SANS Internet Storm Center's Daily Network Security News Podcast
1,029 episodes — Page 12 of 21
Network Security News Summary for Tuesday February 06th, 2024
Time to Spam; Anydesk Update; Latest Ivanti Exploit; Deepfake Exploits; Public Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis Deepfake Exploits https://www.scmp.com/news/hong-kong/law-and-crime/article/3250851/everyone-looked-real-multinational-firms-hong-kong-office-loses-hk200-million-after-scammers-stage https://www.404media.co/inside-the-underground-site-where-ai-neural-networks-churns-out-fake-ids-onlyfake/ keywords: deepfake; ivanti; poc; cve-2024-21893; ssrf; anydesk; email; spam;
Network Security News Summary for Monday February 05th, 2024
DShield Honeypot Dashboard; Anydesk Breach; Docker Leaks DShield Sensor Log Collection with Elasticsearch https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/ Anydesk Breach https://anydesk.com/en/public-statement Leaky Vessels https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/ keywords: docker; dshield; elastic; kibana; anydesk; leaky vessels
Network Security News Summary for Friday February 02th, 2024
What is a TLD; CISA Ivanti Policy; Cloudflare Breach; Vision Pro Update What is a Top Level Domain https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/ Updated CISA Ivanti Policy https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure Cloudflare Publishes Breach Details https://blog.cloudflare.com/thanksgiving-2023-security-incident Vision Pro Update https://support.apple.com/en-us/HT214070 keywords: vision pro; cisa; ivanti; cloudflare; okta; tld; domain;
Network Security News Summary for Thursday February 01th, 2024
Internal Domains/TLDs; Ivanti Patches and Vulns; glibc syslog vuln; modsecurity vuln; The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30 keywords: modsecurity; waf; glibc; syslog; ivanti; tld; internal
Network Security News Summary for Wednesday January 31th, 2024
Detecting Honeypots; TLD for Internal Use; Juniper Patches Patching; ChatGPT Leaks What did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/ Chat GPT Leaking Conversations Again https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/ keywords: chatgpt; juniper; patches; tld; internal; honeypot
Network Security News Summary for Tuesday January 30th, 2024
Another Confluence Scan; PyPI Infostealer; Linux IPv6 Vuln; Exploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200 keywords: linux; icmpv6; router adv; RCE; python; atlassian; confluence
Network Security News Summary for Monday January 29th, 2024
Batch Comments; .box TLD abuse; Jenkins CVE-2024-23897 PoC; Malicious Chinese Google Ads A Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users keywords: google; ads; malware; china; jenkins; fritz.box; batch file; payloads
Network Security News Summary for Friday January 26th, 2024
Facebook AdsManager Cookie Theft; iOS Push Notification Abuse; Mobile Spy Ads; Fecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/ keywords: patternz; phone; mobile; spy; tracking; ios; apple; push notifications; facebook adsmanager
Network Security News Summary for Thursday January 25th, 2024
Bad Infosec UI; Google Sys:All Loophole; Automotive Pwn2Own; Android Bluetooth Exploit; @sans_edu Deans List How Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/ CVE-2024-0769 D-Link DIR-859 https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/ SANS.edu Dean's List https://www.sans.edu/students/awards keywords: sans.edu; deans list; d-link; android; keystroke; pwn2own
Network Security News Summary for Wednesday January 24th, 2024
Atlassian Attacks; GoAnywhere PoC; Baracuda WAF Update; SSH Key Exfil via GitHub Update on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data keywords: gitgot; github; baracuda; firewall; Forta; goanywhere; mft; atlassian
Network Security News Summary for Tuesday January 23th, 2024
Apple Updates; Atlassian Confluence Exploited; Ivanti Mitigation Problems; Czech IPv4 Shutdown Date Apple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Czech Republic Sets IPv6 Shutdown date https://konecipv4.cz/en/ keywords: czech; ivanti; atlassian; ipv6; confluence; apple
