
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
12/11/2017 • 6 minutes, 13 seconds
ISC StormCast for Monday, December 11th 2017
Sometimes An RTF Document is Just an RTF Document
https://isc.sans.edu/forums/diary/Sometimes+its+a+dud/23115/
HP Keyboard Drivers Can Log Keystrokes
https://support.hp.com/us-en/document/c05827409
https://zwclose.github.io/HP-keylogger/
Android App Signature Bypass
https://www.guardsquare.com/en/blog/new-android-vulnerability-allows-attackers-modify-apps-without-affecting-their-signatures
MSFT Patches Antimalware Engine
https://portal.msrc.microsoft.com/en-US/eula
12/11/2017 • 6 minutes, 13 seconds
ISC StormCast for Friday, December 8th 2017
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
12/8/2017 • 7 minutes, 7 seconds
ISC StormCast for Friday, December 8th 2017
Positive Technologies Demonstrates Intel ME Exploit at Blackhat Europe
https://www.blackhat.com/docs/eu-17/materials/eu-17-Goryachy-How-To-Hack-A-Turned-Off-Computer-Or-Running-Unsigned-Code-In-Intel-Management-Engine.pdf
Tracking Users Without GPS
http://ieeexplore.ieee.org/document/8038870/
Process Doppelgaenger Anti-Malware Bypass
https://www.blackhat.com/docs/eu-17/materials/eu-17-Liberman-Lost-In-Transaction-Process-Doppelganging.pdf
Friday Webcast About Recent OWASP Top 10 Update
https://www.sans.org/webcasts/owasp-top-10-2017-106560
12/8/2017 • 7 minutes, 7 seconds
ISC StormCast for Thursday, December 7th 2017
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
12/6/2017 • 6 minutes, 8 seconds
ISC StormCast for Thursday, December 7th 2017
Apple Updates Everything
https://isc.sans.edu/forums/diary/Apple+Updates+Everything+Again/23107/
Do Not Trust Reverse DNS. And here is an example why
https://isc.sans.edu/forums/diary/PSA+Do+not+Trust+Reverse+DNS+and+why+does+an+address+resolve+to+localhost/23105/
NiceHash Hacked
https://www.reddit.com/r/NiceHash/comments/7i0s6o/official_press_release_statement_by_nicehash/
12/6/2017 • 6 minutes, 8 seconds
ISC StormCast for Wednesday, December 6th 2017
AI.Type Data Exposed in MongoDB Database
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
12/6/2017 • 5 minutes, 3 seconds
ISC StormCast for Wednesday, December 6th 2017
AI.Type Data Exposed in MongoDB Database
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Mailsploit Makes it Easier to Spoof From Headers in E-Mails
https://www.mailsploit.com
StorageCrypt Ransomware Encrypts NAS Devices
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Android December Update
https://source.android.com/security/bulletin/2017-12-01
12/6/2017 • 5 minutes, 3 seconds
ISC StormCast for Tuesday, December 5th 2017
Incidence Response Using TheHive
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
12/5/2017 • 6 minutes, 35 seconds
ISC StormCast for Tuesday, December 5th 2017
Incidence Response Using TheHive
https://isc.sans.edu/forums/diary/IR+using+the+Hive+Project/23099/
SSL/TLS For Scapy
https://github.com/tintinweb/scapy-ssl_tls
tvOS 11.2 Released (but no details about security content yet)
https://support.apple.com/en-us/HT201222
System Vendors Ship Laptops With Intel ME Disabled
https://www.reddit.com/r/linuxhardware/comments/7grglm/how_to_buy_a_dell_laptop_with_the_intel_me/
http://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Hacker Falsified Jail Records To Free Friend
https://www.justice.gov/usao-edmi/pr/ann-arbor-man-pleads-guilty-computer-intrusion-case
SeKey: Touch ID Control for ssh-agent
https://github.com/ntrippar/sekey
12/5/2017 • 6 minutes, 35 seconds
ISC StormCast for Monday, December 4th 2017
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
12/4/2017 • 5 minutes, 40 seconds
ISC StormCast for Monday, December 4th 2017
Brazilian Banking Malware Uses UTF-16 Encoded .BAT File
https://isc.sans.edu/forums/diary/Phishing+campaign+uses+old+bat+script+to+spread+banking+malware+and+it+is+flying+under+the+radar/23091/
Phishing Abuse of JotForm
https://isc.sans.edu/forums/diary/Phishing+Kit+AbUsing+Cloud+Services/23089/
Apple Releases iOS 11.2
https://support.apple.com/en-us/HT201222
(no details live yet)
Critical Patch For RSA Authentication Agent
http://seclists.org/fulldisclosure/2017/Nov/46
https://community.rsa.com/community/products/securid/authentication-agent-web-apache
Slurp S3 Bucket Enumerator
https://github.com/bbb31/slurp.git
12/4/2017 • 5 minutes, 40 seconds
ISC StormCast for Friday, December 1st 2017
More Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
12/1/2017 • 14 minutes, 35 seconds
ISC StormCast for Friday, December 1st 2017
More Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/More+Malspam+pushing+Emotet+malware/23083/
Google Chrome To Block Some Third Party Software Mid-2018
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
European Union Funds VLC Bug Bounty
https://joinup.ec.europa.eu/news/hackerone-vlc
STI Student Scott Perry: Virtual System Forensics
http://www.sans.org/reading-room/whitepapers/bestprac/exploring-effectiveness-approaches-discovering-acquiring-virtualized-servers-esxi-38155
12/1/2017 • 14 minutes, 35 seconds
ISC StormCast for Thursday, November 30th 2017
Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug
https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
11/30/2017 • 5 minutes, 22 seconds
ISC StormCast for Thursday, November 30th 2017
Apple Releases Security Update 2017-001 To Fix Passwordless Root Bug
https://support.apple.com/en-us/HT208315
Insecure Android Crypto Currency Wallets
https://www.htbridge.com/news/security-cryptocurrency-mobile-apps.html
Coinhive Miner Now As Pop-Under
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
Fileless Malicious PowerShell Sample
https://isc.sans.edu/forums/diary/Fileless+Malicious+PowerShell+Sample/23081/
.dev TLD Now Requires HTTPS in Chrome
http://www.theregister.co.uk/2017/11/29/google_dev_network/
11/30/2017 • 5 minutes, 22 seconds
ISC StormCast for Wednesday, November 29th 2017
Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra
https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
11/29/2017 • 6 minutes, 21 seconds
ISC StormCast for Wednesday, November 29th 2017
Password Less Root Account Allows for Trivial Privilege Escalation on MacOS High Sierra
https://twitter.com/lemiorhan/status/935578694541770752
https://support.apple.com/en-us/HT204012
Defeating Facial Recognition
https://arxiv.org/abs/1711.09001
Bitcoin Gold Wallet App Compromise
https://bitcoingold.org/critical-warning-nov-26/
Project Exodus Identified Trackers in Android Apps
https://reports.exodus-privacy.eu.org/reports/apps/
11/29/2017 • 6 minutes, 21 seconds
ISC StormCast for Tuesday, November 28th 2017
Golden SAML Ticket Attack
https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
11/28/2017 • 6 minutes, 34 seconds
ISC StormCast for Tuesday, November 28th 2017
Golden SAML Ticket Attack
https://www.cyberark.com/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-cloud-apps/
Facebook Poll Image Vulnerability
https://blog.darabi.me/2017/11/image-removal-vulnerability-in-facebook.html
11/28/2017 • 6 minutes, 34 seconds
ISC StormCast for Monday, November 27th 2017
Critical Exim Mail Server Vulnerability (Exploit released!)
https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
11/27/2017 • 5 minutes, 52 seconds
ISC StormCast for Monday, November 27th 2017
Critical Exim Mail Server Vulnerability (Exploit released!)
https://bugs.exim.org/show_bug.cgi?id=2199
CoinPouch "Verge" Token Loss
http://www.documentcloud.org/documents/4309909-StatementonVerge-11-21-17.html
Bitcoin Routing Attacks
https://btc-hijack.ethz.ch
Scanning Ethereum Smart Contracts For Vulnerabilities
https://hackernoon.com/scanning-ethereum-smart-contracts-for-vulnerabilities-b5caefd995df
Fortiweb Manager Vulnerability
https://fortiguard.com/psirt/FG-IR-17-248
11/27/2017 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, November 22nd 2017
Ethereum JSON-RPC Scans
https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
11/22/2017 • 6 minutes, 49 seconds
ISC StormCast for Wednesday, November 22nd 2017
Ethereum JSON-RPC Scans
https://isc.sans.edu/forums/diary/Internet+Wide+Ethereum+JSONRPC+Scans/23061/
Updated OWASP Top 10 Released
https://www.owasp.org/images/7/72/OWASP_Top_10-2017_%28en%29.pdf.pdf
TPLink Often Provides Outdated Firmware Version For Download
https://www.ctrl.blog/entry/tplink-firmware-outdated-downloads
11/22/2017 • 6 minutes, 49 seconds
ISC StormCast for Tuesday, November 21st 2017
Intel Patches Several Vulnerabilities in its Management Engine
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
11/21/2017 • 5 minutes, 42 seconds
ISC StormCast for Tuesday, November 21st 2017
Intel Patches Several Vulnerabilities in its Management Engine
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00086&languageid=en-fr
Sandsifter CPU Fuzzer
https://github.com/xoreaxeaxeax/sandsifter/
Android MediaProjection API Allows For Screen Capture / Audio Recording Without User Consent
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-MediaProjection-tapjacking-advisory-2017-11-13.pdf
BusyBox Autocompletion Vulnerability
https://www.twistlock.com/2017/11/20/cve-2017-16544-busybox-autocompletion-vulnerability/
11/21/2017 • 5 minutes, 42 seconds
ISC StormCast for Monday, November 20th 2017
Bitcoin Pickpockets Scanning For Wallets
https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
11/20/2017 • 7 minutes, 8 seconds
ISC StormCast for Monday, November 20th 2017
Bitcoin Pickpockets Scanning For Wallets
https://isc.sans.edu/forums/diary/BTC+Pickpockets/23052/
Resume-themed Malspam Pushing Smoker Loader
https://isc.sans.edu/forums/diary/Resumethemed+malspam+pushing+Smoke+Loader/23054/
F5-BigIP TLS Vulnerability
https://support.f5.com/csp/article/K21905460
Microsoft Updates Patches / May Have Lost Sourcecode
https://0patch.blogspot.com/2017/11/did-microsoft-just-manually-patch-their.html
http://borncity.com/win/2017/11/17/microsoft-confirms-epson-dot-matrix-printer-issue-after-november-2017-patchday-here-are-fixes/
Windows 8 And Later Fail To Apply ASLR Correctly
https://www.kb.cert.org/vuls/id/817544
StartCom TLS Certificate Authority Shutting Down
http://www.zdnet.com/article/startcom-to-shut-down-all-certificates-revoked-in-2020/
11/20/2017 • 7 minutes, 8 seconds
ISC StormCast for Friday, November 17th 2017
A Domain Dashboard For Splunk
https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
11/17/2017 • 6 minutes
ISC StormCast for Friday, November 17th 2017
A Domain Dashboard For Splunk
https://isc.sans.edu/forums/diary/Suspicious+Domains+Tracking+Dashboard/23046/
Oracle Critical PeopleSoft Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10269-4021872.html#AppendixFMW
GitHub Introducing Security Alerts for Dependencies
https://github.com/blog/2470-introducing-security-alerts-on-github
Exposing IP Addresses For Hidden Services
http://sh1ttykids.hateblo.jp/entry/2017/11/16/182001
11/17/2017 • 6 minutes
ISC StormCast for Thursday, November 16th 2017
Malicious Document Turns Off Word Macro Protections
https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
11/16/2017 • 6 minutes, 13 seconds
ISC StormCast for Thursday, November 16th 2017
Malicious Document Turns Off Word Macro Protections
https://isc.sans.edu/forums/diary/If+you+want+something+done+right+do+it+yourself/23042/
Blueborne Affects Amazon Echo and Google Home Devices (now patched)
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
More Malicious Apps In Google's Play Store
https://www.bleepingcomputer.com/news/security/google-play-store-sees-sudden-surge-of-malicious-apps/
OnePlus Phones Found With Preinstalled Debug App
https://twitter.com/fs0c131y
https://twitter.com/__Tux/status/754085708843786240
11/16/2017 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, November 15th 2017
Microsoft Patch Tuesday Updates
https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
11/15/2017 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, November 15th 2017
Microsoft Patch Tuesday Updates
https://helpx.adobe.com/security.html
Adobe Patches
https://helpx.adobe.com/security.html
Abusing Anti-Virus Quarantine Folders for Priv. Escalation
https://bogner.sh/2017/11/avgater-getting-local-admin-by-abusing-the-anti-virus-quarantine/
11/15/2017 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, November 14th 2017
FaceID Beaten By Mask
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
11/14/2017 • 7 minutes, 55 seconds
ISC StormCast for Tuesday, November 14th 2017
FaceID Beaten By Mask
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Various URL Validation and HTTP Request Libraries Allow SSRF
https://www.blackhat.com/docs/us-17/thursday/us-17-Tsai-A-New-Era-Of-SSRF-Exploiting-URL-Parser-In-Trending-Programming-Languages.pdf
Using Heart Rythm As Biometric ID
http://www.buffalo.edu/news/releases/2017/09/034.html
11/14/2017 • 7 minutes, 55 seconds
ISC StormCast for Monday, November 13th 2017
Auditing TLS Root Certificates on Windows
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
11/13/2017 • 6 minutes, 41 seconds
ISC StormCast for Monday, November 13th 2017
Auditing TLS Root Certificates on Windows
https://isc.sans.edu/forums/diary/Keep+An+Eye+on+your+Root+Certificates/23030/
How Google Accounts Are Hijacked
https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Battling E-Mail Phishing
https://isc.sans.edu/forums/diary/Battling+email+phishing/23028/
Hacking Airplanes
http://www.aviationtoday.com/2017/11/08/boeing-757-testing-shows-airplanes-vulnerable-hacking-dhs-says/
11/13/2017 • 6 minutes, 41 seconds
ISC StormCast for Friday, November 10th 2017
Twilio Credentials Found in Mobile Apps (requires registration)
http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf
Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
11/10/2017 • 7 minutes, 9 seconds
ISC StormCast for Friday, November 10th 2017
Twilio Credentials Found in Mobile Apps (requires registration)
http://info.appthority.com/-q4-2017-mtr-download-eavesdropper
Drive By Cryto Currency Mining Keeps Increasing
https://go.malwarebytes.com/rs/805-USG-300/images/Drive-by_Mining_FINAL.pdf
Intel's Management Engine Firmware Decoded
https://twitter.com/h0t_max
https://www.theregister.co.uk/2017/11/09/chipzilla_come_closer_closer_listen_dump_ime/
11/10/2017 • 7 minutes, 9 seconds
ISC StormCast for Thursday, November 9th 2017
Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
11/9/2017 • 6 minutes, 26 seconds
ISC StormCast for Thursday, November 9th 2017
Mantistek Gaming Keyboard Cloud Driver Exfiltrates Keystroke Data
https://thehackernews.com/2017/11/mantistek-keyboard-keylogger.html
Logitech Will Discontinue Harmony Link Device and Brick it via Firmware Update in March 2018
https://www.theverge.com/circuitbreaker/2017/11/8/16623076/logitech-harmony-link-discontinued-bricked
Amazon Is Introducing Additional Security Features for S3
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
11/9/2017 • 6 minutes, 26 seconds
ISC StormCast for Wednesday, November 8th 2017
Interesting RTF Maldoc VBA Dropper
https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
11/8/2017 • 6 minutes, 31 seconds
ISC StormCast for Wednesday, November 8th 2017
Interesting RTF Maldoc VBA Dropper
https://isc.sans.edu/forums/diary/Interesting+VBA+Dropper/23016/
Multiple Linux USB Flaws Made Public
http://www.openwall.com/lists/oss-security/2017/11/06/8
Google Android November Patches
https://source.android.com/security/bulletin/2017-11-01#media-framework
Ethereum Multi Signature Wallet Bug Cause Loss of $280 Million
https://paritytech.io/blog/security-alert.html
https://github.com/paritytech/parity/issues/6995
11/8/2017 • 6 minutes, 31 seconds
ISC StormCast for Tuesday, November 7th 2017
Fake WhatsApp App in Google Play Store
https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
11/7/2017 • 6 minutes, 17 seconds
ISC StormCast for Tuesday, November 7th 2017
Fake WhatsApp App in Google Play Store
https://www.reddit.com/r/Android/comments/7ahujw/psa_two_different_developers_under_the_same_name/
Crunchyroll.com Redirect Leads to Malware
https://blog.ellation.com/crunchyroll-com-update-a2a593cf9155
https://bartblaze.blogspot.com.au/2017/11/crunchyroll-hack-delivers-malware.html
Recovering Previously Encrypted iOS Backups
https://www.gillware.com/forensics/blog/digital-forensics-case-study/new-solution-encrypted-backups/
11/7/2017 • 6 minutes, 17 seconds
ISC StormCast for Monday, November 6th 2017
PDF Parser for URLs and Text Content of PDFs
https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/
Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
11/6/2017 • 5 minutes, 15 seconds
ISC StormCast for Monday, November 6th 2017
PDF Parser for URLs and Text Content of PDFs
https://isc.sans.edu/forums/diary/Extracting+the+text+from+PDF+documents/23008/ https://isc.sans.edu/forums/diary/PDF+documents+URLs/23006/
Mobile Pwn2Own Contest 2017
https://www.zerodayinitiative.com/blog
OpenSSL Patch
https://www.openssl.org/news/secadv/20171102.txt
IEEE P1735 Standard Leads to Weak Crypto
https://eprint.iacr.org/2017/828.pdf
11/6/2017 • 5 minutes, 15 seconds
ISC StormCast for Friday, November 3rd 2017
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
11/2/2017 • 7 minutes, 13 seconds
ISC StormCast for Friday, November 3rd 2017
Certified Malware: Measuring Breaches of Trust in the Windows Code-Signing PKI
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Half of Most Popular Free iOS Apps do not use TLS correctly
http://www.zeit.de/digital/datenschutz/2017-10/iphone-ios-apps-hacker-verschluesselung/komplettansicht#comments
Image Downloader Chrome Extension Includes Adware
https://www.bleepingcomputer.com/news/security/psa-beware-the-image-downloader-chrome-adware-extension/
Employees Pay Up Ransomware
https://www.bleepingcomputer.com/news/security/59-percent-of-employees-hit-by-ransomware-at-work-paid-ransom-out-of-their-own-pockets/
11/2/2017 • 7 minutes, 13 seconds
ISC StormCast for Thursday, November 2nd 2017
Configuring SSH Properly on Cisco IOS
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
11/1/2017 • 5 minutes, 37 seconds
ISC StormCast for Thursday, November 2nd 2017
Configuring SSH Properly on Cisco IOS
https://isc.sans.edu/forums/diary/Securing+SSH+Services+Go+Blue+Team/22992/
Ethereum Miners Hijacked via Default SSH Credentials
https://labs.bitdefender.com/2017/11/ethereum-os-miners-targeted-by-ssh-based-hijacker/
Crypto Shuffler Steals Bitcoin From Clipboard
https://www.kaspersky.com/blog/cryptoshuffler-bitcoin-stealer/19976/
Google Calender Event Injection Added To Mail Snipper
https://www.blackhillsinfosec.com/google-calendar-event-injection-mailsniper/
November Ouch! Newsletter released: Shopping Security Online
https://securingthehuman.sans.org/resources/newsletters/ouch/2017?utm_medium=Social&utm_source=Twitter&utm_content=OUCH+Nov+2017+all+languages+&utm_campaign=STH+Ouch+#november2017
11/1/2017 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, November 1st 2017
Malicious Powershell Code
https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
10/31/2017 • 5 minutes, 21 seconds
ISC StormCast for Wednesday, November 1st 2017
Malicious Powershell Code
https://isc.sans.edu/forums/diary/Some+Powershell+Malicious+Code/22988/
Apple Updates Everything
https://support.apple.com/en-gb/HT201222
Internet Draft To Update IoT Devices
https://tools.ietf.org/html/draft-moran-suit-architecture-00
10/31/2017 • 5 minutes, 21 seconds
ISC StormCast for Tuesday, October 31st 2017
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP)
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
10/30/2017 • 6 minutes, 8 seconds
ISC StormCast for Tuesday, October 31st 2017
Google Chrome Moving Away from HTTPS Public Key Pinning (HPKP)
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/he9tr7p3rZ8/eNMwKPmUBAAJ
Effort To Remove Trust From Dutch CA Over New Intercept Law
https://bugzilla.mozilla.org/show_bug.cgi?id=1408647
Crypto Coin Mining Feature Found in Google App Store Downloads
http://blog.trendmicro.com/trendlabs-security-intelligence/coin-miner-mobile-malware-returns-hits-google-play/
10/30/2017 • 6 minutes, 8 seconds
ISC StormCast for Monday, October 30th 2017
Critical New Oracle Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
10/29/2017 • 5 minutes, 6 seconds
ISC StormCast for Monday, October 30th 2017
Critical New Oracle Patch
http://www.oracle.com/technetwork/security-advisory/alert-cve-2017-10151-4016513.html
CatchAll Google Chrome Plugins
https://isc.sans.edu/forums/diary/CatchAll+Google+Chrome+Malicious+Extension+Steals+All+Posted+Data/22976/
ACE Files Used For Malware
https://isc.sans.edu/forums/diary/Remember+ACE+files/22978/
10/29/2017 • 5 minutes, 6 seconds
ISC StormCast for Friday, October 27th 2017
Results of Kaspersky's Internal Investigation
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
10/26/2017 • 5 minutes, 58 seconds
ISC StormCast for Friday, October 27th 2017
Results of Kaspersky's Internal Investigation
https://www.kaspersky.com/blog/internal-investigation-preliminary-results/19894/
Infineon Bug Testing Tool
https://gist.githubusercontent.com/marcan/fc87aa78085c2b6f979aefc73fdc381f/raw/526bc2f2249a2e3f5d4450c7c412e0dbf57b2288/roca_test.py
https://github.com/ThomasHabets/simple-tpm-pk11/blob/master/check-srk/check-srk.cc
Micropatch Available for "DDE Vulnerability"
https://0patch.blogspot.com/2017/10/0patching-office-dde-ddeauto.html
Finding Cryptocurrency Miners
https://medium.com/@s3yfullah/hacking-cryptocurrency-miners-with-osint-techniques-677bbb3e0157
10/26/2017 • 5 minutes, 58 seconds
ISC StormCast for Thursday, October 26th 2017
Coinhive Domain Compromise
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
10/25/2017 • 6 minutes, 25 seconds
ISC StormCast for Thursday, October 26th 2017
Coinhive Domain Compromise
https://coinhive.com/blog/dns-breach
Dell Loses Control of Backup and Recovery Cloud Storage Domain
https://krebsonsecurity.com/2017/10/dell-lost-control-of-key-customer-support-domain-for-a-month-in-2017/#more-41267
Google ReCaptcha Broken
https://github.com/ecthros/uncaptcha
Users in Iran Targeted by Cryptoransomware Masquerading as VPN
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
Crypto Currency Phishing
https://www.dearbytes.com/blog/cryptocurrency-phishing/
10/25/2017 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, October 25th 2017
Stop Relying on File Extensions
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
10/24/2017 • 5 minutes, 4 seconds
ISC StormCast for Wednesday, October 25th 2017
Stop Relying on File Extensions
https://isc.sans.edu/forums/diary/Stop+relying+on+file+extensions/22962/
BadRabbit New Ransomware Wave Hitting Russia and Ukraine
https://isc.sans.edu/forums/diary/BadRabbit+New+ransomware+wave+hitting+RU+UA/22964/
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
Over 70% Of Web Traffic Now via TLS
https://transparencyreport.google.com/https/overview?hl=en
Static RNG Seeds in Fortinet Devices
https://duhkattack.com
10/24/2017 • 5 minutes, 4 seconds
ISC StormCast for Tuesday, October 24th 2017
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies?
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
10/23/2017 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, October 24th 2017
Is a Telco in Brazil Hosing An Epidemic of Open SOCKS Proxies?
https://isc.sans.edu/forums/diary/Is+a+telco+in+Brazil+hosting+an+epidemic+of+open+SOCKS+proxies/22956/
Android May Be Adding DNS Over TLS
https://www.xda-developers.com
https://tools.ietf.org/html/rfc7858
Fake Crypto Currency Trading Applications
https://www.welivesecurity.com/2017/10/23/fake-cryptocurrency-apps-google-harvesting-credentials/
10/23/2017 • 6 minutes, 3 seconds
ISC StormCast for Sunday, October 22nd 2017
IoT "Reaper" Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
10/22/2017 • 5 minutes, 38 seconds
ISC StormCast for Sunday, October 22nd 2017
IoT "Reaper" Botnet
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
https://research.checkpoint.com/new-iot-botnet-storm-coming/
Elmedia Player and Folx Infected with Proton Malware
https://www.eltima.com/blog/2017/10/elmedia-player-and-folx-malware-threat-neutralized.html
Google Expands Bug Bounty To Popular Android Apps
https://www.google.com/about/appsecurity/play-rewards/index.html
Increased Use of Last Week's Flash Vulnerability
https://www.proofpoint.com/us/threat-insight/post/apt28-racing-exploit-cve-2017-11292-flash-vulnerability-patches-are-deployed
10/22/2017 • 5 minutes, 38 seconds
ISC StormCast for Friday, October 20th 2017
Locky Ransomware Updates
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
10/20/2017 • 5 minutes, 52 seconds
ISC StormCast for Friday, October 20th 2017
Locky Ransomware Updates
https://isc.sans.edu/forums/diary/Necurs+Botnet+malspam+pushes+Locky+using+DDE+attack/22946/
https://isc.sans.edu/forums/diary/HSBCthemed+malspam+uses+ISO+attachments+to+push+Loki+Bot+malware/22942/
Authedmine To Replace Coinhive
https://coinhive.com/blog/authedmine
Attackers Scan for SSH Keys via Webexploits
https://www.wordfence.com/blog/2017/10/ssh-key-website-scans/
Attacking Colocated Virtual Machines with Rowhammer
https://thisissecurity.stormshield.com/2017/10/19/attacking-co-hosted-vm-hacker-hammer-two-memory-modules/
10/20/2017 • 5 minutes, 52 seconds
ISC StormCast for Thursday, October 19th 2017
Baselining Servers to Detect Outliers
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
10/19/2017 • 5 minutes, 13 seconds
ISC StormCast for Thursday, October 19th 2017
Baselining Servers to Detect Outliers
https://isc.sans.edu/forums/diary/Baselining+Servers+to+Detect+Outliers/22940/
Test Script Available for KRACK Vulnerability
https://github.com/vanhoefm/krackattacks-test-ap-ft
WaterMiner Distributed With Gaming Mods
https://minerva-labs.com/post/waterminer-a-new-evasive-crypto-miner
Microsoft Releases Fall Creators Update
https://blogs.windows.com/windowsexperience/2017/10/17/whats-new-windows-10-fall-creators-update/#76CQXoUYxT81RLJi.97
WPA2 "Krack" Attack
https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
10/16/2017 • 8 minutes, 40 seconds
ISC StormCast for Tuesday, October 17th 2017
WPA2 "Krack" Attack
https://www.krackattacks.com/
https://securingthehuman.sans.org/blog/2017/10/16/28748/
Adobe Flash Player Update
https://helpx.adobe.com/security/products/flash-player/apsb17-32.html
Two (identical) uTorrent Binaries With Different Hashes
https://isc.sans.edu/forums/diary/Its+in+the+signature/22928/
10/16/2017 • 8 minutes, 40 seconds
ISC StormCast for Monday, October 16th 2017
Peeking Into an Outlook .msg File
https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
10/15/2017 • 5 minutes, 29 seconds
ISC StormCast for Monday, October 16th 2017
Peeking Into an Outlook .msg File
https://isc.sans.edu/forums/diary/Peeking+into+msg+files/22926/
Abandoned Domains / Equifax/Transunion Lead to Fake Falsh Update
https://blog.malwarebytes.com/threat-analysis/2017/10/equifax-transunion-websites-push-fake-flash-player/
Microsoft Patch Causes Corrupted Systems
https://support.microsoft.com/en-us/help/4049094
DoubleLocker Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Chrome Extension Mines Crypto Currency
https://www.bleepingcomputer.com/news/security/chrome-extension-uses-your-gmail-to-register-domains-names-and-injects-coinhive/
10/15/2017 • 5 minutes, 29 seconds
ISC StormCast for Friday, October 13th 2017
Version Control Tools Are Not Only For Developers
https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
10/12/2017 • 5 minutes, 54 seconds
ISC StormCast for Friday, October 13th 2017
Version Control Tools Are Not Only For Developers
https://isc.sans.edu/forums/diary/Version+control+tools+arent+only+for+Developers/22922/
Coin Hive Javascript Crypto Currency Miner Found on Piratebay
https://twitter.com/esterling_/status/918240914623090695
https://crypto-loot.com
Macro-less Code Exec in MSWord Rediscovered
https://sensepost.com/blog/2017/macro-less-code-exec-in-msword/
https://blog.nviso.be/2017/10/11/detecting-dde-in-ms-office-documents/
Hard Disks Can Be Used As Microphones
https://github.com/ortegaalfredo/kscope/blob/master/doc/HDD-microphones.pdf
10/12/2017 • 5 minutes, 54 seconds
ISC StormCast for Thursday, October 12th 2017
Outlook Includes plain text version of e-mail with S/MIME Encryption
https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
10/11/2017 • 6 minutes, 36 seconds
ISC StormCast for Thursday, October 12th 2017
Outlook Includes plain text version of e-mail with S/MIME Encryption
https://www.sec-consult.com/en/blog/2017/10/fake-crypto-microsoft-outlook-smime-cleartext-disclosure-cve-2017-11776/index.html
RubyGems Remote Code Execution Vulnerability
http://blog.rubygems.org/2017/10/09/unsafe-object-deserialization-vulnerability.html
Google Home Mini Recorded Everything
http://www.androidpolice.com/2017/10/10/google-nerfing-home-minis-mine-spied-everything-said-247/
Cameradar Finds Open RTSP Streams
https://github.com/EtixLabs/cameradar
10/11/2017 • 6 minutes, 36 seconds
ISC StormCast for Wednesday, October 11th 2017
Microsoft Monthly Updates
https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
10/11/2017 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, October 11th 2017
Microsoft Monthly Updates
https://isc.sans.edu/forums/diary/October+2017+Security+Updates/22916/
Spoofed iOS iCloud Login
https://krausefx.com/blog/ios-privacy-stealpassword-easily-get-the-users-apple-id-password-just-by-asking
Payment Handler API
https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
10/8/2017 • 8 minutes, 11 seconds
ISC StormCast for Sunday, October 8th 2017
Payment Handler API
https://w3c.github.io/payment-handler/
https://blog.lukaszolejnik.com/privacy-of-web-request-api/
OpenSSH Version 7.6 Released
http://www.openssh.com/txt/release-7.6
Microsoft Delaying Some Patches for Earlier Windows Versions
https://googleprojectzero.blogspot.sg/2017/10/using-binary-diffing-to-discover.html
The Dangers of Cables
https://isc.sans.edu/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
10/8/2017 • 8 minutes, 11 seconds
ISC StormCast for Friday, October 6th 2017
Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands
https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
10/6/2017 • 15 minutes, 40 seconds
ISC StormCast for Friday, October 6th 2017
Extract HTTP Requests from PCAPs and Turn Them Into cURL Commands
https://isc.sans.edu/forums/diary/pcap2curl+Turning+a+pcap+file+into+a+set+of+cURL+commands+for+replay/22900/
Apple Patches Embarrasing MacOS High Sierra Flaw
https://www.appleworld.today/blog/2017/10/5/macos-high-sierra-flaw-exposes-passwords-of-encrypted-apfs-volumes
Another Tomcat PUT Vulnerability
https://lists.apache.org/thread.html/3fd341a604c4e9eab39e7eaabbbac39c30101a022acc11dd09d7ebcb@%3Cannounce.tomcat.apache.org%3E
Dallas Haselhorst: HL7 Healthcare Protocol
https://www.sans.org/reading-room/whitepapers/hipaa/hl7-data-interfaces-medical-environments-understanding-fundamental-flaw-healthcare-38005
https://www.sans.org/reading-room/whitepapers/vpns/hl7-data-interfaces-medical-environments-attacking-defending-achilles-heel-healthcare-38010
https://www.tripwire.com/state-of-security/security-data-protection/hl7-data-interfaces-in-medical-environments/
10/6/2017 • 15 minutes, 40 seconds
ISC StormCast for Thursday, October 5th 2017
Cyber Security Awareness Month: Ouch! Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
10/4/2017 • 5 minutes, 39 seconds
ISC StormCast for Thursday, October 5th 2017
Cyber Security Awareness Month: Ouch! Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201710_en.pdf
Modified Rowhammer Attack Bypasses Current Defenses
https://arxiv.org/pdf/1710.00551.pdf
Metasploit Modules For VMWare Escape
https://www.zerodayinitiative.com/blog/2017/10/04/vmware-escapology-how-to-houdini-the-hypervisor
10/4/2017 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, October 4th 2017
Fedex Malspam Pushes Formbook Infostealer Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
10/4/2017 • 6 minutes, 1 second
ISC StormCast for Wednesday, October 4th 2017
Fedex Malspam Pushes Formbook Infostealer Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Formbook+info+stealer/22888/
Wordpress Plugins Heavily Abused For Site Defacements
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
Fake WordPress Security Plugin Being Advertised
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Proof Of Concept Information Disclosure for Internet Explorer
https://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Nzyme Wifi Frame Recording and Forensics
https://wtf.horse/2017/10/02/introducing-nzyme-wifi-802-11-frame-recording-and-forensics/
Cyber Security Interviews
https://twitter.com/CSI_Podcast/status/915026734801489921
10/4/2017 • 6 minutes, 1 second
ISC StormCast for Tuesday, October 3rd 2017
Passive DNS
Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
10/3/2017 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, October 3rd 2017
Passive DNS
Investigating Security Incidents with Passive DNS
Bypassing Domain Authentication
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
DNSMasq Vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
10/3/2017 • 5 minutes, 52 seconds
ISC StormCast for Monday, October 2nd 2017
Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites
https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
10/2/2017 • 5 minutes, 22 seconds
ISC StormCast for Monday, October 2nd 2017
Who's Borrowing Your Resources. Javascript Monero Miners on Video Sites
https://isc.sans.edu/forums/diary/Whos+Borrowing+your+Resources/22882/
OS X Silently Patches Javascript Quarantine Bypass
https://www.wearesegment.com/research/Mac-OS-X-Local-Javascript-Quarantine-Bypass.html
Apple EFI Updates Often Not Applied
https://duo.com/blog/the-apple-of-your-efi-mac-firmware-security-research
10/2/2017 • 5 minutes, 22 seconds
ISC StormCast for Friday, September 29th 2017
Dealing With Massive Packet Captures
https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
9/29/2017 • 5 minutes, 48 seconds
ISC StormCast for Friday, September 29th 2017
Dealing With Massive Packet Captures
https://isc.sans.edu/forums/diary/The+easy+way+to+analyze+huge+amounts+of+PCAP+data/22876/
Illusion Gap Anti-Virus Bypass
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
DNSSEC KSK Update Delayed
https://www.icann.org/news/announcement-2017-09-27-en
Linux PIE/Stack Corruption
https://www.qualys.com/2017/09/26/cve-2017-1000253/cve-2017-1000253.txt
9/29/2017 • 5 minutes, 48 seconds
ISC StormCast for Thursday, September 28th 2017
Everything You Ever Wanted To Know About JPEGs (and more)
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
9/28/2017 • 5 minutes, 14 seconds
ISC StormCast for Thursday, September 28th 2017
Everything You Ever Wanted To Know About JPEGs (and more)
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+3/22808/
Linux 4.14 Memory Encryption
https://lwn.net/Articles/686808/
CLKSCREW: Exposing Secure Enclaves via Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
~
~
~
~
9/28/2017 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, September 27th 2017
XPCTRA Steals Banking / Cryptocurrency Info
https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
9/27/2017 • 5 minutes, 18 seconds
ISC StormCast for Wednesday, September 27th 2017
XPCTRA Steals Banking / Cryptocurrency Info
https://isc.sans.edu/forums/diary/XPCTRA+Malware+Steals+Banking+and+Digital+Wallet+Users+Credentials/22868/
Vulnerable Mobile Investment Applications
http://blog.ioactive.com/2017/09/are-you-trading-securely-insights-into.html
iOS WiFi Exploit PoC Code Published
https://bugs.chromium.org/p/project-zero/issues/detail?id=1289
Android Malware Exploiting "Dirty Cow"
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
9/27/2017 • 5 minutes, 18 seconds
ISC StormCast for Tuesday, September 26th 2017
macOS High Sierra Security Updates
https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
9/26/2017 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, September 26th 2017
macOS High Sierra Security Updates
https://support.apple.com/en-us/HT201222
Possible macOS Keychain Leak
https://twitter.com/patrickwardle/status/912254053849079808
Monero Cryptocoin Miner Found on Showtime Website
https://badpackets.net/coinhive-miner-found-on-official-showtime-network-websites-in-latest-case-of-cryptojacking/
9/26/2017 • 5 minutes, 39 seconds
ISC StormCast for Monday, September 25th 2017
Forensic Use of "mount --bind"
https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
9/25/2017 • 6 minutes
ISC StormCast for Monday, September 25th 2017
Forensic Use of "mount --bind"
https://isc.sans.edu/forums/diary/Forensic+use+of+mount+bind/22854/
Adobe Publishes Secret PGP Key By Mistake
https://twitter.com/jupenur/status/911286403434246144
AVAST Publishes CCleaner Update
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Compromised Android Keyboard App
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
9/25/2017 • 6 minutes
ISC StormCast for Friday, September 22nd 2017
More (Likely Fake) DDoS Extortion Attempts
https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
9/22/2017 • 5 minutes, 37 seconds
ISC StormCast for Friday, September 22nd 2017
More (Likely Fake) DDoS Extortion Attempts
https://isc.sans.edu/forums/diary/Emails+threatening+DDoS+allegedly+from+Phantom+Squad/22856/
CVE-2017-8759 Used in Cyber Crime Attacks
https://isc.sans.edu/forums/diary/Email+attachment+using+CVE20178759+exploit+targets+Argentina/22850/
CCleaner Command and Control Server
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html?m=1
Vulnerability in Intel Managment Engine Can Lead to Execution of Unsigned Code
https://www.blackhat.com/eu-17/briefings/schedule/#how-to-hack-a-turned-off-computer-or-running-unsigned-code-in-intel-management-engine-8668
Bashware: Bypassing Windows Security via Linux (WSL)
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
9/18/2017 • 5 minutes, 54 seconds
ISC StormCast for Monday, September 18th 2017
Bashware: Bypassing Windows Security via Linux (WSL)
https://research.checkpoint.com/beware-bashware-new-method-malware-bypass-security-solutions/
Javascript Rogue Crypto Currency Miner
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
NodeJS Hash Table DoS
https://medium.com/@ahmadbamieh/nodejs-constant-hashtables-seeds-vulnerability-f03bf70e3593
HTTPS Interception
https://blog.cloudflare.com/understanding-the-prevalence-of-web-traffic-interception/
9/18/2017 • 5 minutes, 54 seconds
ISC StormCast for Friday, September 15th 2017
Another Webshell; Another Backdoor
https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
9/15/2017 • 5 minutes, 27 seconds
ISC StormCast for Friday, September 15th 2017
Another Webshell; Another Backdoor
https://isc.sans.edu/forums/diary/Another+webshell+another+backdoor/22826/
D-Link Vulnerability
https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html
Chrome To Label FTP As Insecure
https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/HknIAQwMoWo/xYyezYV5AAAJ
More Google Play Store Malware
https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-google-play-will-hit-wallet/
Elasticsearch Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
9/15/2017 • 5 minutes, 27 seconds
ISC StormCast for Thursday, September 14th 2017
No IPv6? Challenge Accepted
https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
9/14/2017 • 5 minutes
ISC StormCast for Thursday, September 14th 2017
No IPv6? Challenge Accepted
https://isc.sans.edu/forums/diary/No+IPv6+Challenge+Accepted+Part+1/22820/
Exploiting CVE-2017-8759
https://www.mdsec.co.uk/2017/09/exploiting-cve-2017-8759-soap-wsdl-parser-code-injection/
Wordpress Plugin Found With Backdoor
https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
9/14/2017 • 5 minutes
ISC StormCast for Wednesday, September 13th 2017
Microsoft Patch Tuesday
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
9/13/2017 • 5 minutes, 39 seconds
ISC StormCast for Wednesday, September 13th 2017
Microsoft Patch Tuesday
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
https://technet.microsoft.com/security/advisories
BlueBorne Bluetooth Vulnerability
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
9/13/2017 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, September 12th 2017
Cisco Struts Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/[email protected]/msg08027.html
9/12/2017 • 6 minutes, 37 seconds
ISC StormCast for Tuesday, September 12th 2017
Cisco Struts Updates
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170909-struts2-rce
Google Chrome Warning Users of Anti-Malware SSL Interception
https://twitter.com/sashaperigo/status/906263091624591360
Machinelearning To Identify Malicious TLS Connections
https://arxiv.org/pdf/1607.01639.pdf
Comodo Breaking CAA Standard
https://www.mail-archive.com/[email protected]/msg08027.html
9/12/2017 • 6 minutes, 37 seconds
ISC StormCast for Monday, September 11th 2017
Analyzing JPEG Files
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
9/11/2017 • 5 minutes, 49 seconds
ISC StormCast for Monday, September 11th 2017
Analyzing JPEG Files
https://isc.sans.edu/forums/diary/Analyzing+JPEG+files/22806/
Auditing Windows With WINspect
https://isc.sans.edu/forums/diary/Windows+Auditing+with+WINspect/22810/
Windows PSSetLoadImageNotifyRoutine Vulnerability
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
IOTA Cryptocurrency Vulnerable Hash Function
https://medium.com/@neha/cryptographic-vulnerabilities-in-iota-9a6a9ddc4367
9/11/2017 • 5 minutes, 49 seconds
ISC StormCast for Friday, September 8th 2017
Yet Another Struts RCE Vulnerability
https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
9/8/2017 • 15 minutes, 37 seconds
ISC StormCast for Friday, September 8th 2017
Yet Another Struts RCE Vulnerability
https://struts.apache.org/docs/s2-053.html
Equifax Compromise
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Hash Extension Flaws
https://isc.sans.edu/forums/diary/Modern+Web+Application+Penetration+Testing+Hash+Length+Extension+Attacks/22792/
Matt Hosburgh: Offensive Intrusion Analysis: Uncovering Insiders with Threat Hunting and Active Defense
9/8/2017 • 15 minutes, 37 seconds
ISC StormCast for Thursday, September 7th 2017
Struts2 Metasploit Module
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
9/7/2017 • 5 minutes, 16 seconds
ISC StormCast for Thursday, September 7th 2017
Struts2 Metasploit Module
https://github.com/rapid7/metasploit-framework/pull/8924/commits/5ea83fee5ee8c23ad95608b7e2022db5b48340ef
Google Docs Table With Hacked MongoDB Databases
https://docs.google.com/spreadsheets/d/1QonE9oeMOQHVh8heFIyeqrjfKEViL0poLnY8mAakKhM/edit#gid=1781677175
Bypassing Cloudflare
https://rhinosecuritylabs.com/cloud-security/cloudflare-bypassing-cloud-security/
9/7/2017 • 5 minutes, 16 seconds
ISC StormCast for Wednesday, September 6th 2017
A Look Back At Nira and What's Next
https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
9/6/2017 • 6 minutes, 47 seconds
ISC StormCast for Wednesday, September 6th 2017
A Look Back At Nira and What's Next
https://isc.sans.edu/forums/diary/The+Mirai+Botnet+A+Look+Back+and+Ahead+At+Whats+Next/22786/
New Struts Vulnerability and Patch
https://isc.sans.edu/forums/diary/Struts+vulnerability+patch+released+by+apache+patch+now/22788
Mastercard Internet Gateway Service Flaw
http://tinyhack.com/2017/09/05/mastercard-internet-gateway-service-hashing-design-flaw/
Mac OS X High Sierra Insecure Kernel Module Loading
https://objective-see.com/blog/blog_0x21.html
9/6/2017 • 6 minutes, 47 seconds
ISC StormCast for Tuesday, September 5th 2017
Locky Ransom Ware is Back and This Time Pretents to Be a Font
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
9/5/2017 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, September 5th 2017
Locky Ransom Ware is Back and This Time Pretents to Be a Font
https://isc.sans.edu/forums/diary/Malspam+pushing+Locky+ransomware+tries+HoeflerText+notifications+for+Chrome+and+FireFox/22776/
When is a PDF Just a PDF?
https://isc.sans.edu/forums/diary/It+is+a+resume+Part+1/22780/
Asterisk Vulnerable to RTPBleed
https://github.com/EnableSecurity/advisories/tree/master/ES2017-04-asterisk-rtp-bleed
Arris AT&T Modems With Backdoor
https://www.nomotion.net/blog/sharknatto/
9/5/2017 • 6 minutes, 18 seconds
ISC StormCast for Friday, September 1st 2017
Is Remote Work Feasible in a SOC?
