SANS Internet Storm Center's Daily Network Security News Podcast
1,029 episodes — Page 16 of 21
Network Security News Summary for Tuesday April 4th, 2023
efile.com Compromise; MyCloud Breach; 3CX GoPuram Backdoor efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/ keywords: efile.com; irs; taxes; western digital; 3cx; crypto;
Network Security News Summary for Monday April 3rd, 2023
Preventing Framing; Oledump Supports MSI; 3CX Update; PinDuoDuo App Issues; Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analysis-intl-hnk/index.html keywords: pinduoduo; temu; 3cx; oledump; msi; x-frame-options; csp; frame-ancestors
Network Security News Summary for Friday March 31st, 2023
Malicious 3CX Desktop App Update; Reverse Engineering Obfuscated Powershell via Debugger Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Bypassing PowerShell Strong Obfuscation https://isc.sans.edu/diary/Bypassing%20PowerShell%20Strong%20Obfuscation/29692 keywords: 3cx; voip; supply chain; powershell; obfuscation
Network Security News Summary for Thursday March 30th, 2023
Multi Stream Extraction; 3CX Compromise; MSFT Defender False Positive; Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of IBM Aspera Faspex CVE-2022-47986 https://www.rapid7.com/blog/post/2023/03/28/etr-active-exploitation-of-ibm-aspera-faspex-cve-2022-47986/ QNAP Patch for sudo vulnerablity https://www.qnap.com/en/security-advisory/qsa-23-11 keywords: qnap; aspera; ibm; faspex; microsoft; false positives; 3cx; voip; supply chain; excel; multiple stream;
Network Security News Summary for Wednesday March 29th, 2023
Sensor Placement; Exchange Online Throtteling Exchange; WiFi Vulnerablity; Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf keywords: wifi; throttling; exchange server; network monitor; sniffer; span;
Network Security News Summary for Tuesday March 28th, 2023
Reversing HTA Files Part 1; Apple Patches; New MacStealer Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware keywords: macstealer; apple; ipados; ios; macos; watchos; tvos; hta; reversing
Network Security News Summary for Monday March 27th, 2023
Windows Snipping Tool Updates; GitHub SSH Key Leaked; Redis-py/ChatGPT Vuln; YouTube Hacks Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 CyberChef Update https://github.com/gchq/CyberChef/wiki/Character-encoding,-EOL-separators,-and-editor-features keywords: windows snipping tool; image cropping; github; ssh; redis-py; chatgpt; youtube hacks; cyber chef update
Network Security News Summary for Friday March 24th, 2023
Safe Redactions; Untitled Goose; Veeam Vulnerability; Python Unicode Evasion; Cropping and Redacting Images Safely https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666 Untitled Goose Tool https://github.com/cisagov/untitledgoosetool Veeam Vulnerability Details https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/ Unicode Support in Python used to Evade Detection https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection keywords: redactions; untitled goose; veeam; python unicode;
Network Security News Summary for Thursday March 23rd, 2023
Detecting Badly Cropped PNGs; WooCommerce Skimmer; Orbi Vuln; Windows Snipping Tool Privacy Bug: Inspecting PNG Files https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660 Acropalypse Detection and Sanitization Tools https://github.com/infobyte/CVE-2023-21036 WooCommerce Skimmer Reveals Tampered Gateway Plugin https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html Netgear Orbi Router Vulnerable https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-router-vulnerable-to-arbitrary-command-execution/ keywords: netgear; orbi; woocommerce; acropalypse; detection; pngdump; snipping
Network Security News Summary for Wednesday March 22nd, 2023
Character Pair Reversal; Windows Snipping Tool Bug; Malicious .Net; Spring Vuln; Snappy PHP Vuln; String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ Malicious .Net Packages https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/ Spring Framework Vulnerability https://spring.io/blog/2023/03/20/spring-framework-6-0-7-and-5-3-26-fix-cve-2023-20860-and-cve-2023-20861 Snappy Vulnerability https://github.com/KnpLabs/snappy/security/advisories/GHSA-gq6w-q6wh-jggc keywords: snappy; php; spring; .Net; nuget; windows 11; cropping images; obfuscation