Network Security News Summary for Monday January 22th, 2024
macOS Malware; Microsoft Breach; Juniper 0-Day Details; Brave macOS Python Script Replacing Walling Applications with Rogue Apps https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572 Microsoft Breach https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Juniper Vulnerabilities https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ Brave Removing Strict Fingerprint Mode https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/ keywords: macos; brave; microsoft; python; apps; juniper
Network Security News Summary for Friday January 19th, 2024
Ivanti Updates; Postgres Attacks; Outlook Vuln PoC; More Scans for Ivanti Connect "Secure" VPN. Exploits Public https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568 Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Attacks against Exposed Databases https://twitter.com/fasterthanlime/status/1741935393413402739 Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes keywords: outlook; postgres; ivanti; vpn; mobileiron;
Network Security News Summary for Thursday January 18th, 2024
Numbers and Password; Detecting iOS Malware; Androxgh0st Malware Number Usage in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540 A Lightweight Method to Detect Potential iOS Malware https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ CISA and FBI Release Known IOCs Associated with Androxgh0st Malware https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware keywords: passwords; numbers; ios malware; androxgh0st; reboot.log
Network Security News Summary for Wednesday January 17th, 2024
Ivanti Exploited; Citrix 0-Day; Confluence Patch; Mac Infostealer; Chrome 0-day; GitHub Key Rotation Ivanti Vulnerability Widespread Scanning https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Citrix Patches Already Exploited Vulnerability https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Atlassian Confluence Remote Code Execution Vulnerability https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html macOS Infostealers https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ Google Chrome 0-day https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html GitHub Key Rotation https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/ keywords: github; chrome; macos; infostealers; atlassian; confluence; citrix; ivanti
Network Security News Summary for Tuesday January 16th, 2024
Malware Obfuscation; Ivanti Updates; NVidia Firmware Vuln; GitLab Vuln; One File, Two Payloads https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558 Ivanti Vulnerability Updates https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/ NVidia DGX H100 and A100 Updates https://nvidia.custhelp.com/app/answers/detail/a_id/5510 GitLab Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-7028 keywords: gitlab; nvidia; ivanti;
Network Security News Summary for Friday January 12th, 2024
OpenSSH Removing DSA; Juniper Patches; ManageEngine Update; Atomic Stealer; Timeline to Remove DSA Support in OpenSSH https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] ManageEngine ADSelfService Plus Patch CVE-2024-0252 https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Atomic Stealer for Mac Update https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version keywords: atomic; stealer; mac; malware; manageengine; juniper; dsa; openssh
Network Security News Summary for Thursday January 11th, 2024
Jenkins Scans; Ivanti VPN Exploited; Zoom Update; Hadoop Attacks; infosec toolshed Jenkins Brute Force Scans https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546 Ivanti Connect Security VPN Vulnerability Exploited https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ Zoom Privilege Escalation Vulnerability https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ Apache Applictions Targeted by Stealthy Attacker https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker Infosec Toolshed https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M keywords: infosec; toolshed; apache; hadoop; fink; yarn; zoom; ivanti; vpn; jenkins;