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
9/1/2017 • 14 minutes, 25 seconds
ISC StormCast for Friday, September 1st 2017
Is Remote Work Feasible in a SOC?
https://isc.sans.edu/forums/diary/Remote+SOC+Workers+Concerns/22772/
Linux Random Number Generator Reviewed
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Adobe Acrobat and Reader Security Patch
https://blogs.adobe.com/psirt/?p=1484
Turning Speakers into Microphones
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
9/1/2017 • 14 minutes, 25 seconds
ISC StormCast for Thursday, August 31st 2017
IoT Gear Affected by ConnMan Vulnerablity
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
8/30/2017 • 6 minutes, 28 seconds
ISC StormCast for Thursday, August 31st 2017
IoT Gear Affected by ConnMan Vulnerablity
http://connmando.nri-secure.co.jp/index.html
Trickbot Going After Coinbase
https://blogs.forcepoint.com/security-labs/trickbot-goes-after-cryptocurrency
Pacemakers Need Patch
https://www.fda.gov/MedicalDevices/Safety/AlertsandNotices/ucm573669.htm
Inaudible Voice Commands
https://arxiv.org/pdf/1708.07238.pdf
8/30/2017 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, August 30th 2017
Another Chrome Extension Banking Malware
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
8/30/2017 • 6 minutes, 6 seconds
ISC StormCast for Wednesday, August 30th 2017
Another Chrome Extension Banking Malware
https://isc.sans.edu/forums/diary/Second+Google+Chrome+Extension+Banker+Malware+in+Two+Weeks/22766/
Vulnerable Docker VM
https://www.notsosecure.com/vulnerable-docker-vm/
Large Spam E-Mail and Password List Discovered
https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
8/30/2017 • 6 minutes, 6 seconds
ISC StormCast for Tuesday, August 29th 2017
Survey of Recent DVR Attacks
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
8/29/2017 • 5 minutes, 38 seconds
ISC StormCast for Tuesday, August 29th 2017
Survey of Recent DVR Attacks
https://isc.sans.edu/forums/diary/An+Update+On+DVR+Malware+A+DVR+Torture+Chamber/22762/
Disabling Intel ME
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Wire-X Takedown
https://blogs.akamai.com/2017/08/the-wirex-botnet-an-example-of-cross-organizational-cooperation.html
Critical HPE iLo Vulnerability
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
8/25/2017 • 12 minutes, 23 seconds
ISC StormCast for Friday, August 25th 2017
Critical HPE iLo Vulnerability
http://h20565.www2.hpe.com/hpsc/doc/public/display?docId=hpesbhf03769en_us
Facebook Messenger Spam Leads to Malware
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
iOS 10.3.1 Kernel Exploit Released
https://blog.zimperium.com/ziva-video-audio-ios-kernel-exploit/
Samsung Bricks Smart TVs With Update
https://eu.community.samsung.com/t5/TV-Audio-Video/Samsung-MU-Series-2017-Smart-TV-s-will-do-nothing-after-Samsung/td-p/250277
John Bambenek's DGA Feeds
http://osint.bambenekconsulting.com/feeds/c2-ipmasterlist.txt
8/25/2017 • 12 minutes, 23 seconds
ISC StormCast for Thursday, August 24th 2017
Malware Loading Avast Safe Zone Browser
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
8/24/2017 • 5 minutes, 44 seconds
ISC StormCast for Thursday, August 24th 2017
Malware Loading Avast Safe Zone Browser
https://isc.sans.edu/forums/diary/Malicious+script+dropping+an+executable+signed+by+Avast/22748/
Ropemaker E-Mail Content
https://www.mimecast.com/globalassets/documents/whitepapers/wp_the_ropemaker_email_exploit.pdf
Cloud Based Accounts Increasingly a Target
https://www.microsoft.com/en-us/security/intelligence-report
More Malware Found At Ukraining Accounting Software Makers
https://issp.ua/issp_system_images/UPD_samples_analysis_eng.pdf
8/24/2017 • 5 minutes, 44 seconds
ISC StormCast for Wednesday, August 23rd 2017
Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
8/23/2017 • 5 minutes, 8 seconds
ISC StormCast for Wednesday, August 23rd 2017
Elcomsoft Releases Ability to Retrieve Apple Keychain from iCloud
https://www.elcomsoft.com/eppb.html
Mapping Rooms With Smart Speakers
http://musicattacks.cs.washington.edu/activity-information-leakage.pdf
Netcraft Identifies .fish Domain Used For Phishing
https://news.netcraft.com/archives/2017/08/21/first-fishy-phishing-sites-sighted.html
8/23/2017 • 5 minutes, 8 seconds
ISC StormCast for Tuesday, August 22nd 2017
Hackers Scam $ 500,000 From Enigma Digital Currency Investors
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
8/22/2017 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, August 22nd 2017
Hackers Scam $ 500,000 From Enigma Digital Currency Investors
http://www.theregister.co.uk/2017/08/21/enigma_digital_currency_investors_scammed/
Bitcoin Privacy Threats
https://arxiv.org/abs/1708.04748
$500 iPhone PIN Brute Forcing Box
https://www.youtube.com/watch?v=IXglwbyMydM
SyncCrypt Bypasses Antivirus Filters With Images
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
8/22/2017 • 5 minutes, 47 seconds
ISC StormCast for Monday, August 21st 2017
EngineBox Banking Malware
https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
8/20/2017 • 5 minutes, 27 seconds
ISC StormCast for Monday, August 21st 2017
EngineBox Banking Malware
https://isc.sans.edu/forums/diary/EngineBox+Malware+Supports+10+Brazilian+Banks/22736/
It's Not An Invoice
https://isc.sans.edu/forums/diary/Its+Not+An+Invoice/22738/
iOS Secure Enclave Key Posted
https://www.theiphonewiki.com/wiki/Greensburg_14G60_%28iPhone6,1%29
Vulnerabilities in FoxIT PDF Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
8/20/2017 • 5 minutes, 27 seconds
ISC StormCast for Friday, August 18th 2017
Maldoc with auto-updated link
https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
8/18/2017 • 16 minutes, 24 seconds
ISC StormCast for Friday, August 18th 2017
Maldoc with auto-updated link
https://isc.sans.edu/forums/diary/Maldoc+with+autoupdated+link/22730/
Rowhammer is Back: SSD Memory Affected
https://www.usenix.org/system/files/conference/woot17/woot17-paper-kurmus.pdf
Nathaniel Quist: Active Defense in a Labyrinth of Deception
https://www.sans.org/reading-room/whitepapers/ActiveDefense/active-defense-labyrinth-deception-37462
8/18/2017 • 16 minutes, 24 seconds
ISC StormCast for Thursday, August 17th 2017
Analysis of a Paypal Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
8/17/2017 • 6 minutes, 20 seconds
ISC StormCast for Thursday, August 17th 2017
Analysis of a Paypal Phishing Kit
https://isc.sans.edu/forums/diary/Analysis+of+a+Paypal+phishing+kit/22726/
ShadowPad Backdoor in NetSarang Equipment
https://securelist.com/shadowpad-in-corporate-networks/81432/
Solving Captcha Audio Challenges
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
8/17/2017 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, August 16th 2017
Malspam Pushing Trickbot Banking Trojan
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
8/16/2017 • 6 minutes, 3 seconds
ISC StormCast for Wednesday, August 16th 2017
Malspam Pushing Trickbot Banking Trojan
https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+banking+Trojan/22720/
Banker Google Chrome Extension Targeting Brazil
https://isc.sans.edu/forums/diary/BankerGoogleChromeExtensiontargetingBrazil/22722/
DJI "Go" App May Be Using JSPatch To Modify Applications After Install
https://www.rcgroups.com/forums/showpost.php?p=38096850&postcount=2713
Smartlocks Bricked After Auto-Update
http://www.securitysales.com/news/smart-locks-lobotomized-failed-update/
8/16/2017 • 6 minutes, 3 seconds
ISC StormCast for Tuesday, August 15th 2017
When A Malicious Looking E-Mail Turns Out to be "just" spam
https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
8/15/2017 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, August 15th 2017
When A Malicious Looking E-Mail Turns Out to be "just" spam
https://isc.sans.edu/forums/diary/Sometimes+its+just+SPAM/22716/
Android iOS Intra-Library Collusion
https://arxiv.org/abs/1708.03520
SonicSpy: Android Spyware Apps
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Checking For Breached Passwords in Active Directory
https://jacksonvd.com/checking-for-breached-passwords-in-active-directory/
8/15/2017 • 6 minutes, 9 seconds
ISC StormCast for Monday, August 14th 2017
Outlook Web Access Based Attacks
https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
8/14/2017 • 5 minutes, 40 seconds
ISC StormCast for Monday, August 14th 2017
Outlook Web Access Based Attacks
https://isc.sans.edu/forums/diary/Outlook+Web+Access+based+attacks/22710/
The Good Phishing Email
https://isc.sans.edu/forums/diary/The+Good+Phishing+Email/22712/
Git/CVS/Mercurial and others: ssh vulnerablity
http://blog.recurity-labs.com/2017-08-10/scm-vulns
Postgresql Vulnerablities
https://bugzilla.redhat.com/show_bug.cgi?id=1477185
8/14/2017 • 5 minutes, 40 seconds
ISC StormCast for Friday, August 11th 2017
Maldoc Analysis With ViperMonkey
https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
8/11/2017 • 5 minutes, 46 seconds
ISC StormCast for Friday, August 11th 2017
Maldoc Analysis With ViperMonkey
https://isc.sans.edu/forums/diary/Maldoc+Analysis+with+ViperMonkey/22702/
Microsoft Joins Google/Mozilla in Banishing WoSign and StartCom From Trusted CA List
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
SMS Touch App Leaking Messages
https://www.zscaler.com/blogs/research/mobile-app-wall-shame-sms-touch
Mac Adware Mughthesec
https://objective-see.com/blog/blog_0x20.html
8/11/2017 • 5 minutes, 46 seconds
ISC StormCast for Thursday, August 10th 2017
DirectDefense Accuses Carbon Black of Data Leak
https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
8/10/2017 • 6 minutes, 52 seconds
ISC StormCast for Thursday, August 10th 2017
DirectDefense Accuses Carbon Black of Data Leak
https://www.carbonblack.com/2017/08/09/directdefense-incorrectly-asserts-architectural-flaw-in-cb-response/
https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
Vulnerabilities in Solar Generation
https://horusscenario.com
Hunting Malicious npm Packages
https://duo.com/blog/hunting-malicious-npm-packages
8/10/2017 • 6 minutes, 52 seconds
ISC StormCast for Wednesday, August 9th 2017
Microsoft Updates
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
8/9/2017 • 5 minutes, 57 seconds
ISC StormCast for Wednesday, August 9th 2017
Microsoft Updates
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2017/22694/
Adobe Updates
https://helpx.adobe.com/security.html
Android Patches
https://source.android.com/security/bulletin/2017-08-01
How Are People Fooled By This? Email To Sign a Contract Provides Malware
https://isc.sans.edu/forums/diary/How+are+people+fooled+by+this+Email+to+sign+a+contract+provides+malware+instead/22696/
8/9/2017 • 5 minutes, 57 seconds
ISC StormCast for Tuesday, August 8th 2017
PHPMyAdmin Scans
https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
8/7/2017 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, August 8th 2017
PHPMyAdmin Scans
https://isc.sans.edu/forums/diary/Increase+of+phpMyAdmin+scans/22688/
Hotspot Shield Leakes Private User Data
https://cdt.org/files/2017/08/FTC-CDT-VPN-complaint-8-7-17.pdf
Debian Turning Off Support for TLS 1.0/1.1
https://lists.debian.org/debian-devel-announce/2017/08/msg00004.html
Ongoing Phishing Attacks Against Google Chrome Plugin Developers
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
8/7/2017 • 5 minutes, 43 seconds
ISC StormCast for Monday, August 7th 2017
Opengraph Used to Obfuscate Facebook Links
https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
8/7/2017 • 6 minutes, 13 seconds
ISC StormCast for Monday, August 7th 2017
Opengraph Used to Obfuscate Facebook Links
https://isc.sans.edu/forums/diary/Use+of+the+Open+Graph+Protocol+to+Disguise+Malicious+Facebook+Links/22684/
Cerber Adding Bitcoin and Password Stealer to Crypto Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Symantec Selling Certificate Business To Digicert
https://www.heise.de/security/meldung/Nachspiel-einer-fatalen-Panne-Symantec-verkauft-Zertifikatssparte-an-DigiCert-3793482.html
Siemens Medical Imaging Systems Vulnerable to Old Windows Flaws
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-822184.pdf
8/7/2017 • 6 minutes, 13 seconds
ISC StormCast for Friday, August 4th 2017
Raspberry Pi Honeypot
https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
8/4/2017 • 5 minutes, 50 seconds
ISC StormCast for Friday, August 4th 2017
Raspberry Pi Honeypot
https://github.com/DShield-ISC/dshield
Troy Hunt Releases Password List
https://haveibeenpwned.com/Passwords
Typosquatting npm Packages
http://blog.npmjs.org/post/163723642530/crossenv-malware-on-the-npm-registry
SEC503: Intrusion Detection in Depth Berlin (Oct 23rd-28th)
https://www.sans.org/event/berlin-2017/course/intrusion-detection-in-depth
Detect SMB Versions with nmap
https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
8/2/2017 • 6 minutes, 18 seconds
ISC StormCast for Wednesday, August 2nd 2017
Detect SMB Versions with nmap
https://isc.sans.edu/forums/diary/Rooting+Out+Hosts+that+Support+Older+Samba+Versions/22672/
CopyFish Google Chrome Extension Replaced by Adware
https://a9t9.com/blog/chrome-extension-adware/
StartCom Applying to be Included in Mozilla SSL CAs again
https://bugzilla.mozilla.org/show_bug.cgi?id=1311832#c12
McAffee Uses Mixed SSL/nonSSL Content For Online Malware Scan
https://blogs.securiteam.com/index.php/archives/3350
Netflix Releases DoS Testing Tool
https://medium.com/netflix-techblog/starting-the-avalanche-640e69b14a06
8/2/2017 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, August 1st 2017
MSFT Re-Releases June Outlook Update
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
8/1/2017 • 5 minutes, 40 seconds
ISC StormCast for Tuesday, August 1st 2017
MSFT Re-Releases June Outlook Update
https://support.office.com/en-us/article/Outlook-known-issues-in-the-June-2017-security-updates-3f6dbffd-8505-492d-b19f-b3b89369ed9b?ui=en-US&rs=en-US&ad=US&fromAR=1
Iranian Hackers Use Social Media To Collect Data
https://www.darkreading.com/attacks-breaches/iranian-hackers-ensnared-targets-via-phony-female-photographer/d/d-id/1329502?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
ShieldFS Self Healing Filesystem
http://shieldfs.necst.it/continella-shieldfs-2016.pdf
8/1/2017 • 5 minutes, 40 seconds
ISC StormCast for Monday, July 31st 2017
SMBloris DoS Attack Locks Up Windows
https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
7/31/2017 • 5 minutes, 48 seconds
ISC StormCast for Monday, July 31st 2017
SMBloris DoS Attack Locks Up Windows
https://twitter.com/jennamagius/status/891434286212984832
https://isc.sans.edu/forums/diary/SMBLoris+the+new+SMB+flaw/22662/
Text Banking Attacks
https://isc.sans.edu/forums/diary/Text+Banking+Scams/22666/
Nissan Leaf WiFi Vulnerability
https://github.com/HackingThings/Publications/blob/cdb72df7c3feffd02593a31d67a34ae353b09114/2017/DC25_Driving%20down%20the%20rabbit%20hole-Mickey_Jesse_Oleksander.pdf
7/31/2017 • 5 minutes, 48 seconds
ISC StormCast for Friday, July 28th 2017
Targeting HTTP's Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
7/28/2017 • 13 minutes, 32 seconds
ISC StormCast for Friday, July 28th 2017
Targeting HTTP's Hidden Attack-Surface
http://blog.portswigger.net/2017/07/cracking-lens-targeting-https-hidden.html
Petya/Goldeneye Decrypter
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
TinyPot, My Small Honeypot
https://isc.sans.edu/forums/diary/TinyPot+My+Small+Honeypot/22654/
Shaun McCullough
https://www.sans.org/reading-room/whitepapers/testing/docker-create-multi-container-environments-research-sharing-lateral-movement-37855
7/28/2017 • 13 minutes, 32 seconds
ISC StormCast for Thursday, July 27th 2017
Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
7/27/2017 • 5 minutes, 11 seconds
ISC StormCast for Thursday, July 27th 2017
Malspam Pushing Emotet Malware
https://isc.sans.edu/forums/diary/Malspam+pushing+Emotet+malware/22650/
Broadpwn Released
http://blog.exodusintel.com/2017/07/26/broadpwn/
Microsoft Announces Windows 10 Bug Bounty
https://blogs.technet.microsoft.com/msrc/2017/07/26/announcing-the-windows-bounty-program/
Custom Map Vulnearbilty in Valve Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
7/27/2017 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, July 26th 2017
Adobe Announces End of Flash for 2020
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
7/26/2017 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, July 26th 2017
Adobe Announces End of Flash for 2020
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
JA3 Hash To Fingerprint SSL/TLS Connections
https://github.com/salesforce/ja3
https://engineering.salesforce.com/open-sourcing-ja3-92c9e53c3c41
New Wave of Apple iCloud Ransom Attacks
https://www.heise.de/mac-and-i/meldung/Erneut-iCloud-Erpressungswelle-ueber-Meinen-Mac-suchen-und-Mein-iPhone-suchen-3782075.html
7/26/2017 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, July 25th 2017
Uber Drivers Targeted in Social Engineering Scam
https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
7/25/2017 • 7 minutes, 15 seconds
ISC StormCast for Tuesday, July 25th 2017
Uber Drivers Targeted in Social Engineering Scam
https://isc.sans.edu/forums/diary/Uber+drivers+new+threat+the+passenger/22626/
Mac Malware FruitFly2
https://motherboard.vice.com/en_us/article/zmv79w/mysterious-mac-malware-has-infected-hundreds-of-victims-for-years
Exploit Released for Critical Netscaler SD WAN 9.1.2 Vulnerability
http://cve.mitre.org/cgi-bin/cvename.cgi?name=2017-6316
7/25/2017 • 7 minutes, 15 seconds
ISC StormCast for Monday, July 24th 2017
Malicious .iso Attachments
https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
7/24/2017 • 5 minutes, 2 seconds
ISC StormCast for Monday, July 24th 2017
Malicious .iso Attachments
https://isc.sans.edu/forums/diary/Malicious+iso+Attachments/22636/
Maldoc with .lnk File
https://isc.sans.edu/forums/diary/Another+lnk+File/22640/
Large Ethereum Hack
http://hackingdistributed.com/2017/07/22/deep-dive-parity-bug/
7/24/2017 • 5 minutes, 2 seconds
ISC StormCast for Friday, July 21st 2017
Symantec Sloppy Key Verification Leads To Revocation of Certificates
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
7/21/2017 • 11 minutes
ISC StormCast for Friday, July 21st 2017
Symantec Sloppy Key Verification Leads To Revocation of Certificates
https://blog.hboeck.de/archives/888-How-I-tricked-Symantec-with-a-Fake-Private-Key.html
Gnome Thumbnailer Executes Code
http://news.dieweltistgarnichtso.net/posts/gnome-thumbnailer-msi-fail.html
7/21/2017 • 11 minutes
ISC StormCast for Thursday, July 20th 2017
Bots Searching for Keys and Config Files
https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
7/20/2017 • 6 minutes, 1 second
ISC StormCast for Thursday, July 20th 2017
Bots Searching for Keys and Config Files
https://isc.sans.edu/forums/diary/Bots+Searching+for+Keys+Config+Files/22630/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
Trend Micro Sees SambaCry Exploits
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Google Increases Developer Scrutiny
https://developers.googleblog.com/2017/05/updating-developer-identity-guidelines.html
SMS Phishing Asks Victims to Upload Picture of Token Card
https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
7/18/2017 • 5 minutes, 45 seconds
ISC StormCast for Tuesday, July 18th 2017
SMS Phishing Asks Victims to Upload Picture of Token Card
https://isc.sans.edu/forums/diary/SMS+Phishing+induces+victims+to+photograph+its+own+token+card/22616/
Critical FreeRADIUS Update
https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
OS X Malware Installs Crypto Messenger Signal
https://blog.checkpoint.com/2017/07/13/osxdok-refuses-go-away-money/
Malware Loads ffmpeg For Video Recording Features
https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
7/13/2017 • 14 minutes, 56 seconds
ISC StormCast for Friday, July 14th 2017
Malware Loads ffmpeg For Video Recording Features
https://blog.malwarebytes.com/threat-analysis/2017/07/malware-abusing-ffmpeg/
Password Managers and Cloud Storage
https://discussions.agilebits.com/discussion/76956/can-i-still-buy-standalone-license-for-the-1password-no-longer-being-marketed/p8
SAP Point of Sales Express Patch
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-july-2017/
Roderick Currie: Car Hacking Developments
https://www.sans.org/reading-room/whitepapers/internet/developments-car-hacking-36607
7/13/2017 • 14 minutes, 56 seconds
ISC StormCast for Thursday, July 13th 2017
Simple File Integrity Monitoring With Backup Scripts
https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
7/12/2017 • 5 minutes, 45 seconds
ISC StormCast for Thursday, July 13th 2017
Simple File Integrity Monitoring With Backup Scripts
https://isc.sans.edu/forums/diary/Backup+Scripts+the+FIM+of+the+Poor/22606/
Ethereum Wallet Services Targeted By Scammers
http://www.ibtimes.co.uk/ethereum-under-siege-scammers-make-700000-6-days-slack-reddit-phishing-attacks-1629866
MongoDB Security Surprises For Shared Hosting
https://medium.com/@alexbyk/mongodb-at-shared-hosting-security-surprises-c441ecb84b54
Trend Micro Vulnerabilities
https://www.coresecurity.com/advisories/trend-micro-deep-discovery-director-multiple-vulnerabilities
7/12/2017 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, July 12th 2017
Microsoft Patch Tuesday
https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
7/11/2017 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, July 12th 2017
Microsoft Patch Tuesday
https://isc.sans.edu/diary//22602
AT&T Cell Phone Takeover
https://carpeaqua.com/2017/07/07/hack-the-planet/
Systemd Invalid Username Bug To Be Fixed
https://github.com/systemd/systemd/pull/6300
7/11/2017 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
7/10/2017 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, July 11th 2017
Takeover of .io TLD
https://thehackerblog.com/the-io-error-taking-control-of-all-io-domains-with-a-targeted-registration/
Malwarebytes Quarterly Malware Report
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
OpenBSD Introducing KARL To Randomize Kernel Layout at Boot
https://marc.info/?l=openbsd-tech&m=149732026405941&w=2
7/10/2017 • 5 minutes, 39 seconds
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
7/9/2017 • 5 minutes, 56 seconds
ISC StormCast for Monday, July 10th 2017
More DDoS Ransom Demands
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Adversary Hunting With SOF-ELK
https://isc.sans.edu/forums/diary/Adversary+hunting+with+SOFELK/22592/
Petya Master Key Published
https://twitter.com/JanusSecretary/status/882663988429021184?ref_src=twsrc%5Etfw&ref_url=https%3A%2F%2Fwww.bleepingcomputer.com%2Fnews%2Fsecurity%2Fauthor-of-original-petya-ransomware-publishes-master-decryption-key%2F
Template Attacks Against Critical Infrastructure
http://blog.talosintelligence.com/2017/07/template-injection.html
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
7/5/2017 • 4 minutes, 50 seconds
ISC StormCast for Thursday, July 6th 2017
AVTest Report: Ransomware not a big deal; Android/MacOS Catching up to Windows
https://www.av-test.org/fileadmin/pdf/security_report/AV-TEST_Security_Report_2016-2017.pdf
Microsoft Will Prompt Users to Update Windows 10
https://support.microsoft.com/en-us/help/4023814
Bithumb Bitcoin Exchange Hacked (Article in Korean)
http://bithumb.cafe/archives/7329
Turkish Airlines and Emirates Remove Laptop Ban
http://www.theregister.co.uk/2017/07/05/emirates_and_turkish_airlines_lift_laptop_ban_on_us_flights/
Ukrainian Authorities Raid MeDoc (Article in Ukrainian)
https://cyberpolice.gov.ua/news/prykryttyam-najmasshtabnishoyi-kiberataky-v-istoriyi-ukrayiny-stav-virus-diskcoderc-881/
7/5/2017 • 4 minutes, 50 seconds
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
7/4/2017 • 5 minutes, 55 seconds
ISC StormCast for Wednesday, July 5th 2017
Microsoft Patches Skype Vulnerability
https://www.vulnerability-lab.com/get_content.php?id=2071
SystemD Invalid Username Bug Not Considered a Vulnerability (or Bug)
https://github.com/systemd/systemd/issues/6237
Cisco Fixes SNMP Vulnerability in IOS and IOS XE
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170629-snmp
Smartphones Can Be Compromised with shady replacement parts
https://iss.oy.ne.ro/Shattered
Siemens Fixes Intel AMT Bug
https://www.siemens.com/cert/pool/cert/siemens_security_advisory_ssa-874235.pdf
Update For libgcrypt
https://www.ubuntuupdates.org/package/core/zesty/main/updates/libgcrypt20-dev
7/4/2017 • 5 minutes, 55 seconds
ISC StormCast for Friday, June 30th 2017
Catching up With Blank Slate
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
6/30/2017 • 15 minutes, 7 seconds
ISC StormCast for Friday, June 30th 2017
Catching up With Blank Slate
https://isc.sans.edu/forums/diary/Catching+up+with+Blank+Slate+a+malspam+campaign+still+going+strong/22570/
Azure AD Connect Vulnerability
https://technet.microsoft.com/library/security/4033453.aspx#ID0EN
Exploit Available For Stack Clash Vulnerability
https://www.qualys.com/research/security-advisories/
Paul Herschberger: Data Breach Impact Estimation
https://www.sans.org/reading-room/whitepapers/dlp/data-breach-impact-estimation-37502
6/30/2017 • 15 minutes, 7 seconds
ISC StormCast for Thursday, June 29th 2017
Petya Ransomware Update
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
6/29/2017 • 5 minutes, 37 seconds
ISC StormCast for Thursday, June 29th 2017
Petya Ransomware Update
https://isc.sans.edu/forums/diary/Petya+I+hardly+know+ya+an+ISC+update+on+the+20170627+ransomware+outbreak/22566/
Ubuntu systemd Vulnerability
https://www.ubuntu.com/usn/usn-3341-1/
Microsoft Will Include EMET in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/06/27/whats-new-in-windows-defender-atp-fall-creators-update/
BGB Attacks Against Bitcoin
https://blog.acolyer.org/2017/06/27/hijacking-bitcoin-routing-attacks-on-cryptocurrencies/
6/29/2017 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, June 28th 2017
Petya/Goldeneye Variant Makes the Rounds
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
6/28/2017 • 5 minutes, 7 seconds
ISC StormCast for Wednesday, June 28th 2017
Petya/Goldeneye Variant Makes the Rounds
https://isc.sans.edu/forums/diary/Checking+out+the+new+Petya+variant/22562/
6/28/2017 • 5 minutes, 7 seconds
ISC StormCast for Tuesday, June 27th 2017
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
6/27/2017 • 6 minutes, 16 seconds
ISC StormCast for Tuesday, June 27th 2017
Investigation of BitTorrent Sync (v.2.0) as a P2P Cloud (Part 1)
https://isc.sans.edu/forums/diary/Investigation+of+BitTorrent+Sync+v20+as+a+P2P+Cloud+Part+1/22554/
Ransomware Payment Spurres More DDoS Ransomware Attacks
https://www.bleepingcomputer.com/news/security/-1-million-ransomware-payment-has-spurred-new-ddos-for-bitcoin-attacks/
Speed Trap Cameras in Australia Infected with WannaCrypt
http://www.camerassavelives.vic.gov.au/utility/latest+news/investigation+underway+into+cameras+affected+by+software+virus
More Vulnerablities in Windows Defender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
npm Developer Accounts Reset After Password Reuse Discovery
https://github.com/ChALkeR/notes/blob/master/Gathering-weak-npm-credentials.md
6/27/2017 • 6 minutes, 16 seconds
ISC StormCast for Monday, June 26th 2017
Fake DDoS Extortions Continue
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
6/25/2017 • 6 minutes, 36 seconds
ISC StormCast for Monday, June 26th 2017
Fake DDoS Extortions Continue
https://isc.sans.edu/forums/diary/Fake+DDoS+Extortions+Continue+Please+Forward+Us+Any+Threats+You+Have+Received/22550/
Traveling with a Laptop
https://isc.sans.edu/forums/diary/Traveling+with+a+Laptop+Surviving+a+Laptop+Ban+How+to+Let+Go+of+Precious/22462/
Side Channel Attacks on the Cheap
https://www.fox-it.com/nl/wp-content/uploads/sites/12/Tempest_attacks_against_AES.pdf
Latest Locky Variant Hunting Down Windows XP Users
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Windows Beta Builts and Source Code Leaked
http://www.theregister.co.uk/2017/06/23/windows_10_leak/
New Vulnerabilities Found in OpenVPN
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
6/22/2017 • 5 minutes
ISC StormCast for Thursday, June 22nd 2017
New Vulnerabilities Found in OpenVPN
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
RAR Unpack Vulnerability Affects BitDefender
https://bugs.chromium.org/p/project-zero/issues/detail?id=1278&desc=6
Honda Plant Shuts Down Over Wannacry
https://www.bleepingcomputer.com/news/security/one-month-later-wannacry-ransomware-is-still-shutting-down-factories/
6/22/2017 • 5 minutes
ISC StormCast for Wednesday, June 21st 2017
Cisco Ships Private Key For drmlocal.cisco.com With Video Player
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
6/21/2017 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, June 21st 2017
Cisco Ships Private Key For drmlocal.cisco.com With Video Player
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/T6emeoE-lCU
Windows Error Reporting: DFIR Benefits and Privacy Concerns
https://isc.sans.edu/forums/diary/Windows+Error+Reporting+DFIR+Benefits+and+Privacy+Concerns/22536/
Deteting Memory Curruption in glibc
https://github.com/DhavalKapil/libdheap
Let's Encrypt ACME Protocol To Become IETF Standard
https://tools.ietf.org/html/draft-ietf-acme-acme-06
Microsoft Publishes Analysis of NSA Exploits
https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
6/21/2017 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, June 20th 2017
Stack Clash Vulnerability Affects Various Unix Based Operating Systems
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
6/20/2017 • 7 minutes, 19 seconds
ISC StormCast for Tuesday, June 20th 2017
Stack Clash Vulnerability Affects Various Unix Based Operating Systems
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
Separation Of Duties / Malicious Administrators
https://isc.sans.edu/forums/diary/As+Your+Admin+Walks+Out+the+Door/22530/
Progress in Sattelite Based Quantum Cryptography
https://www.wired.com/story/chinese-satellite-relays-a-quantum-signal-between-cities/
https://www.helpnetsecurity.com/2017/06/19/extremely-secure-data-encryption/
Women Connect Event Minneapolis:
https://www.sans.org/event/minneapolis-2017/bonus-sessions/12162
6/20/2017 • 7 minutes, 19 seconds
ISC StormCast for Monday, June 19th 2017
Uptick in Port 83 Traffic
https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
6/19/2017 • 5 minutes, 22 seconds
ISC StormCast for Monday, June 19th 2017
Uptick in Port 83 Traffic
https://isc.sans.edu/forums/diary/What+is+going+on+with+Port+83/22524/
WINS DoS Vulnerability will not be fixed by Microsoft
https://blog.fortinet.com/2017/06/14/wins-server-remote-memory-corruption-vulnerability-in-microsoft-windows-server
Microsoft to Release Patch to Turn off SMB1
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-disable-smbv1-in-windows-starting-this-fall/
UK Hacker Stole Personell Data For US Military Sattelite Network
https://public-newsroom-nca-01.azurewebsites.net/news/hacker-stole-satellite-data-from-us-department-of-defence
Sophos Web Appliance Will Now Update via https
https://community.sophos.com/products/web-appliance/b/blog/posts/release-of-swa-v4-3-2---security-and-defect-fix-rollup
6/19/2017 • 5 minutes, 22 seconds
ISC StormCast for Friday, June 16th 2017
WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit
https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/
Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
6/16/2017 • 18 minutes, 8 seconds
ISC StormCast for Friday, June 16th 2017
WikiLeaks Releases Documents About Cherry Blossom Wifi Hacking Toolkit
https://wikileaks.org/vault7/#Cherry%20Blossom
More DVR Vulnerabilities
https://www.pentestpartners.com/security-blog/what-did-mirai-miss-making-a-better-bigger-botnet/
More Microsoft Windows Defender Vulnerabilities
http://www.theregister.co.uk/2017/06/15/microsoft_how_about_sandboxing_windows_defenders_engine/
Decryption Utility For Jaff Crypto Ransomware
https://noransom.kaspersky.com
Preston Ackerman: Two Factor Authentication by Home End-Users
https://www.sans.org/reading-room/whitepapers/authentication/impediments-adoption-two-factor-authentication-home-end-users-37607
6/16/2017 • 18 minutes, 8 seconds
ISC StormCast for Thursday, June 15th 2017
Systemd Odd Defaults
https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/
Voice over LTE Vulnerabilities
https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf
Tails 3.0 Released
https://tails.boum.org/install/download/index.en.html
Nexus 9 Headphone Jack Vulnerability
https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
6/14/2017 • 6 minutes, 25 seconds
ISC StormCast for Thursday, June 15th 2017
Systemd Odd Defaults
https://isc.sans.edu/forums/diary/Systemd+Could+Fallback+to+Google+DNS/22516/
Voice over LTE Vulnerabilities
https://www.sstic.org/media/SSTIC2017/SSTIC-actes/remote_geolocation_and_tracing_of_subscribers_usin/SSTIC2017-Article-remote_geolocation_and_tracing_of_subscribers_using_4g_volte_android_phone-le-moal_ventuzelo_coudray.pdf
Tails 3.0 Released
https://tails.boum.org/install/download/index.en.html
Nexus 9 Headphone Jack Vulnerability
https://alephsecurity.com/2017/06/13/nexus9-ephemeral-fiq/
6/14/2017 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, June 14th 2017
MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities
https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/
North Korea Building DDoS Botnet
https://www.us-cert.gov/ncas/alerts/TA17-164A
6/14/2017 • 6 minutes, 29 seconds
ISC StormCast for Wednesday, June 14th 2017
MSFT June Patchday Fixes Remaining Known NSA Vulnerabilities
https://isc.sans.edu/forums/diary/Microsoft+and+Adobe+June+2017+Patch+Tuesday+Two+Exploited+Vulnerabilities+Patched/22512/
North Korea Building DDoS Botnet
https://www.us-cert.gov/ncas/alerts/TA17-164A
6/14/2017 • 6 minutes, 29 seconds
ISC StormCast for Tuesday, June 13th 2017
Industropyer / CrashOverride Malware Analysis From Power System Attacks
https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
MacSpy Spyware As A Service For Macs
http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
VolUtility Memory Analysis Made Easy
https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/
Google News Abused For Spam
http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
6/13/2017 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, June 13th 2017
Industropyer / CrashOverride Malware Analysis From Power System Attacks
https://www.welivesecurity.com/2017/06/12/industroyer-biggest-threat-industrial-control-systems-since-stuxnet/
https://dragos.com/blog/crashoverride/CrashOverride-01.pdf
MacSpy Spyware As A Service For Macs
http://www.alienvault.com/blogs/labs-research/macspy-os-x-rat-as-a-service
VolUtility Memory Analysis Made Easy
https://isc.sans.edu/forums/diary/An+Introduction+to+VolUtility/22508/
Google News Abused For Spam
http://www.theregister.co.uk/2017/06/12/googles_news_algorithm_serves_up_penis_pills_for_all/
6/13/2017 • 5 minutes, 54 seconds
ISC StormCast for Monday, June 12th 2017
SAMBA Vulnerability Exploited To Install Bitcoin Miners
https://securelist.com/78674/sambacry-is-coming/
Intel's AMT Technology Used For Covert Channel
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Broadcom Vulnerablities to be Announced
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
Release Lag In National Vulnerablity Database
https://www.recordedfuture.com/vulnerability-disclosure-delay/
6/12/2017 • 5 minutes, 55 seconds
ISC StormCast for Monday, June 12th 2017
SAMBA Vulnerability Exploited To Install Bitcoin Miners
https://securelist.com/78674/sambacry-is-coming/
Intel's AMT Technology Used For Covert Channel
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Broadcom Vulnerablities to be Announced
https://www.blackhat.com/us-17/briefings.html#broadpwn-remotely-compromising-android-and-ios-via-a-bug-in-broadcoms-wi-fi-chipsets
Release Lag In National Vulnerablity Database
https://www.recordedfuture.com/vulnerability-disclosure-delay/
6/12/2017 • 5 minutes, 55 seconds
ISC StormCast for Friday, June 9th 2017
Cisco Prime Data Center Network Manager Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Oracle Peoplesoft Default Accounts
https://erpscan.com/press-center/blog/peoplesoft-default-accounts/
FOSCAM Camera Default Passwords and Other Vulnerabilities
http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Android Malware With Code Injections
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
STI Student John Dittmer: Legal Implication of Vulnerablity Scans
https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
6/9/2017 • 12 minutes, 32 seconds
ISC StormCast for Friday, June 9th 2017
Cisco Prime Data Center Network Manager Vulnerabilities
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm1
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170607-dcnm2
Oracle Peoplesoft Default Accounts
https://erpscan.com/press-center/blog/peoplesoft-default-accounts/
FOSCAM Camera Default Passwords and Other Vulnerabilities
http://images.news.f-secure.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Android Malware With Code Injections
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
STI Student John Dittmer: Legal Implication of Vulnerablity Scans
https://www.sans.org/reading-room/whitepapers/legal/minimizing-legal-risk-cybersecurity-scanning-tools-37522
6/9/2017 • 12 minutes, 32 seconds
ISC StormCast for Thursday, June 8th 2017
Deceptive Advertisements: What They Do And Where They Come From
https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/
Instagram as Covert Channel
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Domain Shadowing Used in Rik Exploit Kit
https://blogs.rsa.com/shadowfall/
6/8/2017 • 6 minutes, 2 seconds
ISC StormCast for Thursday, June 8th 2017
Deceptive Advertisements: What They Do And Where They Come From
https://isc.sans.edu/forums/diary/Deceptive+Advertisements+What+they+do+and+where+they+come+from/22494/
Instagram as Covert Channel
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Domain Shadowing Used in Rik Exploit Kit
https://blogs.rsa.com/shadowfall/
6/8/2017 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, June 7th 2017
Finding XOR Keys Part 2
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/
Instagram Stories Not Using TLS
https://vvyper.com/2017/05/22/instagram-stories-ssl/
Printer "Dots" May Have Lead to Arrest of NSA Contractor
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt
Exfiltrating Data via Blinking LED
https://arxiv.org/abs/1706.01140
6/6/2017 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, June 7th 2017
Finding XOR Keys Part 2
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+2/22490/
Instagram Stories Not Using TLS
https://vvyper.com/2017/05/22/instagram-stories-ssl/
Printer "Dots" May Have Lead to Arrest of NSA Contractor
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html#.WTc9SMbMyRt
Exfiltrating Data via Blinking LED
https://arxiv.org/abs/1706.01140
6/6/2017 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, June 6th 2017
Finding XOR Keys Used To Encode Malware
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/
Citywide IMSI Discovery
https://seaglass.cs.washington.edu
Hijacking Country Level Domains
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
6/6/2017 • 7 minutes
ISC StormCast for Tuesday, June 6th 2017
Finding XOR Keys Used To Encode Malware
https://isc.sans.edu/forums/diary/Malware+and+XOR+Part+1/22486/
Citywide IMSI Discovery
https://seaglass.cs.washington.edu
Hijacking Country Level Domains
https://thehackerblog.com/the-journey-to-hijacking-a-countrys-tld-the-hidden-risks-of-domain-extensions/index.html
6/6/2017 • 7 minutes
ISC StormCast for Monday, June 5th 2017
Phishing Campaigns for Bitcoin
https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/
Mouseover May Trigger Powerpoint Macro
https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/
Vault 7 "Pandemic" Tool
https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf
Mozilla Considering Move Away From OCSP
https://bugzilla.mozilla.org/show_bug.cgi?id=1366100
Defending Web Application Security Minneapolis
https://www.sans.org/event/minneapolis-2017
Intrusion Detection in Depth Columbia MD
https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
6/5/2017 • 7 minutes, 34 seconds
ISC StormCast for Monday, June 5th 2017
Phishing Campaigns for Bitcoin
https://isc.sans.edu/forums/diary/Phishing+Campaigns+Follow+Trends/22482/
Mouseover May Trigger Powerpoint Macro
https://www.dodgethissecurity.com/2017/06/02/new-powerpoint-mouseover-based-downloader-analysis-results/
Vault 7 "Pandemic" Tool
https://wikileaks.org/vault7/document/Pandemic-1_1-S-NF/Pandemic-1_1-S-NF.pdf
Mozilla Considering Move Away From OCSP
https://bugzilla.mozilla.org/show_bug.cgi?id=1366100
Defending Web Application Security Minneapolis
https://www.sans.org/event/minneapolis-2017
Intrusion Detection in Depth Columbia MD
https://www.sans.org/event/columbia-2017/course/intrusion-detection-in-depth
6/5/2017 • 7 minutes, 34 seconds
ISC StormCast for Friday, June 2nd 2017
Sharing Private Data With Webcast Invitations
https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/
onelogin breach
https://www.onelogin.com/blog/may-31-2017-security-incident
Google AMP Phishing
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
STI Student Paper: Kevin Kelly Tesla Crypt
https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
6/2/2017 • 10 minutes, 47 seconds
ISC StormCast for Friday, June 2nd 2017
Sharing Private Data With Webcast Invitations
https://isc.sans.edu/forums/diary/Sharing+Private+Data+with+Webcast+Invitations/22478/
onelogin breach
https://www.onelogin.com/blog/may-31-2017-security-incident
Google AMP Phishing
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
STI Student Paper: Kevin Kelly Tesla Crypt
https://www.sans.org/reading-room/whitepapers/bestprac/indicators-compromise-teslacrypt-malware-37622
6/2/2017 • 10 minutes, 47 seconds
ISC StormCast for Thursday, June 1st 2017
Analysis of Competing Hypotheses, WCry and Lazarus
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
Windows XP Not Stable Enough for WannaCry
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Mexican Biker Gang Uses Jeep Database to Steal Car
https://regmedia.co.uk/2017/05/31/indictment5_30.pdf
Dangers of Public WAS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
6/1/2017 • 6 minutes, 10 seconds
ISC StormCast for Thursday, June 1st 2017
Analysis of Competing Hypotheses, WCry and Lazarus
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+WCry+and+Lazarus+ACH+part+2/22470/
Windows XP Not Stable Enough for WannaCry