Network Security News Summary for Tuesday March 21st, 2023
More Telegram Phishing; Emotet OneNote; WSUS Update; DOTRUNPEX; From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/ WSUS Update https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations DOTRUNPEX .Net Injector https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-used-in-the-wild/ keywords: telegram; emotet; onenote; wsus; update; dotrunpex
Network Security News Summary for Monday March 20th, 2023
Obfuscated Backdoor; Samsung Exynos Vuln; Android Image Cropping Problem; Bitwarden PIN Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Android Image Cropping Problem https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1 https://acropalypse.app/ Bitwarden Pins https://ambiso.github.io/bitwarden-pin/ keywords: bitwarden; android; image cropping; redaction; samsung; exynos; backdoor; obfuscation
Network Security News Summary for Friday March 17th, 2023
Dissecting Shellcode; Telerik Exploit; Adobe Acrobat Sign Abuse; Patches for Zoom, Array Networks and Aruba Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a Abusing Adobe Acrobat Sign to Distribute Malware https://blog.avast.com/adobe-acrobat-sign-malware Zoom Patches https://explore.zoom.us/en/trust/security/security-bulletin/ Array Networks Advisory https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentation/FieldNotice/Array_Networks_Security_Advisory_for_Remote_Code_Execution_Vulnerability_AG.pdf Aruba Patches https://www.arubanetworks.com/support-services/security-bulletins/ keywords: array; advisorsy; zoom; aruba; adobe; acrobat sign; malware; telerik; shellcode; excel; equation editor
Network Security News Summary for Thursday March 16th, 2023
IPFS Phishing and iFrames; CVE-2023-23997 Exploit; Windows ICMP RCE; 90 Day Cert Limit; IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ CVE-2023-23415 ICMP RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 Chromium Certificate Proposals https://www.chromium.org/Home/chromium-security/root-ca-policy/moving-forward-together/ keywords: certificates; lifetime; icmp; rce; outlook; exploit; ipfs; phishing; iframes
Network Security News Summary for Wednesday March 15th, 2023
Microsoft Patches; Adobe Patches; SAP Patches; Firefox Patches Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/ keywords: firefox; SAP; Adobe; Cold Fusion; Magento; Adobe Commerce; microsoft; patches
Network Security News Summary for Tuesday March 14th, 2023
#SVB Scams; CISO KEV List Additions; FortiOS Vuln Exploited; SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369 keywords: fortios; cisa; svb; scams; domains; plex; vmware
Network Security News Summary for Monday March 13rd, 2023
AsynRAT Trojan; Mirai Payload Generator; Browser Hijack; OneNote Embeded File Protection; No more Chrome Cleanup Tool AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2CIn%20development&searchterms=122277 Google Removing Chrome Cleanup Tool https://security.googleblog.com/2023/03/thank-you-and-goodbye-to-chrome-cleanup.html keywords: google; chrome; clenaup tool; onenote; browser hijacking; mirai; asynrat;
Network Security News Summary for Friday March 10th, 2023
Sonicwall Backdoor; WebLogic "Crypter"; Home Assistant Vuln; Fake ChatGPT Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Criminals Steal Crytocurrency through Play-to-Earn Games https://www.ic3.gov/Media/Y2023/PSA230309 keywords: crytocurrency; gold farming; play-to-earn; chatgpt; home assistant; scrybcrypt; sonicwall
Network Security News Summary for Thursday March 9th, 2023
Joomla Exploits; Jenkins RCE Vuln; Bitwarden Vuln; FortiOS Update; Veeam Update Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245 keywords: veeam; fortios; bitwarden; jenkins; joomla;
Network Security News Summary for Wednesday March 8th, 2023
VSCode SFTP Creds Leak; Clipboard Protection; Sys01 Facebook Info Stealer Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer keywords: sys01 stealer; facebook; android; clipboard; vscode;
Network Security News Summary for Tuesday March 7th, 2023