Network Security News Summary for Wednesday January 10th, 2024
Microsoft Patches; Adobe Patches; Kyocera Vuln; Hacked Wrenches Microsoft January 2024 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/ Adobe Vulnerabilities https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ Network Connected Wrenches Used in Factories can be hacked https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/ keywords: network; wrench; hack; kyocera; adobe; microsoft; patch
Network Security News Summary for Tuesday January 09th, 2024
Honeypot User Agents; KyberSlash; netfilter DoS; Cacti RCE What is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp keywords: cacti; netfilter; kyberslash; user agent
Network Security News Summary for Monday January 08th, 2024
Better Netstat in PS; Phishing Tricks; Prometei Botnet; Spectral Blur; Google Auth API Issue; Netstat But Better and in PowerShell https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532 Double Phishing Submission https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534 Suspicious Prometei Botnet Activity https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538 Spectral Blur Mac Malware https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html Google Malware Abusing API is Standard Token Theft not an API Issue https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/ keywords: google; authentiction; api; spectral blur; mac; malware; prometei; botnet; phishing; netstat
Network Security News Summary for Friday January 05th, 2024
Wireshark Updates; Android Updates; Ivanti Critical Vuln; Wireshark Updates https://isc.sans.edu/diary/Wireshark%20updates/30528 Android Updates https://source.android.com/docs/security/bulletin/2024-01-01 Ivanti Critical Vulnerability https://forums.ivanti.com/s/article/SA-2023-12-19-CVE-2023-39336?language=en_US Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/malicious-pypi-packages-deploy-coinminer-on-linux-devices Everything npm package https://www.bleepingcomputer.com/news/security/everything-blocks-devs-from-removing-their-own-npm-packages/ keywords: pypi; npm; everything; ivanti; android; wireshark
Network Security News Summary for Thursday January 04th, 2024
Malware Review; Orange Spain RIPE Compromise; Bitwarden Weakness; iOS PoC Exploits Interesting large and small malspam attachments from 2023 https://isc.sans.edu/diary/Interesting%20large%20and%20small%20malspam%20attachments%20from%202023/30524 Orange Spain RIPE Account Compromise https://www.bleepingcomputer.com/news/security/hacker-hijacks-orange-spain-ripe-account-to-cause-bgp-havoc/ Bitwarden Heist https://blog.redteam-pentesting.de/2024/bitwarden-heist/ Apple iOS PoC Exploits https://github.com/felix-pb/kfd/blob/main/writeups/smith.md https://github.com/felix-pb/kfd/blob/main/writeups/landa.md keywords: apple; ios; poc; bitwarden; organe; spain; ripe; rpki; bgp
Network Security News Summary for Wednesday January 03th, 2024
SSH ID Strings; Google Authentication Weakness Exploited; Novel DNS Amplification (#TsuKing) Fingerprinting SSH Identification Strings https://isc.sans.edu/diary/Fingerprinting%20SSH%20Identification%20Strings/30520 Google OAUTH2 Exploited by Malware https://www.cloudsek.com/blog/compromising-google-accounts-malwares-exploiting-undocumented-oauth2-functionality-for-session-hijacking TsuKing DNS Amplification https://lixiang521.com/publication/ccs23/ccs23-xu-tsuking.pdf keywords: dns; tsuking; google; oauth; cookies; fingerprinting; ssh
Network Security News Summary for Tuesday January 02th, 2024