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Mexican Biker Gang Uses Jeep Database to Steal Car
https://regmedia.co.uk/2017/05/31/indictment5_30.pdf
Dangers of Public WAS Snapshots
https://www.nvteh.com/news/problems-with-public-ebs-snapshots
6/1/2017 • 6 minutes, 10 seconds
ISC StormCast for Wednesday, May 31st 2017
FreeRADIUS Vulnerability
https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/
Microsoft Malware Protection Engine Update
http://seclists.org/microsoft/2017/q2/8
Chrome UI Bug May Allow Unnoticed Recording
https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659
AWS Auditing Tools
https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/
SANS Social Denver June 14th
https://pages.sans.org/denversocial
5/31/2017 • 6 minutes, 32 seconds
ISC StormCast for Wednesday, May 31st 2017
FreeRADIUS Vulnerability
https://isc.sans.edu/forums/diary/FreeRadius+Authentication+Bypass/22466/
Microsoft Malware Protection Engine Update
http://seclists.org/microsoft/2017/q2/8
Chrome UI Bug May Allow Unnoticed Recording
https://medium.com/@barzik/the-new-html5-video-audio-api-has-privacy-issues-on-desktop-chrome-5832c99c7659
AWS Auditing Tools
https://summitroute.com/blog/2017/05/30/free_tools_for_auditing_the_security_of_an_aws_account/
SANS Social Denver June 14th
https://pages.sans.org/denversocial
5/31/2017 • 6 minutes, 32 seconds
ISC StormCast for Tuesday, May 30th 2017
Analysis of Competing Hypotheses
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
Microsoft Master File Table BSOD Exploit
http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
SMTP Split Tunnel / Transparent Proxy Exploit
https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
5/30/2017 • 7 minutes, 10 seconds
ISC StormCast for Tuesday, May 30th 2017
Analysis of Competing Hypotheses
https://isc.sans.edu/forums/diary/Analysis+of+Competing+Hypotheses+ACH+part+1/22460/
Microsoft Master File Table BSOD Exploit
http://www.theregister.co.uk/2017/05/29/microsoft_master_file_table_bug_exploited_to_bsod_windows_7_81/
SMTP Split Tunnel / Transparent Proxy Exploit
https://blog.securolytics.io/2017/05/split-tunnel-smtp-exploit-explained/
5/30/2017 • 7 minutes, 10 seconds
ISC StormCast for Friday, May 26th 2017
Samba Remote Code Execution Vulnerability
https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
Pacemaker Vulnerabilities
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Patching May have Affected Access to Australian Health Systems
http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
5/25/2017 • 13 minutes, 32 seconds
ISC StormCast for Friday, May 26th 2017
Samba Remote Code Execution Vulnerability
https://isc.sans.edu/forums/diary/Critical+Vulnerability+in+Samba+from+350+onwards/22452/
Pacemaker Vulnerabilities
http://blog.whitescope.io/2017/05/understanding-pacemaker-systems.html
Patching May have Affected Access to Australian Health Systems
http://www.cairnspost.com.au/news/cairns-hospital-suffers-software-catastrophe-with-possible-loss-of-patient-data/news-story/c828de3f4a0f73132ec3d19284cbae88
5/25/2017 • 13 minutes, 32 seconds
ISC StormCast for Thursday, May 25th 2017
Jaff Ransomware Gets a Makeover
https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/
OpenVPN Access Server Vulnerability
http://seclists.org/oss-sec/2017/q2/332
Large Credential Dumps Used in Password Brute Forcing Attacks
http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
5/25/2017 • 6 minutes, 4 seconds
ISC StormCast for Thursday, May 25th 2017
Jaff Ransomware Gets a Makeover
https://isc.sans.edu/forums/diary/Jaff+ransomware+gets+a+makeover/22446/
OpenVPN Access Server Vulnerability
http://seclists.org/oss-sec/2017/q2/332
Large Credential Dumps Used in Password Brute Forcing Attacks
http://info.digitalshadows.com/AccountTakeover-WhitePapersPage_Registration.html
5/25/2017 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, May 24th 2017
Multiple Video Players are Vulnerable to Code Execution via Subtitle Files
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Samsung Galaxy S8 Iris Scanner Bypass
https://www.ccc.de/en/updates/2017/iriden
Verizon XSS Flaw in Web Messaging Application
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
5/24/2017 • 5 minutes, 33 seconds
ISC StormCast for Wednesday, May 24th 2017
Multiple Video Players are Vulnerable to Code Execution via Subtitle Files
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
Samsung Galaxy S8 Iris Scanner Bypass
https://www.ccc.de/en/updates/2017/iriden
Verizon XSS Flaw in Web Messaging Application
https://randywestergren.com/xss-sms-hacking-text-messages-verizon-messages
5/24/2017 • 5 minutes, 33 seconds
ISC StormCast for Tuesday, May 23rd 2017
Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate
https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/
Let's Encrypt Outage
http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da
https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506
More ImageMagik Flaws
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
5/23/2017 • 6 minutes, 45 seconds
ISC StormCast for Tuesday, May 23rd 2017
Fake "Uber Disputes" Site Lures Victims With Valid TLS Certificate
https://isc.sans.edu/forums/diary/Investigating+Sites+After+They+are+Gone+And+a+Case+of+Uber+Phishing+With+SSL/22440/
Let's Encrypt Outage
http://letsencrypt.status.io/pages/history/55957a99e800baa4470002da
https://community.letsencrypt.org/t/ocsp-and-issuance-outage-2017-05-19/34506
More ImageMagik Flaws
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
5/23/2017 • 6 minutes, 45 seconds
ISC StormCast for Monday, May 22nd 2017
Typosquatting: A recent example and what to do with look alike domains
https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/
Netgear Collecting Analytics Data in Recent Update
https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
WannaCry Updates
https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/
LastPass Authenticator Cloud Backup
https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
5/22/2017 • 5 minutes, 21 seconds
ISC StormCast for Monday, May 22nd 2017
Typosquatting: A recent example and what to do with look alike domains
https://isc.sans.edu/forums/diary/Typosquatting+Awareness+and+Hunting/22436/
Netgear Collecting Analytics Data in Recent Update
https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
disable: https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
WannaCry Updates
https://venturebeat.com/2017/05/19/ransomware-wannacry-causes-fewer-tears-than-feared/
LastPass Authenticator Cloud Backup
https://blog.lastpass.com/2017/05/announcing-cloud-backup-for-lastpass-authenticator-easier-multifactor-security-for-everyone.html/
5/22/2017 • 5 minutes, 21 seconds
ISC StormCast for Friday, May 19th 2017
Discovering Relevant CVEs with CVE Bot
https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
Probablility of Vulnerability Re-Discovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Wannakey May Recover WannaCry Keys
https://github.com/aguinet/wannakey
Finding Bad With Splunk
https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
5/19/2017 • 13 minutes, 8 seconds
ISC StormCast for Friday, May 19th 2017
Discovering Relevant CVEs with CVE Bot
https://isc.sans.edu/forums/diary/My+Little+CVE+Bot/22432/
Probablility of Vulnerability Re-Discovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Wannakey May Recover WannaCry Keys
https://github.com/aguinet/wannakey
Finding Bad With Splunk
https://www.sans.org/reading-room/whitepapers/critical/finding-bad-splunk-3748
5/19/2017 • 13 minutes, 8 seconds
ISC StormCast for Thursday, May 18th 2017
Handbreak Proton Malware Used to Steal Sourcecode
https://panic.com/blog/stolen-source-code/
NIST Password Guidance Update
https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/
Exploiting XXE Vulnerabilities in Peoplesoft
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
5/18/2017 • 5 minutes, 26 seconds
ISC StormCast for Thursday, May 18th 2017
Handbreak Proton Malware Used to Steal Sourcecode
https://panic.com/blog/stolen-source-code/
NIST Password Guidance Update
https://isc.sans.edu/forums/diary/Wait+What+We+dont+have+to+change+passwords+every+90+days/22428/
Exploiting XXE Vulnerabilities in Peoplesoft
https://www.ambionics.io/blog/oracle-peoplesoft-xxe-to-rce
5/18/2017 • 5 minutes, 26 seconds
ISC StormCast for Wednesday, May 17th 2017
Docusign Breach Leads to Increase in Phishing Email
https://trust.docusign.com/en-us/personal-safeguards/
HP Updates Audio Drivers (twice) to Remove Keylogger
https://support.hp.com/us-en/document/c05519670
Chrome File Download Behaviour Can Lead to SMB Credential Theft
http://defensecode.com/news_article.php?id=21
5/17/2017 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, May 17th 2017
Docusign Breach Leads to Increase in Phishing Email
https://trust.docusign.com/en-us/personal-safeguards/
HP Updates Audio Drivers (twice) to Remove Keylogger
https://support.hp.com/us-en/document/c05519670
Chrome File Download Behaviour Can Lead to SMB Credential Theft
http://defensecode.com/news_article.php?id=21
5/17/2017 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, May 16th 2017
Apple Updates Everything
https://support.apple.com/en-us/HT201222
OpenVPN Audit Results
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
Italian Car Insurance Leaks User Driving Data
https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
5/16/2017 • 6 minutes, 54 seconds
ISC StormCast for Tuesday, May 16th 2017
Apple Updates Everything
https://support.apple.com/en-us/HT201222
OpenVPN Audit Results
https://www.privateinternetaccess.com/blog/2017/05/openvpn-2-4-evaluation-summary-report/
Italian Car Insurance Leaks User Driving Data
https://www.andreascarpino.it/posts/how-my-car-insurance-exposed-my-position.html
Conexant Audio Drivers Log Keystrokes;
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Rig Exploit Kit Used to Send Ramnit Trojan
https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/
Encase Forensic Imager Exploit
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
5/12/2017 • 13 minutes, 20 seconds
ISC StormCast for Friday, May 12th 2017
Conexant Audio Drivers Log Keystrokes;
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
Rig Exploit Kit Used to Send Ramnit Trojan
https://isc.sans.edu/forums/diary/Seamless+Campaign+using+Rig+Exploit+Kit+to+send+Ramnit+Trojan/22404/
Encase Forensic Imager Exploit
http://blog.sec-consult.com/2017/05/chainsaw-of-custody-manipulating.html
5/12/2017 • 13 minutes, 20 seconds
ISC StormCast for Thursday, May 11th 2017
How to Review OAUTH Application Permissions for Popular Sites
https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/
Apple Working on Firmware Integrity Check
http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear
Panda Mobile Anti Malware Releases Patch for Evilgrade Bug
https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/
ASUS RT Router Vulnerabilities
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Microsoft Edge SOP Bypass
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
Linux Kernel Packet Socket Vulnerability Exploit
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
5/11/2017 • 8 minutes, 42 seconds
ISC StormCast for Thursday, May 11th 2017
How to Review OAUTH Application Permissions for Popular Sites
https://isc.sans.edu/forums/diary/OAuth+and+Its+High+Time+for+Some+Personal+SecurityScaping+Today/22400/
Apple Working on Firmware Integrity Check
http://apple.stackexchange.com/questions/282028/pop-up-firmware-changes-detected-randomly-appear
Panda Mobile Anti Malware Releases Patch for Evilgrade Bug
https://www.contextis.com/resources/blog/exploiting-vulnerable-pandas/
ASUS RT Router Vulnerabilities
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Microsoft Edge SOP Bypass
https://www.brokenbrowser.com/sop-bypass-uxss-stealing-credentials-pretty-fast/
Linux Kernel Packet Socket Vulnerability Exploit
https://googleprojectzero.blogspot.com/2017/05/exploiting-linux-kernel-via-packet.html
5/11/2017 • 8 minutes, 42 seconds
ISC StormCast for Wednesday, May 10th 2017
Microsoft Path Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/
Snake For Mac OS X Included in Handbrake
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Cisco Patches CMP-Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability
http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
5/9/2017 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, May 10th 2017
Microsoft Path Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+and+Adobe/22396/
Snake For Mac OS X Included in Handbrake
https://blog.fox-it.com/2017/05/03/snake-coming-soon-in-mac-os-x-flavour/
Cisco Patches CMP-Telnet Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
WolfSSL Library X.509 Certificate Text Parsing Code Execution Vulnerability
http://blog.talosintelligence.com/2017/05/wolfssl-x509-vuln.html
5/9/2017 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, May 9th 2017
Exploring a P2P Transient Botnet - From Discovery to Enumeration
https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/
Video Conversion Application Handbrake Compromised
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
Emergency Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/en-us/library/security/4022344
OS X Keychain OTR Vulnerability
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
5/9/2017 • 6 minutes, 35 seconds
ISC StormCast for Tuesday, May 9th 2017
Exploring a P2P Transient Botnet - From Discovery to Enumeration
https://isc.sans.edu/forums/diary/Exploring+a+P2P+Transient+Botnet+From+Discovery+to+Enumeration/22392/
Video Conversion Application Handbrake Compromised
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
Emergency Update for Microsoft Malware Protection Engine
https://technet.microsoft.com/en-us/library/security/4022344
OS X Keychain OTR Vulnerability
https://medium.com/@longtermsec/bypassing-otr-signature-verification-to-steal-icloud-keychain-secrets-9e92ab55b605
5/9/2017 • 6 minutes, 35 seconds
ISC StormCast for Monday, May 8th 2017
Tenable Discovers Details Regarding Intel AMT Vulnerability
http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Android Apps Use Ultrasound Beacons To Track Users
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
HTTP Headers... the Achilles' Heel of Many Applications
https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
5/7/2017 • 6 minutes, 5 seconds
ISC StormCast for Monday, May 8th 2017
Tenable Discovers Details Regarding Intel AMT Vulnerability
http://www.tenable.com/blog/rediscovering-the-intel-amt-vulnerability
Android Apps Use Ultrasound Beacons To Track Users
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
HTTP Headers... the Achilles' Heel of Many Applications
https://isc.sans.edu/forums/diary/HTTP+Headers+the+Achilles+heel+of+many+applications/22382/
5/7/2017 • 6 minutes, 5 seconds
ISC StormCast for Friday, May 5th 2017
Google OAUTH Spam Wrapup
https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/
Artificial Master Fingerprint Set
https://wp.nyu.edu/memon/the-master-print/
rpcbind denial of service
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Debian Discontinue FTP Support for Downloads
https://www.debian.org/News/2017/20170425
5/5/2017 • 5 minutes, 11 seconds
ISC StormCast for Friday, May 5th 2017
Google OAUTH Spam Wrapup
https://threatpost.com/1-million-gmail-users-impacted-by-google-docs-phishing-attack/125436/
Artificial Master Fingerprint Set
https://wp.nyu.edu/memon/the-master-print/
rpcbind denial of service
https://guidovranken.wordpress.com/2017/05/03/rpcbomb-remote-rpcbind-denial-of-service-patches/
Debian Discontinue FTP Support for Downloads
https://www.debian.org/News/2017/20170425
5/5/2017 • 5 minutes, 11 seconds
ISC StormCast for Thursday, May 4th 2017
Google Docs OAUTH Phishing E-Mails
https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/
Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
5/3/2017 • 8 minutes, 26 seconds
ISC StormCast for Thursday, May 4th 2017
Google Docs OAUTH Phishing E-Mails
https://isc.sans.edu/forums/diary/OAUTH+phishing+against+Google+Docs+beware/22372/
Review Google App Permissions https://myaccount.google.com/u/0/permissions?pli=1
SS7 Exploits Documented in Banking Attacks
http://www.sueddeutsche.de/digital/it-sicherheit-schwachstelle-im-mobilfunknetz-kriminelle-hacker-raeumen-konten-leer-1.3486504
http://www.theregister.co.uk/2017/05/03/hackers_fire_up_ss7_flaw/
5/3/2017 • 8 minutes, 26 seconds
ISC StormCast for Wednesday, May 3rd 2017
Scans Sighted for Ports Used by Intel Remote Management Interface
https://isc.sans.edu/port.html?port=16992
https://isc.sans.edu/port.html?port=16993
Outlook Forms Can Run Macros
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Jenkins Vulnerability
https://jenkins.io/security/advisory/2017-04-26/
Google Android May Patchday
https://source.android.com/security/bulletin/2017-05-01
IBM Storwize USB Stick Malware
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
5/2/2017 • 5 minutes, 25 seconds
ISC StormCast for Wednesday, May 3rd 2017
Scans Sighted for Ports Used by Intel Remote Management Interface
https://isc.sans.edu/port.html?port=16992
https://isc.sans.edu/port.html?port=16993
Outlook Forms Can Run Macros
https://sensepost.com/blog/2017/outlook-forms-and-shells/
Jenkins Vulnerability
https://jenkins.io/security/advisory/2017-04-26/
Google Android May Patchday
https://source.android.com/security/bulletin/2017-05-01
IBM Storwize USB Stick Malware
http://www-01.ibm.com/support/docview.wss?uid=ssg1S1010146&myns=s028&mynp=OCSTHGUJ&mynp=OCSTLM5A&mynp=OCSTLM6B&mynp=OCHW206&mync=E&cm_sp=s028-_-OCSTHGUJ-OCSTLM5A-OCSTLM6B-OCHW206-_-E
5/2/2017 • 5 minutes, 25 seconds
ISC StormCast for Tuesday, May 2nd 2017
Intel AMT, SBT and ISM Escalation of Privilege Vulnerability
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Local Root Exploit in chkrootkit
https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/
Escape Sequence Exploits in Various Linux Terminals
http://www.openwall.com/lists/oss-security/2017/05/01/13
5/2/2017 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, May 2nd 2017
Intel AMT, SBT and ISM Escalation of Privilege Vulnerability
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
Local Root Exploit in chkrootkit
https://lepetithacker.wordpress.com/2017/04/30/local-root-exploit-in-chkrootkit/
Escape Sequence Exploits in Various Linux Terminals
http://www.openwall.com/lists/oss-security/2017/05/01/13
5/2/2017 • 5 minutes, 54 seconds
ISC StormCast for Monday, May 1st 2017
Simple Javascript Word Macro Not Recognized By Many AV Products
https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/
OS X Malware Adds Proxy To Intercept HTTPS
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
OVH Vulnerability Put Servers at Risk
https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
5/1/2017 • 5 minutes, 50 seconds
ISC StormCast for Monday, May 1st 2017
Simple Javascript Word Macro Not Recognized By Many AV Products
https://isc.sans.edu/forums/diary/Another+Day+Another+Obfuscation+Technique/22354/
OS X Malware Adds Proxy To Intercept HTTPS
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
OVH Vulnerability Put Servers at Risk
https://jrwr.io/doku.php?id=blog:ovh_vrack_security_issue
5/1/2017 • 5 minutes, 50 seconds
ISC StormCast for Friday, April 28th 2017
VISA IP Block Hijacked By Russian ISP
https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/
Antminer "Checking" DoS Vulnerability
http://www.antbleed.com
Symantec Offers Audits To Stave Off Google's CA Blacklisting
https://www.symantec.com/connect/blogs/symantec-ca-proposal
NoMX Security E-Mail Appliance Pentest
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
vendor response: www.nomx.com
SANS Defending Web Applications
https://www.sans.org/dev522
4/28/2017 • 6 minutes, 17 seconds
ISC StormCast for Friday, April 28th 2017
VISA IP Block Hijacked By Russian ISP
https://isc.sans.edu/forums/diary/BGP+Hijacking+The+Internet+is+StillAgain+Broken/22350/
Antminer "Checking" DoS Vulnerability
http://www.antbleed.com
Symantec Offers Audits To Stave Off Google's CA Blacklisting
https://www.symantec.com/connect/blogs/symantec-ca-proposal
NoMX Security E-Mail Appliance Pentest
https://scotthelme.co.uk/nomx-the-worlds-most-secure-communications-protocol/
vendor response: www.nomx.com
SANS Defending Web Applications
https://www.sans.org/dev522
4/28/2017 • 6 minutes, 17 seconds
ISC StormCast for Thursday, April 27th 2017
Bots Disrupts US ISP
https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
4/27/2017 • 5 minutes, 35 seconds
ISC StormCast for Thursday, April 27th 2017
Bots Disrupts US ISP
https://www.bleepingcomputer.com/news/security/us-isp-goes-down-as-two-malware-families-go-to-war-over-its-modems/
Samsung Smart TV Wi-Fi Direct Exploit
http://seclists.org/fulldisclosure/2017/Apr/101
Adobe Publishes ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb17-14.html
SNMP Misconfiguration Eliminates Community String Validation
https://stringbleed.github.io/#
4/27/2017 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, April 26th 2017
CAA Records and Certificate Issuance
https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
4/26/2017 • 5 minutes, 53 seconds
ISC StormCast for Wednesday, April 26th 2017
CAA Records and Certificate Issuance
https://isc.sans.edu/forums/diary/CAA+Records+and+Certificate+Issuance/22342/
Hyundai Blue Link Infomration Disclosure
https://community.rapid7.com/community/infosec/blog/2017/04/25/r7-2017-02-hyundai-blue-link-potential-info-disclosure-fixed
HP, Philips, Fujitsu Display Software Privilege Escalation
http://blog.sec-consult.com/2017/04/what-unites-hp-philips-and-fujitsu-one.html
4/26/2017 • 5 minutes, 53 seconds
ISC StormCast for Tuesday, April 25th 2017
Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
4/25/2017 • 5 minutes, 9 seconds
ISC StormCast for Tuesday, April 25th 2017
Android Malware MilyDoor Builds Backdoor Into Networks Via SSH/SOCKS
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-android-malware-finds-successor-milkydoor/
Remote Code Execution Flaw in Squirrelmail
http://seclists.org/fulldisclosure/2017/Apr/81
Atlassian Confluence Update
https://confluence.atlassian.com/doc/confluence-security-advisory-2017-04-19-887071137.html
TCP Proxy Over Named Pipes / SMB
https://github.com/dxflatline/flatpipes
4/25/2017 • 5 minutes, 9 seconds
ISC StormCast for Monday, April 24th 2017
Increase in Port 81 Traffic
https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
4/24/2017 • 5 minutes, 22 seconds
ISC StormCast for Monday, April 24th 2017
Increase in Port 81 Traffic
https://isc.sans.edu/forums/diary/WTF+tcp+port+81/22332/
Analyzing a Document and Malware Trying to Exploit CVE-2017-0199 (HTA)
https://isc.sans.edu/forums/diary/Malicious+Documents+A+Bit+Of+News/22334/
DOUBLEPULSAR Detected on Tens of Thousands of Systems
http://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NVidia Includes Node.js Server With Drivers
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Android SMSVova Spyware Survives in Google Play Store for 3 Years
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
4/24/2017 • 5 minutes, 22 seconds
ISC StormCast for Friday, April 21st 2017
Detecting Covert DNS Channels
https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
4/20/2017 • 5 minutes, 56 seconds
ISC StormCast for Friday, April 21st 2017
Detecting Covert DNS Channels
https://isc.sans.edu/forums/diary/DNS+Query+Length+Because+Size+Does+Matter/22326/
Ambient Light Sensors May Become Accessible Via JavaScript
https://blog.lukaszolejnik.com/stealing-sensitive-browser-data-with-the-w3c-ambient-light-sensor-api/
BIND Name Server Update
https://kb.isc.org/article/AA-01491
Entropy As A Service
https://www.getnetrandom.com
Webcast: NoSQL Doesn't Make You NoVulnerable
https://www.sans.org/webcasts/nosql-doesnt-novulnerable-104897
4/20/2017 • 5 minutes, 56 seconds
ISC StormCast for Thursday, April 20th 2017
Hunting and Analyzing Malicious Excel Files
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
4/20/2017 • 5 minutes, 40 seconds
ISC StormCast for Thursday, April 20th 2017
Hunting and Analyzing Malicious Excel Files
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Excel+Sheets/22322/
Bose May Be Spying on Listeners
https://www.scribd.com/document/345620278/Bose-Privacy-Complaint
Microsoft No-Password Sign In
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Owncloud/Nextcloud Bug Reports Include Passwords
https://blog.hboeck.de/archives/885-Passwords-in-the-Bug-Reports-OwncloudNextcloud.html
Fuzzing Used to Find a Tcpdump Vulnerability
https://www.softscheck.com/en/identifying-security-vulnerabilities-with-cloud-fuzzing/
DNS Homograph Detection
https://github.com/dutchcoders/homographs
For Friday's (and other upcoming webcasts), see
https://www.sans.org/webcasts
4/20/2017 • 5 minutes, 40 seconds
ISC StormCast for Wednesday, April 19th 2017
Details about how to exploit CVE-2017-0199
https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html
User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
4/19/2017 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, April 19th 2017
Details about how to exploit CVE-2017-0199
https://rewtin.blogspot.com.au/2017/04/cve-2017-0199-practical-exploitation-poc.html
User Provided Patch To Help Update Old Operating Systems on New CPU
https://github.com/zeffy/kb4012218-19
Forensics Tools and Issues With Windows 10 Compact OS
https://www.heise.de/security/artikel/Forensik-Tools-patzen-bei-neuer-Windows-Kompression-3676075.html
4/19/2017 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, April 18th 2017
Detecting IDN Phishing Domains
https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
4/18/2017 • 7 minutes, 8 seconds
ISC StormCast for Tuesday, April 18th 2017
Detecting IDN Phishing Domains
https://isc.sans.edu/forums/diary/Tool+to+Detect+Active+Phishing+Attacks+Using+Unicode+LookAlike+Domains/22310/
Old Linux Kernel Bug Allows for Remote Code Execution via UDP
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191
Microsoft Edge JavaScript "fetch" Function Can Be Used to Leak User Data
http://mov.sx/2017/04/16/microsoft-edge-leaks-url.html
Packet Captures Filtered By Process
https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
4/14/2017 • 5 minutes, 42 seconds
ISC StormCast for Friday, April 14th 2017
Packet Captures Filtered By Process
https://isc.sans.edu/forums/diary/Packet+Captures+Filtered+by+Process/22296/
C-LDAP Used to Amplify DDoS Attack
https://isc.sans.edu/forums/diary/Akamai+reports+UDP+DDOS+Using+CLDAP+reaching+24Gbps/22300/
Juniper Updates
https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES
SAP Patches Code Injection in TREX
https://erpscan.com/press-center/press-release/critical-vulnerability-affects-sap-hana-dozen-sap-applications/
More Details About Dallas Siren Hack
https://duo.com/blog/the-dallas-county-siren-hack
4/14/2017 • 5 minutes, 42 seconds
ISC StormCast for Thursday, April 13th 2017
Mole Ransomware Delivered via Fake USPS E-Mails
https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
Identifying HTTPS-Protected Netflix Videos in Real-Time
https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf
SMS Messages Used to Control Oven
https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/
Android Hardening TLS Use
https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
4/13/2017 • 5 minutes, 52 seconds
ISC StormCast for Thursday, April 13th 2017
Mole Ransomware Delivered via Fake USPS E-Mails
https://isc.sans.edu/forums/diary/Malspam+on+20170411+pushes+yet+another+ransomware+variant/22290/
Identifying HTTPS-Protected Netflix Videos in Real-Time
https://www.mjkranch.com/docs/CODASPY17_Kranch_Reed_IdentifyingHTTPSNetflix.pdf
SMS Messages Used to Control Oven
https://www.pentestpartners.com/blog/iot-Aga-cast-iron-security-flaw/
Android Hardening TLS Use
https://android-developers.googleblog.com/2017/04/android-o-to-drop-insecure-tls-version.html
4/13/2017 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, April 12th 2017
MSFT/Adobe Patch Tuesday
https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
Solaris 0-Day
https://twitter.com/hackerfantastic/status/851555538597011460
OWASP Top 10 Update
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
4/12/2017 • 5 hours
ISC StormCast for Wednesday, April 12th 2017
MSFT/Adobe Patch Tuesday
https://isc.sans.edu/forums/diary/April+2017+Microsoft+Patch+Tuesday/22288/
Solaris 0-Day
https://twitter.com/hackerfantastic/status/851555538597011460
OWASP Top 10 Update
https://github.com/OWASP/Top10/raw/master/2017/OWASP%20Top%2010%20-%202017%20RC1-English.pdf
4/12/2017 • 5 hours
ISC StormCast for Tuesday, April 11th 2017
TPLink Modem Responds With Admin Password to SMS
http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/
Fake Google Map Weblinks
https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/
Apple Fixes Apple Music For Android
http://seclists.org/bugtraq/2017/Apr/26
Dalles Sirens Hacked via Wireless Attacks
http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/
NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel
https://t.co/FvSSwhtUH7
4/11/2017 • 5 hours
ISC StormCast for Tuesday, April 11th 2017
TPLink Modem Responds With Admin Password to SMS
http://www.theregister.co.uk/2017/04/10/tplink_3gwifi_modem_spills_credentials_to_an_evil_text_message/
Fake Google Map Weblinks
https://www.bleepingcomputer.com/news/google/thousands-of-fake-google-maps-listings-redirect-users-to-fraudulent-sites-each-month/
Apple Fixes Apple Music For Android
http://seclists.org/bugtraq/2017/Apr/26
Dalles Sirens Hacked via Wireless Attacks
http://www.theregister.co.uk/2017/04/10/hackers_set_off_dallas_emergency_siren_system/
NATO Discovers (finally?) that IPv6 Can be Used As a Covert Channel
https://t.co/FvSSwhtUH7
4/11/2017 • 5 hours
ISC StormCast for Monday, April 10th 2017
Domain Whitelisting with Alexa and Umbrella Lists (and update)
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/
SANS Security West (San Diego)
https://www.sans.org/event/sans-security-west-2017
Dallas Tornado Sirens Hacked
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318
Shadowbroker Files
https://github.com/x0rz/EQGRP
Word Vulnerability
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
4/10/2017 • 5 hours
ISC StormCast for Monday, April 10th 2017
Domain Whitelisting with Alexa and Umbrella Lists (and update)
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists/22270/
https://isc.sans.edu/forums/diary/Domain+Whitelisting+With+Alexa+and+Umbrella+Lists+update/22274/
SANS Security West (San Diego)
https://www.sans.org/event/sans-security-west-2017
Dallas Tornado Sirens Hacked
https://www.washingtonpost.com/news/the-intersect/wp/2017/04/09/someone-hacked-every-tornado-siren-in-dallas-it-was-loud/?utm_term=.ca706deea318
Shadowbroker Files
https://github.com/x0rz/EQGRP
Word Vulnerability
https://securingtomorrow.mcafee.com/mcafee-labs/critical-office-zero-day-attacks-detected-wild/
Whitelists: The Holy Grail of Attackers
https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/
Java Struts2 Vulnerability Used To Install Ransomware
https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/
Brazilian Bank Looses Control Over Domains
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Google Android April Patch Day
https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary
Radware Observes "BrickerBot" Destroying Devices
https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
Struts2 Vulnerability Webcast
https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
4/6/2017 • 6 minutes, 25 seconds
ISC StormCast for Thursday, April 6th 2017
Whitelists: The Holy Grail of Attackers
https://isc.sans.edu/forums/diary/Whitelists+The+Holy+Grail+of+Attackers/22262/
Java Struts2 Vulnerability Used To Install Ransomware
https://isc.sans.edu/forums/diary/Java+Struts2+Vulnerability+Used+To+Install+Cerber+Crypto+Ransomware/22264/
Brazilian Bank Looses Control Over Domains
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Google Android April Patch Day
https://source.android.com/security/bulletin/2017-04-01#security-vulnerability-summary
Radware Observes "BrickerBot" Destroying Devices
https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
Struts2 Vulnerability Webcast
https://www.sans.org/webcasts/struts-shock-current-attacks-struts2-defend-104787
4/6/2017 • 6 minutes, 25 seconds
ISC StormCast for Wednesday, April 5th 2017
Exploiting Broadcom's Wi-Fi Stack
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Covert Channel Between Virtual Machines Via CPU Cache
https://cmaurice.fr/pdf/ndss17_maurice.pdf
40 Vulnerabilities in Samsung Tizen
https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
4/5/2017 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, April 5th 2017
Exploiting Broadcom's Wi-Fi Stack
https://googleprojectzero.blogspot.com/2017/04/over-air-exploiting-broadcoms-wi-fi_4.html
Covert Channel Between Virtual Machines Via CPU Cache
https://cmaurice.fr/pdf/ndss17_maurice.pdf
40 Vulnerabilities in Samsung Tizen
https://motherboard.vice.com/en_us/article/samsung-tizen-operating-system-bugs-vulnerabilities
4/5/2017 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, April 4th 2017
Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution
https://support.apple.com/en-us/HT207688
Practical Use of SHA1 Collisions: ISO Images
https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/
Microsoft Defender False Positive
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A
Cracking Weak Session Secrets
https://martinfowler.com/articles/session-secret.html
Skype Malvertising Advertises Fake Flash Players
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
4/4/2017 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, April 4th 2017
Apple Releases iOS 10.3.1 to Remedy Wifi Remote Code Execution
https://support.apple.com/en-us/HT207688
Practical Use of SHA1 Collisions: ISO Images
https://isc.sans.edu/forums/diary/A+Practical+Use+for+a+SHA1+Collision/22257/
Microsoft Defender False Positive
https://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Worm%3AWin32%2FBluber.A
Cracking Weak Session Secrets
https://martinfowler.com/articles/session-secret.html
Skype Malvertising Advertises Fake Flash Players
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
4/4/2017 • 5 minutes, 34 seconds
ISC StormCast for Monday, April 3rd 2017
Google Discovers More LastPass Vulnerabilities;
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6
Attacking KeePass
https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass
https://github.com/HarmJ0y/KeeThief
Bypassing Cylance
http://www.blackhillsinfosec.com/?p=5792
Mimi Penguin: Extracting Credentials From Memory on Linux Tools
https://github.com/huntergregal/mimipenguin
Windows 2003 / IIS 6 Exploit
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
https://github.com/rapid7/metasploit-framework/pull/8162
4/3/2017 • 5 minutes, 59 seconds
ISC StormCast for Monday, April 3rd 2017
Google Discovers More LastPass Vulnerabilities;
https://bugs.chromium.org/p/project-zero/issues/detail?id=1225&desc=6
Attacking KeePass
https://www.slideshare.net/harmj0y/a-case-study-in-attacking-keepass
https://github.com/HarmJ0y/KeeThief
Bypassing Cylance
http://www.blackhillsinfosec.com/?p=5792
Mimi Penguin: Extracting Credentials From Memory on Linux Tools
https://github.com/huntergregal/mimipenguin
Windows 2003 / IIS 6 Exploit
https://0patch.blogspot.com/2017/03/0patching-immortal-cve-2017-7269.html
https://github.com/rapid7/metasploit-framework/pull/8162
4/3/2017 • 5 minutes, 59 seconds
ISC StormCast for Friday, March 31st 2017
Diverting built-in features for the bad
https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/
Fake Job Offers to GitHub Developers Include Malware
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/
Drones With Lasers!
https://arxiv.org/pdf/1703.07751.pdf
3/31/2017 • 5 minutes, 41 seconds
ISC StormCast for Friday, March 31st 2017
Diverting built-in features for the bad
https://isc.sans.edu/forums/diary/Diverting+builtin+features+for+the+bad/22250/
Fake Job Offers to GitHub Developers Include Malware
http://researchcenter.paloaltonetworks.com/2017/03/unit42-dimnie-hiding-plain-sight/
Drones With Lasers!
https://arxiv.org/pdf/1703.07751.pdf
3/31/2017 • 5 minutes, 41 seconds
ISC StormCast for Thursday, March 30th 2017
Logical and Physical Security Correlation
https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/
Recent Mirai DDoS Attacks
https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html
Crusader Injects Fake Support Phone Numbers into Websites
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
VMWare Closes Pwn2Own Guest Escape Vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
Apple iCloud for Windows Update
https://support.apple.com/de-de/HT207607
3/30/2017 • 5 minutes, 8 seconds
ISC StormCast for Thursday, March 30th 2017
Logical and Physical Security Correlation
https://isc.sans.edu/forums/diary/Logical+Physical+Security+Correlation/22243/
Recent Mirai DDoS Attacks
https://www.incapsula.com/blog/new-mirai-variant-ddos-us-college.html
Crusader Injects Fake Support Phone Numbers into Websites
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
VMWare Closes Pwn2Own Guest Escape Vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2017-0006.html
Apple iCloud for Windows Update
https://support.apple.com/de-de/HT207607
3/30/2017 • 5 minutes, 8 seconds
ISC StormCast for Wednesday, March 29th 2017
New Exploit Variant for Recent Struts2 Vulnerability
https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
PoC Exploit for iBook ePub Javascript Vulnerability
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Microsoft Docs.com Leak
https://twitter.com/gossithedog/status/845446263244050434
Symantec SSL CA tool
https://www.renditioninfosec.com/socapps/sslcheck/index.php
3/29/2017 • 5 minutes, 29 seconds
ISC StormCast for Wednesday, March 29th 2017
New Exploit Variant for Recent Struts2 Vulnerability
https://blog.gdssecurity.com/labs/2017/3/27/an-analysis-of-cve-2017-5638.html
PoC Exploit for iBook ePub Javascript Vulnerability
https://s1gnalcha0s.github.io/ibooks/epub/2017/03/27/This-book-reads-you-using-JavaScript.html
Microsoft Docs.com Leak
https://twitter.com/gossithedog/status/845446263244050434
Symantec SSL CA tool
https://www.renditioninfosec.com/socapps/sslcheck/index.php
3/29/2017 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, March 28th 2017
Apple Updates
https://support.apple.com/en-us/HT201222
IIS 6 / Windows Server 2003 Exploit
https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py
Symantec SSL Update
https://www.symantec.com/connect/blogs/message-our-ca-customers
3/28/2017 • 6 minutes, 46 seconds
ISC StormCast for Tuesday, March 28th 2017
Apple Updates
https://support.apple.com/en-us/HT201222
IIS 6 / Windows Server 2003 Exploit
https://github.com/edwardz246003/IIS_exploit/blob/master/exploit.py
Symantec SSL Update
https://www.symantec.com/connect/blogs/message-our-ca-customers
3/28/2017 • 6 minutes, 46 seconds
ISC StormCast for Monday, March 27th 2017
Google Announces Removal of Symantec CAs for Extended Validation
https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
Spoofing Referrer in Microsoft Edge
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
Smart TV Compromise Via Broadcast Signals
https://www.youtube.com/watch?v=bOJ_8QHX6OA
Defending Web Applications Class
https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
3/27/2017 • 6 minutes, 33 seconds
ISC StormCast for Monday, March 27th 2017
Google Announces Removal of Symantec CAs for Extended Validation
https://www.symantec.com/connect/blogs/symantec-backs-its-ca
https://groups.google.com/a/chromium.org/forum/#!topic/blink-dev/eUAKwjihhBs
https://chromium.googlesource.com/chromium/src/+/master/net/data/ssl/symantec/README.md
Spoofing Referrer in Microsoft Edge
https://www.brokenbrowser.com/referer-spoofing-patch-bypass/
Smart TV Compromise Via Broadcast Signals
https://www.youtube.com/watch?v=bOJ_8QHX6OA
Defending Web Applications Class
https://www.sans.org/event/sans-security-west-2017/course/defending-web-applications-security-essentials
Criminals Threaten to Erase Millions of iCloud Conntected Apple devices
https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus
Siemens Control Systems Affected by Fake Firmware
https://dragos.com/blog/mimics/
GitHub Used for C&C
http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/
Adium IM Vulnerable to Older libpurple Issue
http://seclists.org/fulldisclosure/2017/Mar/57
3/23/2017 • 5 minutes, 59 seconds
ISC StormCast for Thursday, March 23rd 2017
Criminals Threaten to Erase Millions of iCloud Conntected Apple devices
https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom?utm_source=vicefbus
Siemens Control Systems Affected by Fake Firmware
https://dragos.com/blog/mimics/
GitHub Used for C&C
http://blog.trendmicro.com/trendlabs-security-intelligence/winnti-abuses-github/
Adium IM Vulnerable to Older libpurple Issue
http://seclists.org/fulldisclosure/2017/Mar/57
3/23/2017 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, March 22nd 2017
Password Encrypted Word File Delivers Malware
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
Critical LastPass Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1209
Nest Camera Bluetooth Vulnerability
https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
3/22/2017 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, March 22nd 2017
Password Encrypted Word File Delivers Malware
https://isc.sans.edu/forums/diary/Malspam+with+passwordprotected+Word+documents/22203/
Critical LastPass Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=1209
Nest Camera Bluetooth Vulnerability
https://github.com/jasondoyle/Google-Nest-Cam-Bug-Disclosures/blob/master/README.md
3/22/2017 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, March 21st 2017
CISCO Releases Advisory With Details Regarding CMP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!)
https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three
Git Moving Away From SHA1 (likely to SHA3)
https://news.ycombinator.com/item?id=13906804
Proxy Security
https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/
https://www.us-cert.gov/ncas/alerts/TA17-075A
3/21/2017 • 6 minutes
ISC StormCast for Tuesday, March 21st 2017
CISCO Releases Advisory With Details Regarding CMP Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170317-cmp
Pwn2Own Contest Leads to Exploits Against All Browsers (and VM!)