S3 Scanning; Router Malware; SonicWall Vuln; Word RCE PoC; Remcos RAT Update Scanning s3 Buckets https://isc.sans.edu/diary/Scanning%20s3%20buckets/29606 HiatusRAT Router Malware https://blog.lumen.com/new-hiatusrat-router-malware-covertly-spies-on-victims/ SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0004 Windows Word RCE Proof-of-Concept https://twitter.com/jduck/status/1632471544935923712 https://qoop.org/publications/cve-2023-21716-rtf-fonttbl.md DBatLoader and Remcos RAT https://www.sentinelone.com/blog/dbatloader-and-remcos-rat-sweep-eastern-europe/ keywords: dbatloader; remcos rat; windows; word; rce; poc; sonicwall; hiatusrat; s3 buckets;
Network Security News Summary for Monday March 6th, 2023
SANS.edu Commencement; SCARLETEEL Cloud Attacks; Preventing OneNote Exploits; Redis Exploits SANS.edu Commencement https://www.linkedin.com/feed/update/urn:li:activity:7037794067266625536/ SCARLETEEL: Operation Leverating Terraform, Kubernetes and AWS for data theft https://sysdig.com/blog/cloud-breach-terraform-data-theft/ Preventing Malicious OneNote Files https://www.bleepingcomputer.com/news/security/how-to-prevent-microsoft-onenote-files-from-infecting-windows-with-malware/ Redis Miner Leverages Command Line File Hosting Service https://www.cadosecurity.com/redis-miner-leverages-command-line-file-hosting-service/ keywords: redis; miner; onenote; scarleteel; sans.edu; commencement; crypto miner
Network Security News Summary for Friday March 3rd, 2023
Malicious OneNote and YARA; DroneID Security; OAuth Flaw; Marco Gfeller Malware Analysis Pipeline #sans_edu YARA: Detect the Unexpected https://isc.sans.edu/diary/YARA%3A%20Detect%20The%20Unexpected%20.../29598 Drone Security and the Mysterious Case of DJI's DroneID https://github.com/RUB-SysSec/DroneSecurity Booking.com OAuth Flaw https://salt.security/blog/traveling-with-oauth-account-takeover-on-booking-com SANS.edu Student Marco Gfeller: Lightweight Python-Based Malware Analysis Pipeline https://www.sans.org/white-papers/lightweight-python-based-malware-analysis-pipeline/ keywords: malware; python; pipeline; sans.edu; booking; oauth; drone; dji; droneid; yara; onenote
Network Security News Summary for Thursday March 2nd, 2023
Game Infostealer; DNS Abuse Matrix; BlackLotus; TPM Vuln; Aruba Vuln; Cisco Vuln; Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP keywords: Cisco; voip; webui; arbua; tcg; tpm; dns abuse, python; infostealer; gamers; steam; telegram
Network Security News Summary for Wednesday March 1st, 2023
BB17 and Qakbot; LastPass Details; CISA RedTeam Lessons; Jailbreak Chat BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incident-1-additional-details-of-the-attack https://support.lastpass.com/help/incident-2-additional-details-of-the-attack CISA Red Team Shares Key Findings https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a Jailbreak Chat https://www.jailbreakchat.com keywords: jailbreak; cisa; lastpass; bb11; qakbot; qbot
Network Security News Summary for Tuesday February 28th, 2023
Phishing Again; Unlocked Phone Stealing; More Fake Auth Apps; Zoneminder Vuln; Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a More Fake Authenticator Apps https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ Zoneminder Vulnerability https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr WebLogic Exploit (not verified) CVE-2023-21839 https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go keywords: weblogic; zoneminder; fake authenticator; unlocked; phone; phishing
Network Security News Summary for Monday February 27th, 2023
WebDav Leads to IcedID; oledump msi plugin; Automatic BEC/Ransomware Discrution; Cisco Vulns; URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584 Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX keywords: cisco; ransomware; bec; microsoft 365; defender; oledump; msi; webdav; icedid; bockbot
Network Security News Summary for Friday February 24th, 2023
Updated Exchange AV Guidance; Home Network Security; Datacenter Attacks; npm spam; more malicious pypi Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Network https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Attacks on Data Center Organizations https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations NPM Package Phishing https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/ Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi keywords: pypi; npm; data centers; home network; av guidance; exchange
Network Security News Summary for Thursday February 23rd, 2023