Malicious Python Game; Mailtrap.io Exfil; Pi Hole Docker; Barracuda 0-Day; Apache OFBiz 0-Day (Atlassian JIRA) Shall We Play a Game https://isc.sans.edu/diary/Shall+We+Play+a+Game/30510 Mailtrap.io Exfiltration https://isc.sans.edu/diary/Python%20Keylogger%20Using%20Mailtrap.io/30512 Pi Hole Docker https://isc.sans.edu/forums/diary/Pi-Hole%20Pi4%20Docker%20Deployment/30516/ Mirai Update https://isc.sans.edu/diary/Unveiling%20the%20Mirai%3A%20Insights%20into%20Recent%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30514 Barracuda 0-Day Vulnerability https://www.barracuda.com/company/legal/esg-vulnerability Apache OFBiz 0-Day Exploited against Atlassian (and possibly others) https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/ keywords: apache; ofbiz; altassian; jira; barracuda; mirai; pihole; maitrap; game; python; excel; perl
Network Security News Summary for Friday December 22th, 2023
Securing Webservers; Chrome 0-Day; Holiday Security Securing Web Servers https://isc.sans.edu/diary/How%20to%20Protect%20your%20Webserver%20from%20Directory%20Enumeration%20Attack%20%3F%20Apache2%20%5BGuest%20Diary%5D/30504 Chrome 0-Day (last one for the year?) https://chromereleases.googleblog.com/2023/12/stable-channel-update-for-desktop_20.html Note that there will be no daily stormcast for the rest of the year. Returning January 2nd SANS Cloud Defender 2024 https://www.sans.org/cyber-security-training-events/cloud-defender-2024-live-online/ keywords: chrome; web; apache; holidays
Network Security News Summary for Thursday December 21th, 2023
Atlassian Confluence Scans; F5 BigIP Fake Update; Google OAUTH issue; Remembering Adrian; Increase in Exploit Attempts for Atlassian Confluence Server (CVE-2023-22518) https://isc.sans.edu/diary/Increase%20in%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20Server%20%28CVE-2023-22518%29/30502 Fake F5 BigIP Update https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/ Google OAUTH Problems https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/ Remembering Adrien de Beaupre https://www.hpmcgarry.ca/memorials/ernest-adrien-de-beaupre/5344136/index.php keywords: adrien; google; oauth; f5; bigip; atlassian; confluence
Network Security News Summary for Wednesday December 20th, 2023
Citrixbleed Activity; SSH Terrapin Attack; ALPHV/Blackcat Disruption and Decryptor What are they looking for? Scans for OpenID Connect Configuration https://isc.sans.edu/diary/What%20are%20they%20looking%20for%3F%20Scans%20for%20OpenID%20Connect%20Configuration%20%28Update%3A%20CitrixBleed%29/30498 Terrapin Attack Against SSH https://terrapin-attack.com/TerrapinAttack.pdf ALPHV/Blackcat Ransomware Disrupted and Decryptor Available https://www.justice.gov/opa/pr/justice-department-disrupts-prolific-alphvblackcat-ransomware-variant keywords: alphv; blackcat; ransomware; decryuptor; terrapin; ssh; openid; citrix; citrixleak
Network Security News Summary for Tuesday December 19th, 2023
SMTP Smuggling; Ledger Attack; December Patch Breaks Win11 Wifi; SMTP Smuggling - Spoofing E-Mails Worldwide https://sec-consult.com/blog/detail/smtp-smuggling-spoofing-e-mails-worldwide/ Ledger Supply Chain Attack https://www.ledger.com/blog/a-letter-from-ledger-chairman-ceo-pascal-gauthier-regarding-ledger-connect-kit-exploit December Windows 11 Patch Breacks Wi-Fi Connectivity https://www.bleepingcomputer.com/news/microsoft/decembers-windows-11-kb5033375-update-breaks-wi-fi-connectivity/ keywords: windows 11; wifi; ledger; smtp; smuggling; e-mail
Network Security News Summary for Monday December 18th, 2023
Rocket MQ Exploit; C# Payload; 3CX Vuln; QNAP NVR Exploit; PFSense Vulnerabilith; #holidayhack An Example of a RocketMQ Exploit Scanner https://isc.sans.edu/diary/An%20Example%20of%20RocketMQ%20Exploit%20Scanner/30492 C# Payload Phoning to a Cobalt Strike Server https://isc.sans.edu/diary/CSharp%20Payload%20Phoning%20to%20a%20CobaltStrike%20Server/30490 3CX SQL Injection Vulnerability https://www.3cx.com/blog/news/sql-database-integration/ QNAP Viostor 0-Day Vulnerablity https://www.akamai.com/blog/security-research/qnap-viostor-zero-day-vulnerability-spreading-mirai-patched PFSense Vulnerability https://www.sonarsource.com/blog/pfsense-vulnerabilities-sonarcloud/ SANS Holiday Hack Challenge https://sans.org/holidayhack keywords: sans; holiday; hack; challenge; qnap; viostor; 3cx; sql; injection; rocketmq
Network Security News Summary for Friday December 15th, 2023