https://www.zerodayinitiative.com/blog/2017/3/17/the-results-pwn2own-2017-day-three
Git Moving Away From SHA1 (likely to SHA3)
https://news.ycombinator.com/item?id=13906804
Proxy Security
https://isc.sans.edu/forums/diary/What+is+really+being+proxied/22165/
https://www.us-cert.gov/ncas/alerts/TA17-075A
3/21/2017 • 6 minutes
ISC StormCast for Monday, March 20th 2017
An Example of a Multiple States Dropper
https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/
Real-World Wiretaping Attacks Against ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Authenticating Against MySQL Server Using a Hashed Password
https://github.com/cyrus-and/mysql-unsha1
3/20/2017 • 5 minutes, 50 seconds
ISC StormCast for Monday, March 20th 2017
An Example of a Multiple States Dropper
https://isc.sans.edu/forums/diary/Example+of+Multiple+Stages+Dropper/22197/
Real-World Wiretaping Attacks Against ZRTP
https://www.ibr.cs.tu-bs.de/papers/schuermann-popets2017.pdf
Authenticating Against MySQL Server Using a Hashed Password
https://github.com/cyrus-and/mysql-unsha1
3/20/2017 • 5 minutes, 50 seconds
ISC StormCast for Friday, March 17th 2017
Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Proton Mac OS RAT
https://www.cybersixgill.com/proton-a-new-mac-os-rat/
Linux Kernel n_hdlc Privilege Escalation
http://seclists.org/oss-sec/2017/q1/569
VMWare Copy/Paste Exploit Fixed
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
3/17/2017 • 6 minutes, 4 seconds
ISC StormCast for Friday, March 17th 2017
Certain Ubiquity Equipment Vulnerable to CSRF/Code Execution
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20170316-0_Ubiquiti_Networks_authenticated_command_injection_v10.txt
Proton Mac OS RAT
https://www.cybersixgill.com/proton-a-new-mac-os-rat/
Linux Kernel n_hdlc Privilege Escalation
http://seclists.org/oss-sec/2017/q1/569
VMWare Copy/Paste Exploit Fixed
https://www.vmware.com/security/advisories/VMSA-2017-0005.html
3/17/2017 • 6 minutes, 4 seconds
ISC StormCast for Thursday, March 16th 2017
Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts
https://twitter.com/thecounter
Telegram and WhatsApp Image Vulnerability
http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
RSA Panel Webcast
https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
3/16/2017 • 6 minutes, 31 seconds
ISC StormCast for Thursday, March 16th 2017
Twitter App "Twitter Counter" Compromise Leads to Unauthorized Tweets From a Large Number of Accounts
https://twitter.com/thecounter
Telegram and WhatsApp Image Vulnerability
http://blog.checkpoint.com/2017/03/15/check-point-discloses-vulnerability-whatsapp-telegram/
RSA Panel Webcast
https://cc.readytalk.com/registration/#/?meeting=6oowksc223hm&campaign=ijmt1z8qsc1q
Creating SHA3 Hashes with sigs.py
https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/
Canada Revenue Agency Website Attacked / Down over Struts2
http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591
Webkit Exploit Adobted to Nintendo Switch
https://www.youtube.com/watch?v=xkdPjbaLngE
Analysis of Outdated Javascript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Github Enterprise SAML Authentication Bypass
http://www.economyofmechanism.com/github-saml
3/14/2017 • 5 minutes, 42 seconds
ISC StormCast for Tuesday, March 14th 2017
Creating SHA3 Hashes with sigs.py
https://isc.sans.edu/forums/diary/New+tool+sigspy/22181/
Canada Revenue Agency Website Attacked / Down over Struts2
http://www.cbc.ca/news/politics/cra-internet-vulnerability-government-1.4022591
Webkit Exploit Adobted to Nintendo Switch
https://www.youtube.com/watch?v=xkdPjbaLngE
Analysis of Outdated Javascript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Github Enterprise SAML Authentication Bypass
http://www.economyofmechanism.com/github-saml
3/14/2017 • 5 minutes, 42 seconds
ISC StormCast for Monday, March 13th 2017
Issues With Out Of Date Geo Location Databases
https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/
Recovering Mobile Device PINs via Thermal Images
http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf
Unmasking Randomized MAC Addresses
https://arxiv.org/abs/1703.02874v1
Mobile Phone Supply Chain Attacks
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
3/13/2017 • 6 minutes, 36 seconds
ISC StormCast for Monday, March 13th 2017
Issues With Out Of Date Geo Location Databases
https://isc.sans.edu/forums/diary/The+Side+Effect+of+GeoIP+Filters/22173/
Recovering Mobile Device PINs via Thermal Images
http://www.mkhamis.com/data/papers/abdelrahman2017chi.pdf
Unmasking Randomized MAC Addresses
https://arxiv.org/abs/1703.02874v1
Mobile Phone Supply Chain Attacks
http://blog.checkpoint.com/2017/03/10/preinstalled-malware-targeting-mobile-users/
3/13/2017 • 6 minutes, 36 seconds
ISC StormCast for Friday, March 10th 2017
Struts 2 Update
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/
Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/
Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847
3/10/2017 • 5 minutes, 18 seconds
ISC StormCast for Friday, March 10th 2017
Struts 2 Update
https://isc.sans.edu/forums/diary/Critical+Apache+Struts+2+Vulnerability+Patch+Now/22169/
Exploits Against Haraka Mail Server
https://github.com/outflanknl/Exploits/blob/master/harakiri-CVE-2016-1000282.py
Android Password Stealing Apps
http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/
Drupal Services Module Vulnerability and Exploit
https://www.ambionics.io/blog/drupal-services-module-rce
https://www.drupal.org/node/2858847
3/10/2017 • 5 minutes, 18 seconds
ISC StormCast for Thursday, March 9th 2017
Security Researches Target Nintendo Switch
https://twitter.com/qlutoo
https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be
Dockerscan
https://github.com/cr0hn/dockerscan
1 in 5 Websites still rely on SHA-1 Based Certificates
http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/
Not All Malware Samples Are Complex
https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
Struts Vulnerability Included in Metasploit
https://github.com/rapid7/metasploit-framework/issues/8064
https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
3/9/2017 • 5 minutes, 37 seconds
ISC StormCast for Thursday, March 9th 2017
Security Researches Target Nintendo Switch
https://twitter.com/qlutoo
https://www.youtube.com/watch?v=CwdDN1kA93Q&feature=youtu.be
Dockerscan
https://github.com/cr0hn/dockerscan
1 in 5 Websites still rely on SHA-1 Based Certificates
http://www.theregister.co.uk/2017/03/08/sha1_certificate_survey/
Not All Malware Samples Are Complex
https://isc.sans.edu/forums/diary/Not+All+Malware+Samples+Are+Complex/22163/
Struts Vulnerability Included in Metasploit
https://github.com/rapid7/metasploit-framework/issues/8064
https://cwiki.apache.org/confluence/display/WW/S2-045?from=groupmessage
3/9/2017 • 5 minutes, 37 seconds
ISC StormCast for Wednesday, March 8th 2017
CIA Leak (note that link lead directly to leaked documents)
https://wikileaks.com/ciav7p1/
From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
WordPress Update
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reading Secret Keys From SGX Enclaves
https://arxiv.org/abs/1702.08719
3/8/2017 • 6 minutes, 41 seconds
ISC StormCast for Wednesday, March 8th 2017
CIA Leak (note that link lead directly to leaked documents)
https://wikileaks.com/ciav7p1/
From Shamoon To Stonedrill: Evolution of Wipers Attacking Saudi Organziations
https://securelist.com/files/2017/03/Report_Shamoon_StoneDrill_final.pdf
WordPress Update
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
Reading Secret Keys From SGX Enclaves
https://arxiv.org/abs/1702.08719
3/8/2017 • 6 minutes, 41 seconds
ISC StormCast for Tuesday, March 7th 2017
Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up
https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/
Post Mortem on 911 DDoS Attack
https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972
Nextcloud/Owncloud Scanner
https://scan.nextcloud.com
Western Digital MyCloud Vulnerability
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
3/7/2017 • 6 minutes, 22 seconds
ISC StormCast for Tuesday, March 7th 2017
Typosquatting Against Santander Bank in Brazil With Phone Call Follow-up
https://isc.sans.edu/forums/diary/A+very+convincing+Typosquatting+Social+Engineering+campaign+is+targeting+Santander+corporate+customers+in+Brazil/22157/
Post Mortem on 911 DDoS Attack
https://www.wsj.com/articles/how-a-cyberattack-overwhelmed-the-911-system-1488554972
Nextcloud/Owncloud Scanner
https://scan.nextcloud.com
Western Digital MyCloud Vulnerability
https://blog.exploitee.rs/2017/hacking_wd_mycloud/
3/7/2017 • 6 minutes, 22 seconds
ISC StormCast for Monday, March 6th 2017
How Your Pictures Affect Your Website Reputation
https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/
De-Obuscating Padded Code
https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/
FoxIT PDF Reader Vulnerability
https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
Applying SHA1 Shatter Attack To Bittorent
https://biterrant.io
Gargoyle Memory Scanning Evasion
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html
Attacking Synergy Clients
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
3/6/2017 • 6 minutes, 4 seconds
ISC StormCast for Monday, March 6th 2017
How Your Pictures Affect Your Website Reputation
https://isc.sans.edu/forums/diary/How+your+pictures+may+affect+your+website+reputation/22151/
De-Obuscating Padded Code
https://isc.sans.edu/forums/diary/Another+example+of+maldoc+string+obfuscation+with+extra+bonus+UAC+bypass/22153/
FoxIT PDF Reader Vulnerability
https://www.foxitsoftware.com/support/security-bulletins.php#content-2017
Applying SHA1 Shatter Attack To Bittorent
https://biterrant.io
Gargoyle Memory Scanning Evasion
https://jlospinoso.github.io/security/assembly/c/cpp/developing/software/2017/03/04/gargoyle-memory-analysis-evasion.html
Attacking Synergy Clients
https://www.n00py.io/2017/03/compromising-synergy-clients-with-a-rogue-synergy-server/
3/6/2017 • 6 minutes, 4 seconds
ISC StormCast for Friday, March 3rd 2017
Business E-Mail Compromise and Sender Policy Framework Typos (SPF)
https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/
Android Developers Infected With Malware Publishing Malicious Apps
http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/
DBLTek GoIP Backdoor
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Decrypting Findzip/Patcher Ransomware
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
3/3/2017 • 5 minutes, 29 seconds
ISC StormCast for Friday, March 3rd 2017
Business E-Mail Compromise and Sender Policy Framework Typos (SPF)
https://isc.sans.edu/forums/diary/Phishing+for+Big+Money+Wire+Transfers+is+Still+Alive+and+Well+or+For+Want+of+Good+Punctuation+all+was+Lost/22141/
Android Developers Infected With Malware Publishing Malicious Apps
http://researchcenter.paloaltonetworks.com/2017/03/unit42-google-play-apps-infected-malicious-iframes/
DBLTek GoIP Backdoor
https://www.trustwave.com/Resources/SpiderLabs-Blog/Undocumented-Backdoor-Account-in-DBLTek-GoIP/
Decrypting Findzip/Patcher Ransomware
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
3/3/2017 • 5 minutes, 29 seconds
ISC StormCast for Thursday, March 2nd 2017
LDAP and STARTTLS
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/
Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/
Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
3/2/2017 • 6 minutes
ISC StormCast for Thursday, March 2nd 2017
LDAP and STARTTLS
https://isc.sans.edu/forums/diary/SSLTLS+on+port+389+Say+what/22135/
Wordpress NextGen Gallery Plugin SQL Injection Vulnerability
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
Password Manager Insecurities
https://team-sik.org/trent_portfolio/password-manager-apps/
Slack Insecure Cross Window Messaging
https://labs.detectify.com/2017/02/28/hacking-slack-using-postmessage-and-websocket-reconnect-to-steal-your-precious-token/
Google Voice Recognition Used to Break Google ReCaptcha Audio Challenge
https://east-ee.com/2017/02/28/rebreakcaptcha-breaking-googles-recaptcha-v2-using-google/
3/2/2017 • 6 minutes
ISC StormCast for Wednesday, March 1st 2017
Amazon Cloud IPv4 Reuse Leads to Stray Requests
https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129
Amazon S3 Outage
https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/
CloudPets Leaks Recordings
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
ESET Antivirus Vulnerability Puts Macs at Risk
http://seclists.org/fulldisclosure/2017/Feb/68
Analysis of a Simple PHP Backdoor
https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
3/1/2017 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, March 1st 2017
Amazon Cloud IPv4 Reuse Leads to Stray Requests
https://isc.sans.edu/forums/diary/My+Catch+Of+4+Months+In+The+Amazon+IP+Address+Space/22129
Amazon S3 Outage
https://isc.sans.edu/forums/diary/Amazon+S3+Outage/22131/
CloudPets Leaks Recordings
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
ESET Antivirus Vulnerability Puts Macs at Risk
http://seclists.org/fulldisclosure/2017/Feb/68
Analysis of a Simple PHP Backdoor
https://isc.sans.edu/forums/diary/Analysis+of+a+Simple+PHP+Backdoor/22127/
3/1/2017 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, February 28th 2017
Google Chrome TLS 1.3 Update Causes Issues With Bluecoat
https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Windows 10 Will Implmenet "Gatekeeper" Like Technology
https://twitter.com/vitorgrs/status/835674417602637824
Google Releases E2EMail Chrome Plugin
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
Decrypting SCOM "RunAs" Credentials
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
2/28/2017 • 5 minutes, 55 seconds
ISC StormCast for Tuesday, February 28th 2017
Google Chrome TLS 1.3 Update Causes Issues With Bluecoat
https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Windows 10 Will Implmenet "Gatekeeper" Like Technology
https://twitter.com/vitorgrs/status/835674417602637824
Google Releases E2EMail Chrome Plugin
https://security.googleblog.com/2017/02/e2email-research-project-has-left-nest_24.html
Decrypting SCOM "RunAs" Credentials
https://www.nccgroup.trust/uk/about-us/newsroom-and-events/blogs/2017/february/scomplicated-decrypting-scom-runas-credentials/
2/28/2017 • 5 minutes, 55 seconds
ISC StormCast for Monday, February 27th 2017
Cloudflare Leaks Data
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
IE/Edge Denial of Service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2
"Dynamite Phishing"
https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/
Google Credentials Problems
https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
2/27/2017 • 5 minutes, 17 seconds
ISC StormCast for Monday, February 27th 2017
Cloudflare Leaks Data
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
IE/Edge Denial of Service
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011#c2
"Dynamite Phishing"
https://isc.sans.edu/forums/diary/Dynamite+Phishing/22121/
Google Credentials Problems
https://productforums.google.com/forum/#!category-topic/gmail/LOt2x1_c3KM
2/27/2017 • 5 minutes, 17 seconds
ISC StormCast for Friday, February 24th 2017
Researchers Find SHA1 Collision
https://shattered.io/static/shattered.pdf
Arrest Made in Deutsche Telekom DSL Modem Attack
https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
2/24/2017 • 5 minutes, 32 seconds
ISC StormCast for Friday, February 24th 2017
Researchers Find SHA1 Collision
https://shattered.io/static/shattered.pdf
Arrest Made in Deutsche Telekom DSL Modem Attack
https://www.bleepingcomputer.com/news/security/uk-police-arrest-suspect-behind-mirai-malware-attacks-on-deutsche-telekom/
2/24/2017 • 5 minutes, 32 seconds
ISC StormCast for Thursday, February 23rd 2017
User Centric Mobile Device Security With Stethoscope
http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html
Fingerprinting Firefox With Intermediate Certificates
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
JudasDNS Attack DNS Proxy
https://github.com/mandatoryprogrammer/JudasDNS
2/23/2017 • 5 minutes, 23 seconds
ISC StormCast for Thursday, February 23rd 2017
User Centric Mobile Device Security With Stethoscope
http://techblog.netflix.com/2017/02/introducing-netflix-stethoscope.html
Fingerprinting Firefox With Intermediate Certificates
https://shiftordie.de/blog/2017/02/21/fingerprinting-firefox-users-with-cached-intermediate-ca-certificates-fiprinca/
JudasDNS Attack DNS Proxy
https://github.com/mandatoryprogrammer/JudasDNS
2/23/2017 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, February 22nd 2017
Microsoft Releases Flash Patch From Skipped February Update
https://technet.microsoft.com/en-us/library/security/MS17-005
Investigating Off-Premise Wireless Behaviour
https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/
"Bugdrop" Steals Large Amount of Audio
https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
2/22/2017 • 5 minutes, 2 seconds
ISC StormCast for Wednesday, February 22nd 2017
Microsoft Releases Flash Patch From Skipped February Update
https://technet.microsoft.com/en-us/library/security/MS17-005
Investigating Off-Premise Wireless Behaviour
https://isc.sans.edu/forums/diary/Investigating+OffPremise+Wireless+Behaviour+or+I+Know+What+You+Connected+To/22089/
"Bugdrop" Steals Large Amount of Audio
https://cyberx-labs.com/en/blog/operation-bugdrop-cyberx-discovers-large-scale-cyber-reconnaissance-operation/
2/22/2017 • 5 minutes, 2 seconds
ISC StormCast for Tuesday, February 21st 2017
Hardening Postfix Against FTP Relay Attacks
https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/
Kaspersky Examins Mobile Car Apps
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Cars "Remember" Prior Owners
http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/
Xen Project Reconsidering Vulnerability Disclosure Policy
https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/
Stagefright Vulnerability had minimal affect on Android Security
https://www.rsaconference.com/speakers/adrian_ludwig
2/21/2017 • 5 minutes, 55 seconds
ISC StormCast for Tuesday, February 21st 2017
Hardening Postfix Against FTP Relay Attacks
https://isc.sans.edu/forums/diary/Hardening+Postfix+Against+FTP+Relay+Attacks/22086/
Kaspersky Examins Mobile Car Apps
https://securelist.com/analysis/publications/77576/mobile-apps-and-stealing-a-connected-car/
Cars "Remember" Prior Owners
http://money.cnn.com/2017/02/17/technology/used-car-hack-safety-location/
Xen Project Reconsidering Vulnerability Disclosure Policy
https://blog.xenproject.org/2017/02/14/request-for-comment-scope-of-vulnerabilities-for-which-xsas-are-issued/
Stagefright Vulnerability had minimal affect on Android Security
https://www.rsaconference.com/speakers/adrian_ludwig
2/21/2017 • 5 minutes, 55 seconds
ISC StormCast for Monday, February 20th 2017
RTRBK: Router, Switch, Firewall Backups in Powershell
https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/
Windows EMF Imge 0-Day Memory Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
Brazillian Traffic Ticket Malspam
https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
Using XXE To Send E-Mail
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
2/20/2017 • 5 minutes, 27 seconds
ISC StormCast for Monday, February 20th 2017
RTRBK: Router, Switch, Firewall Backups in Powershell
https://isc.sans.edu/forums/diary/RTRBK+Router+Switch+Firewall+Backups+in+PowerShell+tool+drop/22079/
Windows EMF Imge 0-Day Memory Leak
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
Brazillian Traffic Ticket Malspam
https://isc.sans.edu/forums/diary/Brazilian+malspam+sends+Autoitbased+malware/22081/
Using XXE To Send E-Mail
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
How Was Your Stay At The Hotel La Playa
https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069
XAgent OS X Malware
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Conference Phone Compromise
https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
2/16/2017 • 5 minutes, 28 seconds
ISC StormCast for Thursday, February 16th 2017
How Was Your Stay At The Hotel La Playa
https://isc.sans.edu/forums/diary/How+was+your+stay+at+the+Hotel+La+Playa/22069
XAgent OS X Malware
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Conference Phone Compromise
https://www.contextis.com//resources/blog/phwning-boardroom-hacking-android-conference-phone/
2/16/2017 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, February 15th 2017
Microsoft Cancels Patch Tuesday
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Adobe Update For Flash
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
WebSephere Update
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
Operation Kingphish
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk
Hacking Node-Serialize
http://blog.websecurify.com/2017/02/hacking-node-serialize.html
2/15/2017 • 5 minutes, 46 seconds
ISC StormCast for Wednesday, February 15th 2017
Microsoft Cancels Patch Tuesday
https://blogs.technet.microsoft.com/msrc/2017/02/14/february-2017-security-update-release/
Adobe Update For Flash
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
WebSephere Update
http://www-01.ibm.com/support/docview.wss?uid=swg21997743
Operation Kingphish
https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852#.965et86vk
Hacking Node-Serialize
http://blog.websecurify.com/2017/02/hacking-node-serialize.html
2/15/2017 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, February 14th 2017
New Tool: Packettotal.com
http://www.packettotal.com
What Not To Decrypt When Intercepting SSL
https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/
webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
Simple Static Malware Analyzer
https://github.com/secrary/SSMA
Critical Firefox for Android Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
Ubuntu ntfs-3g Privilege Escalation
https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Microsoft Patch Tuesday Changes
http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
2/14/2017 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, February 14th 2017
New Tool: Packettotal.com
http://www.packettotal.com
What Not To Decrypt When Intercepting SSL
https://isc.sans.edu/forums/diary/Stuff+I+Learned+Decrypting/22059/
webcast: https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
Simple Static Malware Analyzer
https://github.com/secrary/SSMA
Critical Firefox for Android Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
Ubuntu ntfs-3g Privilege Escalation
https://bugs.chromium.org/p/project-zero/issues/detail?id=1072
Microsoft Patch Tuesday Changes
http://www.infoworld.com/article/3139922/microsoft-windows/microsoft-to-revamp-its-documentation-for-security-patches.html
2/14/2017 • 5 minutes, 28 seconds
ISC StormCast for Monday, February 13th 2017
Vulnerabilities in Samsung KNOX
https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Auditing MongoDB Configurations
https://github.com/stampery/mongoaudit
Reversing Javascript
https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/
Wordpress REST API Flaw Widely Exploited
https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
Cryptographically Secure PHP Development
https://paragonie.com/blog/2017/02/cryptographically-secure-php-development
DEV522 Web Application Security Essentials
https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
2/13/2017 • 5 minutes, 57 seconds
ISC StormCast for Monday, February 13th 2017
Vulnerabilities in Samsung KNOX
https://googleprojectzero.blogspot.de/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Auditing MongoDB Configurations
https://github.com/stampery/mongoaudit
Reversing Javascript
https://isc.sans.edu/forums/diary/Analysis+of+a+Suspicious+Piece+of+JavaScript/22056/
Wordpress REST API Flaw Widely Exploited
https://www.wordfence.com/blog/2017/02/rapid-growth-in-rest-api-defacements/
Cryptographically Secure PHP Development
https://paragonie.com/blog/2017/02/cryptographically-secure-php-development
DEV522 Web Application Security Essentials
https://www.sans.org/event/sans-2017/course/defending-web-applications-security-essentials
2/13/2017 • 5 minutes, 57 seconds
ISC StormCast for Friday, February 10th 2017
F5 Big IP Ticketbleed Vulnerability
https://filippo.io/Ticketbleed/
CryptoShield Ransomware from Rig EK
https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/
Hancitor/Pony Malspam
https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
Apple Retaining Old Browser History Data
https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769
Brute Forcing LUKS Passwords
https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
2/10/2017 • 6 minutes, 15 seconds
ISC StormCast for Friday, February 10th 2017
F5 Big IP Ticketbleed Vulnerability
https://filippo.io/Ticketbleed/
CryptoShield Ransomware from Rig EK
https://isc.sans.edu/forums/diary/CryptoShield+Ransomware+from+Rig+EK/22047/
Hancitor/Pony Malspam
https://isc.sans.edu/forums/diary/HancitorPony+malspam/22053/
Apple Retaining Old Browser History Data
https://blog.elcomsoft.com/2017/02/elcomsoft-extracts-deleted-safari-browsing-history-from-icloud/#more-3769
Brute Forcing LUKS Passwords
https://0x00sec.org/t/breaking-encryption-hashed-passwords-luks-devices/811
2/10/2017 • 6 minutes, 15 seconds
ISC StormCast for Thursday, February 9th 2017
Cloud Metadata URLs
https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/
Intel Atom C2000 Chip Failures
http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/
More W-2 Scams, Now Combined With Wire Transfer Scams
https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/
Macro Malware Coming to MacOS
https://objective-see.com/blog/blog_0x17.html
2/9/2017 • 6 minutes, 26 seconds
ISC StormCast for Thursday, February 9th 2017
Cloud Metadata URLs
https://isc.sans.edu/forums/diary/Cloud+Metadata+Urls/22046/
Intel Atom C2000 Chip Failures
http://www.theregister.co.uk/2017/02/06/cisco_intel_decline_to_link_product_warning_to_faulty_chip/
More W-2 Scams, Now Combined With Wire Transfer Scams
https://nakedsecurity.sophos.com/2017/02/08/beware-the-latest-tax-season-spear-phishing-scam/
Macro Malware Coming to MacOS
https://objective-see.com/blog/blog_0x17.html
2/9/2017 • 6 minutes, 26 seconds
ISC StormCast for Wednesday, February 8th 2017
Using Emojis as Passwords
https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/
Popular iOS Applications Not Using TLS
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e
Web Bluetooth Security Model
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h
E-Mail Spoofing in GMail
https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
2/8/2017 • 7 minutes, 5 seconds
ISC StormCast for Wednesday, February 8th 2017
Using Emojis as Passwords
https://isc.sans.edu/forums/diary/My+Password+is+taco+Using+Emojis+for+Stronger+Passwords/22042/
Popular iOS Applications Not Using TLS
https://medium.com/@chronic_9612/76-popular-apps-confirmed-vulnerable-to-silent-interception-of-tls-protected-data-2c9a2409dd1#.nv0mf6w4e
Web Bluetooth Security Model
https://medium.com/@jyasskin/the-web-bluetooth-security-model-666b4e7eed2#.kqtxdk70h
E-Mail Spoofing in GMail
https://www.linkedin.com/pulse/aware-sender-spoofing-amongst-gmail-users-renato-marinho
2/8/2017 • 7 minutes, 5 seconds
ISC StormCast for Tuesday, February 7th 2017
Malicous or Not? Help Me Decide
https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/
OpenBSD Http Server DoS Vulnerability
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Bypassing Tor Browser Via Windows DRM
https://www.myhackerhouse.com/windows_drm_vs_torbrowser/
Freedom Hosting II Compromise
https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
2/7/2017 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, February 7th 2017
Malicous or Not? Help Me Decide
https://isc.sans.edu/forums/diary/Malicious+Or+Not+You+decide/22040/
OpenBSD Http Server DoS Vulnerability
https://pierrekim.github.io/blog/2017-02-07-openbsd-httpd-CVE-2017-5850.html
Bypassing Tor Browser Via Windows DRM
https://www.myhackerhouse.com/windows_drm_vs_torbrowser/
Freedom Hosting II Compromise
https://www.scmagazineuk.com/major-dark-web-host-hacked-381000-sets-of-user-details-leaked-online/article/636259/
2/7/2017 • 5 minutes, 51 seconds
ISC StormCast for Monday, February 6th 2017
Base64 Encoded Malware Samples on Pastebin
https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/
Cisco Recaling Meraki Access Points over Fatal Hardware Flaw
http://www.cisco.com/c/en/us/support/web/clock-signal.html
SQL Injection Vulnerability in McAfee e Policy Orchastrator
https://kc.mcafee.com/corporate/index?page=content&id=SB10187
Update from Microsoft on SMB 3 Vulnerability
https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/
Malicious Files Sent via Whatsapp to Target Indian Military
http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
2/6/2017 • 5 minutes, 28 seconds
ISC StormCast for Monday, February 6th 2017
Base64 Encoded Malware Samples on Pastebin
https://isc.sans.edu/forums/diary/Many+Malware+Samples+Found+on+Pastebin/22036/
Cisco Recaling Meraki Access Points over Fatal Hardware Flaw
http://www.cisco.com/c/en/us/support/web/clock-signal.html
SQL Injection Vulnerability in McAfee e Policy Orchastrator
https://kc.mcafee.com/corporate/index?page=content&id=SB10187
Update from Microsoft on SMB 3 Vulnerability
https://threatpost.com/microsoft-waits-for-patch-tuesday-to-fix-smb-zero-day/123541/
Malicious Files Sent via Whatsapp to Target Indian Military
http://economictimes.indiatimes.com/news/defence/defence-security-forces-alerted-against-whatsapp-virus/articleshow/56258702.cms
2/6/2017 • 5 minutes, 28 seconds
ISC StormCast for Friday, February 3rd 2017
SMB 3 0-Day DoS Exploit
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/
WordPress Update Silently Fixes Security Flaw
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Webroot Update Patches BSOD Flaw
https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1
Google Adds Support for Mandatory Two-Factor Authentication to G-Suite
https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html
Cisco Prime Home Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
2/3/2017 • 5 minutes, 27 seconds
ISC StormCast for Friday, February 3rd 2017
SMB 3 0-Day DoS Exploit
https://isc.sans.edu/forums/diary/Windows+SMBv3+Denial+of+Service+Proof+of+Concept+0+Day+Exploit/22029/
WordPress Update Silently Fixes Security Flaw
https://make.wordpress.org/core/2017/02/01/disclosure-of-additional-security-fix-in-wordpress-4-7-2/
Webroot Update Patches BSOD Flaw
https://community.webroot.com/t5/Product-Questions/BSOD-0x50-PAGE-FAULT-IN-NONPAGED-AREA/td-p/284302?sf54120672=1&sf54123115=1
Google Adds Support for Mandatory Two-Factor Authentication to G-Suite
https://security.googleblog.com/2017/02/better-and-more-usable-protection-from.html
Cisco Prime Home Vulnerablity
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170201-prime-home
2/3/2017 • 5 minutes, 27 seconds
ISC StormCast for Thursday, February 2nd 2017
Multiple Vulnerabilites in tcpdump
https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
Quick Analysis of Data Left Available by Attackers
https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/
Securing The Human Ouch! Newsletter
https://securingthehuman.sans.org/ouch/
Redis CSRF Vulnerability Exploit
https://github.com/dxa4481/whatsinmyredis
2/2/2017 • 4 minutes, 59 seconds
ISC StormCast for Thursday, February 2nd 2017
Multiple Vulnerabilites in tcpdump
https://isc.sans.edu/forums/diary/Multiple+Vulnerabilities+in+tcpdump/22017/
Quick Analysis of Data Left Available by Attackers
https://isc.sans.edu/forums/diary/Quick+Analysis+of+Data+Left+Available+by+Attackers/22015/
Securing The Human Ouch! Newsletter
https://securingthehuman.sans.org/ouch/
Redis CSRF Vulnerability Exploit
https://github.com/dxa4481/whatsinmyredis
2/2/2017 • 4 minutes, 59 seconds
ISC StormCast for Wednesday, February 1st 2017
Fileless UAC Bypass Used to Drop Keybase Malware
https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/
Apple Removes Activation Lock Test Tool After Abuse
https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/
Multiple Vulnerabilities in tcpdump
https://www.debian.org/security/2017/dsa-3775
Postscript Printer Vulnerabilities
http://seclists.org/fulldisclosure/2017/Jan/89
Stop Disabling SELinux
https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
2/1/2017 • 5 minutes, 36 seconds
ISC StormCast for Wednesday, February 1st 2017
Fileless UAC Bypass Used to Drop Keybase Malware
https://isc.sans.edu/forums/diary/Malicious+Office+files+using+fileless+UAC+bypass+to+drop+KEYBASE+malware/22011/
Apple Removes Activation Lock Test Tool After Abuse
https://www.macrumors.com/2017/01/30/activation-lock-website-used-in-hack/
Multiple Vulnerabilities in tcpdump
https://www.debian.org/security/2017/dsa-3775
Postscript Printer Vulnerabilities
http://seclists.org/fulldisclosure/2017/Jan/89
Stop Disabling SELinux
https://learntemail.sam.today/blog/stop-disabling-selinux:-a-real-world-guide/
2/1/2017 • 5 minutes, 36 seconds
ISC StormCast for Tuesday, January 31st 2017
py2exe Decompiling Part 2
https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/
Telemarketer Leaks Call Recordings
https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files
Facebook Introduces Delegated Recovery Protocol
https://github.com/facebookincubator/DelegatedRecovery/
https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt
Another Cisco WebEx Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Cryptkeeper Does Not Correctly Encrypt Folders
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
1/31/2017 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, January 31st 2017
py2exe Decompiling Part 2
https://isc.sans.edu/forums/diary/py2exe+Decompiling+Part+2/22005/
Telemarketer Leaks Call Recordings
https://mackeeper.com/blog/post/326-telemarketing-company-leaks-400k-of-sensitive-files
Facebook Introduces Delegated Recovery Protocol
https://github.com/facebookincubator/DelegatedRecovery/
https://raw.githubusercontent.com/facebookincubator/DelegatedRecovery/master/draft-hill-delegated-recovery.raw.txt
Another Cisco WebEx Update
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Cryptkeeper Does Not Correctly Encrypt Folders
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=852751
1/31/2017 • 6 minutes, 36 seconds
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices
https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/
OpenSSH Vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/26/2
Ransomware Hits Traffic Cameras in DC
https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html
Hotel Hit By Ransomware
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
Not So Private Android VPNs
http://www.icir.org/vern/papers/vpn-apps-imc16.pdf
Google Starting its own Certificate Authority
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
1/30/2017 • 6 minutes, 41 seconds
ISC StormCast for Monday, January 30th 2017
Port 5358 Scans for Devices
https://isc.sans.edu/forums/diary/Request+for+Packets+and+Logs+TCP+5358/21997/
OpenSSH Vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/26/2
Ransomware Hits Traffic Cameras in DC
https://www.washingtonpost.com/local/public-safety/hackers-hit-dc-police-closed-circuit-camera-network-city-officials-disclose/2017/01/27/d285a4a4-e4f5-11e6-ba11-63c4b4fb5a63_print.html
Hotel Hit By Ransomware
http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms
Not So Private Android VPNs
http://www.icir.org/vern/papers/vpn-apps-imc16.pdf
Google Starting its own Certificate Authority
https://security.googleblog.com/2017/01/the-foundation-of-more-secure-web.html
1/30/2017 • 6 minutes, 41 seconds
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods
https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/
Android Ransomware in Google Play Store
http://blog.checkpoint.com/2017/01/24/charger-malware/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html#y2017
Facebook To Implement U2F (FIDO) Login
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
WebEx Update
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
1/27/2017 • 5 minutes, 35 seconds
ISC StormCast for Friday, January 27th 2017
IOCs: Risks of False Positive Floods
https://isc.sans.edu/forums/diary/IOCs+Risks+of+False+Positive+Alerts+Flood+Ahead/21977/
Android Ransomware in Google Play Store
http://blog.checkpoint.com/2017/01/24/charger-malware/
OpenSSL Update
https://www.openssl.org/news/vulnerabilities.html#y2017
Facebook To Implement U2F (FIDO) Login
https://www.facebook.com/notes/facebook-security/security-key-for-safer-logins-with-a-touch/10154125089265766
WebEx Update
https://bugs.chromium.org/p/project-zero/issues/detail?id=1100
1/27/2017 • 5 minutes, 35 seconds
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Malicious SVG Files Fund in the Wild
https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/
W2 Scams Hitting Again
http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html
XXE Entity Vulnerability in Uber
https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Firefox 51 Released
https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
1/26/2017 • 5 minutes, 49 seconds
ISC StormCast for Thursday, January 26th 2017
Cisco WebEx Remains Vulnerable. Other Browsers Affected
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20170124-webex
Malicious SVG Files Fund in the Wild
https://isc.sans.edu/forums/diary/Malicious+SVG+Files+in+the+Wild/21971/
W2 Scams Hitting Again
http://www.nbcdfw.com/news/local/Argyle-ISD-Employees-Hit-with-Data-Breach-411337825.html
XXE Entity Vulnerability in Uber
https://httpsonly.blogspot.co.ke/2017/01/0day-writeup-xxe-in-ubercom.html?m=1
Firefox 51 Released
https://blog.mozilla.org/security/2017/01/20/communicating-the-dangers-of-non-secure-http/
1/26/2017 • 5 minutes, 49 seconds
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin
https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/
Companies Fall For Fake Ransomware
https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/
systemd priviledge escalation vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/24/4
nginx update released
http://nginx.org/en/CHANGES
1/25/2017 • 5 minutes, 26 seconds
ISC StormCast for Wednesday, January 25th 2017
Cisco Releases Patch for Chrome Webex Plugin
https://continuum.cisco.com/2017/01/23/its-a-good-idea-to-patch-your-webex-chrome-extension-now/
Companies Fall For Fake Ransomware
https://www.citrix.com/blogs/2017/01/24/bluff-ransomware-attacks-bamboozle-british-businesses/
systemd priviledge escalation vulnerablity
http://www.openwall.com/lists/oss-security/2017/01/24/4
nginx update released
http://nginx.org/en/CHANGES
1/25/2017 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments
https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00
Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
1/24/2017 • 5 minutes, 42 seconds
ISC StormCast for Tuesday, January 24th 2017
Experimenting With IPv6 Fragments
https://isc.sans.edu/forums/diary/How+to+Have+Fun+With+IPv6+Fragments+and+Scapy/21963/
Apple Updates Everything
https://support.apple.com/en-us/HT201222
WebEx Secret Install URL
https://bugs.chromium.org/p/project-zero/issues/detail?id=1096
Vulnerability in Symantec Norton Download Manager
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2017&suid=20170117_00
Exploit for Microsoft RDC Client on Mac
https://www.wearesegment.com/research/Microsoft-Remote-Desktop-Client-for-Mac-Remote-Code-Execution
Open Hadoop Instances Are At Risk
http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html
Upcoming SHA-1 Deadlines
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
Google "Verify Apps" Algorithm
https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/
Practical JSONP Injection
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Necurs Decline Huring Loky Distribution
http://blog.talosintel.com/2017/01/locky-struggles.html
1/19/2017 • 6 minutes, 11 seconds
ISC StormCast for Friday, January 20th 2017
Open Hadoop Instances Are At Risk
http://www.threatgeek.com/2017/01/open-hadoop-installs-wiped-worldwide.html
Upcoming SHA-1 Deadlines
https://blog.mozilla.org/security/2016/10/18/phasing-out-sha-1-on-the-public-web/
Google "Verify Apps" Algorithm
https://blog.google/topics/connected-workspaces/silence-speaks-louder-words-when-finding-malware/
Practical JSONP Injection
https://securitycafe.ro/2017/01/18/practical-jsonp-injection/
Necurs Decline Huring Loky Distribution
http://blog.talosintel.com/2017/01/locky-struggles.html
1/19/2017 • 6 minutes, 11 seconds
ISC StormCast for Thursday, January 19th 2017
US-Cert Considers Netbios/SMBv1 Harmfull
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
IPv6 Atomic Fragments Can Lead to DDoS Attack
https://tools.ietf.org/html/rfc8021
Facebook Was Affectd by ImageTragick Flaw
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Malwarebytes Identifies Old Mac Backdoor
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
1/18/2017 • 6 minutes, 28 seconds
ISC StormCast for Thursday, January 19th 2017
US-Cert Considers Netbios/SMBv1 Harmfull
https://www.us-cert.gov/ncas/current-activity/2017/01/16/SMB-Security-Best-Practices
IPv6 Atomic Fragments Can Lead to DDoS Attack
https://tools.ietf.org/html/rfc8021
Facebook Was Affectd by ImageTragick Flaw
http://4lemon.ru/2017-01-17_facebook_imagetragick_remote_code_execution.html
Malwarebytes Identifies Old Mac Backdoor
https://blog.malwarebytes.com/threat-analysis/2017/01/new-mac-backdoor-using-antiquated-code/
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujan2017-2881727.html#AppendixJAVA
1/18/2017 • 6 minutes, 28 seconds
ISC StormCast for Wednesday, January 18th 2017
domain_stats.py: A Web API For SEIM Phishing Hunts;
https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/
Mutiple RCE in ZyXEL/Billion/True Online Routers
http://seclists.org/fulldisclosure/2017/Jan/40
Dovecot Passes Security Audit
https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf
Dutch Web Developers Left Backdoors Behind
http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
Mobile Applications Contain Secrets
https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
1/17/2017 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, January 18th 2017
domain_stats.py: A Web API For SEIM Phishing Hunts;
https://isc.sans.edu/forums/diary/domainstatspy+a+web+api+for+SEIM+phishing+hunts/21943/
Mutiple RCE in ZyXEL/Billion/True Online Routers
http://seclists.org/fulldisclosure/2017/Jan/40
Dovecot Passes Security Audit
https://wiki.mozilla.org/images/4/4d/Dovecot-report.pdf
Dutch Web Developers Left Backdoors Behind
http://www.theregister.co.uk/2017/01/17/police_warn_of_dutch_developer_who_built_backdoors_for_carding/
Mobile Applications Contain Secrets
https://hackernoon.com/we-reverse-engineered-16k-apps-heres-what-we-found-51bdf3b456bb
1/17/2017 • 5 minutes, 19 seconds
ISC StormCast for Tuesday, January 17th 2017
Whitelisting File Extensions in Apache
https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/
Wordpress 4.7.1 Updates PHPMailer
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Tricky Phishing Attacks Harvesting Google Passwords
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
More Refined Browser Fingerprinting Via GPU Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
1/16/2017 • 5 minutes, 27 seconds
ISC StormCast for Tuesday, January 17th 2017
Whitelisting File Extensions in Apache
https://isc.sans.edu/forums/diary/Whitelisting+File+Extensions+in+Apache/21937/
Wordpress 4.7.1 Updates PHPMailer
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
Tricky Phishing Attacks Harvesting Google Passwords
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
More Refined Browser Fingerprinting Via GPU Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
1/16/2017 • 5 minutes, 27 seconds
ISC StormCast for Monday, January 16th 2017
Backup Files Are Good if They are Outside Your Web Servers Document Root
https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp Backdoor Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
1/15/2017 • 7 minutes, 22 seconds
ISC StormCast for Monday, January 16th 2017
Backup Files Are Good if They are Outside Your Web Servers Document Root
https://isc.sans.edu/forums/diary/Backup+Files+Are+Good+but+Can+Be+Evil/21935/
Exploiting Apache Server Status
http://blog.mazinahmed.net/2017/01/exploiting-misconfigured-apache-server-status-instances.html
WhatsApp Backdoor Controversy
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Hardening Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/01/13/hardening-windows-10-with-zero-day-exploit-mitigations/
Injecting JavaScript Into PDFs
http://insert-script.blogspot.in/2016/10/pdf-how-to-steal-pdfs-by-injecting.html
1/15/2017 • 7 minutes, 22 seconds
ISC StormCast for Friday, January 13th 2017
System Resources Utilization Monitor #SRUM
https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going Dark
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
1/13/2017 • 6 minutes, 28 seconds
ISC StormCast for Friday, January 13th 2017
System Resources Utilization Monitor #SRUM
https://isc.sans.edu/forums/diary/System+Resource+Utilization+Monitor/21927/
Docker Fixes Privilege Escalation Vulnerability
http://seclists.org/fulldisclosure/2017/Jan/21
Taking Over Expired Name Servers
https://thehackerblog.com/respect-my-authority-hijacking-broken-nameservers-to-compromise-your-target/
Updated Certificate Revocation Data
https://isc.sans.edu/crls.html
Shadow Broker Releasing More Tools and Going Dark
https://heimdalsecurity.com/blog/security-alert-the-shadow-brokers-windows-hacking-tools/
Extracting Fingerprints from Selfies
http://www.japantimes.co.jp/news/2017/01/11/national/crime-legal/researchers-warn-fingerprint-theft-peace-sign/
1/13/2017 • 6 minutes, 28 seconds
ISC StormCast for Thursday, January 12th 2017
Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail
https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
1/12/2017 • 6 minutes, 4 seconds
ISC StormCast for Thursday, January 12th 2017
Hancitor/Pny/Vawtrak installed by Malicious Word Document in Fake Parking Ticket E-Mail
https://isc.sans.edu/forums/diary/HancitorPonyVawtrak+malspam/21919/
Godaddy Revokes > 6,000 SSL Certs After Validation Bug
https://www.godaddy.com/garage/godaddy/information-about-ssl-bug/
DVR Master Password List Leaked
https://www.pentestpartners.com/blog/leaked-dvr-creds-added-to-the-iot-fail-list/
Autofill Enables Information Leakage
https://github.com/anttiviljami/browser-autofill-phishing
1/12/2017 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, January 11th 2017
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 "MapTable" Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
1/11/2017 • 5 minutes, 35 seconds
ISC StormCast for Wednesday, January 11th 2017
Microsoft Patch Tuesday Summary
https://isc.sans.edu/forums/diary/January+2017+Microsoft+Patch+Tuesday/21915/
Adobe Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Adobe+January+2017+Patches/21917/
Port 37777 "MapTable" Requests
https://isc.sans.edu/forums/diary/Port+37777+MapTable+Requests/21913/
CVE 2016-7200/7201 Exploit Included in Sundown Exploit Kit
http://malware.dontneedcoffee.com/2017/01/CVE-2016-7200-7201.html
1/11/2017 • 5 minutes, 35 seconds
ISC StormCast for Tuesday, January 10th 2017
Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities
https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
1/9/2017 • 5 minutes, 47 seconds
ISC StormCast for Tuesday, January 10th 2017
Damn Vulnerable Web Sockets (DVWS) Demonstrates WebSocket Vulnerabilities
https://github.com/interference-security/DVWS
St. Jude Medical Patches Vulnerable Cardiac Devices
https://threatpost.com/st-jude-medical-patches-vulnerable-cardiac-devices/122955/
Cracking Hashes of Passwords 12 Characters and Longer
http://www.netmux.com/blog/cracking-12-character-above-passwords
VNC Library Update
https://www.debian.org/security/2017/dsa-3753
1/9/2017 • 5 minutes, 47 seconds
ISC StormCast for Monday, January 9th 2017
Careful With Security Tools That Submit Files to Virustotal
https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/
Vulnerable Security Tools Can Be Used Against You
https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/
Elaborate Ransomware Attacks
http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17
E-Mail and iTunes Popup Extortion
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
1/9/2017 • 5 minutes, 45 seconds
ISC StormCast for Monday, January 9th 2017
Careful With Security Tools That Submit Files to Virustotal
https://isc.sans.edu/forums/diary/Great+Misadventures+of+Security+Vendors+Absurd+Sandboxing+Edition/21895/
Vulnerable Security Tools Can Be Used Against You
https://isc.sans.edu/forums/diary/Using+Security+Tools+to+Compromize+a+Network/21903/
Elaborate Ransomware Attacks
http://www.actionfraud.police.uk/news/department-of-education-ransomware-alert-jan17
E-Mail and iTunes Popup Extortion
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
1/9/2017 • 5 minutes, 45 seconds
ISC StormCast for Friday, January 6th 2017
Google.com.br DNS Hijack
https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho
Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts.