Confluence Scans; Apple Advisories Updates; Odd 2FA Apps in Apple Appstore; VMware Carbon Black Vuln Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213605 https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html Questionable two-factor Apps https://twitter.com/mysk_co/status/1627097291063435264 VMWare Carbon Black App Control Vulnerability https://www.vmware.com/security/advisories/VMSA-2023-0004.html keywords: vmware; carbon black; two-factor; apple; vulnerability; confluence
Network Security News Summary for Wednesday February 22nd, 2023
Customized Phishing; FortiNAC Exploit; Apache Commons FileUpload Fix; VMWare Win Server 2022 Fix Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues keywords: vmware; windows; server; 2022; apache; commons; fileupload; fortinac; fortinet; cve-2022-39952; phishing; thum.io
Network Security News Summary for Tuesday February 21st, 2023
OneNote Suricata Rules; New IIS Backdoor; Outlook Spam; Godaddy Breach OneNote Suricata Rules https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564 New IIS Backdoor https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis Outlook Spam https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/ Godaddy Breach and Website Redirects https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx keywords: godaddy; outlook; iis; onenote; suricata;
Network Security News Summary for Monday February 20th, 2023
Phishing Emails; Twitter 2FA; Fortinet; Cisco Patches related to ClamAV Phishing Emails to out Handlers Inbox https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560 Twitter Alters 2FA https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter Fortinet Updates https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories https://twitter.com/Horizon3Attack/status/1626692778062237713 Cisco ClamAV Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy keywords: cisco; clamav; fortnet; twitter; 2fa; sms; phishing; ipfs
Network Security News Summary for Friday February 17th, 2023
Browser in Browser; Windows VM Issues; ESXi Args Update; PHP Updates; HTML Phishing Attachment with Browser-in-the-Browser Technique https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556 Windows Server 2022 Might Not Start Up After Updates https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods PHP Updates https://www.php.net ClamAV Patches https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html keywords: clamav; php; esxiargs; windows server 2022; patches; problmes; html; browser in the browser; bib; bitb;
Network Security News Summary for Thursday February 16th, 2023
Passive DNS; GitHub Copilot Update; Hyundai Patches; Firefox, Citrix and HAProxy Patches DNS Recon Redux https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552 GitHub Copilot Update https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/ Hyundai Software Update https://www.hyundaiantitheft.com Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and HA Proxy Patch CVE-2023-25725 https://www.mail-archive.com/[email protected]/msg43229.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/ keywords: firefox; haproxy; citrix; hyundai; github; copilot; dns; passive dns;
Network Security News Summary for Wednesday February 15th, 2023
Microsoft Patch Tuesday; Adobe Patches; Intel OpenBMC Patches Microsoft February 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel OpenBMC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html keywords: intel; openbmc; adobe; microsoft; patches
Network Security News Summary for Tuesday February 14th, 2023
Apple Patches Everything; Venmo Phish via LinkedIn; Malicious Python; Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack keywords: python; pypi; chinese; typosquatting; venmo; slink; linkedin; apple; patches;
Network Security News Summary for Monday February 13rd, 2023
Script Block Logging Deactivation; Zeek and pcaps; Prompt Injection Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat keywords: python; bing; pcap; zeek; script block logging; prompt injection; chat
Network Security News Summary for Friday February 10th, 2023
Screenshot Backdoor; Keypass Update; Google Ads AWS Phishing; Kafka Vuln; A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz keywords: apache; kafka; aws; google; ads; keepass; patch; backdoor; screenshot
Network Security News Summary for Thursday February 9th, 2023