Terraforming Honeypots; Unifi Camera Mixup; Zoom VISS; Squid DoS T-shooting Terraform for DShield Honeypot in Azure https://isc.sans.edu/diary/T-shooting%20Terraform%20for%20DShield%20Honeypot%20in%20Azure%20%5BGuest%20Diary%5D/30484 Ubiquity Unifi Cameras Visible in Wrong Account https://community.ui.com/questions/Bug-Fix-Cloud-Access-Misconfiguration/fe8d4479-e187-4471-bf95-b2799183ceb7 Zoom Vulnerabilities and VISS https://viss.zoom.com/specifications https://www.zoom.com/en/trust/security-bulletin/ Squid Denial of Service Vulnerability https://www.zoom.com/en/trust/security-bulletin/ keywords: squid; zoom; ubiquity; unifi; cameras; terraform; honeypot; protect
Network Security News Summary for Thursday December 14th, 2023
GUI Python Malware; Adobe Updates; TeamCity Exploited; Sophos Patches EOL Devices Malicious Python Script with a TCL/TK GUI https://isc.sans.edu/diary/Malicious%20Python%20Script%20with%20a%20TCL%20TK%20GUI/30478 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html TeamCity Exploited https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-347a Sophos Firewall Exploit for EOL Devices CVE-2022-3236 https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce keywords: sophos; teamcity; adobe; python; tcl/tk; gui
Network Security News Summary for Wednesday December 13th, 2023
Microsoft Patches; Malicious OAUTH; Apache Struts2 Exploit; Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20December%202023/30480 Microsoft Warns of Malicious OAUTH Applications https://www.microsoft.com/en-us/security/blog/2023/12/12/threat-actors-misuse-oauth-applications-to-automate-financially-driven-attacks/ Apache Struts2 Exploit CVE-2023-50164 https://xz.aliyun.com/t/13172 keywords: struts2; microsoft; patches; oauth
Network Security News Summary for Tuesday December 12th, 2023
Sitemap.xml; Apple Patches; Android Password Autospill What is Sitemap.xml and Why a Pentester Should Care https://isc.sans.edu/diary/What%20is%20sitemap.xml%2C%20and%20Why%20a%20Pentester%20Should%20Care/30472 Apple Patches Everything https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything/30474/ Android Password Manager Auto Spill https://i.blackhat.com/EU-23/Presentations/EU-23-Gangwal-AutoSpill-Zero-Effort-Credential-Stealing.pdf keywords: sitemap.xml; apple patches; android; password manager; autospill
Network Security News Summary for Monday December 11th, 2023
IPv4 Mapped Addresses; Honeypots; Bluetooth Attacks; Syrus 4 Vuln; MSFT Edge Vuln; IPv4 Mapped IPv6 Addresses https://isc.sans.edu/diary/IPv4-mapped%20IPv6%20Address%20Used%20For%20Obfuscation/30466 Honeypots From the Skeptical Beginner to the Tactical Enthusiast https://isc.sans.edu/diary/Honeypots%3A%20From%20the%20Skeptical%20Beginner%20to%20the%20Tactical%20Enthusiast/30468 Bluetooth Weakness CVE-2023-45866 https://github.com/skysafe/reblog/tree/main/cve-2023-45866 Syrus 4 IoT Gateway Vulnerability CVE-2023-6248 https://socradar.io/syrus4-iot-gateway-vulnerability-could-allow-code-execution-on-thousands-of-vehicles-simultaneously-cve-2023-6248/ Microsoft Edge Vulnerability CVE-2023-35618 https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnotes-security#december-7-2023 keywords: microsoft; edge; syrus; iot; gateway; bluetooth; keyboard; honeypots; ipv4; ipv6
Network Security News Summary for Friday December 08th, 2023
5G Vulnerabilities; QR Codes; Windows 10 EOS; Apache Struts RCE Vuln 5G Vulnerabilities https://isc.sans.edu/diary/5Ghoul%3A%20Impacts%2C%20Implications%20and%20Next%20Steps/30462 Revealing the hidden Risks of QR Codes https://isc.sans.edu/diary/Revealing%20the%20Hidden%20Risks%20of%20QR%20Codes%20%5BGuest%20Diary%5D/30458 Window 10 End of Support https://techcommunity.microsoft.com/t5/windows-it-pro-blog/plan-for-windows-10-eos-with-windows-11-windows-365-and-esu/ba-p/4000414 Apache Struts 2 Vulnerability CVE-2023-50164 https://cwiki.apache.org/confluence/display/WW/S2-066 keywords: apache; struts; windows 10; end of support; qr codes; 5g vulnerabilities
Network Security News Summary for Thursday December 07th, 2023