https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German)
Ransomware Adding DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Old Malware Returning in Targeted Attacks
https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
1/6/2017 • 6 minutes, 1 second
ISC StormCast for Friday, January 6th 2017
Google.com.br DNS Hijack
https://www.linkedin.com/pulse/googlecombr-hacked-renato-marinho
Attackers Use Stolen Passwords To Take Over Spreadshirt.com Accounts.
https://www.heise.de/security/meldung/Angriff-auf-Spreadshirt-Konten-3589579.html (sorry, only in German)
Ransomware Adding DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Old Malware Returning in Targeted Attacks
https://blogs.forcepoint.com/security-labs/mm-core-memory-backdoor-returns-bigboss-and-sillygoose
1/6/2017 • 6 minutes, 1 second
ISC StormCast for Thursday, January 5th 2017
GRE Packets May Be Related To Linux Kernel Bug
http://www.openwall.com/lists/oss-security/2016/10/13/11
Insecure MongoDB Instances Hit By Fake Ransomware
https://twitter.com/0xDUDE
Android Security Update
https://source.android.com/security/bulletin/2017-01-01.html
Identifying WordPress Websites on Local Networks
https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
1/5/2017 • 5 minutes, 24 seconds
ISC StormCast for Thursday, January 5th 2017
GRE Packets May Be Related To Linux Kernel Bug
http://www.openwall.com/lists/oss-security/2016/10/13/11
Insecure MongoDB Instances Hit By Fake Ransomware
https://twitter.com/0xDUDE
Android Security Update
https://source.android.com/security/bulletin/2017-01-01.html
Identifying WordPress Websites on Local Networks
https://www.netsparker.com/blog/web-security/bruteforce-wordpress-local-networks-xshm-attack/
1/5/2017 • 5 minutes, 24 seconds
ISC StormCast for Wednesday, January 4th 2017
Removing "Ransom Ware" From Android Based LG TVs
https://www.youtube.com/watch?v=0WZ4uLFTHEE
libpng Patches 30 Year Old Bug
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
Kaspersky Antivirus SSL Interception Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Thunderbird Update Fixes Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
1/3/2017 • 4 minutes, 58 seconds
ISC StormCast for Wednesday, January 4th 2017
Removing "Ransom Ware" From Android Based LG TVs
https://www.youtube.com/watch?v=0WZ4uLFTHEE
libpng Patches 30 Year Old Bug
http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.567619
Kaspersky Antivirus SSL Interception Vulnerability
https://bugs.chromium.org/p/project-zero/issues/detail?id=978
Thunderbird Update Fixes Critical Vulnerability
https://www.mozilla.org/en-US/security/advisories/mfsa2016-96/
Protocol 47 (GRE) Traffic
https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
US Cert Releases "Grizzly Steppe" Report
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Android Malware Changes Router DNS Settings
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
12/30/2016 • 3 minutes, 57 seconds
ISC StormCast for Friday, December 30th 2016
Protocol 47 (GRE) Traffic
https://isc.sans.edu/forums/diary/Increase+in+Protocol+47+denys/21865/
US Cert Releases "Grizzly Steppe" Report
https://www.us-cert.gov/security-publications/GRIZZLY-STEPPE-Russian-Malicious-Cyber-Activity
Android Malware Changes Router DNS Settings
https://securelist.com/blog/mobile/76969/switcher-android-joins-the-attack-the-router-club/
12/30/2016 • 3 minutes, 57 seconds
ISC StormCast for Thursday, December 29th 2016
More PHPMailer Issues. Update Again
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
CCC Talk: Lockpicking in the IoT
https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot
CCC Talk: IPv6 Scanning
https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
12/29/2016 • 5 minutes
ISC StormCast for Thursday, December 29th 2016
More PHPMailer Issues. Update Again
https://github.com/PHPMailer/PHPMailer/wiki/About-the-CVE-2016-10033-and-CVE-2016-10045-vulnerabilities
CCC Talk: Lockpicking in the IoT
https://media.ccc.de/v/33c3-8019-lockpicking_in_the_iot
CCC Talk: IPv6 Scanning
https://media.ccc.de/v/33c3-8061-you_can_-j_reject_but_you_can_not_hide_global_scanning_of_the_ipv6_internet
12/29/2016 • 5 minutes
ISC StormCast for Wednesday, December 28th 2016
Using Daemonlogger as a Software Tap
https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/
CCC Conference
https://events.ccc.de/congress/2016/wiki/Main_Page
PHPMailer Exploit Released
https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt
Patch For Exim Mail Server
https://exim.org/static/doc/CVE-2016-9963.txt
Signal Uses Domain Fronting To Evade Censor Ship
https://whispersystems.org/blog/doodles-stickers-censorship/
12/28/2016 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, December 28th 2016
Using Daemonlogger as a Software Tap
https://isc.sans.edu/forums/diary/Using+daemonlogger+as+a+Software+Tap/21859/
CCC Conference
https://events.ccc.de/congress/2016/wiki/Main_Page
PHPMailer Exploit Released
https://legalhackers.com/exploits/CVE-2016-10033/PHPMailer-RCE-exploit-poc.txt
Patch For Exim Mail Server
https://exim.org/static/doc/CVE-2016-9963.txt
Signal Uses Domain Fronting To Evade Censor Ship
https://whispersystems.org/blog/doodles-stickers-censorship/
12/28/2016 • 5 minutes, 32 seconds
ISC StormCast for Tuesday, December 27th 2016
Criticial RCE Flaw in PHPMailer
https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/
Malware Delays Execution with "Ping"
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
Apple Extends TLS Deadline
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
12/27/2016 • 6 minutes, 2 seconds
ISC StormCast for Tuesday, December 27th 2016
Criticial RCE Flaw in PHPMailer
https://isc.sans.edu/forums/diary/Critical+security+update+PHPMailer+5218+CVE201610033/21855/
Malware Delays Execution with "Ping"
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
Apple Extends TLS Deadline
https://isc.sans.edu/forums/diary/Pinging+All+The+Way/21849/
12/27/2016 • 6 minutes, 2 seconds
ISC StormCast for Thursday, December 22nd 2016
Mirai Trying Various Telnet Alternatives
https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/
Ukraining Power Outages
http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers
OurMine Hacks Netflix and Other Twitter Accounts
http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter
Methbot Generating Millions of Dollars With Click Fraud
http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
12/21/2016 • 4 minutes, 37 seconds
ISC StormCast for Thursday, December 22nd 2016
Mirai Trying Various Telnet Alternatives
https://isc.sans.edu/forums/diary/UPDATED+x1+Mirai+Scanning+for+Port+6789+Looking+for+New+Victims+Now+hitting+tcp23231/21833/
Ukraining Power Outages
http://uawire.org/news/ukrenergo-claims-that-blackouts-in-kyiv-could-have-been-caused-by-hackers
OurMine Hacks Netflix and Other Twitter Accounts
http://www.bbc.com/news/technology-38390343?ocid=socialflow_twitter
Methbot Generating Millions of Dollars With Click Fraud
http://go.whiteops.com/rs/179-SQE-823/images/WO_Methbot_Operation_WP.pdf
12/21/2016 • 4 minutes, 37 seconds
ISC StormCast for Wednesday, December 21st 2016
vSphere Data Protection Known SSH Key
http://www.vmware.com/security/advisories/VMSA-2016-0024.html
nmap Update
https://nmap.org/download.html
SCCM Software Metering
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
CryptXXX Version 3 Decryptor Available
https://noransom.kaspersky.com
Airline Inflight Entertainment System Hack
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/21/2016 • 5 minutes, 5 seconds
ISC StormCast for Wednesday, December 21st 2016
vSphere Data Protection Known SSH Key
http://www.vmware.com/security/advisories/VMSA-2016-0024.html
nmap Update
https://nmap.org/download.html
SCCM Software Metering
https://www.fireeye.com/blog/threat-research/2016/12/do_you_see_what_icc.html
CryptXXX Version 3 Decryptor Available
https://noransom.kaspersky.com
Airline Inflight Entertainment System Hack
http://blog.ioactive.com/2016/12/in-flight-hacking-system.html
SEC503, Intrusion Detection in Depth: Brussles January 16th-21st 2017
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/21/2016 • 5 minutes, 5 seconds
ISC StormCast for Tuesday, December 20th 2016
Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor
https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/
OpenSSH update
https://www.openssh.com/releasenotes.html#7.4
Google Releases Tool to Audit Crypto Libraries
https://security.googleblog.com/2016/12/project-wycheproof.html
Escaping A Restricted Shell
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
12/20/2016 • 4 minutes, 17 seconds
ISC StormCast for Tuesday, December 20th 2016
Mirai Likely Behind Port 6789 Scans. Yet Another Backdoor
https://isc.sans.edu/forums/diary/Mirai+Scanning+for+Port+6789+Looking+for+New+Victims/21833/
OpenSSH update
https://www.openssh.com/releasenotes.html#7.4
Google Releases Tool to Audit Crypto Libraries
https://security.googleblog.com/2016/12/project-wycheproof.html
Escaping A Restricted Shell
https://humblesec.wordpress.com/2016/12/08/escaping-a-restricted-shell/
12/20/2016 • 4 minutes, 17 seconds
ISC StormCast for Monday, December 19th 2016
Verizon Webmail XSS Exploit
https://randywestergren.com/persistent-xss-verizons-webmail-client/
Blocking Powershell Connections via Windows Firewall
https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/
Exploit Kits Delivering Cerber Ransomware
https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
More Security Companies joining "No More Ransom"
https://www.nomoreransom.org
IT Contractor Trying to Take Over Radio Station
https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf
Holiday Safe Computing Tips
https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
12/19/2016 • 5 minutes, 52 seconds
ISC StormCast for Monday, December 19th 2016
Verizon Webmail XSS Exploit
https://randywestergren.com/persistent-xss-verizons-webmail-client/
Blocking Powershell Connections via Windows Firewall
https://isc.sans.edu/forums/diary/Blocking+Powershell+Connection+via+Windows+Firewall/21829/
Exploit Kits Delivering Cerber Ransomware
https://isc.sans.edu/forums/diary/One+if+by+email+and+two+if+by+EK+The+Cerbers+are+coming/21823/
More Security Companies joining "No More Ransom"
https://www.nomoreransom.org
IT Contractor Trying to Take Over Radio Station
https://regmedia.co.uk/2016/12/16/kcohvtaylorfiling.pdf
Holiday Safe Computing Tips
https://isc.sans.edu/forums/diary/Holiday+Safe+Computing+Tips/21827/
12/19/2016 • 5 minutes, 52 seconds
ISC StormCast for Friday, December 16th 2016
Domain Cops Malware Analysis
https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
OS X Filevault Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
QEMU/Xen Vulnerability
http://xenbits.xen.org/xsa/advisory-199.html
DNS Changer Attacking Home Routers
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
12/16/2016 • 5 minutes, 25 seconds
ISC StormCast for Friday, December 16th 2016
Domain Cops Malware Analysis
https://isc.sans.edu/forums/diary/Domaincop+malpsam/21821/
OS X Filevault Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
QEMU/Xen Vulnerability
http://xenbits.xen.org/xsa/advisory-199.html
DNS Changer Attacking Home Routers
https://www.proofpoint.com/us/threat-insight/post/home-routers-under-attack-malvertising-windows-android-devices
12/16/2016 • 5 minutes, 25 seconds
ISC StormCast for Thursday, December 15th 2016
Malicious JavaScript Bypasses UAC
https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/
Skype Unauthorized API Access Blocked
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0
Facebook Anounces Certificate Transparency Monitoring Tool
https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165
Another Tor Browser (and Firefox) Bug Fixed
https://blog.torproject.org/blog/tor-browser-608-released
Cheap Android Phones Arrive With Malware Preinstalled
https://news.drweb.com/show/?i=10345&lng=en
Exploit for Nagios
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
12/15/2016 • 5 minutes, 28 seconds
ISC StormCast for Thursday, December 15th 2016
Malicious JavaScript Bypasses UAC
https://isc.sans.edu/forums/diary/UAC+Bypass+in+JScript+Dropper/21813/
Skype Unauthorized API Access Blocked
https://www.trustwave.com/Resources/SpiderLabs-Blog/A-Backdoor-in-Skype-for-Mac-OS-X/?page=1&year=0&month=0
Facebook Anounces Certificate Transparency Monitoring Tool
https://www.facebook.com/notes/protect-the-graph/introducing-our-certificate-transparency-monitoring-tool/1811919779048165
Another Tor Browser (and Firefox) Bug Fixed
https://blog.torproject.org/blog/tor-browser-608-released
Cheap Android Phones Arrive With Malware Preinstalled
https://news.drweb.com/show/?i=10345&lng=en
Exploit for Nagios
https://legalhackers.com/advisories/Nagios-Exploit-Command-Injection-CVE-2016-9565-2008-4796.html
12/15/2016 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, December 14th 2016
Microsoft Patch Tuesday + Adobe Flash
https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
Apple Updates
https://support.apple.com/en-us/HT201222
More Netgear Products Vulnerable; Beta Patch Available
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
iOS Profile Vulnerability PoC Available
https://cxsecurity.com/issue/WLB-2016110046
12/14/2016 • 5 minutes, 2 seconds
ISC StormCast for Wednesday, December 14th 2016
Microsoft Patch Tuesday + Adobe Flash
https://isc.sans.edu/mspatchdays.html?viewday=2016-12-13
Apple Updates
https://support.apple.com/en-us/HT201222
More Netgear Products Vulnerable; Beta Patch Available
http://kb.netgear.com/000036386/CVE-2016-582384?cid=wmt_netgear_organic
iOS Profile Vulnerability PoC Available
https://cxsecurity.com/issue/WLB-2016110046
12/14/2016 • 5 minutes, 2 seconds
ISC StormCast for Tuesday, December 13th 2016
Apple Releases Patches for iOS/WatchOS and tvOS
https://support.apple.com/en-us/HT201222
Windows 8/10 Update Causing DHCP Problems
https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992
McAfee VirusScan Enterprise for Linux Vulnerabilities
https://nation.state.actor/mcafee.html
Snowball Marketing for Ransomware
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Europol Arrests DDoS Miscreants
http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/
5 Questions to Ask you IoT Vendor
https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
12/13/2016 • 5 minutes, 49 seconds
ISC StormCast for Tuesday, December 13th 2016
Apple Releases Patches for iOS/WatchOS and tvOS
https://support.apple.com/en-us/HT201222
Windows 8/10 Update Causing DHCP Problems
https://community.plus.net/t5/Broadband/Windows-8-10-Issues/m-p/1393675#M310992
McAfee VirusScan Enterprise for Linux Vulnerabilities
https://nation.state.actor/mcafee.html
Snowball Marketing for Ransomware
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Europol Arrests DDoS Miscreants
http://www.theregister.co.uk/2016/12/12/europol_arrests_34_ddos_kiddies/
5 Questions to Ask you IoT Vendor
https://isc.sans.edu/forums/diary/5+Questions+to+Ask+your+IoT+Vendors+But+Do+Not+Expect+an+Answer/21807/
12/13/2016 • 5 minutes, 49 seconds
ISC StormCast for Monday, December 12th 2016
Malware Uses NTP to Prevent Reverse Analsys
https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/
PwC ACE Tool For SAP Introduces Security Vulnerability into SAP
http://seclists.org/fulldisclosure/2016/Dec/33
Steganography Used to Hide Exploits in Images
https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/
Netgear R7000 and R6400 Aribtrary Command Execution
http://www.kb.cert.org/vuls/id/582384
Holiday Hack Challenge
https://holidayhackchallenge.com
12/11/2016 • 5 minutes, 47 seconds
ISC StormCast for Monday, December 12th 2016
Malware Uses NTP to Prevent Reverse Analsys
https://isc.sans.edu/forums/diary/Sleeping+VBS+Really+Wants+To+Sleep/21801/
PwC ACE Tool For SAP Introduces Security Vulnerability into SAP
http://seclists.org/fulldisclosure/2016/Dec/33
Steganography Used to Hide Exploits in Images
https://isc.sans.edu/forums/diary/Steganography+in+Action+Image+Steganography+StegExpose/21803/
Netgear R7000 and R6400 Aribtrary Command Execution
http://www.kb.cert.org/vuls/id/582384
Holiday Hack Challenge
https://holidayhackchallenge.com
12/11/2016 • 5 minutes, 47 seconds
ISC StormCast for Friday, December 9th 2016
Domaincops Malware
https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/
Yahoo Mail Persistent XSS
https://klikki.fi/adv/yahoo2.html
Trend Office Scan False Positives
https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/
Linux Privilege Escalation due ot af_packet.c race condition
http://seclists.org/oss-sec/2016/q4/607
12/9/2016 • 5 minutes, 58 seconds
ISC StormCast for Friday, December 9th 2016
Domaincops Malware
https://isc.sans.edu/forums/diary/Good+Cop+Bad+Cop+Domain+Cop/21795/
Yahoo Mail Persistent XSS
https://klikki.fi/adv/yahoo2.html
Trend Office Scan False Positives
https://www.reddit.com/r/sysadmin/comments/5gs2gv/anyone_else_also_affected_by_a_deleted/
Linux Privilege Escalation due ot af_packet.c race condition
http://seclists.org/oss-sec/2016/q4/607
12/9/2016 • 5 minutes, 58 seconds
ISC StormCast for Thursday, December 8th 2016
Attackers are using AV Exclusion Lists to Bypass AV
http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
Android Update Patches "Dirty Cow"
https://source.android.com/security/bulletin/2016-12-01.html
"Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails
https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html
Firefox Cross Domain Cookie Vulnerability
https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
12/8/2016 • 6 minutes
ISC StormCast for Thursday, December 8th 2016
Attackers are using AV Exclusion Lists to Bypass AV
http://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
Android Update Patches "Dirty Cow"
https://source.android.com/security/bulletin/2016-12-01.html
"Goldeneye" Ransomware May Use Stolen Data For Realistic E-Mails
https://www.heise.de/security/meldung/Goldeneye-nutzt-Informationen-vom-Arbeitsamt-fuer-aeusserst-gezielte-Angriffe-3564386.html
Firefox Cross Domain Cookie Vulnerability
https://insert-script.blogspot.ch/2016/12/firefox-svg-cross-domain-cookie.html
12/8/2016 • 6 minutes
ISC StormCast for Wednesday, December 7th 2016
Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
12/7/2016 • 6 minutes, 30 seconds
ISC StormCast for Wednesday, December 7th 2016
Attacking NoSQL Applications
https://isc.sans.edu/forums/diary/Attacking+NoSQL+applications/21787/
Heap Buffer Overflow in Encase Forensic Imager
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161128-0_Guidance_Software_Encase_DoS_heap_buffer_overflow_vulnerabilities_v10.txt
Raspbian To Increase Default Security
https://www.raspberrypi.org/blog/a-security-update-for-raspbian-pixel/
SONY Camera Backdoor
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Feedback: https://isc.sans.edu/contact.html
12/7/2016 • 6 minutes, 30 seconds
ISC StormCast for Tuesday, December 6th 2016
Video Walk Through: Analysing Hancitor Malicious Document
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
12/6/2016 • 5 minutes, 30 seconds
ISC StormCast for Tuesday, December 6th 2016
Video Walk Through: Analysing Hancitor Malicious Document
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Videos/21783/
Rapid Distributed Credit Card Number Brute Forcing
http://eprint.ncl.ac.uk/file_store/production/230123/19180242-D02E-47AC-BDB3-73C22D6E1FDB.pdf
Cloudflare Detecting Large DDoS Attacks Over Thanksgiving / Cyber Monday
https://blog.cloudflare.com/the-daily-ddos-ten-days-of-massive-attacks/
Free Windows Tool to Harden Networks: SAMRi10
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
NY State Outlawing Automated Ticket Purchasing Software
https://www.nysenate.gov/legislation/bills/2015/S8123
12/6/2016 • 5 minutes, 30 seconds
ISC StormCast for Monday, December 5th 2016
CSP Bypass with Polyglot Images
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/4/2016 • 5 minutes, 24 seconds
ISC StormCast for Monday, December 5th 2016
CSP Bypass with Polyglot Images
http://blog.portswigger.net/2016/12/bypassing-csp-using-polyglot-jpegs.html
also see this Youtube video on Polyglot Images: https://www.youtube.com/watch?v=Ub5G_t-gUBc
Stack Overflow SQL Injection Questions
https://laurent22.github.io/so-injections/
Mirai Update: More Outages and Vulnerable Chipset Identified
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/
SEC503 Intrusion Detection in Depth in Brussles (Jan 2017):
https://www.sans.org/event/brussels-winter-2017/course/intrusion-detection-in-depth
12/4/2016 • 5 minutes, 24 seconds
ISC StormCast for Friday, December 2nd 2016
Open Source Tool "Beamgun" Fights Rogue USB Devices on Windows
https://github.com/JLospinoso/beamgun
"Shamoon" Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP "KCOM" Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
12/2/2016 • 5 minutes, 11 seconds
ISC StormCast for Friday, December 2nd 2016
Open Source Tool "Beamgun" Fights Rogue USB Devices on Windows
https://github.com/JLospinoso/beamgun
"Shamoon" Malware is back with a new destructive attack against Saudi Arabia
https://www.bloomberg.com/news/articles/2016-12-01/destructive-hacks-strike-saudi-arabia-posing-challenge-to-trump
British ISP "KCOM" Suffering Outage After Attack
http://www.hulldailymail.co.uk/kcom-blames-cyber-attack-for-thousands-losing-internet-access-in-hull/story-29944084-detail/story.html#xf23rtZbUqlh5uXY.99
Microsoft Fixes Long Known Priviledge Escalation Issue
https://threatpost.com/microsoft-silently-fixes-kernel-bug-that-led-to-chrome-sandbox-bypass/122179/
12/2/2016 • 5 minutes, 11 seconds
ISC StormCast for Thursday, December 1st 2016
Mozilla Patches Firefox 0-Day (Exploit already avaiable!)
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer "Resurgance" ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
11/30/2016 • 6 minutes, 27 seconds
ISC StormCast for Thursday, December 1st 2016
Mozilla Patches Firefox 0-Day (Exploit already avaiable!)
https://isc.sans.edu/forums/diary/Unpatched+Vulnerability+in+Firefox+used+to+Attack+Tor+Browser/21769/
SQL Slammer "Resurgance" ?
https://isc.sans.edu/forums/diary/Take+Back+Wednesday+SQL+Slammer+still+alive+but+barely+kicking/21767/
Goolian Android Malware
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Bypassing SAML 2.0 SSO
http://research.aurainfosec.io/bypassing-saml20-SSO/
Webcast: The Six Most Dangerous New Cyber Attack Techniques
https://cc.readytalk.com/registration/#/?meeting=9yq9nbx4tp7a&campaign=nggmjhc39guc
11/30/2016 • 6 minutes, 27 seconds
ISC StormCast for Wednesday, November 30th 2016
Mirai/TR-069 Update: Deutsche Telekom Routers May have been DDoSed by Traffic Volume, not Exploit
https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/
Bitlocker Encrypted Drives Exposed During System Upgrade
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Software-Only Defenses Against Rowhammer
https://arxiv.org/abs/1611.08396
11/29/2016 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, November 30th 2016
Mirai/TR-069 Update: Deutsche Telekom Routers May have been DDoSed by Traffic Volume, not Exploit
https://comsecuris.com/blog/posts/were_900k_deutsche_telekom_routers_compromised_by_mirai/
Bitlocker Encrypted Drives Exposed During System Upgrade
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Software-Only Defenses Against Rowhammer
https://arxiv.org/abs/1611.08396
11/29/2016 • 5 minutes, 54 seconds
ISC StormCast for Tuesday, November 29th 2016
Mirai Variant Scanning Port 5555 and 7547 For TR-069/SOAP Vulnerability
https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Paypal OAuth Vulnerability
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
11/29/2016 • 5 minutes, 56 seconds
ISC StormCast for Tuesday, November 29th 2016
Mirai Variant Scanning Port 5555 and 7547 For TR-069/SOAP Vulnerability
https://isc.sans.edu/forums/diary/Port+7547+SOAP+Remote+Code+Execution+Attack+Against+DSL+Modems/21759/
Paypal OAuth Vulnerability
http://blog.intothesymmetry.com/2016/11/all-your-paypal-tokens-belong-to-me.html
11/29/2016 • 5 minutes, 56 seconds
ISC StormCast for Monday, November 28th 2016
Extracting Shellcode from Javascript
https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/
Using Scapy to Test CozyDuke Snort Signatures
https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/
Malicious JPEG Spreading via Facebook
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/
San Francisco Public Transport ("MUNI") hit by Ransomware
http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/
Tesla Smartphone App Vulnerability
https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
11/28/2016 • 6 minutes, 20 seconds
ISC StormCast for Monday, November 28th 2016
Extracting Shellcode from Javascript
https://isc.sans.edu/forums/diary/Extracting+Shellcode+From+JavaScript/21753/
Using Scapy to Test CozyDuke Snort Signatures
https://isc.sans.edu/forums/diary/Scapy+vs+CozyDuke/21755/
Malicious JPEG Spreading via Facebook
http://blog.checkpoint.com/2016/11/24/imagegate-check-point-uncovers-new-method-distributing-malware-images/
San Francisco Public Transport ("MUNI") hit by Ransomware
http://sanfrancisco.cbslocal.com/2016/11/26/you-hacked-cyber-attackers-crash-muni-computer-system-across-sf/
Tesla Smartphone App Vulnerability
https://promon.co/blog/tesla-cars-can-be-stolen-by-hacking-the-app/
11/28/2016 • 6 minutes, 20 seconds
ISC StormCast for Wednesday, November 23rd 2016
WordPress RCE Via Fake Updates
http://www.openwall.com/lists/oss-security/2016/11/21/3
Turning Speakers into Microphones
http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf
5 Second Video iOS Crash
http://www.cultofmac.com/455215/455215/
"Stubby" Implements Encrypted DNS
http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
11/23/2016 • 6 minutes, 43 seconds
ISC StormCast for Wednesday, November 23rd 2016
WordPress RCE Via Fake Updates
http://www.openwall.com/lists/oss-security/2016/11/21/3
Turning Speakers into Microphones
http://cyber.bgu.ac.il/advanced-cyber/system/files/SPEAKEaR.pdf
5 Second Video iOS Crash
http://www.cultofmac.com/455215/455215/
"Stubby" Implements Encrypted DNS
http://www.theregister.co.uk/2016/11/22/dns_boffins_offer_up_privacy_test/
11/23/2016 • 6 minutes, 43 seconds
ISC StormCast for Tuesday, November 22nd 2016
Encrypted ZIP File With Comments
https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/
Siemens Surveilance Cameras Use Static Default Password
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01
NTP Single Packet DoS Vulnerablity
http://dumpco.re/cve-2016-7434/
Windows 10 Does Not Provide the Same Protections as EMET
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
11/21/2016 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, November 22nd 2016
Encrypted ZIP File With Comments
https://isc.sans.edu/forums/diary/ZIP+With+Comment/21737/
Siemens Surveilance Cameras Use Static Default Password
https://ics-cert.us-cert.gov/advisories/ICSA-16-322-01
NTP Single Packet DoS Vulnerablity
http://dumpco.re/cve-2016-7434/
Windows 10 Does Not Provide the Same Protections as EMET
https://insights.sei.cmu.edu/cert/2016/11/windows-10-cannot-protect-insecure-applications-like-emet-can.html
11/21/2016 • 5 minutes, 20 seconds
ISC StormCast for Monday, November 21st 2016
Converting Timestamps with Epocalypse
https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/
SIP Disabled on Some Macbook Pros
http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/
Spoofing Microsoft.com E-Mails with Outlook.com
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Various High Profile Twitter Accounts Hijacked By Spammers
https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/
Dyn Attack Caused by Single Angry Playstation User
http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
11/21/2016 • 5 minutes, 59 seconds
ISC StormCast for Monday, November 21st 2016
Converting Timestamps with Epocalypse
https://isc.sans.edu/forums/diary/How+many+Epoch+times+Epocalypsepy+timestamp+converter/21733/
SIP Disabled on Some Macbook Pros
http://www.macrumors.com/2016/11/17/system-integrity-protection-disabled-macbook-pro/
Spoofing Microsoft.com E-Mails with Outlook.com
https://www.utkusen.com/blog/sending-valid-phishing-emails-from-microsoftcom.html
Various High Profile Twitter Accounts Hijacked By Spammers
https://www.engadget.com/2016/11/19/spammers-compromised-twitter-accounts-for-playstation-and-other/
Dyn Attack Caused by Single Angry Playstation User
http://www.wsj.com/articles/october-internet-attack-targeted-playstation-network-researchers-say-1479250847
11/21/2016 • 5 minutes, 59 seconds
ISC StormCast for Friday, November 18th 2016
Phishers Protect Phishing Sites from Security Researchers
https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/
Fedora / Chrome Automatic Downloads and Code Execution
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Volutility Version 1.0 Released
https://techanarchy.net/2016/11/volutility-version-1-0-release/
iOS Synchronizing Call Logs via iCloud
http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
11/18/2016 • 5 minutes, 44 seconds
ISC StormCast for Friday, November 18th 2016
Phishers Protect Phishing Sites from Security Researchers
https://isc.sans.edu/forums/diary/Example+of+Getting+Analysts+Researchers+Away/21721/
Fedora / Chrome Automatic Downloads and Code Execution
https://scarybeastsecurity.blogspot.de/2016/11/0day-poc-risky-design-decisions-in.html
Volutility Version 1.0 Released
https://techanarchy.net/2016/11/volutility-version-1-0-release/
iOS Synchronizing Call Logs via iCloud
http://www.forbes.com/sites/thomasbrewster/2016/11/17/iphone-call-logs-in-icloud-warns-elcomsoft-hackers/#5d96b21c2936
11/18/2016 • 5 minutes, 44 seconds
ISC StormCast for Thursday, November 17th 2016
Russian Malspam Distributing Troldesh Ransomware
https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
Poisontap Exploits USB Ethernet Adapters
https://samy.pl/poisontap/
Symantec Patches Untrusted DLL Loading Vulnerability
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00
VMWare Patches VM Escape Vulnerablity
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Some Android Phones Leak Data To China
http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
Jacksonville ISC2 Meeting
https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
11/17/2016 • 6 minutes, 2 seconds
ISC StormCast for Thursday, November 17th 2016
Russian Malspam Distributing Troldesh Ransomware
https://isc.sans.edu/forums/diary/Malspam+distributing+Troldesh+ransomware/21717/
Poisontap Exploits USB Ethernet Adapters
https://samy.pl/poisontap/
Symantec Patches Untrusted DLL Loading Vulnerability
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20161115_00
VMWare Patches VM Escape Vulnerablity
http://www.vmware.com/security/advisories/VMSA-2016-0019.html
Some Android Phones Leak Data To China
http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
Jacksonville ISC2 Meeting
https://www.eventbrite.com/e/isc2-ne-florida-chapter-meeting-november-2016-tickets-29050701430
11/17/2016 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, November 16th 2016
Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems
http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/
Shazam Keeps Microphone Turned on Even While not "Listening"
https://objective-see.com/blog/blog_0x13.html
nginx Privilege Escalation Vulnerability (Debian Only)
http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
11/16/2016 • 5 minutes, 52 seconds
ISC StormCast for Wednesday, November 16th 2016
Vulnerability in LUKS Can Be used to Boot Encrypted Linux Systems
http://betanews.com/2016/11/15/linux-security-bug-cryptsetup-luks/
Shazam Keeps Microphone Turned on Even While not "Listening"
https://objective-see.com/blog/blog_0x13.html
nginx Privilege Escalation Vulnerability (Debian Only)
http://legalhackers.com/advisories/Nginx-Exploit-Deb-Root-PrivEsc-CVE-2016-1247.html
11/16/2016 • 5 minutes, 52 seconds
ISC StormCast for Tuesday, November 15th 2016
Indictment for the theft of FIFA Game Coins
https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf
Crysis Ransomware Master Encryption Key Released
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Adult Friend Finder Breached
https://www.leakedsource.com/blog/friendfinder
Lightbulb Web Application Firewall Auditing Framework
http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
11/15/2016 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, November 15th 2016
Indictment for the theft of FIFA Game Coins
https://regmedia.co.uk/2016/11/14/fifafraudindictment.pdf
Crysis Ransomware Master Encryption Key Released
http://www.bleepingcomputer.com/news/security/master-decryption-keys-and-decryptor-for-the-crysis-ransomware-released-/
Adult Friend Finder Breached
https://www.leakedsource.com/blog/friendfinder
Lightbulb Web Application Firewall Auditing Framework
http://seclist.us/lightbulb-is-an-open-source-python-framework-for-auditing-web-applications-firewalls.html
11/15/2016 • 5 minutes, 20 seconds
ISC StormCast for Monday, November 14th 2016
EMET Will Defeat Shell Code Executing Inside Word
https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/
Bitcoin Miners Distributed via FTP Exploits
https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/
5 Russian Banks Suffer DoS Attack
https://www.rt.com/news/366172-russian-banks-ddos-attack/
Wifi May Reveal Mobile Phone Passwords
http://dl.acm.org/citation.cfm?id=2978397
11/14/2016 • 5 minutes, 29 seconds
ISC StormCast for Monday, November 14th 2016
EMET Will Defeat Shell Code Executing Inside Word
https://isc.sans.edu/forums/diary/VBA+Shellcode+and+EMET/21705/
Bitcoin Miners Distributed via FTP Exploits
https://isc.sans.edu/forums/diary/Bitcoin+Miner+File+Upload+via+FTP/21707/
5 Russian Banks Suffer DoS Attack
https://www.rt.com/news/366172-russian-banks-ddos-attack/
Wifi May Reveal Mobile Phone Passwords
http://dl.acm.org/citation.cfm?id=2978397
11/14/2016 • 5 minutes, 29 seconds
ISC StormCast for Friday, November 11th 2016
ICMP Unreachable DoS Attacks
https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
OpenSSL 1.1.0 Patch
https://www.openssl.org/news/secadv/20161110.txt
OWASP ModSecurity Core Rule Set Version 3.0.0 Release
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
11/11/2016 • 6 minutes, 11 seconds
ISC StormCast for Friday, November 11th 2016
ICMP Unreachable DoS Attacks
https://isc.sans.edu/forums/diary/ICMP+Unreachable+DoS+Attacks+aka+Black+Nurse/21699/
OpenSSL 1.1.0 Patch
https://www.openssl.org/news/secadv/20161110.txt
OWASP ModSecurity Core Rule Set Version 3.0.0 Release
https://lists.owasp.org/pipermail/owasp-modsecurity-core-rule-set/2016-November/002265.html
11/11/2016 • 6 minutes, 11 seconds
ISC StormCast for Thursday, November 10th 2016
DoS Attack Turns off Heat for More then a Week
http://www.hs.fi/kotimaa/a1478495966653 (finish only)
DLink HNAP Vulnerability
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
PoC Exploits Available for Two MSFT Vulnerabilities
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html
Hue Lightbulb Exploit/Worm
http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
11/9/2016 • 5 minutes, 27 seconds
ISC StormCast for Thursday, November 10th 2016
DoS Attack Turns off Heat for More then a Week
http://www.hs.fi/kotimaa/a1478495966653 (finish only)
DLink HNAP Vulnerability
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/dlink-hnap-login.txt
PoC Exploits Available for Two MSFT Vulnerabilities
https://github.com/tinysec/public/tree/master/CVE-2016-7255
https://g-laurent.blogspot.com/2016/11/ms16-137-lsass-remote-memory-corruption.html
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-November/000085.html
Hue Lightbulb Exploit/Worm
http://iotworm.eyalro.net (Sophos labels this link as "Spam", but appears to be harmless)
11/9/2016 • 5 minutes, 27 seconds
ISC StormCast for Wednesday, November 9th 2016
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/
Adobe Updates
https://helpx.adobe.com/security/products/connect/apsb16-35.html
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
11/8/2016 • 7 minutes, 29 seconds
ISC StormCast for Wednesday, November 9th 2016
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/November+2016+Microsoft+Patch+Day/21689/
Adobe Updates
https://helpx.adobe.com/security/products/connect/apsb16-35.html
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
11/8/2016 • 7 minutes, 29 seconds
ISC StormCast for Tuesday, November 8th 2016
Tesco Bank Limits Online Banking After Online Criminal Activity
https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599
Belkin WeMo Devices Used To Attack Mobile Devices
https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640
Fake Retail Apps Flooding Apple App Store
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0
Netflix Password Recovery via Phone Call Vulnerability
https://slashcrypto.org/2016/11/07/Netflix/
Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic
https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
11/8/2016 • 6 minutes, 18 seconds
ISC StormCast for Tuesday, November 8th 2016
Tesco Bank Limits Online Banking After Online Criminal Activity
https://yourcommunity.tescobank.com/t5/News/Message-for-Current-Account-customers/td-p/6599
Belkin WeMo Devices Used To Attack Mobile Devices
https://www.blackhat.com/eu-16/briefings/schedule/index.html#breaking-bhad-abusing-belkin-home-automation-devices-4640
Fake Retail Apps Flooding Apple App Store
http://www.nytimes.com/2016/11/07/technology/more-iphone-fake-retail-apps-before-holidays.html?_r=0
Netflix Password Recovery via Phone Call Vulnerability
https://slashcrypto.org/2016/11/07/Netflix/
Webcast: 8 Ways To Watch The Invisible: Analyzing Encrypted Network Traffic
https://www.sans.org/webcasts/8-ways-watch-invisible-analyzing-encrypted-network-traffic-103277
11/8/2016 • 6 minutes, 18 seconds
ISC StormCast for Monday, November 7th 2016
Hancitor Maldoc Bypasses Application Whitelisting
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/
Microsoft Extends EMET Support Deadline
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Wifi Based IMSI Catcher
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
11/7/2016 • 5 minutes, 44 seconds
ISC StormCast for Monday, November 7th 2016
Hancitor Maldoc Bypasses Application Whitelisting
https://isc.sans.edu/forums/diary/Hancitor+Maldoc+Bypasses+Application+Whitelisting/21683/
Microsoft Extends EMET Support Deadline
https://blogs.technet.microsoft.com/srd/2016/11/03/beyond-emet/
Wifi Based IMSI Catcher
https://www.blackhat.com/docs/eu-16/materials/eu-16-OHanlon-WiFi-IMSI-Catcher.pdf
11/7/2016 • 5 minutes, 44 seconds
ISC StormCast for Friday, November 4th 2016
Reconstruct Binaries Sent via Telnet
https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/
Wix.com DOM Based XSS
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
DNS Based Mail Security
https://nccoe.nist.gov/projects/building_blocks/secured_email
Web of Trust Plugin Released Anonymized User Data
https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
11/3/2016 • 6 minutes, 53 seconds
ISC StormCast for Friday, November 4th 2016
Reconstruct Binaries Sent via Telnet
https://isc.sans.edu/forums/diary/Extracting+Malware+Transmitted+Via+Telnet/21673/
Wix.com DOM Based XSS
https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com
DNS Based Mail Security
https://nccoe.nist.gov/projects/building_blocks/secured_email
Web of Trust Plugin Released Anonymized User Data
https://www.mywot.com/en/forum/70396--virus-spyware-do-not-install-uninstall-as-soon-as-possible
11/3/2016 • 6 minutes, 53 seconds
ISC StormCast for Thursday, November 3rd 2016
Exchange Web Service Two-Factor Authentication Bypass
http://www.blackhillsinfosec.com/?p=5396
Barracuda DoS Disrupts Mail Delivery
http://status.barracuda.com
Targobank Looses Account Data After Maintenance
http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only)
Ouch! Security Awareness Newsletter
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
11/3/2016 • 5 minutes, 48 seconds
ISC StormCast for Thursday, November 3rd 2016
Exchange Web Service Two-Factor Authentication Bypass
http://www.blackhillsinfosec.com/?p=5396
Barracuda DoS Disrupts Mail Delivery
http://status.barracuda.com
Targobank Looses Account Data After Maintenance
http://www.spiegel.de/wirtschaft/service/targobank-kunden-fehlt-geld-auf-dem-konto-it-probleme-a-1119434.html (german only)
Ouch! Security Awareness Newsletter
http://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201611_en.pdf
11/3/2016 • 5 minutes, 48 seconds
ISC StormCast for Wednesday, November 2nd 2016
Malvertising On Google AdWords Targeting macOS Users
http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Microsoft Response to Google Privilege Escalation Disclosure
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Memcached Remote Code Execution Vulnerabilities
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
SAP Vulnerability Details Released
https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
11/2/2016 • 5 minutes, 50 seconds
ISC StormCast for Wednesday, November 2nd 2016
Malvertising On Google AdWords Targeting macOS Users
http://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Microsoft Response to Google Privilege Escalation Disclosure
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
Memcached Remote Code Execution Vulnerabilities
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
SAP Vulnerability Details Released
https://erpscan.com/press-center/blog/0-day-sap-vulnerability-published-heres-can/
11/2/2016 • 5 minutes, 50 seconds
ISC StormCast for Tuesday, November 1st 2016
snapshot.ps1 DFIR Capture
https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/
Predicting Domain Reputation
http://www.icir.org/vern/papers/predator-ccs16.pdf
Mozilla Removing Battery Status API For Privacy Reasons
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Windows Privilege Escalation 0-day Actively Exploited
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
11/1/2016 • 5 minutes, 56 seconds
ISC StormCast for Tuesday, November 1st 2016
snapshot.ps1 DFIR Capture
https://isc.sans.edu/forums/diary/SEC505+DFIR+capture+script+snapshotps1/21659/
Predicting Domain Reputation
http://www.icir.org/vern/papers/predator-ccs16.pdf
Mozilla Removing Battery Status API For Privacy Reasons
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Windows Privilege Escalation 0-day Actively Exploited
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
11/1/2016 • 5 minutes, 56 seconds
ISC StormCast for Monday, October 31st 2016
Volatility Bot: Automated Memory Analysis
https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/
911 System Fragility Exposed in Accidental DoS Attacks
https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf
Vulnerability in Mirai Botnet
https://www.invincealabs.com/blog/2016/10/killing-mirai/
XNU Kernel (iOS/macOS) task_t Privildge Escalation
https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
10/31/2016 • 6 minutes, 44 seconds
ISC StormCast for Monday, October 31st 2016
Volatility Bot: Automated Memory Analysis
https://isc.sans.edu/forums/diary/Volatility+Bot+Automated+Memory+Analysis/21655/
911 System Fragility Exposed in Accidental DoS Attacks
https://staging.mcso.org/Multimedia/PressRelease/911%20Cyber%20Attack.pdf
Vulnerability in Mirai Botnet
https://www.invincealabs.com/blog/2016/10/killing-mirai/
XNU Kernel (iOS/macOS) task_t Privildge Escalation
https://googleprojectzero.blogspot.de/2016/10/taskt-considered-harmful.html
10/31/2016 • 6 minutes, 44 seconds
ISC StormCast for Friday, October 28th 2016
Small Changes to Ransomware E-Mails May Fool Some Mail Filters
https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/
Microsoft / Google Release Browser Updates to Address Flash Vulnerablity
https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
https://googlechromereleases.blogspot.com
Social Media "Support" Phishing
https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
Path Traversal Vulnerablity in gnu tar
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Podcast Survey
https://dshield.typeform.com/to/lVgHr5
10/27/2016 • 6 minutes, 35 seconds
ISC StormCast for Friday, October 28th 2016
Small Changes to Ransomware E-Mails May Fool Some Mail Filters
https://isc.sans.edu/forums/diary/Your+Bill+Is+Not+Overdue+today/21647/
Microsoft / Google Release Browser Updates to Address Flash Vulnerablity
https://technet.microsoft.com/en-us/library/security/ms16-128.aspx
https://googlechromereleases.blogspot.com
Social Media "Support" Phishing
https://www.proofpoint.com/us/corporate-blog/post/cybercriminals-spoof-every-major-bank-masquerade-branded-customer-service-twitter-accounts
Path Traversal Vulnerablity in gnu tar
https://sintonen.fi/advisories/tar-extract-pathname-bypass.proper.txt
Podcast Survey
https://dshield.typeform.com/to/lVgHr5
10/27/2016 • 6 minutes, 35 seconds
ISC StormCast for Thursday, October 27th 2016
Adobe Releases Emergency Patch For Flash
https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/
Mobile Pwn2Own Writeup
http://blog.trendmicro.com/results-mobile-pwn2own-2016/
Mozilla Will Stick With Blacklisting Startcom/WoSign
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Joomla Exploit Released
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar
Google Spreadsheet Vulnerability
https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
10/26/2016 • 6 minutes, 2 seconds
ISC StormCast for Thursday, October 27th 2016
Adobe Releases Emergency Patch For Flash
https://isc.sans.edu/forums/diary/Critical+Flash+Player+Update+APSB1636/21643/
Mobile Pwn2Own Writeup
http://blog.trendmicro.com/results-mobile-pwn2own-2016/
Mozilla Will Stick With Blacklisting Startcom/WoSign
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Joomla Exploit Released
https://medium.com/@showthread/joomla-3-6-4-account-creation-elevated-privileges-write-up-and-exploit-965d8fb46fa2#.b8gks1jar
Google Spreadsheet Vulnerability
https://www.rodneybeede.com/Google_Spreadsheet_Vuln_-_CSRF_and_JSON_Hijacking_allows_data_theft.html
10/26/2016 • 6 minutes, 2 seconds
ISC StormCast for Wednesday, October 26th 2016
Joomla Fixes Two Critical Vulnerablities;
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
Letsencrypt Domain Verification Problem
https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/
New Locky Variants: Pumpkin Locky
http://blog.talosintel.com/2016/10/pumpkin-locky.html
Pagers still in use for Critical Infrastructure
http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
10/26/2016 • 5 minutes, 16 seconds
ISC StormCast for Wednesday, October 26th 2016
Joomla Fixes Two Critical Vulnerablities;
https://www.joomla.org/announcements/release-news/5678-joomla-3-6-4-released.html
Letsencrypt Domain Verification Problem
https://dan.enigmabridge.com/lets-encrypts-vulnerability-as-a-feature-authz-reuse-and-eternal-account-key/
New Locky Variants: Pumpkin Locky
http://blog.talosintel.com/2016/10/pumpkin-locky.html
Pagers still in use for Critical Infrastructure
http://www.trendmicro.com/vinfo/us/security/news/cyber-attacks/industrial-plant-beepers-leaking-secrets
10/26/2016 • 5 minutes, 16 seconds
ISC StormCast for Tuesday, October 25th 2016
Updates For iOS, MacOS, Safari
https://support.apple.com/en-us/HT201222
LTE Intercept Vulnerability
http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/
Rowhammer Exploit Demonstrated Against Android
https://www.vusec.net/projects/drammer/
10/25/2016 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, October 25th 2016
Updates For iOS, MacOS, Safari
https://support.apple.com/en-us/HT201222
LTE Intercept Vulnerability
http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/
Rowhammer Exploit Demonstrated Against Android
https://www.vusec.net/projects/drammer/
10/25/2016 • 6 minutes, 36 seconds
ISC StormCast for Monday, October 24th 2016
ISC Briefing: Large DDoS Attack Against Dyn
https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/
TCP Port 4786: Cisco Memory Leak Vulnerability
https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/
Dirty Cow PoC Exploits Available
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
10/23/2016 • 7 minutes, 22 seconds
ISC StormCast for Monday, October 24th 2016
ISC Briefing: Large DDoS Attack Against Dyn
https://isc.sans.edu/forums/diary/ISC+Briefing+Large+DDoS+Attack+Against+Dyn/21627/
TCP Port 4786: Cisco Memory Leak Vulnerability
https://isc.sans.edu/forums/diary/Request+for+Packets+TCP+4786+CVE20166385/21625/
Dirty Cow PoC Exploits Available
https://github.com/dirtycow/dirtycow.github.io/wiki/PoCs
To register for today's SANS Technology Institute's Professional Lecture Series, pleaes e-mail [email protected]
Spam Delivered Via .ICS Files
https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
Comodo OCR Errors Leads to SSL Certificate Verification Issues
https://heise.de/-3354229 (german only)
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Images Used to Exfiltrate CC Numbers From Web Stores
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
10/19/2016 • 5 minutes, 45 seconds
ISC StormCast for Thursday, October 20th 2016
Spam Delivered Via .ICS Files
https://isc.sans.edu/forums/diary/Spam+Delivered+via+ICS+Files/21611/
Comodo OCR Errors Leads to SSL Certificate Verification Issues
https://heise.de/-3354229 (german only)
Oracle Quarterly Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html
Images Used to Exfiltrate CC Numbers From Web Stores
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
10/19/2016 • 5 minutes, 45 seconds
ISC StormCast for Wednesday, October 19th 2016
SSL Client Hellos Soliciting SSH Banners from HAProxy
https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/
Dyre is Back as Trickbot
http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
How Stolen iPhones Are Unlocked
https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
10/19/2016 • 6 minutes, 48 seconds
ISC StormCast for Wednesday, October 19th 2016