Telegram Phish; ESXIArgs Ransomware Help; IoT Crypto Standard; Sonicwall Filter Issues; Chrome early-stable Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/ keywords: google; chrome; sonicwall; nist; esxiargs; iot; telegram; phishing
Network Security News Summary for Wednesday February 8th, 2023
Bluetooth Vuln Trends; OpenSSL Update; GoAnywhere Patch and PoC; Quakbot via OneNote A Survey of Bluetooth Vulnerabilities Trends https://isc.sans.edu/diary/A%20Survey%20of%20Bluetooth%20Vulnerabilities%20Trends%20%282023%20Edition%29/29522 OpenSSL Vulnerabilities / Patches https://www.openssl.org/news/secadv/20230207.txt Packet Tuesday: Most Frequent DNS Query ID / DNS Notify https://www.youtube.com/watch?v=QgCuE_zKyMY GoAnywhere MFT Patch Available (and PoC) https://frycos.github.io/vulns4free/2023/02/06/goanywhere-forgotten.html https://my.goanywhere.com/webclient/Dashboard.xhtml Qakbot Mechanizes Distribution of Malicous OneNote Notebooks https://news.sophos.com/en-us/2023/02/06/qakbot-onenote-attacks/ keywords: quakbot; onenote; goanywhere; packet tuesday; openssl; bluetooth
Network Security News Summary for Tuesday February 7th, 2023
Earthquake Scams; IP Lookup Detection; OpenSSH Vuln Details; Redis Malware Earthquake Scams https://isc.sans.edu/diary/Earthquake%20in%20Turkey%20and%20Syria%3A%20Be%20Aware%20of%20Possible%20Donation%20Scams/29518 APIs Used By Bots to Detect Public IP Addresses https://isc.sans.edu/diary/APIs+Used+by+Bots+to+Detect+Public+IP+address/29516/ OpenSSH Vulnerablity Details CVE 2023-25136 https://blog.qualys.com/vulnerabilities-threat-research/2023/02/03/cve-2023-25136-pre-auth-double-free-vulnerability-in-openssh-server-9-1 A Novel State-of-the-Art Redis Malware https://blog.aquasec.com/headcrab-attacks-servers-worldwide-with-novel-state-of-art-redis-malware?&web_view=true keywords: redis; openssh; api; ip addresses; earthquake; syria; turkey
Network Security News Summary for Monday February 6th, 2023
Assemblyline Sandbox; GoAnywhere MFT 0-Day; VMWare ESXi Ransomware; Jira Service Managemnt Server Vuln; Assemblyline as a Malware Analysis Sandbox https://isc.sans.edu/diary/Assemblyline%20as%20a%20Malware%20Analysis%20Sandbox/29510 GoAnywhere MFT zero-day Exploited https://www.rapid7.com/blog/post/2023/02/03/exploitation-of-goanywhere-mft-zero-day-vulnerability/ Ransomware targeting VMware ESXi https://blog.ovhcloud.com/ransomware-targeting-vmware-esxi/ Jira Service Managment Server and Data Center Advisory CVE-2023-22501 https://confluence.atlassian.com/jira/jira-service-management-server-and-data-center-advisory-cve-2023-22501-1188786458.html OpenSSH Update https://www.openssh.com/releasenotes.html F5 BigIP Vulnerability CVE-2023-22374 https://my.f5.com/manage/s/article/K000130415 keywords: f5; bigip; openssh; jira; vmware; esxi; goanywhere mft; assemblyline
Network Security News Summary for Friday February 3rd, 2023
tcpdump in pfsense; BEC visa Third-Parties; More Malvertising; Cisco Persistence Rotating Packet Captures with pfSense https://isc.sans.edu/diary/Rotating%20Packet%20Captures%20with%20pfSense/29500 BEC Group Incorporates Secondary Impersonated Personas https://intelligence.abnormalsecurity.com/blog/firebrick-ostrich-third-party-reconnaissance-attacks MalVirt .Net Virtualization Thrives in Malvertising Attacks https://www.sentinelone.com/labs/malvirt-net-virtualization-thrives-in-malvertising-attacks/ Cisco Remote Code Execution with Persistence https://www.trellix.com/en-us/about/newsroom/stories/research/when-pwning-cisco-persistence-is-key-when-pwning-supply-chain-cisco-is-key.html keywords: packets; pfsense; tcpdump; pec; malvirt; .net; malvertising; cisco;
Network Security News Summary for Thursday February 2nd, 2023
Detecting OneNote; MSFT Defender and Linux; Chromebook Exploit; ImageMagik Vuln; dompdf vulnerability Detecting Malicious OneNote Files https://isc.sans.edu/diary/Detecting%20%28Malicious%29%20OneNote%20Files/29494 Microsoft Defender Device Isolation for Linux https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-device-isolation-support-for-linux/ba-p/3676400 SH1MMER Exploit for Chromebooks https://sh1mmer.me DOMPDF SVG Parsing Vulnerability https://github.com/dompdf/dompdf/security/advisories/GHSA-3cw5-7cxw-v5qg keywords: dompdf; svg; sh1mmer; microsoft; defender; linux; onenote; detection