Research Scan Attribution; MLFlow and Atlasian Vulns; AWS STS; #holidayhack Whose packet is is anyway: a new RFC for attribution of internet probes https://isc.sans.edu/forums/diary/Whose%20packet%20is%20it%20anyway%3A%20a%20new%20RFC%20for%20attribution%20of%20internet%20probes/30456/ MLFlow Vulnerability https://www.contrastsecurity.com/security-influencers/discovering-mlflow-framework-zero-day-vulnerability-machine-language-model-security-contrast-security https://mlflow.org/category/news/index.html Abusing STS Tokens https://redcanary.com/blog/aws-sts/ Atlasian Vulnerabilities https://confluence.atlassian.com/security/security-advisories-bulletins-1236937381.html Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2023/ keywords: holiday hack challenge; atlasian; sts tokens; aws; mlflow;
Network Security News Summary for Wednesday December 06th, 2023
Cobalt Strike Analysis; ColdFusion Exploited; Atos Unify Vuln; ExteremXOS Vuln Cobalt Strike's "Runtime Configuration" https://isc.sans.edu/diary/Cobalt%20Strike%27s%20%22Runtime%20Configuration%22/30426 Adobe ColdFusion Exploit Abused https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-339a Atos Unify OpenScape Vulnerability https://sec-consult.com/vulnerability-lab/advisory/argument-injection-vulnerability-in-multiple-atos-unify-openscape-products/ ExtremeXOS Vulnerabilities https://rhinosecuritylabs.com/research/extreme-networks-extremexos-vulnerabilities/ keywords: extremexos; atos; unify; openscape; adobe; coldfusion; cobalt strike
Network Security News Summary for Tuesday December 05th, 2023
Zarya Hacktivists; ICAN RDRS; Android and Gitlab Updates Zarya Hacktivists: More than just Sharepoint https://isc.sans.edu/diary/Zarya%20Hacktivists%3A%20More%20than%20just%20Sharepoint./30450 ICANN Registration Data Request Service (RDRS) https://rdrs.icann.org/ Android Updates https://source.android.com/docs/security/bulletin/2023-12-01 GitLab Patches https://about.gitlab.com/releases/2023/11/30/security-release-gitlab-16-6-1-released/ keywords: gitlab; android; icann; rdrs; zarya; hacktivists
Network Security News Summary for Monday December 04th, 2023
LogoFail; Fake WordPress Exploit; Qlik Sense Exploited; VMWare Patch UEFI Exploit via Boot Image https://binarly.io/posts/The_Far_Reaching_Consequences_of_LogoFAIL/index.html Fake Phishing Scan Tricks Users into Installing Backdoor Plugin https://www.wordfence.com/blog/2023/12/psa-fake-cve-2023-45124-phishing-scam-tricks-users-into-installing-backdoor-plugin/ Qlik Sense Exploited by Cactus Ransomware https://arcticwolf.com/resources/blog/qlik-sense-exploited-in-cactus-ransomware-campaign/ https://www.praetorian.com/blog/qlik-sense-technical-exploit/ VMWare Vulnerability Patched https://www.vmware.com/security/advisories/VMSA-2023-0026.html keywords: vmware; qlik; ransomware; phishing; wordpress; uefi; logofail
Network Security News Summary for Friday December 01th, 2023
Apple Updates; Mirai Expansion; Zyxel Vulns; Solarwinds Update; DNS Looking Glass Apple Updates https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444 Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/ Zyxel Vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products Solarwinds Update https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3 DNS Looking Glass https://isc.sans.edu/tools/dnslookup/ keywords: dns; looking glass; solarwinds; zyxel; mirai; apple;
Network Security News Summary for Thursday November 30th, 2023
3 Months Honeypot Summary; Arcserver PoC; Hikvision Vuln; Custom GPT Vuln Decoding the Patterns: Analzying DShield Honeypot Activity https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428 Arcserve Unified Data Protection Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2023-37 Hikvision Vulnerabilities https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ Assessing Prompt Injection Risks in 200+ Custom GPTs https://arxiv.org/pdf/2311.11538.pdf keywords: gpt; prompt injection; hikvision; arserve; dshield; honeypot
Network Security News Summary for Wednesday November 29th, 2023