SSL Client Hellos Soliciting SSH Banners from HAProxy
https://isc.sans.edu/forums/diary/OpenSSH+Protocol+Mismatch+In+Response+to+SSL+Client+Hello/21609/
Dyre is Back as Trickbot
http://www.threatgeek.com/2016/10/trickbot-the-dyre-connection.html
How Stolen iPhones Are Unlocked
https://www.linkedin.com/pulse/sin-card-how-criminals-unlocked-stolen-iphone-6s-renato-marinho?trk=pulse_spock-articles
10/19/2016 • 6 minutes, 48 seconds
ISC StormCast for Tuesday, October 18th 2016
Mozilla Users Reach 50% Https
https://twitter.com/0xjosh/status/786971412959420424/photo/1
Retrieving LastPass Passwords From Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
Yahoo MITM Due To Weak Crossdomain.xml Configuration
https://github.com/JordanMilne/YMail-Pineapple
10/17/2016 • 5 minutes, 20 seconds
ISC StormCast for Tuesday, October 18th 2016
Mozilla Users Reach 50% Https
https://twitter.com/0xjosh/status/786971412959420424/photo/1
Retrieving LastPass Passwords From Memory
https://techanarchy.net/2016/10/extracting-lastpass-site-credentials-from-memory/
Yahoo MITM Due To Weak Crossdomain.xml Configuration
https://github.com/JordanMilne/YMail-Pineapple
10/17/2016 • 5 minutes, 20 seconds
ISC StormCast for Monday, October 17th 2016
PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber
https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/
Decoder.xls to Decode Word Malicious Macro
https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/
Auditing SSH Servers
https://github.com/arthepsy/ssh-audit
How Not To User HTML Purifier
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
10/16/2016 • 5 minutes, 31 seconds
ISC StormCast for Monday, October 17th 2016
PseudoDakrleech Uses Rig Exploit Kit to Spread Cerber
https://isc.sans.edu/forums/diary/pseudoDarkleech+Rig+EK/21595/
Decoder.xls to Decode Word Malicious Macro
https://isc.sans.edu/forums/diary/Analyzing+Office+Maldocs+With+Decoderxls/21601/
Auditing SSH Servers
https://github.com/arthepsy/ssh-audit
How Not To User HTML Purifier
https://devwerks.net/blog/16/how-not-to-use-html-purifier/
10/16/2016 • 5 minutes, 31 seconds
ISC StormCast for Friday, October 14th 2016
Mount Docker Filesystems with docker-mount.py
https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/
Global Sign OCSP Mess Up Invalidates Countless Certs
https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0
Cisco Releases LockyDump
http://blog.talosintel.com/2016/10/lockydump.html
Google Updates Chrome
https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html
DXXD Ransomware Infected un-mapped Shares
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
10/14/2016 • 5 minutes, 30 seconds
ISC StormCast for Friday, October 14th 2016
Mount Docker Filesystems with docker-mount.py
https://isc.sans.edu/forums/diary/New+tool+dockermountpy/21589/
Global Sign OCSP Mess Up Invalidates Countless Certs
https://downloads.globalsign.com/acton/fs/blocks/showLandingPage/a/2674/p/p-008f/t/page/fm/0
Cisco Releases LockyDump
http://blog.talosintel.com/2016/10/lockydump.html
Google Updates Chrome
https://googlechromereleases.blogspot.com/2016/10/stable-channel-update-for-desktop.html
DXXD Ransomware Infected un-mapped Shares
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
10/14/2016 • 5 minutes, 30 seconds
ISC StormCast for Thursday, October 13th 2016
WiFi Still Remains a Good Attack Vector
https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/
AVTECH IP Camera Vulnerabilities
http://seclists.org/bugtraq/2016/Oct/26
SAP Patches 3 Year Old Bug in P4
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
1024 bit DSA Keys Factored
https://eprint.iacr.org/2016/961.pdf
10/12/2016 • 6 minutes, 13 seconds
ISC StormCast for Thursday, October 13th 2016
WiFi Still Remains a Good Attack Vector
https://isc.sans.edu/forums/diary/WiFi+Still+Remains+a+Good+Attack+Vector/21583/
AVTECH IP Camera Vulnerabilities
http://seclists.org/bugtraq/2016/Oct/26
SAP Patches 3 Year Old Bug in P4
https://erpscan.com/press-center/blog/sap-cyber-threat-intelligence-report-october-2016/
1024 bit DSA Keys Factored
https://eprint.iacr.org/2016/961.pdf
10/12/2016 • 6 minutes, 13 seconds
ISC StormCast for Wednesday, October 12th 2016
Microsoft and Adobe Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/
Review of Browsers SSL Failures
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n
New Malware Targeting SWIFT Users
http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
10/11/2016 • 5 minutes, 58 seconds
ISC StormCast for Wednesday, October 12th 2016
Microsoft and Adobe Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-10-11
https://helpx.adobe.com/security/products/acrobat/apsb16-33.html
http://www.minixforum.com/threads/neo-z64w-doesnt-start-anymore-after-windows-10-update-help.14122/
Review of Browsers SSL Failures
https://docs.google.com/document/d/1b7lenmn5XO06QohaJzVffnJxjXjY1rD70wg34gfuxRo/edit#heading=h.w6vk76mv9e6n
New Malware Targeting SWIFT Users
http://www.symantec.com/connect/blogs/odinaff-new-trojan-used-high-level-financial-attacks
10/11/2016 • 5 minutes, 58 seconds
ISC StormCast for Tuesday, October 11th 2016
Radare's Rehash Utility CAn calculate File Entropy
https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/
Spoofing IPs Still works
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
EU Commission Plants IoT Labeling
http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
10/11/2016 • 3 minutes, 29 seconds
ISC StormCast for Tuesday, October 11th 2016
Radare's Rehash Utility CAn calculate File Entropy
https://isc.sans.edu/forums/diary/Radare2+rahash2/21577/
Spoofing IPs Still works
https://idea.popcount.org/2016-09-20-strange-loop---ip-spoofing/
EU Commission Plants IoT Labeling
http://www.euractiv.com/section/innovation-industry/news/commission-plans-cybersecurity-rules-for-internet-connected-machines/
10/11/2016 • 3 minutes, 29 seconds
ISC StormCast for Monday, October 10th 2016
First Hurricane Matthew Phish Impersonating Stripe
https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/
Samsung Galaxy S6 "KNOXOut" Vulnerability
http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf
Windows 10 Anniversary Edition Improves IE 10 XSS Protection
http://mksben.l0.cm/2016/10/xss-via-referrer.html
10/9/2016 • 5 minutes, 9 seconds
ISC StormCast for Monday, October 10th 2016
First Hurricane Matthew Phish Impersonating Stripe
https://isc.sans.edu/forums/diary/First+Hurricane+Matthew+related+Phish/21571/
Samsung Galaxy S6 "KNOXOut" Vulnerability
http://media.wix.com/ugd/4e84e6_668d564cc447434a9a8fda3c13a63f6a.pdf
Windows 10 Anniversary Edition Improves IE 10 XSS Protection
http://mksben.l0.cm/2016/10/xss-via-referrer.html
10/9/2016 • 5 minutes, 9 seconds
ISC StormCast for Friday, October 7th 2016
More Honeypot Fun
https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/
OS X Webcam Exploit
https://objective-see.com/products/oversight.html
iOS 10 Private Browsing
https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/
Hacked Steam Accounts Used to Spread Malware
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Please Report Any Hurricane Matthew Related Malware/Scams
https://isc.sans.edu/contact.html
10/7/2016 • 5 minutes, 41 seconds
ISC StormCast for Friday, October 7th 2016
More Honeypot Fun
https://isc.sans.edu/forums/diary/Checking+my+honeypot+day/21561/
OS X Webcam Exploit
https://objective-see.com/products/oversight.html
iOS 10 Private Browsing
https://www.intaforensics.com/2016/09/30/ios-10-private-browsing-how-private-is-it/
Hacked Steam Accounts Used to Spread Malware
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Please Report Any Hurricane Matthew Related Malware/Scams
https://isc.sans.edu/contact.html
10/7/2016 • 5 minutes, 41 seconds
ISC StormCast for Thursday, October 6th 2016
Securing the Human Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf
"Security Fatigue"
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
"Selfi Pay" Facial Recognition
http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/
"MarsJoke" Ransomware Decrypted
https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
10/6/2016 • 5 minutes, 40 seconds
ISC StormCast for Thursday, October 6th 2016
Securing the Human Newsletter
https://securingthehuman.sans.org/newsletters/ouch/issues/OUCH-201610_en.pdf
"Security Fatigue"
https://www.nist.gov/news-events/news/2016/10/security-fatigue-can-cause-computer-users-feel-hopeless-and-act-recklessly
"Selfi Pay" Facial Recognition
http://www.theregister.co.uk/2016/10/05/mastercard_selfie_pay/
"MarsJoke" Ransomware Decrypted
https://threatpost.com/researchers-break-marsjoke-ransomware-encryption/121022/
Password Buddies
https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/
iMessage Data Leakage
http://rsmck.co.uk/blog/imessage-preview/
Exploiting HP Thin Client
http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
10/4/2016 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, October 4th 2016
Password Buddies
https://isc.sans.edu/forums/diary/Password+Buddies+A+Better+Way+To+Reset+Passwords/21547/
iMessage Data Leakage
http://rsmck.co.uk/blog/imessage-preview/
Exploiting HP Thin Client
http://blog.malerisch.net/2016/10/pwning-thin-client-in-less-two-minutes2-cve2016-2246.html
10/4/2016 • 5 minutes, 43 seconds
ISC StormCast for Monday, October 3rd 2016
The Short Life of a Vulnerable DVR Connected to the Internet
https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/
Another Day, Another Malicious Behaviour
https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/
Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation
https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw
Apple Joins Mozilla In Distrusting WoSign
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI
"Footprints" Browser Extension Demonstrate Unmasking User's Idendity
https://footprints.stanford.edu
10/3/2016 • 6 minutes, 2 seconds
ISC StormCast for Monday, October 3rd 2016
The Short Life of a Vulnerable DVR Connected to the Internet
https://isc.sans.edu/forums/diary/The+Short+Life+of+a+Vulnerable+DVR+Connected+to+the+Internet/21543/
Another Day, Another Malicious Behaviour
https://isc.sans.edu/forums/diary/Another+Day+Another+Malicious+Behaviour/21539/
Capcom's Streetfighter V Anti Cheat Tool Allows Privilege Escalation
https://twitter.com/TheWack0lian/status/779397840762245124/photo/1?ref_src=twsrc%5Etfw
Apple Joins Mozilla In Distrusting WoSign
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/lWJ1zdUJPLI
"Footprints" Browser Extension Demonstrate Unmasking User's Idendity
https://footprints.stanford.edu
10/3/2016 • 6 minutes, 2 seconds
ISC StormCast for Friday, September 30th 2016
Turning the lights off with SNMP
https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/
Yahoo! Anwers Used in Command and Control Networks
http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Dlink Router Includes Stupid Simple UDP Backdoor
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Hikvision XXE Vulnerability
https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
9/30/2016 • 5 minutes, 23 seconds
ISC StormCast for Friday, September 30th 2016
Turning the lights off with SNMP
https://isc.sans.edu/forums/diary/SNMP+Pwn3ge/21533/
Yahoo! Anwers Used in Command and Control Networks
http://researchcenter.paloaltonetworks.com/2016/09/unit42-confucius-says-malware-families-get-further-by-abusing-legitimate-websites/
Dlink Router Includes Stupid Simple UDP Backdoor
https://pierrekim.github.io/blog/2016-09-28-dlink-dwr-932b-lte-routers-vulnerabilities.html
Hikvision XXE Vulnerability
https://medium.com/@iraklis/an-unlikely-xxe-in-hikvisions-remote-access-camera-cloud-d57faf99620f#.qukzihoew
9/30/2016 • 5 minutes, 23 seconds
ISC StormCast for Thursday, September 29th 2016
Rig Exploit Kit Used to Spread Locky Ransomware
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/
Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/
Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511
BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html
Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
9/28/2016 • 5 minutes, 7 seconds
ISC StormCast for Thursday, September 29th 2016
Rig Exploit Kit Used to Spread Locky Ransomware
https://isc.sans.edu/forums/diary/Rig+Exploit+Kit+from+the+Afraidgate+Campaign/21531/
Facebook Releases osquery for Windows
https://blog.trailofbits.com/2016/09/27/windows-network-security-now-easier-with-osquery/
Update Cowrie and "New" Default Password used in Internet Wide Scans
https://isc.sans.edu/ssh.html?pw=xc3511
BIND Name Server Update
https://kb.isc.org/article/AA-01393/74/CVE-2016-2775%3A-A-query-name-which-is-too-long-can-cause-a-segmentation-fault-in-lwresd.html
Various Cisco DoS Vulnerabilities
https://tools.cisco.com/security/center/publicationListing.x?product=NonCisco#~Vulnerabilities
9/28/2016 • 5 minutes, 7 seconds
ISC StormCast for Wednesday, September 28th 2016
Back in Time Memory Forensics
https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/
Cameras Responsible For Large DDoS Attacks
https://twitter.com/olesovhcom/status/779297257199964160
Google Releases CSP Support Tools
https://csp-evaluator.withgoogle.com
https://chrome.google.com/webstore/detail/csp-mitigator
Microsoft Launches "fuzzing-as-a-service"
https://www.microsoft.com/en-us/springfield/
9/28/2016 • 5 minutes, 8 seconds
ISC StormCast for Wednesday, September 28th 2016
Back in Time Memory Forensics
https://isc.sans.edu/forums/diary/Back+in+Time+Memory+Forensics/21527/
Cameras Responsible For Large DDoS Attacks
https://twitter.com/olesovhcom/status/779297257199964160
Google Releases CSP Support Tools
https://csp-evaluator.withgoogle.com
https://chrome.google.com/webstore/detail/csp-mitigator
Microsoft Launches "fuzzing-as-a-service"
https://www.microsoft.com/en-us/springfield/
9/28/2016 • 5 minutes, 8 seconds
ISC StormCast for Tuesday, September 27th 2016
Decompiling P-Code
https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/
Lenovo To Add FIDO Compliant Fingerprint Reader
http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/
More Details On Simpler Password Hasing in iOS 10
https://twitter.com/thorsheim/status/779207177416351744
Mozilla to Remove WoSign and StartCom From Trusted List
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
9/26/2016 • 6 minutes, 7 seconds
ISC StormCast for Tuesday, September 27th 2016
Decompiling P-Code
https://isc.sans.edu/forums/diary/VBA+and+Pcode/21521/
Lenovo To Add FIDO Compliant Fingerprint Reader
http://www.theregister.co.uk/2016/09/26/intel_and_lenovo_give_the_finger_to_passwords_with_fido/
More Details On Simpler Password Hasing in iOS 10
https://twitter.com/thorsheim/status/779207177416351744
Mozilla to Remove WoSign and StartCom From Trusted List
https://docs.google.com/document/d/1C6BlmbeQfn4a9zydVi2UvjBGv6szuSB4sMYUcVrR8vQ/preview
9/26/2016 • 6 minutes, 7 seconds
ISC StormCast for Monday, September 26th 2016
Analyzing Malicious .PUB files
https://isc.sans.edu/forums/diary/PUB+Analysis/21517/
iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/
IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127
97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
9/26/2016 • 5 minutes, 42 seconds
ISC StormCast for Monday, September 26th 2016
Analyzing Malicious .PUB files
https://isc.sans.edu/forums/diary/PUB+Analysis/21517/
iOS 10 Backup Passwords Easier to Crack
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Windows 10 Certificate Pinning of Microsoft Domains
http://hexatomium.github.io/2016/09/24/hidden-w10-pins/
IBM Geoblocking Fail For Australian Census
http://www.aph.gov.au/DocumentStore.ashx?id=124f22ba-caaa-46ff-899d-7d96851fee3e&subId=414127
97% Of Fortune 1000 Companies Have Leaked Credentials
http://info.digitalshadows.com/rs/457-XEY-671/images/CompromisedCredentials-LearnFromtheExposureoftheWorlds1000BiggestCompanies-Download.pdf
9/26/2016 • 5 minutes, 42 seconds
ISC StormCast for Friday, September 23rd 2016
OpenSSL Security Update
https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/
ATM Skimmer Prototypes To Collect Fingerprints
https://securelist.com/files/2016/09/16_09_en.pdf
Yahoo! Breach Leaks 500M User's Data
https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
9/22/2016 • 5 minutes, 25 seconds
ISC StormCast for Friday, September 23rd 2016
OpenSSL Security Update
https://isc.sans.edu/forums/diary/OpenSSL+Update+Released/21509/
ATM Skimmer Prototypes To Collect Fingerprints
https://securelist.com/files/2016/09/16_09_en.pdf
Yahoo! Breach Leaks 500M User's Data
https://yahoo.tumblr.com/post/150781911849/an-important-message-about-yahoo-user-security
9/22/2016 • 5 minutes, 25 seconds
ISC StormCast for Thursday, September 22nd 2016
Those never-ending waves of Locky Malspam
https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/
Windows Anti Malware Scan Interface (AMSI)
http://www.labofapenetrationtester.com/2016/09/amsi.html
Cloudflare Intorducing SSL Re-Write
https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/
Australian Police Warns of Malicious USB Sticks
https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
9/21/2016 • 5 minutes, 54 seconds
ISC StormCast for Thursday, September 22nd 2016
Those never-ending waves of Locky Malspam
https://isc.sans.edu/forums/diary/Those+neverending+waves+of+Locky+malspam/21505/
Windows Anti Malware Scan Interface (AMSI)
http://www.labofapenetrationtester.com/2016/09/amsi.html
Cloudflare Intorducing SSL Re-Write
https://blog.cloudflare.com/opportunistic-encryption-bringing-http-2-to-the-unencrypted-web/
Australian Police Warns of Malicious USB Sticks
https://www.vicpolicenews.com.au/news/harmful-usb-drives-found-in-letterboxes
9/21/2016 • 5 minutes, 54 seconds
ISC StormCast for Wednesday, September 21st 2016
MacOS Sierra and Safari 10 Released
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
BackConnect BGP Hijacks
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
Metasploit Vulnerablity
https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
9/21/2016 • 4 minutes, 57 seconds
ISC StormCast for Wednesday, September 21st 2016
MacOS Sierra and Safari 10 Released
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
BackConnect BGP Hijacks
http://research.dyn.com/2016/09/backconnects-suspicious-bgp-hijacks/
Metasploit Vulnerablity
https://github.com/justinsteven/advisories/blob/master/2016_metasploit_rce_static_key_deserialization.md
9/21/2016 • 4 minutes, 57 seconds
ISC StormCast for Tuesday, September 20th 2016
Taking Over Facebook Pages
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Exchange Auto-Discovery Vulnerability
http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/
Spyware Apps Targeting Travelers Removed From Goolge App Store
https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
Firefox Will Patch HSTS Vulnerability
https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/
OpenSSL Patch Pre-Announcement
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
9/20/2016 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, September 20th 2016
Taking Over Facebook Pages
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Exchange Auto-Discovery Vulnerability
http://www.theregister.co.uk/2016/09/19/ms_exchange_alleged_bug/
Spyware Apps Targeting Travelers Removed From Goolge App Store
https://blog.lookout.com/blog/2016/09/16/embassy-spyware-google-play/
Firefox Will Patch HSTS Vulnerability
https://threatpost.com/mozilla-patching-firefox-certificate-pinning-vulnerability/120694/
OpenSSL Patch Pre-Announcement
https://mta.openssl.org/pipermail/openssl-announce/2016-September/000076.html
9/20/2016 • 5 minutes, 39 seconds
ISC StormCast for Monday, September 19th 2016
Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Intercepting OS X Passwords
https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/
Vulnerabilities Introduced By Converting 32 Bit to 64 Bit
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
HSTS Preload Database and Webservices
https://hstspreload.com
9/19/2016 • 7 minutes, 16 seconds
ISC StormCast for Monday, September 19th 2016
Cisco Issues Advisories for IKEv1 "heartbleed like" Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160916-ikev1
Intercepting OS X Passwords
https://www.scriptjunkie.us/2016/09/intercepting-passwords-to-escalate-privileges-on-os-x/
Vulnerabilities Introduced By Converting 32 Bit to 64 Bit
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
HSTS Preload Database and Webservices
https://hstspreload.com
9/19/2016 • 7 minutes, 16 seconds
ISC StormCast for Friday, September 16th 2016
Locky Ransomware Updates
https://blog.avira.com/locky-ransomware-goes-autopilot/
https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground
https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/
Critical Update For Cisco WebEx Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Dualtoy Malware Attacks iOS and Android
http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/
Certificate Pinning Issue in Firefox/Tor Browser
https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
9/16/2016 • 5 minutes, 50 seconds
ISC StormCast for Friday, September 16th 2016
Locky Ransomware Updates
https://blog.avira.com/locky-ransomware-goes-autopilot/
https://blogs.forcepoint.com/security-labs/locky-distributor-uses-newly-released-quant-loader-sold-russian-underground
https://isc.sans.edu/forums/diary/Is+2+out+of+3+good+enough+for+AntiMalware/21485/
Critical Update For Cisco WebEx Server
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160914-wem
Dualtoy Malware Attacks iOS and Android
http://researchcenter.paloaltonetworks.com/2016/09/dualtoy-new-windows-trojan-sideloads-risky-apps-to-android-and-ios-devices/
Certificate Pinning Issue in Firefox/Tor Browser
https://hackernoon.com/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95#.9jnte0u52
9/16/2016 • 5 minutes, 50 seconds
ISC StormCast for Thursday, September 15th 2016
Exploit Attempts for Drupal RESTWS Module Vulnerablity
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/
Google France XSS Vulnerability
https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/
Pokemon Go Continues to Lead to Malware
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
VMWare Update Fixes Escape Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
9/15/2016 • 5 minutes, 11 seconds
ISC StormCast for Thursday, September 15th 2016
Exploit Attempts for Drupal RESTWS Module Vulnerablity
https://isc.sans.edu/forums/diary/Exploit+Attempts+for+Drupal+RESTWS+x+Module+Vulnerability/21481/
Google France XSS Vulnerability
https://sysdream.com/news/lab/2016-09-12-cross-site-scripting-vulnerability-found-on-www-google-fr/
Pokemon Go Continues to Lead to Malware
https://securelist.com/blog/mobile/76081/rooting-pokemons-in-google-play-store/
VMWare Update Fixes Escape Vulnerablity
https://www.vmware.com/security/advisories/VMSA-2016-0014.html
9/15/2016 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, September 14th 2016
Microsoft Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13
Adobe Air Patches
https://helpx.adobe.com/security/products/air/apsb16-31.html
iOS 10 Update
https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
9/14/2016 • 9 minutes, 21 seconds
ISC StormCast for Wednesday, September 14th 2016
Microsoft Patches
https://isc.sans.edu/mspatchdays.html?viewday=2016-09-13
Adobe Air Patches
https://helpx.adobe.com/security/products/air/apsb16-31.html
iOS 10 Update
https://isc.sans.edu/forums/diary/Apple+iOS+10+and+1001+Released/21473/
9/14/2016 • 9 minutes, 21 seconds
ISC StormCast for Tuesday, September 13th 2016
If it's Free, YOU are the Product
https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/
Weak MySQL Configurations Can Lead To Privilege Escalation
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Full Disk Encryption Ransomware
https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
9/13/2016 • 6 minutes, 15 seconds
ISC StormCast for Tuesday, September 13th 2016
If it's Free, YOU are the Product
https://isc.sans.edu/forums/diary/If+its+Free+YOU+are+the+Product/21469/
Weak MySQL Configurations Can Lead To Privilege Escalation
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Full Disk Encryption Ransomware
https://www.linkedin.com/pulse/mamba-new-full-disk-encryption-ransomware-family-member-marinho?trk=prof-post
9/13/2016 • 6 minutes, 15 seconds
ISC StormCast for Monday, September 12th 2016
Upgrading Security to MacOS Sierra
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
PCI PIN Transation Security / Point of Interaction Update
https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf
IMAPS Scans
https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
9/12/2016 • 6 minutes, 21 seconds
ISC StormCast for Monday, September 12th 2016
Upgrading Security to MacOS Sierra
https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
PCI PIN Transation Security / Point of Interaction Update
https://www.pcisecuritystandards.org/documents/PCI_PTS_POI_SRs_v5.pdf
IMAPS Scans
https://isc.sans.edu/forums/diary/Ongoing+IMAP+Scan+Anyone+Else/21463/
9/12/2016 • 6 minutes, 21 seconds
ISC StormCast for Friday, September 9th 2016
Spikes in SNMP Traffic: Looking for PCAPs
https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/
New Version of Wireshark Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
XEN Hypervisor Vulnerabilities
https://xenbits.xen.org/xsa/
Google Moving Ahead With HTTP Phaseout
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Old Windows Media Player DRM Feature Still Used To Install Malware
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
SEC503 Intrusion Detection in Depth Online Training
https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
9/8/2016 • 7 minutes, 4 seconds
ISC StormCast for Friday, September 9th 2016
Spikes in SNMP Traffic: Looking for PCAPs
https://isc.sans.edu/forums/diary/Curious+SNMP+Traffic+Spike/21457/
New Version of Wireshark Released
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
XEN Hypervisor Vulnerabilities
https://xenbits.xen.org/xsa/
Google Moving Ahead With HTTP Phaseout
https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
Old Windows Media Player DRM Feature Still Used To Install Malware
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
SEC503 Intrusion Detection in Depth Online Training
https://www.sans.org/vlive/details/sec503-19sep2016-johannes-ullrich-phd
9/8/2016 • 7 minutes, 4 seconds
ISC StormCast for Thursday, September 8th 2016
DShield Blocklist Update
https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/
Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities
http://www.kb.cert.org/vuls/id/724487
Rapid7 Published NSM Vulnerabilities
http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/
OPM Breached by Two Different Attackers
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
9/8/2016 • 5 minutes, 32 seconds
ISC StormCast for Thursday, September 8th 2016
DShield Blocklist Update
https://isc.sans.edu/forums/diary/Updated+DShield+Blocklist/21453/
Fortinet FortiWAN Load Balancer Mulitple Unpatched Vulnerabilities
http://www.kb.cert.org/vuls/id/724487
Rapid7 Published NSM Vulnerabilities
http://www.theregister.co.uk/2016/09/07/natwork_magement_vulns/
OPM Breached by Two Different Attackers
https://oversight.house.gov/wp-content/uploads/2016/09/The-OPM-Data-Breach-How-the-Government-Jeopardized-Our-National-Security-for-More-than-a-Generation.pdf
9/8/2016 • 5 minutes, 32 seconds
ISC StormCast for Wednesday, September 7th 2016
Google September Android Security Update
https://source.android.com/security/bulletin/2016-09-01.html
Hard Coded Password / Key Issue Gets Worse
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Snagging Credentials From Locked Machines (Windows and OS X)
https://room362.com/post/2016/snagging-creds-from-locked-machines/
9/6/2016 • 5 minutes, 51 seconds
ISC StormCast for Wednesday, September 7th 2016
Google September Android Security Update
https://source.android.com/security/bulletin/2016-09-01.html
Hard Coded Password / Key Issue Gets Worse
http://blog.sec-consult.com/2016/09/house-of-keys-9-months-later-40-worse.html
Snagging Credentials From Locked Machines (Windows and OS X)
https://room362.com/post/2016/snagging-creds-from-locked-machines/
9/6/2016 • 5 minutes, 51 seconds
ISC StormCast for Tuesday, September 6th 2016
Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities
https://support.apple.com/en-us/HT201222
Malware Delivered via ".pub" Files
https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/
Sophos Anti Virus False Positive Causes Blue Screen of Death
https://community.sophos.com/kb/en-us/125000
Adobe Reviving Flash for Linux
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
Google Patches Nexuse 5X Vulnerability
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
9/6/2016 • 5 minutes, 13 seconds
ISC StormCast for Tuesday, September 6th 2016
Apple Patches OS X and Safari for Trident/Pegasus Vulnerabilities
https://support.apple.com/en-us/HT201222
Malware Delivered via ".pub" Files
https://isc.sans.edu/forums/diary/Malware+Delivered+via+pub+Files/21443/
Sophos Anti Virus False Positive Causes Blue Screen of Death
https://community.sophos.com/kb/en-us/125000
Adobe Reviving Flash for Linux
https://blogs.adobe.com/flashplayer/2016/08/beta-news-flash-player-npapi-for-linux.html
Google Patches Nexuse 5X Vulnerability
https://securityintelligence.com/undocumented-patched-vulnerability-in-nexus-5x-allowed-for-memory-dumping-via-usb/
9/6/2016 • 5 minutes, 13 seconds
ISC StormCast for Friday, September 2nd 2016
Malware Using Maxmind For Geolocation
https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/
Content Security Policy of Limited Use in Real World
https://research.google.com/pubs/pub45542.html
CryptWare Bitlocker Enhancement Vulnerability
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt
Google Releases Chrome 53
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
9/1/2016 • 4 minutes, 56 seconds
ISC StormCast for Friday, September 2nd 2016
Malware Using Maxmind For Geolocation
https://isc.sans.edu/forums/diary/Maxmindcom+Abused+As+AntiAnalysis+Technique/21435/
Content Security Policy of Limited Use in Real World
https://research.google.com/pubs/pub45542.html
CryptWare Bitlocker Enhancement Vulnerability
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160831-0_CryptWare_CryptoPro_Manipulation_of_pre-boot_authentication_v10.txt
Google Releases Chrome 53
http://googlechromereleases.blogspot.com/2016/08/stable-channel-update-for-desktop_31.html
9/1/2016 • 4 minutes, 56 seconds
ISC StormCast for Thursday, September 1st 2016
Abobe ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
OS X Bittorrent Client Transmission Backdoored
http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit
https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
Vulnerable REDIS Instances Used by Fake Ransomware
https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
9/1/2016 • 5 minutes, 23 seconds
ISC StormCast for Thursday, September 1st 2016
Abobe ColdFusion Update
https://helpx.adobe.com/security/products/coldfusion/apsb16-30.html
OS X Bittorrent Client Transmission Backdoored
http://www.welivesecurity.com/2016/08/30/osxkeydnap-spreads-via-signed-transmission-application/
Arrested Lurk Hacking Group Likely Developed Angler Exploit Kit
https://securelist.com/analysis/publications/75944/the-hunt-for-lurk/
Vulnerable REDIS Instances Used by Fake Ransomware
https://duo.com/blog/over-18-000-redis-instances-targeted-by-fake-ransomware
9/1/2016 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, August 31st 2016
Today's Locky Variant Arrives as a Windows Script File
https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/
OneLogin Breached and Secure Notes Lost
https://www.onelogin.com/blog/august-2016-incident
USB Memory Stick Can Be Used to Exfiltrate Data Wireless
http://cyber.bgu.ac.il/t/USBee.pdf
Jail Break App in Apple's App Store
https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
8/31/2016 • 4 minutes, 47 seconds
ISC StormCast for Wednesday, August 31st 2016
Today's Locky Variant Arrives as a Windows Script File
https://isc.sans.edu/forums/diary/Todays+Locky+Variant+Arrives+as+a+Windows+Script+File/21423/
OneLogin Breached and Secure Notes Lost
https://www.onelogin.com/blog/august-2016-incident
USB Memory Stick Can Be Used to Exfiltrate Data Wireless
http://cyber.bgu.ac.il/t/USBee.pdf
Jail Break App in Apple's App Store
https://www.reddit.com/r/jailbreak/comments/506eyp/release_ppjailbreak_on_the_appstore/
8/31/2016 • 4 minutes, 47 seconds
ISC StormCast for Tuesday, August 30th 2016
CA WoSign Law Validation Policy
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
FBI Warns Of Vulnerabilities in State Election Websites
https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed
Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
Bank ATMs Compromised via Malicious EMV Chip
https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
8/30/2016 • 5 minutes, 46 seconds
ISC StormCast for Tuesday, August 30th 2016
CA WoSign Law Validation Policy
https://groups.google.com/forum/#!topic/mozilla.dev.security.policy/k9PBmyLCi8I
FBI Warns Of Vulnerabilities in State Election Websites
https://www.scribd.com/document/322473050/FBI-Flash-Aug-2016#from_embed
Bug in "Keeper" Password Safe Allows Attackers to Steal Passwords
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
Bank ATMs Compromised via Malicious EMV Chip
https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html
8/30/2016 • 5 minutes, 46 seconds
ISC StormCast for Monday, August 29th 2016
Spam with Obfuscated Javascript
https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/
Another Day - Another Ransomware Sample
https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/
OpenSSL Update
https://www.openssl.org/news/openssl-1.1.0-notes.html
Opera Sync Server Breached
https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/
Fake Windows Update Delivers Ransomware
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
Dropbox Resets Old Passwords After Data Leak
https://www.dropbox.com/help/9257?oref=e
8/29/2016 • 5 minutes, 35 seconds
ISC StormCast for Monday, August 29th 2016
Spam with Obfuscated Javascript
https://isc.sans.edu/forums/diary/Spam+with+Obfuscated+Javascript/21415/
Another Day - Another Ransomware Sample
https://isc.sans.edu/forums/diary/Another+Day+Another+Ransomware+Sample/21413/
OpenSSL Update
https://www.openssl.org/news/openssl-1.1.0-notes.html
Opera Sync Server Breached
https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/
Fake Windows Update Delivers Ransomware
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
Dropbox Resets Old Passwords After Data Leak
https://www.dropbox.com/help/9257?oref=e
8/29/2016 • 5 minutes, 35 seconds
ISC StormCast for Friday, August 26th 2016
Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Nginx DNS Resolver Issue (Windows Only)
http://blog.zorinaq.com/nginx-resolver-vulns/
Wifi Signals Can Be Used for Keystroke Sniffing
https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
8/25/2016 • 6 minutes, 10 seconds
ISC StormCast for Friday, August 26th 2016
Out-of-Band iOS Patch Fixes 0-Day Vulnerabilities
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Malicious E-Mail Installs Proxy File to Redirect Requests to santander.com.br
https://isc.sans.edu/forums/diary/OutofBand+iOS+Patch+Fixes+0Day+Vulnerabilities/21409/
Nginx DNS Resolver Issue (Windows Only)
http://blog.zorinaq.com/nginx-resolver-vulns/
Wifi Signals Can Be Used for Keystroke Sniffing
https://www.sigmobile.org/mobicom/2015/papers/p90-aliA.pdf
8/25/2016 • 6 minutes, 10 seconds
ISC StormCast for Thursday, August 25th 2016
Juniper/Cisco Updates Regarding #NSA Exploits
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Wildfire Ransomware Takedown and Key Recovery
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/
"Sandscout" tool to exploit iOS Sandbox Vulnerabilities
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German)
Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn)
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
8/24/2016 • 6 minutes, 21 seconds
ISC StormCast for Thursday, August 25th 2016
Juniper/Cisco Updates Regarding #NSA Exploits
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10605&actp=search
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Wildfire Ransomware Takedown and Key Recovery
https://blogs.mcafee.com/mcafee-labs/wildfire-ransomware-extinguished-tool-nomoreransom-unlock-files-free/
"Sandscout" tool to exploit iOS Sandbox Vulnerabilities
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html (sorry, only in German)
Sweet32 Birthday Attack against 3DES and Blowfish (https/openvpn)
http://www.maclife.de/news/sandscout-forscher-tu-darmstadt-finden-sicherheitsluecken-ios-sandbox-10081401.html
8/24/2016 • 6 minutes, 21 seconds
ISC StormCast for Wednesday, August 24th 2016
Voicemail Message Notification Deliver Ransomware
https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/
Updates Microsoft Word Bulletin
https://support.microsoft.com/en-us/kb/3179163
Multiple BTS Software Vulnerabilities
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/
Popular HTTP Proxies Vulnerable to Cache Poisoning
https://hostoftroubles.com
8/24/2016 • 5 minutes, 28 seconds
ISC StormCast for Wednesday, August 24th 2016
Voicemail Message Notification Deliver Ransomware
https://isc.sans.edu/forums/diary/Voice+Message+Notifications+Deliver+Ransomware/21397/
Updates Microsoft Word Bulletin
https://support.microsoft.com/en-us/kb/3179163
Multiple BTS Software Vulnerabilities
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-different-open-source-bts-products/
Popular HTTP Proxies Vulnerable to Cache Poisoning
https://hostoftroubles.com
8/24/2016 • 5 minutes, 28 seconds
ISC StormCast for Tuesday, August 23rd 2016
Multiple Vulnerabilities in BHU Router
http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html
Smart Socket Vulnerability
https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/
Smart Security Cameras are Spying on You
http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e
Veracrypt 1.18a With Limited UEFI Support
https://veracrypt.codeplex.com/releases/view/625477
8/23/2016 • 5 minutes
ISC StormCast for Tuesday, August 23rd 2016
Multiple Vulnerabilities in BHU Router
http://blog.ioactive.com/2016/08/multiple-vulnerabilities-in-bhu-wifi.html
Smart Socket Vulnerability
https://labs.bitdefender.com/2016/08/hackers-can-use-smart-sockets-to-shut-down-critical-systems/
Smart Security Cameras are Spying on You
http://www.forbes.com/sites/marcwebertobias/2016/08/22/is-your-smart-security-camera-protecting-your-home-or-spying-on-you/#6fb3a6414d1e
Veracrypt 1.18a With Limited UEFI Support
https://veracrypt.codeplex.com/releases/view/625477
8/23/2016 • 5 minutes
ISC StormCast for Monday, August 22nd 2016
GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316)
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Wikileaks Leaked E-Mail Includes Malware
https://github.com/bontchev/wlscrape/blob/master/malware.md
Android Vulnerable to TCP Connection Hijack
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/
Cerber Ransomware Decryption Tool No Longer Operational
https://www.cerberdecrypt.com/RansomwareDecryptionTool/
8/22/2016 • 5 minutes, 4 seconds
ISC StormCast for Monday, August 22nd 2016
GnuPG/libgcrypt Weak Random Numbers (CVE-2016-6316)
https://lists.gnupg.org/pipermail/gnupg-announce/2016q3/000395.html
Wikileaks Leaked E-Mail Includes Malware
https://github.com/bontchev/wlscrape/blob/master/malware.md
Android Vulnerable to TCP Connection Hijack
https://blog.lookout.com/blog/2016/08/15/linux-vulnerability-android/
Cerber Ransomware Decryption Tool No Longer Operational
https://www.cerberdecrypt.com/RansomwareDecryptionTool/
8/22/2016 • 5 minutes, 4 seconds
ISC StormCast for Friday, August 19th 2016
One Compromised Site - 2 Exploit Campaigns
https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/
Shadow Broker Leak Vendor Responses
https://blogs.cisco.com/security/shadow-brokers
http://fortiguard.com/advisory/FG-IR-16-023
Google Releases OS X Whitelisting Application
https://github.com/google/santa/wiki
8/18/2016 • 6 minutes, 38 seconds
ISC StormCast for Friday, August 19th 2016
One Compromised Site - 2 Exploit Campaigns
https://isc.sans.edu/forums/diary/1+compromised+site+2+campaigns/21381/
Shadow Broker Leak Vendor Responses
https://blogs.cisco.com/security/shadow-brokers
http://fortiguard.com/advisory/FG-IR-16-023
Google Releases OS X Whitelisting Application
https://github.com/google/santa/wiki
8/18/2016 • 6 minutes, 38 seconds
ISC StormCast for Thursday, August 18th 2016
522 Error Code For the Win
https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/
Short PGP Keys Abused in the Wild
https://news.ycombinator.com/item?id=12296974
HTTP "FalseConnect" Vulnerability
http://www.kb.cert.org/vuls/id/905344
8/17/2016 • 6 minutes, 4 seconds
ISC StormCast for Thursday, August 18th 2016
522 Error Code For the Win
https://isc.sans.edu/forums/diary/522+Error+Code+for+the+Win/21377/
Short PGP Keys Abused in the Wild
https://news.ycombinator.com/item?id=12296974
HTTP "FalseConnect" Vulnerability
http://www.kb.cert.org/vuls/id/905344
8/17/2016 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, August 17th 2016
Cryptoanalysis of a Fully Homomorphic Encryption Scheme
http://eprint.iacr.org/2016/775.pdf
Recreating Android App Displays from Memory
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf
Various Router Exploits Released
https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
8/16/2016 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, August 17th 2016
Cryptoanalysis of a Fully Homomorphic Encryption Scheme
http://eprint.iacr.org/2016/775.pdf
Recreating Android App Displays from Memory
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_saltaformaggio.pdf
Various Router Exploits Released
https://medium.com/@msuiche/shadow-brokers-nsa-exploits-of-the-week-3f7e17bdc216#.mnoyydmeu
8/16/2016 • 6 minutes, 4 seconds
ISC StormCast for Tuesday, August 16th 2016
Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Updated Group Policies To Block Macros in Office 2013
https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/
Bypassing Application Whitelisting using WinDbg
http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
Bypassing UAC without writing to disk
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
8/15/2016 • 6 minutes, 20 seconds
ISC StormCast for Tuesday, August 16th 2016
Starting October 2016, Microsoft Will Use Montly Rollup Updates for Win 7/8.1
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Updated Group Policies To Block Macros in Office 2013
https://isc.sans.edu/forums/diary/MS+Office+2013+New+Macro+Controls+Sorta/21371/
Bypassing Application Whitelisting using WinDbg
http://www.exploit-monday.com/2016/08/windbg-cdb-shellcode-runner.html
Bypassing UAC without writing to disk
https://enigma0x3.net/2016/08/15/fileless-uac-bypass-using-eventvwr-exe-and-registry-hijacking/
8/15/2016 • 6 minutes, 20 seconds
ISC StormCast for Monday, August 15th 2016
Most Android Devices Protected From Quadrooter By Default
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
Dangers of IP Geolocation
https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/
Microsoft Secure Boot Key Bypass
https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
8/14/2016 • 6 minutes, 8 seconds
ISC StormCast for Monday, August 15th 2016
Most Android Devices Protected From Quadrooter By Default
http://www.androidcentral.com/google-confirms-verify-apps-can-block-apps-quadrooter-exploits
Dangers of IP Geolocation
https://nakedsecurity.sophos.com/2016/08/11/couple-sue-over-ip-glitch-that-repeatedly-sent-feds-to-their-house/
Microsoft Secure Boot Key Bypass
https://rol.im/securegoldenkeyboot/ (careful. highly annoying but harmless)
8/14/2016 • 6 minutes, 8 seconds
ISC StormCast for Friday, August 12th 2016
Bling Spoofing of TCP Connections CVE-2016-5696
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Fingerprinting TLS Using TShark
https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/
Forensics Artifcats on iOS Messaging Apps
https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/
Vulnerable VW Remote Keyless Unlock
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
8/11/2016 • 9 minutes, 47 seconds
ISC StormCast for Friday, August 12th 2016
Bling Spoofing of TCP Connections CVE-2016-5696
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Fingerprinting TLS Using TShark
https://isc.sans.edu/forums/diary/Profiling+SSL+Clients+with+tshark/21361/
Forensics Artifcats on iOS Messaging Apps
https://isc.sans.edu/forums/diary/Looking+for+the+insider+Forensic+Artifacts+on+iOS+Messaging+App/21363/
Vulnerable VW Remote Keyless Unlock
https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/garcia
8/11/2016 • 9 minutes, 47 seconds
ISC StormCast for Wednesday, August 10th 2016
MSFT Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/
Adobe Patch for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html
Avast Anti Virus Conflict With Windows 10 Anniversary Update
https://forum.avast.com/index.php?topic=189403.0
8/10/2016 • 5 minutes, 26 seconds
ISC StormCast for Wednesday, August 10th 2016
MSFT Patch Tuesday Summary
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+August+2016/21357/
Adobe Patch for Adobe Experience Manager
https://helpx.adobe.com/security/products/experience-manager/apsb16-27.html
Avast Anti Virus Conflict With Windows 10 Anniversary Update
https://forum.avast.com/index.php?topic=189403.0
8/10/2016 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, August 9th 2016
Using File Entropy to Identify "Ransomwared" Files
https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/
Bypassing Windows Digital Signatures
https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
Quadrooter Android Vulnerability
http://blog.checkpoint.com/2016/08/07/quadrooter/
Defcon Slides Online
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/
Philips Hue Exploit (Video)
http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
8/8/2016 • 6 minutes, 15 seconds
ISC StormCast for Tuesday, August 9th 2016
Using File Entropy to Identify "Ransomwared" Files
https://isc.sans.edu/forums/diary/Using+File+Entropy+to+Identify+Ransomwared+Files/21351/
Bypassing Windows Digital Signatures
https://www.blackhat.com/docs/us-16/materials/us-16-Nipravsky-Certificate-Bypass-Hiding-And-Executing-Malware-From-A-Digitally-Signed-Executable-wp.pdf
Quadrooter Android Vulnerability
http://blog.checkpoint.com/2016/08/07/quadrooter/
Defcon Slides Online
https://media.defcon.org/DEF%20CON%2024/DEF%20CON%2024%20presentations/
Philips Hue Exploit (Video)
http://colinoflynn.com/wp-content/uploads/2016/08/us-16-OFlynn-A-Lightbulb-Worm-wp.pdf
8/8/2016 • 6 minutes, 15 seconds
ISC StormCast for Monday, August 8th 2016
Analyzing Malicious RTF Files
https://isc.sans.edu/forums/diary/rtfdump/21347/
Monitors Vulnerable To Remote Code Execution
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels
Brute Forcing Encrypted Hard drive Protections
https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
What is Using Your Webcam
http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
8/8/2016 • 5 minutes, 39 seconds
ISC StormCast for Monday, August 8th 2016
Analyzing Malicious RTF Files
https://isc.sans.edu/forums/diary/rtfdump/21347/
Monitors Vulnerable To Remote Code Execution
http://motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels
Brute Forcing Encrypted Hard drive Protections
https://www.blackhat.com/docs/us-16/materials/us-16-OFlynn-Brute-Forcing-Lockdown-Harddrive-PIN-Codes.pdf
What is Using Your Webcam
http://www.welivesecurity.com/2016/08/04/afraid-someone-misusing-webcam/
8/8/2016 • 5 minutes, 39 seconds
ISC StormCast for Friday, August 5th 2016
Surge in Scans for Netis Router
https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/
iPhone Thieves Use Targeted Phishing
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk
NUUO/ReadyNAS Video Recorder Vulnerabilities
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt
mixed-blend-mode Browser History Leak
https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
8/5/2016 • 6 minutes, 32 seconds
ISC StormCast for Friday, August 5th 2016
Surge in Scans for Netis Router
https://isc.sans.edu/forums/diary/Surge+in+Exploit+Attempts+for+Netis+Router+Backdoor+UDP53413/21337/
iPhone Thieves Use Targeted Phishing
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82#.spgmbaejk
NUUO/ReadyNAS Video Recorder Vulnerabilities
https://raw.githubusercontent.com/pedrib/PoC/master/advisories/nuuo-nvr-vulns.txt
mixed-blend-mode Browser History Leak
https://lcamtuf.blogspot.com/2016/08/css-mix-blend-mode-is-bad-for-keeping.html
8/5/2016 • 6 minutes, 32 seconds
ISC StormCast for Thursday, August 4th 2016
The Dark Side of Certificate Transparency
https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/
Ouch Security Awareness Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
HTTP/2 Vulnerabilities
http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
8/4/2016 • 6 minutes, 17 seconds
ISC StormCast for Thursday, August 4th 2016
The Dark Side of Certificate Transparency
https://isc.sans.edu/forums/diary/The+Dark+Side+of+Certificate+Transparency/21329/
Ouch Security Awareness Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
HTTP/2 Vulnerabilities
http://www.imperva.com/docs/Imperva_HII_HTTP2.pdf
8/4/2016 • 6 minutes, 17 seconds
ISC StormCast for Wednesday, August 3rd 2016
Windows 10 Aniversary Update Feedback
https://kc.mcafee.com/corporate/index?page=content&id=KB87536
Android Updates
https://source.android.com/security/bulletin/2016-08-01.html
Unlocking Murder Victim Phone With Printed Fingerprint
http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/
signout.live.com remote code execution vulnerability
http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
Edge/IE Still Leak NTLM Credentials (since 1997!)
hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
8/3/2016 • 5 minutes, 44 seconds
ISC StormCast for Wednesday, August 3rd 2016
Windows 10 Aniversary Update Feedback
https://kc.mcafee.com/corporate/index?page=content&id=KB87536
Android Updates
https://source.android.com/security/bulletin/2016-08-01.html
Unlocking Murder Victim Phone With Printed Fingerprint
http://msutoday.msu.edu/news/2016/accessing-a-murder-victims-smartphone-to-help-solve-a-crime/
signout.live.com remote code execution vulnerability
http://www.kernelpicnic.net/2016/07/24/Microsoft-signout.live.com-Remote-Code-Execution-Write-Up.html
Edge/IE Still Leak NTLM Credentials (since 1997!)
hxxp://witch.valdikss.org.ru (careful: test site will try to grab credentials)
8/3/2016 • 5 minutes, 44 seconds
ISC StormCast for Tuesday, August 2nd 2016
Are You Getting I-CANNED?
https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/
Windows 10 Anniversary Edition
https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/
Pangu Jailbreak Leading To Compromised Accounts?
https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/
https://twitter.com/PanguTeam/status/759729314577342468
SANS Boston "Security Impact of IPv6"
https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
8/2/2016 • 6 minutes, 29 seconds
ISC StormCast for Tuesday, August 2nd 2016
Are You Getting I-CANNED?
https://isc.sans.edu/forums/diary/Are+you+getting+ICANNED/21323/
Windows 10 Anniversary Edition
https://blogs.windows.com/windowsexperience/2016/06/29/windows-10-anniversary-update-available-august-2/
Pangu Jailbreak Leading To Compromised Accounts?
https://www.reddit.com/r/jailbreak/comments/4v9cju/discussion_is_pangus_jailbreak_safe_an_hour_after/
https://twitter.com/PanguTeam/status/759729314577342468
SANS Boston "Security Impact of IPv6"
https://www.sans.org/event/boston-2016/bonus-sessions/9392/#bonus-box
8/2/2016 • 6 minutes, 29 seconds
ISC StormCast for Monday, August 1st 2016
rtfobj Update
https://isc.sans.edu/forums/diary/rtfobj/21317/
Comodo SSL Certificates Mixup
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
SwiftKey Keyboard May Leak Private Data to Other Users
https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/
New Version of OPNSense Released
https://forum.opnsense.org/index.php?topic=3428.0
WhatsApp Does Not Delete All Chats
http://www.zdziarski.com/blog/?p=6143
7/31/2016 • 5 minutes, 51 seconds
ISC StormCast for Monday, August 1st 2016
rtfobj Update
https://isc.sans.edu/forums/diary/rtfobj/21317/
Comodo SSL Certificates Mixup
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
SwiftKey Keyboard May Leak Private Data to Other Users
https://blog.swiftkey.com/important-information-relating-to-the-status-of-our-sync-services/
New Version of OPNSense Released
https://forum.opnsense.org/index.php?topic=3428.0
WhatsApp Does Not Delete All Chats
http://www.zdziarski.com/blog/?p=6143
7/31/2016 • 5 minutes, 51 seconds
ISC StormCast for Friday, July 29th 2016
Verifying SSL/TLS Certificates Manually
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/
LastPass Security Updates
https://blog.lastpass.com/2016/07/lastpass-security-updates.html/
Android Linux Kernel Defenses
https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html
Update to ISC Suspicious Domain List
https://isc.sans.edu/suspicious_domains.html
7/29/2016 • 5 minutes, 33 seconds
ISC StormCast for Friday, July 29th 2016
Verifying SSL/TLS Certificates Manually
https://isc.sans.edu/forums/diary/Verifying+SSLTLS+certificates+manually/21311/
LastPass Security Updates
https://blog.lastpass.com/2016/07/lastpass-security-updates.html/
Android Linux Kernel Defenses
https://security.googleblog.com/2016/07/protecting-android-with-more-linux.html
Update to ISC Suspicious Domain List
https://isc.sans.edu/suspicious_domains.html
DNS Cmd and Ctrl via AAAA Records
https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/
Microsoft Authenticator
https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/
WPAD May Leak HTTPS URLs
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
HOnions: Tor Servers To Discover Snooping Tor Nodes
https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
7/27/2016 • 6 minutes, 4 seconds
ISC StormCast for Wednesday, July 27th 2016
DNS Cmd and Ctrl via AAAA Records
https://isc.sans.edu/forums/diary/Command+and+Control+Channels+Using+AAAA+DNS+Records/21301/
Microsoft Authenticator
https://blogs.technet.microsoft.com/enterprisemobility/2016/07/25/microsoft-authenticator-coming-august-15th/
WPAD May Leak HTTPS URLs
http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
HOnions: Tor Servers To Discover Snooping Tor Nodes
https://regmedia.co.uk/2016/07/25/10_honions-sanatinia.pdf
7/27/2016 • 6 minutes, 4 seconds
ISC StormCast for Tuesday, July 26th 2016
Python Malware - Part 4
https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/
Powerware Decrypter
https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py
No More Ransomware
https://www.nomoreransom.org
Pangu iOS 9.3.3 Jailbrake
http://en.pangu.io
Safe Skies TSA Keys Duplicated
http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
7/26/2016 • 5 minutes, 11 seconds
ISC StormCast for Tuesday, July 26th 2016
Python Malware - Part 4
https://isc.sans.edu/forums/diary/Python+Malware+Part+4/21297/
Powerware Decrypter
https://github.com/pan-unit42/public_tools/blob/master/powerware/powerware_decrypt.py
No More Ransomware
https://www.nomoreransom.org
Pangu iOS 9.3.3 Jailbrake
http://en.pangu.io
Safe Skies TSA Keys Duplicated
http://www.3ders.org/articles/20160725-hackers-create-3d-printed-tsa-safe-skies-master-key-for-luggage-release-blueprints.html
7/26/2016 • 5 minutes, 11 seconds
ISC StormCast for Monday, July 25th 2016
NIST Digital Authentication Guide Preview
https://github.com/usnistgov/800-63-3
Powerware Ransomware Spoofing Locky
http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/
SAP HANA Security Advisory
http://www.onapsis.com/research/security-advisories
Pokemon Go Forensics
https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
7/25/2016 • 5 minutes, 47 seconds
ISC StormCast for Monday, July 25th 2016
NIST Digital Authentication Guide Preview
https://github.com/usnistgov/800-63-3
Powerware Ransomware Spoofing Locky
http://researchcenter.paloaltonetworks.com/2016/07/unit42-powerware-ransomware-spoofing-locky-malware-family/
SAP HANA Security Advisory
http://www.onapsis.com/research/security-advisories
Pokemon Go Forensics
https://www.gillware.com/forensics/blog/mobile-forensics/oh-no-pokemon-go-forensic-artifacts
7/25/2016 • 5 minutes, 47 seconds
ISC StormCast for Friday, July 22nd 2016
A Practice ntds.dit File For Hash Extraction and Password Cracking
https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/
Mozilla Further Reducing Flash Content
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Little Snitch Update
https://www.obdev.at/products/littlesnitch/releasenotes.html
PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability)
http://php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
7/22/2016 • 4 minutes, 49 seconds
ISC StormCast for Friday, July 22nd 2016
A Practice ntds.dit File For Hash Extraction and Password Cracking
https://isc.sans.edu/forums/diary/Practice+ntdsdit+File/21287/
Mozilla Further Reducing Flash Content
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Little Snitch Update
https://www.obdev.at/products/littlesnitch/releasenotes.html
PHP 7.0.9 / 5.6.24 Released (fixes httpoxy vulnerability)
http://php.net/ChangeLog-7.php#7.0.9
http://www.php.net/ChangeLog-5.php#5.6.24
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
7/22/2016 • 4 minutes, 49 seconds
ISC StormCast for Thursday, July 21st 2016
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DNS Root Key Rotation
http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf
Anti-Malware Codehooking Vulnerabilities
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
More Details Regaring Apple's Image I/O Vulnerablity
http://www.talosintelligence.com/reports/TALOS-2016-0171/
Hidden Backdoor in Dell Security Software
https://www.digitaldefense.com/ddi-six-discoveries/
7/21/2016 • 5 minutes, 17 seconds
ISC StormCast for Thursday, July 21st 2016
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
DNS Root Key Rotation
http://schd.ws/hosted_files/icann562016/60/Matt%20Larson%20ICANN56%20KSK%20roll%20briefing.pdf
Anti-Malware Codehooking Vulnerabilities
http://breakingmalware.com/vulnerabilities/captain-hook-pirating-avs-bypass-exploit-mitigations/
More Details Regaring Apple's Image I/O Vulnerablity
http://www.talosintelligence.com/reports/TALOS-2016-0171/
Hidden Backdoor in Dell Security Software
https://www.digitaldefense.com/ddi-six-discoveries/
httpoxy Vulnerability
https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Toll Number Calling via Two Factor Authentication
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
7/19/2016 • 6 minutes, 28 seconds
ISC StormCast for Tuesday, July 19th 2016
httpoxy Vulnerability
https://isc.sans.edu/forums/diary/HTTP+Proxy+Header+Vulnerability+httpoxy/21271/
Apple Security Updates
https://support.apple.com/en-us/HT201222
Toll Number Calling via Two Factor Authentication
https://www.arneswinnen.net/2016/07/how-i-could-steal-money-from-instagram-google-and-microsoft/
7/19/2016 • 6 minutes, 28 seconds
ISC StormCast for Monday, July 18th 2016
More Python Malware
Critical Juniper Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
MS16-053 Included in Neutrino Exploit Kit
https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html
SSH Username Disclosure
http://seclists.org/fulldisclosure/2016/Jul/51
7/18/2016 • 5 minutes, 43 seconds
ISC StormCast for Monday, July 18th 2016
More Python Malware
Critical Juniper Vulnerability
https://kb.juniper.net/InfoCenter/index?page=content&id=JSA10755&actp=search
MS16-053 Included in Neutrino Exploit Kit
https://www.fireeye.com/blog/threat-research/2016/07/exploit_kits_quickly.html
SSH Username Disclosure
http://seclists.org/fulldisclosure/2016/Jul/51
7/18/2016 • 5 minutes, 43 seconds
ISC StormCast for Friday, July 15th 2016
The Power of Web Shells
https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/
Airtel India Intercepting Cloudflare Traffic
https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6
WordPress SEO Pack Plugin Persistent Cross Site Scripting
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
Github Releases synsanity SYN Flood Defense
http://githubengineering.com/syn-flood-mitigation-with-synsanity/
MS16-094 Prevents Booting Linux On Microsoft Surface
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
7/15/2016 • 5 minutes, 25 seconds
ISC StormCast for Friday, July 15th 2016
The Power of Web Shells
https://isc.sans.edu/forums/diary/The+Power+of+Web+Shells/21257/
Airtel India Intercepting Cloudflare Traffic
https://medium.com/@karthikb351/airtel-is-sniffing-and-censoring-cloudflares-traffic-in-india-and-they-don-t-even-know-it-90935f7f6d98#.g78ucnpo6
WordPress SEO Pack Plugin Persistent Cross Site Scripting
https://sumofpwn.nl/advisory/2016/persistent_cross_site_scripting_in_all_in_one_seo_pack_wordpress_plugin.html
Github Releases synsanity SYN Flood Defense
http://githubengineering.com/syn-flood-mitigation-with-synsanity/
MS16-094 Prevents Booting Linux On Microsoft Surface
http://www.theregister.co.uk/2016/07/15/windows_fix_closes_rt_unlock_loophole/
7/15/2016 • 5 minutes, 25 seconds
ISC StormCast for Thursday, July 14th 2016
Hunting for Malicious Files with MISP + OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/
Drupal: Patch released today to fix a highly critical RCE in contributed modules
https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/
Riffle anonymity network trying to compete with tor
http://people.csail.mit.edu/devadas/pubs/riffle.pdf
7/14/2016 • 4 minutes, 38 seconds
ISC StormCast for Thursday, July 14th 2016
Hunting for Malicious Files with MISP + OSSEC
https://isc.sans.edu/forums/diary/Hunting+for+Malicious+Files+with+MISP+OSSEC/21251/
Drupal: Patch released today to fix a highly critical RCE in contributed modules
https://isc.sans.edu/forums/diary/Drupal+Patch+released+today+to+fix+a+highly+critical+RCE+in+contributed+modules/21255/
Riffle anonymity network trying to compete with tor
http://people.csail.mit.edu/devadas/pubs/riffle.pdf
7/14/2016 • 4 minutes, 38 seconds
ISC StormCast for Wednesday, July 13th 2016
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/
"Ranscam" Ransom Ware Deleted Data
http://blog.talosintel.com/2016/07/ranscam.html
7/13/2016 • 7 minutes, 34 seconds
ISC StormCast for Wednesday, July 13th 2016
Microsoft Patch Tuesday
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+July+2016/21249/
"Ranscam" Ransom Ware Deleted Data
http://blog.talosintel.com/2016/07/ranscam.html
7/13/2016 • 7 minutes, 34 seconds
ISC StormCast for Tuesday, July 12th 2016
Hiding in White Text: Word Documents with Embedded Payloads
https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/
Pokemon Go Requests "Full Access" to iOS User's Google Account
http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk
Hacking Siri With Barely Audible Voice Commands
https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf
iOS Users Locked Out of Devices by Ransom Attacks
http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html
Contact Form For Feedback
https://isc.sans.edu/contact.html
7/12/2016 • 6 minutes, 1 second
ISC StormCast for Tuesday, July 12th 2016
Hiding in White Text: Word Documents with Embedded Payloads
https://isc.sans.edu/forums/diary/Hiding+in+White+Text+Word+Documents+with+Embedded+Payloads/21227/
Pokemon Go Requests "Full Access" to iOS User's Google Account
http://adamreeve.tumblr.com/post/147120922009/pokemon-go-is-a-huge-security-risk
Hacking Siri With Barely Audible Voice Commands
https://security.cs.georgetown.edu/~tavish/hvc_usenix.pdf
iOS Users Locked Out of Devices by Ransom Attacks
http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html
Contact Form For Feedback
https://isc.sans.edu/contact.html
7/12/2016 • 6 minutes, 1 second
ISC StormCast for Monday, July 11th 2016
Pentesters (and Attackers) Love Internet Connected Security Cameras!
https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/
Lessons Learned From Industrial Control Systems
https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/
BMW Portal Insecurity
http://www.vulnerability-lab.com/get_content.php?id=1736
http://www.vulnerability-lab.com/get_content.php?id=1737
Pokemon Go App Used To Rob Users
https://regmedia.co.uk/2016/07/10/34798567498753.pdf
Facebook Messenger End-to-End Encryption
http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
7/11/2016 • 5 minutes, 20 seconds
ISC StormCast for Monday, July 11th 2016
Pentesters (and Attackers) Love Internet Connected Security Cameras!
https://isc.sans.edu/forums/diary/Pentesters+and+Attackers+Love+Internet+Connected+Security+Cameras/21231/
Lessons Learned From Industrial Control Systems
https://isc.sans.edu/forums/diary/Lessons+Learned+from+Industrial+Control+Systems/21243/
BMW Portal Insecurity
http://www.vulnerability-lab.com/get_content.php?id=1736
http://www.vulnerability-lab.com/get_content.php?id=1737
Pokemon Go App Used To Rob Users
https://regmedia.co.uk/2016/07/10/34798567498753.pdf
Facebook Messenger End-to-End Encryption
http://newsroom.fb.com/news/2016/07/messenger-starts-testing-end-to-end-encryption-with-secret-conversations/
7/11/2016 • 5 minutes, 20 seconds
ISC StormCast for Friday, July 8th 2016
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/
OUCH Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016
Discovering Malware in TLS Traffic
http://arxiv.org/abs/1607.01639
TP-Link Uses tplinklogin.net Domain
http://thehackernews.com/2016/07/tp-link-router-setting.html
7/7/2016 • 5 minutes, 24 seconds
ISC StormCast for Friday, July 8th 2016
Patchwork: Is it still "Advanced" if all you have to do is Copy/Paste?
https://isc.sans.edu/forums/diary/Patchwork+Is+it+still+Advanced+if+all+you+have+to+do+is+CopyPaste/21235/
OUCH Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#july2016
Discovering Malware in TLS Traffic
http://arxiv.org/abs/1607.01639
TP-Link Uses tplinklogin.net Domain
http://thehackernews.com/2016/07/tp-link-router-setting.html
7/7/2016 • 5 minutes, 24 seconds
ISC StormCast for Thursday, July 7th 2016
CryptXXX Update
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/
Symantec Patches On the Way (but not fast)
https://twitter.com/taviso?lang=en
Android Adware/Malware
https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
HP Updates Comware and VCX Routers
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351
Tracking Devices With Randomized Wifi MAC Addresses
http://papers.mathyvanhoef.com/asiaccs2016.pdf
7/7/2016 • 5 minutes, 20 seconds
ISC StormCast for Thursday, July 7th 2016
CryptXXX Update
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229/
Symantec Patches On the Way (but not fast)
https://twitter.com/taviso?lang=en
Android Adware/Malware
https://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
HP Updates Comware and VCX Routers
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05184351
Tracking Devices With Randomized Wifi MAC Addresses
http://papers.mathyvanhoef.com/asiaccs2016.pdf
7/7/2016 • 5 minutes, 20 seconds
ISC StormCast for Wednesday, July 6th 2016
Apache Fixes Critical HTTP/2 TLS Authentication Flaw
https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/
Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability
https://twitter.com/al3xtjames
UK Police Data Breaches
https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf
Mac Malware Uses Tor For C&C
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
Front Door Intercom Backdoor
http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf
wget arbitrary command line execution with redirects
https://blogs.securiteam.com/index.php/archives/2701
7/6/2016 • 5 minutes, 34 seconds
ISC StormCast for Wednesday, July 6th 2016
Apache Fixes Critical HTTP/2 TLS Authentication Flaw
https://isc.sans.edu/forums/diary/Apache+Update+TLS+Certificate+Authentication+Bypass+with+HTTP2+CVE20164979/21223/
Gigabyte and HP Motherboards Affected by "ThinkPwn" UEFI Vulnerability
https://twitter.com/al3xtjames
UK Police Data Breaches
https://www.bigbrotherwatch.org.uk/wp-content/uploads/2016/07/Safe-in-Police-Hands.pdf
Mac Malware Uses Tor For C&C
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
Front Door Intercom Backdoor
http://www.synacktiv.ninja/ressources/NDH-Intercoms_presentation_Dudek.pdf
wget arbitrary command line execution with redirects
https://blogs.securiteam.com/index.php/archives/2701
7/6/2016 • 5 minutes, 34 seconds
ISC StormCast for Tuesday, July 5th 2016
Change in patterns for the pseudoDarkleech Campaign
https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/
Thinkpad SMS Arbitrary Code Execution Exploit
https://github.com/Cr4sh/ThinkPwn
SQLLite Temp File Vulnerability
http://seclists.org/fulldisclosure/2016/Jul/0
AVG Publishes Mulit-Ransomware Decryption Tool
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Euro 2016 App Leaks User's Data
http://wandera.com/downloads/Euro_Paper.pdf
7/5/2016 • 4 minutes, 55 seconds
ISC StormCast for Tuesday, July 5th 2016
Change in patterns for the pseudoDarkleech Campaign
https://isc.sans.edu/forums/diary/Change+in+patterns+for+the+pseudoDarkleech+campaign/21217/
Thinkpad SMS Arbitrary Code Execution Exploit
https://github.com/Cr4sh/ThinkPwn
SQLLite Temp File Vulnerability
http://seclists.org/fulldisclosure/2016/Jul/0
AVG Publishes Mulit-Ransomware Decryption Tool
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Euro 2016 App Leaks User's Data
http://wandera.com/downloads/Euro_Paper.pdf
7/5/2016 • 4 minutes, 55 seconds
ISC StormCast for Friday, July 1st 2016
Phishing Campaign with Blurred Images
https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/
FoxIT Patches PDF Reader Security Flaws
https://www.foxitsoftware.com/support/security-bulletins.php#content-2016
Vulnerabilities in StartCom's API
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Hummer Trojan Leads Android Malware
http://www.cmcm.com/blog/en/security/2016-06-29/995.html
7/1/2016 • 5 minutes, 34 seconds
ISC StormCast for Friday, July 1st 2016
Phishing Campaign with Blurred Images
https://isc.sans.edu/forums/diary/Phishing+Campaign+with+Blurred+Images/21207/
FoxIT Patches PDF Reader Security Flaws
https://www.foxitsoftware.com/support/security-bulletins.php#content-2016
Vulnerabilities in StartCom's API
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Hummer Trojan Leads Android Malware
http://www.cmcm.com/blog/en/security/2016-06-29/995.html
7/1/2016 • 5 minutes, 34 seconds
ISC StormCast for Thursday, June 30th 2016
Critical Symantec AV Vulnerabilities
http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
Google "My Activity"
https://myactivity.google.com/myactivity
Hashcat/OCLHashcat 3.0 Released
https://hashcat.net/forum/thread-5559.html
Lenovo Thinkpad Firmware Reverse Analysis
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Linux Privilege Escalation Vulnerabilities
http://www.openwall.com/lists/oss-security/2016/06/24/5
6/30/2016 • 4 minutes, 48 seconds
ISC StormCast for Thursday, June 30th 2016
Critical Symantec AV Vulnerabilities
http://googleprojectzero.blogspot.ca/2016/06/how-to-compromise-enterprise-endpoint.html
Google "My Activity"
https://myactivity.google.com/myactivity
Hashcat/OCLHashcat 3.0 Released
https://hashcat.net/forum/thread-5559.html
Lenovo Thinkpad Firmware Reverse Analysis
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Linux Privilege Escalation Vulnerabilities
http://www.openwall.com/lists/oss-security/2016/06/24/5
6/30/2016 • 4 minutes, 48 seconds
ISC StormCast for Wednesday, June 29th 2016
Odd User-Agents
https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/
ZimbraCrypt Ransomware
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
Hard Drives Still Not Wiped Before Selling Them on EBay
http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study
PhotoLogin Option For LogmeOnce
https://www.logmeonce.com/photologin/
6/29/2016 • 4 minutes, 27 seconds
ISC StormCast for Wednesday, June 29th 2016
Odd User-Agents
https://isc.sans.edu/forums/diary/What+is+your+most+unusual+UserAgent/21203/
ZimbraCrypt Ransomware
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
Hard Drives Still Not Wiped Before Selling Them on EBay
http://www2.blancco.com/en-rs-leftovers-a-data-recovery-study
PhotoLogin Option For LogmeOnce
https://www.logmeonce.com/photologin/
6/29/2016 • 4 minutes, 27 seconds
ISC StormCast for Tuesday, June 28th 2016
Recent Fake DDOS Threats by "Armada Collective"
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
IRS Discontinues e-Filing Pins
https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin
CCTV Cameras Still A Major Threat
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
6/28/2016 • 6 minutes, 9 seconds
ISC StormCast for Tuesday, June 28th 2016
Recent Fake DDOS Threats by "Armada Collective"
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
IRS Discontinues e-Filing Pins
https://www.irs.gov/uac/irs-statement-on-the-electronic-filing-pin
CCTV Cameras Still A Major Threat
https://blog.sucuri.net/2016/06/large-cctv-botnet-leveraged-ddos-attacks.html
Uber Vulnerabliity Summary
https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/
Apple Intentially Left Kernel Decrypted
https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/
Wordpress Fixes Various Critical Vulnerabilities
https://codex.wordpress.org/Version_4.5.3
Let's Encrypt Reaching 5 Million Issued Certificates
https://letsencrypt.org/2016/06/22/https-progress-june-2016.html
Necurs Botnet is Back
https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
6/24/2016 • 5 minutes
ISC StormCast for Friday, June 24th 2016
Uber Vulnerabliity Summary
https://labs.integrity.pt/articles/uber-hacking-how-we-found-out-who-you-are-where-you-are-and-where-you-went/
Apple Intentially Left Kernel Decrypted
https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/
Wordpress Fixes Various Critical Vulnerabilities
https://codex.wordpress.org/Version_4.5.3
Let's Encrypt Reaching 5 Million Issued Certificates
https://letsencrypt.org/2016/06/22/https-progress-june-2016.html
Necurs Botnet is Back
https://www.proofpoint.com/us/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
6/24/2016 • 5 minutes
ISC StormCast for Thursday, June 23rd 2016
Deobfuscating Java Code
https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/
iOS 10 Beta Not Encrypted To Aid Bug Hunters
https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/
Microsoft Updates SEAL
http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf
Cisco Releases Pidgin Vulnerabilities
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html
Libarchive vulnerabilities
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
6/23/2016 • 5 minutes, 16 seconds
ISC StormCast for Thursday, June 23rd 2016
Deobfuscating Java Code
https://isc.sans.edu/forums/diary/Security+through+obscurity+never+works/21187/
iOS 10 Beta Not Encrypted To Aid Bug Hunters
https://www.technologyreview.com/s/601748/apple-opens-up-iphone-code-in-what-could-be-savvy-strategy-or-security-screwup/
Microsoft Updates SEAL
http://research.microsoft.com/en-us/people/kilai/v2.0-beta.pdf
Cisco Releases Pidgin Vulnerabilities
http://blog.talosintel.com/2016/06/vulnerability-spotlight-pidgin.html
Libarchive vulnerabilities
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
6/23/2016 • 5 minutes, 16 seconds
ISC StormCast for Wednesday, June 22nd 2016
Apple Airport (and Time Capsule) Update
https://support.apple.com/en-us/HT201222
StartCom Adding API For Free SSL Certificates
https://support.apple.com/en-us/HT201222
BitCoin Phishing With Typo Squatting Domains
http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html
Google Attempting to Simplify 2 Factor Authentication
http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
6/22/2016 • 5 minutes, 10 seconds
ISC StormCast for Wednesday, June 22nd 2016
Apple Airport (and Time Capsule) Update
https://support.apple.com/en-us/HT201222
StartCom Adding API For Free SSL Certificates
https://support.apple.com/en-us/HT201222
BitCoin Phishing With Typo Squatting Domains
http://blog.cyren.com/articles/2016-Q2_bitcoin-phishing-via-google-adwords.html
Google Attempting to Simplify 2 Factor Authentication
http://googleappsupdates.blogspot.co.uk/2016/06/new-settings-for-2-step-verification.html
6/22/2016 • 5 minutes, 10 seconds
ISC StormCast for Tuesday, June 21st 2016
Fake SWIFT Payment Notices Used in Malicious E-Mail Campaign
https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/
RedHat Fixes Various OpenSSL Integer Overflows
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
JavaScript Ransom Ware
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
Triada/Horde Mobile Malware Updates
http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
6/21/2016 • 5 minutes, 5 seconds
ISC StormCast for Tuesday, June 21st 2016
Fake SWIFT Payment Notices Used in Malicious E-Mail Campaign
https://isc.sans.edu/forums/diary/Ongoing+Spam+Campaign+Related+to+Swift/21177/
RedHat Fixes Various OpenSSL Integer Overflows
https://github.com/openssl/openssl/commit/a004e72b95835136d3f1ea90517f706c24c03da7
JavaScript Ransom Ware
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
Triada/Horde Mobile Malware Updates
http://blog.checkpoint.com/2016/06/17/in-the-wild-mobile-malware-implements-new-features/
6/21/2016 • 5 minutes, 5 seconds
ISC StormCast for Monday, June 20th 2016
Avoiding Javascript Malware
https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/
LogMeIn Joining Other Sites in Proactively Resetting Passwords
https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/
Kaspersky Publishes Details Around Recent Flash Vulnerability
https://securelist.com/blog/research/75100/operation-daybreak/
CSRF Vulnerability in Democratic Party Donation Platform
http://rajk.me/actblue/#intro
6/19/2016 • 5 minutes, 5 seconds
ISC StormCast for Monday, June 20th 2016
Avoiding Javascript Malware
https://isc.sans.edu/forums/diary/Controlling+JavaScript+Malware+Before+it+Runs/21171/
LogMeIn Joining Other Sites in Proactively Resetting Passwords
https://blog.logmeininc.com/password-reuse-issue-affecting-logmein-users/
Kaspersky Publishes Details Around Recent Flash Vulnerability
https://securelist.com/blog/research/75100/operation-daybreak/
CSRF Vulnerability in Democratic Party Donation Platform
http://rajk.me/actblue/#intro
6/19/2016 • 5 minutes, 5 seconds
ISC StormCast for Friday, June 17th 2016
Adobe Patches Critiical Flash Vulnerability
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Teamviewer Users May be Compromised by Trojaned Client
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
Siemens ICS Equipment Transmits Credentials Over the Network
https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02
GitHub Resets User Accounts Compromissed In 3rd Party Incident
https://github.com/blog/2190-github-security-update-reused-password-attack
HTTP Header Injection in Python urllib
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
6/17/2016 • 5 minutes, 20 seconds
ISC StormCast for Friday, June 17th 2016
Adobe Patches Critiical Flash Vulnerability
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
Teamviewer Users May be Compromised by Trojaned Client
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
Siemens ICS Equipment Transmits Credentials Over the Network
https://ics-cert.us-cert.gov/advisories/ICSA-16-161-02
GitHub Resets User Accounts Compromissed In 3rd Party Incident
https://github.com/blog/2190-github-security-update-reused-password-attack
HTTP Header Injection in Python urllib
http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html
6/17/2016 • 5 minutes, 20 seconds
ISC StormCast for Thursday, June 16th 2016
Group Policy Issues After Applying MS16-072 (KB3159398)
https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP
Apple Will Reject Apps Using HTTP
https://developer.apple.com/videos/play/wwdc2016/706/
Rising AntiVirus Includes Malware (article only in german)
http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html
SAP Patch
https://erpscan.com/press-center/blog/sap-security-notes-june-2016/
Breached RDP Servers For Rent
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
6/16/2016 • 4 minutes, 36 seconds
ISC StormCast for Thursday, June 16th 2016
Group Policy Issues After Applying MS16-072 (KB3159398)
https://social.technet.microsoft.com/Forums/en-US/e2ebead9-b30d-4789-a151-5c7783dbbe34/patch-tuesday-kb3159398?forum=winserverGP
Apple Will Reject Apps Using HTTP
https://developer.apple.com/videos/play/wwdc2016/706/
Rising AntiVirus Includes Malware (article only in german)
http://www.heise.de/security/meldung/Virenscanner-infiziert-Systeme-mit-Sality-Virus-3237654.html
SAP Patch
https://erpscan.com/press-center/blog/sap-security-notes-june-2016/
Breached RDP Servers For Rent
https://www.wired.com/2016/06/xdedic-server-trading-forum-kaspersky/
6/16/2016 • 4 minutes, 36 seconds
ISC StormCast for Wednesday, June 15th 2016
Microsoft Updates
https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14
Adobe Updates (Incl. active exploitation of Flash Vuln.)
https://helpx.adobe.com/security.html
6/15/2016 • 7 minutes, 37 seconds
ISC StormCast for Wednesday, June 15th 2016
Microsoft Updates
https://isc.sans.edu/mspatchdays.html?viewday=2016-06-14
Adobe Updates (Incl. active exploitation of Flash Vuln.)