Sharepoint Attack; MSFT removes Defender App Guard for Office; Synology , Tomcat and Chrome Vuln; Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357 https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436 Microsoft Deprecates Microsoft Defender Application Guard for Office https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Synology Vulnerability https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr keywords: apache; tomcat; synology; microsoft; defender; application guard; sharepoint; russia; ukraine
Network Security News Summary for Tuesday November 28th, 2023
OwnCloud Exploited; Fingerprint Reader Weakness Scans for ownCloud Vulnerability (CVE-2023-49103) https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432 Windows Hello Fingerprint Reader Weakness https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/ keywords: windows; hello; fingerprint; owncloud
Network Security News Summary for Monday November 27th, 2023
DShield Birthday; Mirai Exploits; OVA Files; OpenCart Vuln; Holiday Hack Challenge DShield Birthday https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420 Mirai uses CVE-2023-1389 https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418 More Mirai Vulnerabilities https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Analyzing OVA Files https://isc.sans.edu/diary/OVA%20Files/30424 Static Code Injections in OpenCart (CVE-2023-47444) https://github.com/opencart/opencart/issues/12947 Holiday Hackchallenge https://www.sans.org/mlp/holiday-hack-challenge-2023/ keywords: holiday; hackchallenge; opencart; ova; ovf; mirai; nvr; dvr; tplink;
Network Security News Summary for Friday November 17th, 2023
Faster tcpdump; Zimbra Exploit Details; FortiSIEM Vuln; AI-Exploits; CrushFTP and FortiSIEM Patches; @sans_edu Research: Scott Poley; Storing Less Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/ keywords: crushftp; ai; exploit; fortisiem; zimbra; 0-day; tcpdump; scott poley
Network Security News Summary for Thursday November 16th, 2023
MSIX to Redline; ChatGPT Code Interpreter vuln; Aruba and Netty Vulns; HARArmor @FronteggForSaaS Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404 ChatGPT Code Interpreter Security Hole https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole Directory Traversal in Reactor Netty CVE-2023-34062 https://spring.io/security/cve-2023-34062 Aruba Networking Product Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt HARArmor https://harmor.dev/ keywords: harmor; aruba; netty; reactor; chatgpt; interpreter; code; redline; msix; msi
Network Security News Summary for Wednesday November 15th, 2023
Microsoft Patches; Adobe Patches; Intel CPU Glitch State Patch Microsoft Patches https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html Intel CPU Glitch State Patch https://lock.cmpxchg8b.com/reptar.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html keywords: intel; cpu; glitch; adobe; microsoft;
Network Security News Summary for Tuesday November 14th, 2023
Discovering DNS C&C; Passive SSH Key Compromise; Juniper Vuln Exploited Noticing command control channels by reviewing DNS protocols https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396 Passive SSH Key Compromise via Lattices https://eprint.iacr.org/2023/1711.pdf Juniper Vulnerabilities Exploited https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US keywords: juniper; passive; ssh; dns; secret key; rsa
Network Security News Summary for Monday November 13th, 2023
Gafgyt Update; ScreenConnect Healthcare Breach; Fake Assessment Websites Routers Targeted for Gafgyt Botnet https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/ ScreenConnect used to Attack Healthcare https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack Fake Skills Assessment Portals Associated with Sapphire Sleet https://twitter.com/MsftSecIntel/status/1722316019920728437 OpenVPN Access Server Vulnerabilities https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/ keywords: openvpn; saphire sleet; job portals; assessment; screen connect; healthcare; rotuers; gafgyt