https://helpx.adobe.com/security.html
DNS Sinkhole 2.0 Released
https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/
Visual C Telemetry Library
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/
Crysis Ransomware
http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/
Intel Releases ROP Attack Protection
http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
EMC Fixes Data Domain Session ID Disclosure Vulnerability
https://auscert.org.au/render.html?it=35618
6/13/2016 • 5 minutes, 21 seconds
ISC StormCast for Monday, June 13th 2016
DNS Sinkhole 2.0 Released
https://isc.sans.edu/forums/diary/DNS+Sinkhole+ISO+Version+20/21153/
Visual C Telemetry Library
https://www.reddit.com/r/cpp/comments/4ibauu/visual_studio_adding_telemetry_function_calls_to/
Crysis Ransomware
http://www.eset.com/us/resources/detail/new-ransomware-threat-crysis-lays-claim-to-teslacrypt-s-former-turf/
Intel Releases ROP Attack Protection
http://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
EMC Fixes Data Domain Session ID Disclosure Vulnerability
https://auscert.org.au/render.html?it=35618
6/13/2016 • 5 minutes, 21 seconds
ISC StormCast for Friday, June 10th 2016
Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched
http://blog.talosintel.com/2016/06/pdfium.html
Google Continues to Remove SSLv3 Support
http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html
Vibration Sensor Can Be Used As Microphone
http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf
Keypass Fixes Vulnerable Update Procedure
http://keepass.info/help/kb/sec_issues.html#updsig
6/10/2016 • 5 minutes, 12 seconds
ISC StormCast for Friday, June 10th 2016
Google Chrome PDF Viewer Remote Code Execution Vulnerability Patched
http://blog.talosintel.com/2016/06/pdfium.html
Google Continues to Remove SSLv3 Support
http://googleappsupdates.blogspot.com.au/2016/06/gradually-disabling-support-for-sslv3.html
Vibration Sensor Can Be Used As Microphone
http://synrg.csl.illinois.edu/vibraphone/paperdocs/VibraPhone_nirupam.pdf
Keypass Fixes Vulnerable Update Procedure
http://keepass.info/help/kb/sec_issues.html#updsig
6/10/2016 • 5 minutes, 12 seconds
ISC StormCast for Thursday, June 9th 2016
CryptXXX Switches From Angler to Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/
Android Flah Keyboard Uses Excessive Permissions
https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf
Firefox 47 Released
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47
D-Link Camera Vulnerable To Remote Exploit
http://blog.senr.io/blog/home-secure-home
BITS used to make malware more persistent
https://www.secureworks.com/blog/malware-lingers-with-bits
6/9/2016 • 5 minutes, 3 seconds
ISC StormCast for Thursday, June 9th 2016
CryptXXX Switches From Angler to Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+EK+and+CryptXXX/21141/
Android Flah Keyboard Uses Excessive Permissions
https://regmedia.co.uk/2016/06/07/pentestflashkeybpardpaper.pdf
Firefox 47 Released
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/#firefox47
D-Link Camera Vulnerable To Remote Exploit
http://blog.senr.io/blog/home-secure-home
BITS used to make malware more persistent
https://www.secureworks.com/blog/malware-lingers-with-bits
6/9/2016 • 5 minutes, 3 seconds
ISC StormCast for Wednesday, June 8th 2016
Various Internet Sites Flag Password Reuse
http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/
Facebook Chat Vulnerability Patched
https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/
DNS Cookies: Making DNS More Security
https://www.rfc-editor.org/rfc/rfc7873.txt
6/7/2016 • 5 minutes, 43 seconds
ISC StormCast for Wednesday, June 8th 2016
Various Internet Sites Flag Password Reuse
http://krebsonsecurity.com/2016/06/password-re-user-get-to-get-busy/
Facebook Chat Vulnerability Patched
https://www.helpnetsecurity.com/2016/06/07/facebook-vulnerability-chat-messenger/
DNS Cookies: Making DNS More Security
https://www.rfc-editor.org/rfc/rfc7873.txt
6/7/2016 • 5 minutes, 43 seconds
ISC StormCast for Tuesday, June 7th 2016
LinkedIn Data Used to Personalize Malicious E-Mail
https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw
Android Patches
https://source.android.com/security/bulletin/2016-06-01.html
Mitsubishi Outlander Wifi Hack
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/
Using NTP to Calibrate Time Stamps in PCAP
https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/
BING Adds Malware Warning
https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
6/7/2016 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, June 7th 2016
LinkedIn Data Used to Personalize Malicious E-Mail
https://twitter.com/certbund/status/739824856011804676?ref_src=twsrc%5Etfw
Android Patches
https://source.android.com/security/bulletin/2016-06-01.html
Mitsubishi Outlander Wifi Hack
https://www.pentestpartners.com/blog/hacking-the-mitsubishi-outlander-phev-hybrid-suv/
Using NTP to Calibrate Time Stamps in PCAP
https://isc.sans.edu/forums/diary/What+Time+Is+It+Using+NTP+Traffic+to+Calibrate+PCAP+Timestamps/21135/
BING Adds Malware Warning
https://blogs.bing.com/webmaster/June-2016/Warning!-Bing-now-offers-enhanced-malware-warnings
6/7/2016 • 5 minutes, 26 seconds
ISC StormCast for Monday, June 6th 2016
A Recent MySQL Honeypot Compromise
https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/
Team Viewer Improves Security
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
Black Shades Ransomware
http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/
NTP Update
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
6/5/2016 • 5 minutes, 7 seconds
ISC StormCast for Monday, June 6th 2016
A Recent MySQL Honeypot Compromise
https://isc.sans.edu/forums/diary/MySQL+is+YourSQL/21117/
Team Viewer Improves Security
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
Black Shades Ransomware
http://www.bleepingcomputer.com/news/security/black-shades-ransomware-encrypts-your-pc-and-taunts-security-researchers/
NTP Update
http://support.ntp.org/bin/view/Main/SecurityNotice#Recent_Vulnerabilities
6/5/2016 • 5 minutes, 7 seconds
ISC StormCast for Friday, June 3rd 2016
Docker Containers Logging
https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/
Lenovo Suggests Uninstalling Accelerator Application
https://support.lenovo.com/us/en/product_security/len_6718
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
MongoDB Injection
http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/
Ouch! Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption
Detecting DNS Tunneling With Splunk
https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
Android AV Vulnerabilities
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
6/3/2016 • 5 minutes, 20 seconds
ISC StormCast for Friday, June 3rd 2016
Docker Containers Logging
https://isc.sans.edu/forums/diary/Docker+Containers+Logging/21121/
Lenovo Suggests Uninstalling Accelerator Application
https://support.lenovo.com/us/en/product_security/len_6718
Google Chrome Update
http://googlechromereleases.blogspot.com/search/label/Stable%20updates
MongoDB Injection
http://blog.securelayer7.net/mongodb-security-injection-attacks-with-php/
Ouch! Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016#encryption
Detecting DNS Tunneling With Splunk
https://www.sans.org/reading-room/whitepapers/dns/splunk-detect-dns-tunneling-37022
Android AV Vulnerabilities
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf?_=1464692835
6/3/2016 • 5 minutes, 20 seconds
ISC StormCast for Thursday, June 2nd 2016
KeePass Insecure Update
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Possible TeamViewer Breach
http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
Windows 10 Exploit Offered For Sale
https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0
Intrusion Detection in Depth Minneapolis (July 18-23rd)
https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
6/2/2016 • 5 minutes, 11 seconds
ISC StormCast for Thursday, June 2nd 2016
KeePass Insecure Update
https://bogner.sh/2016/03/mitm-attack-against-keepass-2s-update-check/
Possible TeamViewer Breach
http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
Windows 10 Exploit Offered For Sale
https://www.trustwave.com/Resources/SpiderLabs-Blog/Zero-Day-Auction-for-the-Masses/?page=1&year=0&month=0
Intrusion Detection in Depth Minneapolis (July 18-23rd)
https://www.sans.org/event/minneapolis-2016/course/intrusion-detection-in-depth
6/2/2016 • 5 minutes, 11 seconds
ISC StormCast for Wednesday, June 1st 2016
Increase in Telnet Scans
https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/
Bloatware Introducing Security Flaws in Laptops
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
Exploit Released for Unpatchable SCADA Controller
https://www.exploit-db.com/exploits/37154/
Fail2Ban Adding IPv6 Support
https://www.slightfuture.com/security/fail2ban-ipv6
Critical LG Phone Security Flaws
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
5/31/2016 • 5 minutes, 59 seconds
ISC StormCast for Wednesday, June 1st 2016
Increase in Telnet Scans
https://isc.sans.edu/forums/diary/Increase+in+Port+23+telnet+scanning/21115/
Bloatware Introducing Security Flaws in Laptops
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
Exploit Released for Unpatchable SCADA Controller
https://www.exploit-db.com/exploits/37154/
Fail2Ban Adding IPv6 Support
https://www.slightfuture.com/security/fail2ban-ipv6
Critical LG Phone Security Flaws
http://blog.checkpoint.com/2016/05/29/oems-have-flaws-too-exposing-two-new-lg-vulnerabilities/
5/31/2016 • 5 minutes, 59 seconds
ISC StormCast for Tuesday, May 31st 2016
Hardcoded Password in Medical Software
https://www.kb.cert.org/vuls/id/482135
Google Chorme Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
PA DSS Update
https://www.pcisecuritystandards.org/document_library
JetPack WordPress Plugin XSS vulnerabilties
https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
Tor Browser Fingerprinting Site
https://tor.triop.se
Anti-Pastejacking Browser Plugin
https://github.com/rocketshipapps/hardenedpaste
5/31/2016 • 5 minutes, 16 seconds
ISC StormCast for Tuesday, May 31st 2016
Hardcoded Password in Medical Software
https://www.kb.cert.org/vuls/id/482135
Google Chorme Update
http://googlechromereleases.blogspot.com.au/search/label/Stable%20updates
PA DSS Update
https://www.pcisecuritystandards.org/document_library
JetPack WordPress Plugin XSS vulnerabilties
https://jetpack.com/2016/05/27/jetpack-4-0-3-critical-security-update/
Tor Browser Fingerprinting Site
https://tor.triop.se
Anti-Pastejacking Browser Plugin
https://github.com/rocketshipapps/hardenedpaste
5/31/2016 • 5 minutes, 16 seconds
ISC StormCast for Monday, May 30th 2016
Analysis of a Distributed Denial of Service Attack
https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/
Bluecoat CA
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
Google Requires Symantec CAs to Comply With Certificate Transparency
https://cabforum.org/pipermail/public/2016-May/007573.html
5/30/2016 • 3 minutes, 59 seconds
ISC StormCast for Monday, May 30th 2016
Analysis of a Distributed Denial of Service Attack
https://isc.sans.edu/forums/diary/Analysis+of+a+Distributed+Denial+of+Service+DDoS/21109/
Bluecoat CA
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
Google Requires Symantec CAs to Comply With Certificate Transparency
https://cabforum.org/pipermail/public/2016-May/007573.html
5/30/2016 • 3 minutes, 59 seconds
ISC StormCast for Friday, May 27th 2016
Keeping an Eye on Tor Traffic
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/
Next Generation Tor Passed First Test
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
DDoS Prives Drop
https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html
Older Microsoft Office Vulnerabilities Still Used by "APT" Actors
https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
5/27/2016 • 5 minutes, 27 seconds
ISC StormCast for Friday, May 27th 2016
Keeping an Eye on Tor Traffic
https://isc.sans.edu/forums/diary/Keeping+an+Eye+on+Tor+Traffic/21103/
Next Generation Tor Passed First Test
https://blog.torproject.org/blog/mission-montreal-building-next-generation-onion-services
DDoS Prives Drop
https://www.incapsula.com/blog/unmasking-ddos-for-hire-fiverr.html
Older Microsoft Office Vulnerabilities Still Used by "APT" Actors
https://securelist.com/analysis/publications/74828/cve-2015-2545-overview-of-current-threats/
5/27/2016 • 5 minutes, 27 seconds
ISC StormCast for Thursday, May 26th 2016
DNS Covert Channel Used in Targeted Attacks
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
Genius Web Annotation Serivce Is Removing Security Headers
http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability
Canary Tokens For Windows Binaries
http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html
Cisco Patches IPv6 ND DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
5/26/2016 • 5 minutes, 14 seconds
ISC StormCast for Thursday, May 26th 2016
DNS Covert Channel Used in Targeted Attacks
http://researchcenter.paloaltonetworks.com/2016/05/unit42-new-wekby-attacks-use-dns-requests-as-command-and-control-mechanism/
Genius Web Annotation Serivce Is Removing Security Headers
http://www.theverge.com/2016/5/25/11505454/news-genius-annotate-the-web-content-security-policy-vulnerability
Canary Tokens For Windows Binaries
http://blog.thinkst.com/2016/05/certified-canarytokens-alerts-from_25.html
Cisco Patches IPv6 ND DoS Vulnerability
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160525-ipv6
5/26/2016 • 5 minutes, 14 seconds
ISC StormCast for Wednesday, May 25th 2016
Verisign/US-Cert Warn of The Use of Local TLDs for WPAD
http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf
Proposal To Use TLS for DNS
https://www.rfc-editor.org/rfc/rfc7858.txt
Azure Blacklists Common Password
https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/
Google Attempts to Eliminate Passwords
http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
5/25/2016 • 5 minutes, 26 seconds
ISC StormCast for Wednesday, May 25th 2016
Verisign/US-Cert Warn of The Use of Local TLDs for WPAD
http://www.verisign.com/assets/labs/MitM-Attack-by-Name-Collision-Cause-Analysis-and-WPAD-Vulnerability-Assessment-in-the-New-gTLD-Era.pdf
Proposal To Use TLS for DNS
https://www.rfc-editor.org/rfc/rfc7858.txt
Azure Blacklists Common Password
https://blogs.technet.microsoft.com/ad/2016/05/24/another-117m-leaked-usernames-and-passwords-new-best-practices-azuread-and-msa-can-help/
Google Attempts to Eliminate Passwords
http://www.androidauthority.com/google-kills-passwords-trust-api-694394/
5/25/2016 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, May 24th 2016
Detailed Technical Report Released About Targeted Attack Against RUAG
https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/
New Variation of PastJacking Exploit Affecting vim
https://github.com/dxa4481/Pastejacking
Xen qemu Patch Released to Limit Log File Size
http://xenbits.xen.org/xsa/advisory-180.html
5/24/2016 • 5 minutes, 4 seconds
ISC StormCast for Tuesday, May 24th 2016
Detailed Technical Report Released About Targeted Attack Against RUAG
https://isc.sans.edu/forums/diary/Technical+Report+about+the+RUAG+attack/21091/
New Variation of PastJacking Exploit Affecting vim
https://github.com/dxa4481/Pastejacking
Xen qemu Patch Released to Limit Log File Size
http://xenbits.xen.org/xsa/advisory-180.html
5/24/2016 • 5 minutes, 4 seconds
ISC StormCast for Monday, May 23rd 2016
Missing MRU Registry Keys For Files Opened With Winzip
https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/
OWASP Asking for Top 10 Overhaul Input
https://twitter.com/wichers/status/733855223832272896
Google is Updating the Safe Browsing API
https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html
Facebook Sued Over Scanning Of Private Messages
https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf
Malware Stores Code in Macro UI Buttons
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/
SANSFIRE 2016
https://www.sans.org/event/sansfire-2016
5/23/2016 • 5 minutes, 37 seconds
ISC StormCast for Monday, May 23rd 2016
Missing MRU Registry Keys For Files Opened With Winzip
https://isc.sans.edu/forums/diary/The+strange+case+of+WinZip+MRU+Registry+key/21087/
OWASP Asking for Top 10 Overhaul Input
https://twitter.com/wichers/status/733855223832272896
Google is Updating the Safe Browsing API
https://security.googleblog.com/2016/05/evolving-safe-browsing-api.html
Facebook Sued Over Scanning Of Private Messages
https://cdn2.vox-cdn.com/uploads/chorus_asset/file/6509911/campbell-certification-order.0.pdf
Malware Stores Code in Macro UI Buttons
https://blogs.technet.microsoft.com/mmpc/2016/05/17/malicious-macro-using-a-sneaky-new-trick/
SANSFIRE 2016
https://www.sans.org/event/sansfire-2016
5/23/2016 • 5 minutes, 37 seconds
ISC StormCast for Friday, May 20th 2016
EITest Campaign Still Going Strong
https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/
Android Malware Affecting Google Pay Acceptance
http://www.theregister.co.uk/2016/05/19/android_pay_analysis/
OS 9.3 Restricts Use Of Fingerprint
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
5/20/2016 • 4 minutes, 57 seconds
ISC StormCast for Friday, May 20th 2016
EITest Campaign Still Going Strong
https://isc.sans.edu/forums/diary/EITest+campaign+still+going+strong/21081/
Android Malware Affecting Google Pay Acceptance
http://www.theregister.co.uk/2016/05/19/android_pay_analysis/
OS 9.3 Restricts Use Of Fingerprint
https://www.apple.com/business/docs/iOS_Security_Guide.pdf
5/20/2016 • 4 minutes, 57 seconds
ISC StormCast for Thursday, May 19th 2016
Teslacrypt Shutting Down and Releasing Master Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
Office 365 Risks
https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/
LinkedIn Data Leaked From Past Breach
https://twitter.com/troyhunt/status/732838759390191617
Google Discontinuing SSLv3/RC4 Support for SMTP
http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
5/19/2016 • 5 minutes, 16 seconds
ISC StormCast for Thursday, May 19th 2016
Teslacrypt Shutting Down and Releasing Master Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
Office 365 Risks
https://www.skyhighnetworks.com/cloud-security-blog/7-charts-reveal-the-meteoric-rise-of-office-365/
LinkedIn Data Leaked From Past Breach
https://twitter.com/troyhunt/status/732838759390191617
Google Discontinuing SSLv3/RC4 Support for SMTP
http://googleappsupdates.blogspot.ro/2016/05/disabling-support-for-sslv3-and-rc4-for.html
5/19/2016 • 5 minutes, 16 seconds
ISC StormCast for Wednesday, May 18th 2016
Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published
https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/
Symantec Antivirus Engine Malformed PE Header Parser Vulnerability
https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/
New CryptXXX Decryption Tool From Kaspersky
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
More Malware in Google Play Store
http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/
iPadPro Crashes After Updating to iOS 9.3.2
http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/
New Remote Code Execution in Magento E-Commerce Software
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
5/18/2016 • 5 minutes, 23 seconds
ISC StormCast for Wednesday, May 18th 2016
Exploit for Recently Patched Cisco IKEv1/v2 Bufferoverflow Published
https://isc.sans.edu/forums/diary/Exploit+Available+For+Cisco+IKEv1+and+IKEv2+Buffer+Overflow+Vulnerability/21065/
Symantec Antivirus Engine Malformed PE Header Parser Vulnerability
https://isc.sans.edu/forums/diary/CVE20162208+Symantec+Antivirus+Engine+Malformed+PE+Header+Parser+Memory+Access+Violation/21069/
New CryptXXX Decryption Tool From Kaspersky
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
More Malware in Google Play Store
http://blog.checkpoint.com/2016/05/09/viking-horde-a-new-type-of-android-malware-on-google-play/
iPadPro Crashes After Updating to iOS 9.3.2
http://www.macrumors.com/2016/05/17/9-7-inch-ipad-pro-crashing-issues-safari/
New Remote Code Execution in Magento E-Commerce Software
http://netanelrub.in/2016/05/17/magento-unauthenticated-remote-code-execution/
5/18/2016 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, May 17th 2016
419 Death Scams Still Going Around
https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/
Apple Updates
https://support.apple.com/en-us/HT201222
Flash Zero Day Details
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
Google "HTML5 By Default" Draft
https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
5/17/2016 • 7 minutes
ISC StormCast for Tuesday, May 17th 2016
419 Death Scams Still Going Around
https://isc.sans.edu/forums/diary/An+oldie+but+a+goodie+419+Death+Scam/21061/
Apple Updates
https://support.apple.com/en-us/HT201222
Flash Zero Day Details
https://www.fireeye.com/blog/threat-research/2016/05/cve-2016-4117-flash-zero-day.html
Google "HTML5 By Default" Draft
https://docs.google.com/presentation/d/106_KLNJfwb9L-1hVVa4i29aw1YXUy9qFX-Ye4kvJj-4/edit#slide=id.p
5/17/2016 • 7 minutes
ISC StormCast for Monday, May 16th 2016
Python Malware
https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/
Ubiquity AirOS Worm
http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
Google Chrome Update
http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/
More Banks Affected By Fake SWIFT Transactions
http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0
Microsoft Releases Windows 10 Security Auditing And Monitoring Reference
https://www.microsoft.com/en-us/download/details.aspx?id=52630
5/16/2016 • 5 minutes, 24 seconds
ISC StormCast for Monday, May 16th 2016
Python Malware
https://isc.sans.edu/forums/diary/Python+Malware+Part+1/21057/
Ubiquity AirOS Worm
http://community.ubnt.com/t5/airMAX-General-Discussion/Virus-attack-URGENT-UBNT/td-p/1562940
Google Chrome Update
http://www.theregister.co.uk/2016/05/13/google_crushes_five_vulns_with_patch_run_and_20k_in_bug_bounties/
More Banks Affected By Fake SWIFT Transactions
http://www.nytimes.com/2016/05/13/business/dealbook/swift-global-bank-network-attack.html?_r=0
Microsoft Releases Windows 10 Security Auditing And Monitoring Reference
https://www.microsoft.com/en-us/download/details.aspx?id=52630
5/16/2016 • 5 minutes, 24 seconds
ISC StormCast for Friday, May 13th 2016
Adobe Flash Player Update Released
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Microsoft Excel Phishing
https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/
Squid Proxy Bug Allows For Cache Poisoning
http://bugs.squid-cache.org/show_bug.cgi?id=4501
Nation State Attackers May Exploit Firefox
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
5/12/2016 • 5 minutes, 26 seconds
ISC StormCast for Friday, May 13th 2016
Adobe Flash Player Update Released
https://helpx.adobe.com/security/products/flash-player/apsb16-15.html
Microsoft Excel Phishing
https://isc.sans.edu/forums/diary/Another+Day+Another+Wave+of+Phishing+Emails/21045/
Squid Proxy Bug Allows For Cache Poisoning
http://bugs.squid-cache.org/show_bug.cgi?id=4501
Nation State Attackers May Exploit Firefox
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
5/12/2016 • 5 minutes, 26 seconds
ISC StormCast for Thursday, May 12th 2016
Exploited Flash Vulnerablity Patched Only For Windows
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
SAP Vulnerabilities Exploited
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
Free Decryption Tool For CryptXXX No Longer Works
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Multiple 7-Zip Vulnerabilities
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Ransomware Overview
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
5/12/2016 • 4 minutes, 44 seconds
ISC StormCast for Thursday, May 12th 2016
Exploited Flash Vulnerablity Patched Only For Windows
https://helpx.adobe.com/security/products/flash-player/apsa16-02.html
SAP Vulnerabilities Exploited
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
Free Decryption Tool For CryptXXX No Longer Works
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Multiple 7-Zip Vulnerabilities
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Ransomware Overview
https://docs.google.com/spreadsheets/d/1TWS238xacAto-fLKh1n5uTsdijWdCEsGIM0Y0Hvmc5g/edit#gid=0
5/12/2016 • 4 minutes, 44 seconds
ISC StormCast for Wednesday, May 11th 2016
Windows Patch Tuesday
https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
5/11/2016 • 8 minutes, 6 seconds
ISC StormCast for Wednesday, May 11th 2016
Windows Patch Tuesday
https://isc.sans.edu/mspatchdays.html?viewday=2016-05-10
Adobe Patch Tuesday
https://helpx.adobe.com/security.html
5/11/2016 • 8 minutes, 6 seconds
ISC StormCast for Tuesday, May 10th 2016
Network Forensics With DShell
https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/
Aruba Vulnerabilities (and Patches)
http://seclists.org/fulldisclosure/2016/May/19
Allwinner Android Device Debug Backdoor
http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
ImageTragick Flaw Being Exploited
https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/
Attacking JSON Web Tokens
https://www.notsosecure.com/crafting-way-json-web-tokens/
ASUS UEFI Red Screen Of Death Workaround
https://www.asus.com/support/FAQ/1016356/
5/10/2016 • 6 minutes, 5 seconds
ISC StormCast for Tuesday, May 10th 2016
Network Forensics With DShell
https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/
Aruba Vulnerabilities (and Patches)
http://seclists.org/fulldisclosure/2016/May/19
Allwinner Android Device Debug Backdoor
http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/
ImageTragick Flaw Being Exploited
https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/
Attacking JSON Web Tokens
https://www.notsosecure.com/crafting-way-json-web-tokens/
ASUS UEFI Red Screen Of Death Workaround
https://www.asus.com/support/FAQ/1016356/
5/10/2016 • 6 minutes, 5 seconds
ISC StormCast for Monday, May 9th 2016
A Quick Introduction To Linux Capabilities
https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/
Review of TLS Proxy Security Issues
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
Ransomware Claims to Donate Proceeds To Charity
https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
5/9/2016 • 5 minutes, 14 seconds
ISC StormCast for Monday, May 9th 2016
A Quick Introduction To Linux Capabilities
https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/
Review of TLS Proxy Security Issues
http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf
Ransomware Claims to Donate Proceeds To Charity
https://heimdalsecurity.com/blog/security-alert-new-ransomware-donate-earnings-charity/
5/9/2016 • 5 minutes, 14 seconds
ISC StormCast for Friday, May 6th 2016
Large Number of Credentials Offered For Sale
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
Alphalocker: Affordable Ransom Ware
https://blog.cylance.com/an-introduction-to-alphalocker
JAKU Botnet
https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
5/6/2016 • 5 minutes, 15 seconds
ISC StormCast for Friday, May 6th 2016
Large Number of Credentials Offered For Sale
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
Alphalocker: Affordable Ransom Ware
https://blog.cylance.com/an-introduction-to-alphalocker
JAKU Botnet
https://www.forcepoint.com/sites/default/files/resources/files/report_jaku_analysis_of_botnet_campaign_en_0.pdf
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10734&cat=SIRT_1&actp=LIST
5/6/2016 • 5 minutes, 15 seconds
ISC StormCast for Thursday, May 5th 2016
Malicious Ads Seens On CBS TV Stations
https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/
ImageMagick Vulnerability
https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/
Fake DDoS Threats Continue
http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/
Cisco Patches Tele Presence Equipment
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Cracking PeopleSoft PS_TOKEN with oclHashcat
http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
5/5/2016 • 1 minute, 3 seconds
ISC StormCast for Thursday, May 5th 2016
Malicious Ads Seens On CBS TV Stations
https://blog.malwarebytes.org/threat-analysis/2016/05/cbs-affiliated-television-stations-expose-visitors-to-angler-exploit-kit/
ImageMagick Vulnerability
https://isc.sans.edu/forums/diary/ImageTragick+Another+Vulnerability+Another+Nickname/21023/
Fake DDoS Threats Continue
http://www.actionfraud.police.uk/news/online-extortion-demands-affecting-businesses-apr16/
Cisco Patches Tele Presence Equipment
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160504-tpxml
Cracking PeopleSoft PS_TOKEN with oclHashcat
http://blog.gosecure.ca/2016/05/04/oracle-peoplesoft-still-a-threat-for-enterprises/
5/5/2016 • 1 minute, 3 seconds
ISC StormCast for Wednesday, May 4th 2016
OpenSSL Update Released
https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/
Gerber Exploit Kit Installed By Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/
Image Magick Vulnerablity
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
http://www.openwall.com/lists/oss-security/2016/05/03/18
Microsoft Will No Longer Consider SHA-1 Certificates As Secure
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
5/4/2016 • 1 minute, 39 seconds
ISC StormCast for Wednesday, May 4th 2016
OpenSSL Update Released
https://isc.sans.edu/forums/diary/OpenSSL+Updates/21015/
Gerber Exploit Kit Installed By Neutrino EK
https://isc.sans.edu/forums/diary/Neutrino+exploit+kit+sends+Cerber+ransomware/21017/
Image Magick Vulnerablity
https://www.imagemagick.org/discourse-server/viewtopic.php?f=4&t=29588
http://www.openwall.com/lists/oss-security/2016/05/03/18
Microsoft Will No Longer Consider SHA-1 Certificates As Secure
https://blogs.windows.com/msedgedev/2016/04/29/sha1-deprecation-roadmap/
5/4/2016 • 1 minute, 39 seconds
ISC StormCast for Tuesday, May 3rd 2016
Fake Google Chrome Update Installs Malware on Android
https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update
Android May Security Bulletin
https://source.android.com/security/bulletin/2016-05-01.html
Google Chrome Update
https://source.android.com/security/bulletin/2016-05-01.html
Pwned List Got Pwned
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
5/3/2016 • 5 minutes, 29 seconds
ISC StormCast for Tuesday, May 3rd 2016
Fake Google Chrome Update Installs Malware on Android
https://www.zscaler.com/blogs/research/android-infostealer-posing-fake-google-chrome-update
Android May Security Bulletin
https://source.android.com/security/bulletin/2016-05-01.html
Google Chrome Update
https://source.android.com/security/bulletin/2016-05-01.html
Pwned List Got Pwned
http://krebsonsecurity.com/2016/05/how-the-pwnedlist-got-pwned/
5/3/2016 • 5 minutes, 29 seconds
ISC StormCast for Monday, May 2nd 2016
ATM Jackpotting: Analysis of ATM APIs
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Reverse Engineering A ATM Machine Skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Bathroom Scale Vulnerability
https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/
Fake Mobile Payment Apps in Google Play Store
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
5/2/2016 • 5 minutes, 44 seconds
ISC StormCast for Monday, May 2nd 2016
ATM Jackpotting: Analysis of ATM APIs
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Reverse Engineering A ATM Machine Skimmer
https://trustfoundry.net/reverse-engineering-a-discovered-atm-skimmer/
Bathroom Scale Vulnerability
https://help.fitbit.com/articles/en_US/Help_article/How-do-I-update-my-Aria-scale/
Fake Mobile Payment Apps in Google Play Store
https://info.phishlabs.com/blog/fraudster-phishing-users-with-malicious-mobile-apps
5/2/2016 • 5 minutes, 44 seconds
ISC StormCast for Friday, April 29th 2016
Powershell and DNS/DHCP
https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/
New Version of PCI Standard Released
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
NTP Patches
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
4/29/2016 • 5 minutes, 9 seconds
ISC StormCast for Friday, April 29th 2016
Powershell and DNS/DHCP
https://isc.sans.edu/forums/diary/DNS+and+DHCP+Recon+using+Powershell/20995/
New Version of PCI Standard Released
https://www.pcisecuritystandards.org/documents/PCI_DSS_v3-2_Summary_of_Changes.pdf
OpenSSL Patch Pre-Announced
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
NTP Patches
http://blog.talosintel.com/2016/04/vulnerability-spotlight-further-ntpd_27.html#more
4/29/2016 • 5 minutes, 9 seconds
ISC StormCast for Thursday, April 28th 2016
SAML Federated Identity Vulnerability in Office 365
http://www.economyofmechanism.com/office365-authbypass.html
.AS Registry Vulnerable to Direct Object Reference
https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/
Driveby Exploit Used to Deliver Android Ransomware
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
CryptXXX Decrypt Tool
https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
4/28/2016 • 5 minutes, 19 seconds
ISC StormCast for Thursday, April 28th 2016
SAML Federated Identity Vulnerability in Office 365
http://www.economyofmechanism.com/office365-authbypass.html
.AS Registry Vulnerable to Direct Object Reference
https://isecguy.wordpress.com/2016/04/25/flaw-allowed-anyone-to-modify-take-control-over-any-as-domain/
Driveby Exploit Used to Deliver Android Ransomware
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
CryptXXX Decrypt Tool
https://support.kaspersky.com/viruses/disinfection/8547?_ga=1.128163404.1397432418.1454514283#block3
4/28/2016 • 5 minutes, 19 seconds
ISC StormCast for Wednesday, April 27th 2016
OS X Memory Forensics
https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/
Facebook App Used to Delivery Facebook Phish
http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html
Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps
http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/
Tool To Replay RDP Sessions From pcaps
http://www.contextis.com/resources/blog/rdp-replay-code-release/
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST
RouterSploit Router Exploit Framework
https://github.com/reverse-shell/routersploit
4/27/2016 • 5 minutes, 2 seconds
ISC StormCast for Wednesday, April 27th 2016
OS X Memory Forensics
https://isc.sans.edu/forums/diary/An+Introduction+to+Mac+memory+forensics/20989/
Facebook App Used to Delivery Facebook Phish
http://news.netcraft.com/archives/2016/04/22/hook-like-and-sinker-facebook-serves-up-its-own-phish.html
Android.Spy.277.origin Keeps Being Delivered By Google Play Store Apps
http://blog.checkpoint.com/2016/04/22/in-the-wild-google-cant-close-the-door-on-android-malware/
Tool To Replay RDP Sessions From pcaps
http://www.contextis.com/resources/blog/rdp-replay-code-release/
Juniper Update
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10727&cat=SIRT_1&actp=LIST
RouterSploit Router Exploit Framework
https://github.com/reverse-shell/routersploit
4/27/2016 • 5 minutes, 2 seconds
ISC StormCast for Tuesday, April 26th 2016
Details From the Breach of the Central Bank of Bangladesh
http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html
Apple Image IO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Text Messages Used to Phish Apple IDs
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
Critical HP Data Protector Patch
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
Armada Collection (or imposter) Making Fake DDoS Threats
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
4/26/2016 • 5 minutes, 23 seconds
ISC StormCast for Tuesday, April 26th 2016
Details From the Breach of the Central Bank of Bangladesh
http://baesystemsai.blogspot.de/2016/04/two-bytes-to-951m.html
Apple Image IO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Text Messages Used to Phish Apple IDs
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
Critical HP Data Protector Patch
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
Armada Collection (or imposter) Making Fake DDoS Threats
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
4/26/2016 • 5 minutes, 23 seconds
ISC StormCast for Monday, April 25th 2016
Angler EK Used to Spread CryptXXX
https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/
Honeports Powershell Script
https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/
Online Credit Card Fraud Soars
http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/
How to Trick Traffic Sensors
https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/
Opera VPN Service Analysis
https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10
https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
4/25/2016 • 5 minutes, 10 seconds
ISC StormCast for Monday, April 25th 2016
Angler EK Used to Spread CryptXXX
https://isc.sans.edu/forums/diary/Angler+Exploit+Kit+Bedep+and+CryptXXX/20981/
Honeports Powershell Script
https://isc.sans.edu/forums/diary/Honeyports+powershell+script/20979/
Online Credit Card Fraud Soars
http://www.pymnts.com/fraud-prevention/2016/online-fraud-attack-rates-soar-since-october/
How to Trick Traffic Sensors
https://securelist.com/blog/research/74454/how-to-trick-traffic-sensors/
Opera VPN Service Analysis
https://gist.github.com/spaze/558b7c4cd81afa7c857381254ae7bd10
https://www.helpnetsecurity.com/2016/04/21/opera-browser-free-vpn/
4/25/2016 • 5 minutes, 10 seconds
ISC StormCast for Friday, April 22nd 2016
Accellion Secure File Transfer Vulnerability and Facebook Exploitation
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Application Whitelisting Bypass With regsvr32
http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
New NetworkManager Version Released
https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2
Opera Includes Free VPN
http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
4/22/2016 • 5 minutes, 18 seconds
ISC StormCast for Friday, April 22nd 2016
Accellion Secure File Transfer Vulnerability and Facebook Exploitation
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Application Whitelisting Bypass With regsvr32
http://subt0x10.blogspot.com/2016/04/bypass-application-whitelisting-script.html
New NetworkManager Version Released
https://cgit.freedesktop.org/NetworkManager/NetworkManager/plain/NEWS?id=nm-1-2
Opera Includes Free VPN
http://www.opera.com/blogs/desktop/2016/04/free-vpn-integrated-opera-for-windows-mac/
4/22/2016 • 5 minutes, 18 seconds
ISC StormCast for Thursday, April 21st 2016
Decoding Pseudo Darkleech
https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/
Tesla Crypt 4.1
https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain
RansomWhere Protects OS X Users from Ransware
https://objective-see.com/products/ransomwhere.html
Testing TLS Libraries With TLS Attackers
https://github.com/RUB-NDS/TLS-Attacker
4/21/2016 • 5 minutes, 13 seconds
ISC StormCast for Thursday, April 21st 2016
Decoding Pseudo Darkleech
https://isc.sans.edu/forums/diary/Decoding+PseudoDarkleech+1/20969/
Tesla Crypt 4.1
https://www.endgame.com/blog/your-package-has-been-successfully-encrypted-teslacrypt-41a-and-malware-attack-chain
RansomWhere Protects OS X Users from Ransware
https://objective-see.com/products/ransomwhere.html
Testing TLS Libraries With TLS Attackers
https://github.com/RUB-NDS/TLS-Attacker
4/21/2016 • 5 minutes, 13 seconds
ISC StormCast for Wednesday, April 20th 2016
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Flash Provides Top Targeted Vulnerabilties for 2015
https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf
Google Publishes Data About Safe Browsing Effectiveness
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf
Detecting curl pipes to bash
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
4/20/2016 • 6 minutes, 36 seconds
ISC StormCast for Wednesday, April 20th 2016
Oracle Critical Patch Update
http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
Flash Provides Top Targeted Vulnerabilties for 2015
https://www.solutionary.com/_assets/pdf/research/2015-gtir.pdf
Google Publishes Data About Safe Browsing Effectiveness
http://static.googleusercontent.com/media/research.google.com/en//pubs/archive/44924.pdf
Detecting curl pipes to bash
https://www.idontplaydarts.com/2016/04/detecting-curl-pipe-bash-server-side/
4/20/2016 • 6 minutes, 36 seconds
ISC StormCast for Tuesday, April 19th 2016
Retefer Banking Malware Appearing Again
https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/
Ransomware Switching Focus From Hospitals to Schools
http://blog.talosintel.com/2016/04/jboss-backdoor.html
git on OS X vulnerable
https://rachelbythebay.com/w/2016/04/17/unprotected/
4/19/2016 • 5 minutes, 26 seconds
ISC StormCast for Tuesday, April 19th 2016
Retefer Banking Malware Appearing Again
https://isc.sans.edu/forums/diary/Retefe+is+back+in+town/20957/
Ransomware Switching Focus From Hospitals to Schools
http://blog.talosintel.com/2016/04/jboss-backdoor.html
git on OS X vulnerable
https://rachelbythebay.com/w/2016/04/17/unprotected/
4/19/2016 • 5 minutes, 26 seconds
ISC StormCast for Monday, April 18th 2016
Implementing "bash_history" for cmd.exe
https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/
Mixed encoding in Malicious Documents
https://isc.sans.edu/forums/diary/VBS+VBE/20953/
Swedish Air Traffic Control Outage Result of Solar Flares
http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss
Why you should not require password changes
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
Bypassing Microsoft Edge XSS Filter
http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
4/18/2016 • 5 minutes, 54 seconds
ISC StormCast for Monday, April 18th 2016
Implementing "bash_history" for cmd.exe
https://isc.sans.edu/forums/diary/Windows+Command+Line+Persistence/20949/
Mixed encoding in Malicious Documents
https://isc.sans.edu/forums/diary/VBS+VBE/20953/
Swedish Air Traffic Control Outage Result of Solar Flares
http://www.lfv.se/en/news/news-2016/full-capacity-after-90-minutes-radar-loss
Why you should not require password changes
https://www.cesg.gov.uk/articles/problems-forcing-regular-password-expiry
Bypassing Microsoft Edge XSS Filter
http://blog.portswigger.net/2016/04/edge-xss-filter-bypass.html
4/18/2016 • 5 minutes, 54 seconds
ISC StormCast for Friday, April 15th 2016
Doing HTTP Key Pinning Right
https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/
Apple Ceases Support for Quicktime on Windows
https://support.apple.com/HT205771
http://zerodayinitiative.com/advisories/ZDI-16-241/
VMWare Releases Patch for VMWare Client Plugin
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Identify Ransomware
https://id-ransomware.malwarehunterteam.com
Another Fake Flash Update For OS X
https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/
Chrome 50 Released
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
URL Shorteners Weaken Random URLs
http://arxiv.org/pdf/1604.02734v1.pdf
4/15/2016 • 5 minutes, 50 seconds
ISC StormCast for Friday, April 15th 2016
Doing HTTP Key Pinning Right
https://isc.sans.edu/forums/diary/HTTP+Public+Key+Pinning+How+to+do+it+right/20943/
Apple Ceases Support for Quicktime on Windows
https://support.apple.com/HT205771
http://zerodayinitiative.com/advisories/ZDI-16-241/
VMWare Releases Patch for VMWare Client Plugin
http://www.vmware.com/security/advisories/VMSA-2016-0004.html
Identify Ransomware
https://id-ransomware.malwarehunterteam.com
Another Fake Flash Update For OS X
https://www.intego.com/mac-security-blog/mac-users-attacked-fake-adobe-update/
Chrome 50 Released
http://googlechromereleases.blogspot.com/2016/04/stable-channel-update_13.html
URL Shorteners Weaken Random URLs
http://arxiv.org/pdf/1604.02734v1.pdf
4/15/2016 • 5 minutes, 50 seconds
ISC StormCast for Thursday, April 14th 2016 - Part 2
PFSense DShield Client Updated for PFSense Version 2.3
https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/
JigSaw Decryption Tool Released
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
Android Bluetooth Pairing Vulnerability
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf
Samsung Galaxy Phones Expose Modem via USB Port
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
4/14/2016 • 5 minutes, 21 seconds
ISC StormCast for Thursday, April 14th 2016 - Part 2
PFSense DShield Client Updated for PFSense Version 2.3
https://isc.sans.edu/forums/diary/Updated+PFSense+Client/20937/
JigSaw Decryption Tool Released
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
Android Bluetooth Pairing Vulnerability
https://labs.mwrinfosecurity.com/assets/BlogFiles/mwri-android-bluetooth-pairing-bypass-2016-04-12.pdf
Samsung Galaxy Phones Expose Modem via USB Port
https://github.com/ud2/advisories/tree/master/android/samsung/nocve-2016-0004
4/14/2016 • 5 minutes, 21 seconds
ISC StormCast for Thursday, April 14th 2016
Badlock not as bad
https://isc.sans.edu/forums/diary/BadLock+Vulnerability+CVE20162118/20933/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+April+2016+httpsiscsansedumspatchdayshtmlviewday20160412/20935
4/14/2016 • 7 minutes, 28 seconds
ISC StormCast for Thursday, April 14th 2016
Badlock not as bad
https://isc.sans.edu/forums/diary/BadLock+Vulnerability+CVE20162118/20933/
Microsoft Patches
https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+Summary+for+April+2016+httpsiscsansedumspatchdayshtmlviewday20160412/20935
4/14/2016 • 7 minutes, 28 seconds
ISC StormCast for Tuesday, April 12th 2016
Petyz Ransomware Decrypted
https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/
Malware Creator Bribes Anti-Virus Vendors
http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/
User Will Plug in USB Drives They Find In The Parking Lot
https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find
Ruby Gems Replacement Vulnerability
http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
4/12/2016 • 5 minutes, 39 seconds
ISC StormCast for Tuesday, April 12th 2016
Petyz Ransomware Decrypted
https://isc.sans.edu/forums/diary/Tool+Released+to+Decrypt+Petya+Ransomware+Infected+Disks/20929/
Malware Creator Bribes Anti-Virus Vendors
http://blog.checkpoint.com/2016/04/08/qihoo-360-just-the-tip-of-the-whitelisted-malware-iceberg/
User Will Plug in USB Drives They Find In The Parking Lot
https://www.elie.net/publication/users-really-do-plug-in-usb-drives-they-find
Ruby Gems Replacement Vulnerability
http://blog.rubygems.org/2016/04/06/gem-replacement-vulnerability-and-mitigation.html
4/12/2016 • 5 minutes, 39 seconds
ISC StormCast for Sunday, April 10th 2016
Flash Releases Pre-Announced Emergency Patch
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/
Wordpress Will Start Using SSL
https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/
iMessage Vulnerablitiy Allows Access To Chat History
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
Ubuntu on Windows 10: Not as Insecure as Some Think
http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html
Special Badlock Webcast
https://www.sans.org/webcasts/badlock-102107
4/10/2016 • 6 minutes, 33 seconds
ISC StormCast for Sunday, April 10th 2016
Flash Releases Pre-Announced Emergency Patch
https://helpx.adobe.com/security/products/flash-player/apsb16-10.html
http://blog.trendmicro.com/trendlabs-security-intelligence/look-adobe-flash-player-cve-2016-1019-zero-day-vulnerability/
Wordpress Will Start Using SSL
https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/
iMessage Vulnerablitiy Allows Access To Chat History
https://www.bishopfox.com/blog/2016/04/if-you-cant-break-crypto-break-the-client-recovery-of-plaintext-imessage-data/
Ubuntu on Windows 10: Not as Insecure as Some Think
http://www.pcworld.com/article/3051604/windows/linuxs-deadliest-command-doesnt-faze-bash-on-windows-10.html
Special Badlock Webcast
https://www.sans.org/webcasts/badlock-102107
4/10/2016 • 6 minutes, 33 seconds
ISC StormCast for Friday, April 8th 2016
Google/Facebook CAPTCHA Broken Again
https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Updated FBI Damage Numbers For Business E-Mail Compromise
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
PowerWare / PoshCoder Ransomware Decryption
https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption
Leaking Information Via Browser XSS Filters
http://www.mbsd.jp/blog/20160407.html
4/8/2016 • 5 minutes, 37 seconds
ISC StormCast for Friday, April 8th 2016
Google/Facebook CAPTCHA Broken Again
https://www.blackhat.com/docs/asia-16/materials/asia-16-Sivakorn-Im-Not-a-Human-Breaking-the-Google-reCAPTCHA-wp.pdf
Updated FBI Damage Numbers For Business E-Mail Compromise
https://www.fbi.gov/phoenix/press-releases/2016/fbi-warns-of-dramatic-increase-in-business-e-mail-scams
PowerWare / PoshCoder Ransomware Decryption
https://www.alienvault.com/open-threat-exchange/blog/powerware-or-poshcoder-comparison-and-decryption
Leaking Information Via Browser XSS Filters
http://www.mbsd.jp/blog/20160407.html
4/8/2016 • 5 minutes, 37 seconds
ISC StormCast for Thursday, April 7th 2016
Cisco Security Advisory
https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
OSVDB Closes Down
https://blog.osvdb.org/2016/04/05/osvdb-fin/
Apple iOS Passcode Bypass Vulnerability
http://seclists.org/fulldisclosure/2016/Apr/19
Securing the Human: Ouch Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
4/7/2016 • 4 minutes, 50 seconds
ISC StormCast for Thursday, April 7th 2016
Cisco Security Advisory
https://tools.cisco.com/security/center/publicationListing.x#~CiscoSecurityAdvisory
OSVDB Closes Down
https://blog.osvdb.org/2016/04/05/osvdb-fin/
Apple iOS Passcode Bypass Vulnerability
http://seclists.org/fulldisclosure/2016/Apr/19
Securing the Human: Ouch Newsletter
https://securingthehuman.sans.org/resources/newsletters/ouch/2016
4/7/2016 • 4 minutes, 50 seconds
ISC StormCast for Wednesday, April 6th 2016
New Microsoft Patches API
https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/
BadLock Webcast
https://www.sans.org/webcasts/badlock-102107
Microsoft Single Signon Vulnerable to Token Hijacking
https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/
Domino's Pizza Mobile App Payment Bypass
http://www.ifc0nfig.com/dominos-pizza-and-payments/
4/6/2016 • 6 minutes, 14 seconds
ISC StormCast for Wednesday, April 6th 2016
New Microsoft Patches API
https://isc.sans.edu/forums/diary/New+Features+for+Microsoft+Patch+Data/20911/
BadLock Webcast
https://www.sans.org/webcasts/badlock-102107
Microsoft Single Signon Vulnerable to Token Hijacking
https://whitton.xyz/articles/obtaining-tokens-outlook-office-azure-account/
Domino's Pizza Mobile App Payment Bypass
http://www.ifc0nfig.com/dominos-pizza-and-payments/