Network Security News Summary for Wednesday February 1st, 2023
Honeypot with pfSense; Abusing "Verified Published"; PoS Malware Blocks NFC; Detecting AV Blindspots DShield Honeypot Setup with pfSense https://isc.sans.edu/diary/DShield%20Honeypot%20Setup%20with%20pfSense/29490 Threat Actors Abusing Microsoft's "Verified Publisher" Status https://www.proofpoint.com/us/blog/cloud-security/dangerous-consequences-threat-actors-abusing-microsofts-verified-publisher PoS Malware Can Block Contactless Payments https://securelist.com/prilex-modification-now-targeting-contactless-credit-card-transactions/108569/ Detecting Files Exempt from Anti Malware Scans https://github.com/bananabr/TimeException keywords: timeexcept; blindspot; antivirus; pos; contactless; credit card; microsoft; oauth; verified publisher; phishing; honeypot; pfsense
Network Security News Summary for Tuesday January 31st, 2023
DoH Scans; GitHub Replaces Signing Cert; GitHub ZIP Algo Changes; Decoding DNS over HTTP(s) Requests https://isc.sans.edu/diary/Decoding%20DNS%20over%20HTTP%28s%29%20Requests/29488 Action Needed for GitHub Desktop and Atom Users https://github.blog/2023-01-30-action-needed-for-github-desktop-and-atom-users/ GitHub Checksum Mismatches for .tar.gz Files https://github.com/orgs/community/discussions/45830 Facebook 2FA Bypass https://medium.com/pentesternepal/two-factor-authentication-bypass-on-facebook-3f4ac3ea139c Fortinet Exploit https://wzt.ac.cn/2022/12/15/CVE-2022-42475/ QNAP Vulnerability https://www.qnap.com/en/security-advisory/qsa-23-01 keywords: facebook; 2fa; qnap; fortinet; github; zip; tar.gz; desktop; dns; https; doh
Network Security News Summary for Monday January 30th, 2023
MSFT Exchange Patching Hints; FCC vs. Twilio; PlugX Spreads via USB Microsoft Tips to Patch Your Exchange Servers https://techcommunity.microsoft.com/t5/exchange-team-blog/protect-your-exchange-servers/ba-p/3726001 FCC Treatens to Take Action Against Twilio over Robocalls https://www.fcc.gov/document/fcc-takes-mortgage-scam-robocall-campaign-targeting-homeowners PlugX Variant Spreads via USB https://unit42.paloaltonetworks.com/plugx-variants-in-usbs/ Adware in Google Play Store https://news.drweb.com/show/review/?lng=en&i=14652 Tails 5.9 Update https://tails.boum.org/news/version_5.9/index.de.html keywords: google; play; adware; plugx; usb; fcc; twilio; robocalls; microsoft; exchange; patching;
Network Security News Summary for Friday January 27th, 2023
Unix IR with UAC; Bitwarden Phishing; PY#RATION Websockets; SkyHigh Security Gateway; Win Crypto API; BIND Update Live Linux IR with UAC https://isc.sans.edu/diary/Live%20Linux%20IR%20with%20UAC/29480 Bitwarden Phishing https://community.bitwarden.com/t/phishing-website-bitwardenlogin-com/49704 https://www.reddit.com/r/Bitwarden/comments/10k2aj5/google_search_ads_showing_fake_bitwarden_web/ PY#RATION Attack Campaign Leverages Fernet Encyrption and Websockets https://www.securonix.com/blog/security-advisory-python-based-pyration-attack-campaign/ Skyhigh Security Secure Web Gateway: XSS in Single Sign On Plugin https://www.redteam-pentesting.de/en/advisories/rt-sa-2022-002/-skyhigh-security-secure-web-gateway-cross-site-scripting-in-single-sign-on-plugin Windows Crypto API Vuln PoC https://github.com/akamai/akamai-security-research/tree/main/PoCs/CVE-2022-34689 BIND Patches https://kb.isc.org/docs/cve-2022-3094 keywords: bind; windows; crypto api; poc; skyhigh; xss; sso; py#ration; websocket; bitwarden; phishing; UAC; linux; IR
Network Security News Summary for Thursday January 26th, 2023
Malicious OneNote Expample; Secure Remote Monitoring; Cloud Kerberos Attacks; XLL Block; First Malicious OneNote Document https://isc.sans.edu/diary/A%20First%20Malicious%20OneNote%20Document/29470 Guidance for Securing Remote Monitoring and Management Software https://media.defense.gov/2023/Jan/25/2003149873/-1/-1/0/JOINT_CSA_RMM.PDF Microsoft Azure-Based Kerberos Attacks Crack Open Cloud Accounts https://www.darkreading.com/cloud/microsoft-azure-kerberos-attacks-open-cloud-accounts Microsoft Blocking XLL Files Downloaded From Internet https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=115485 Lexmark Vulnerablities https://publications.lexmark.com/publications/security-alerts/CVE-2023-23560.pdf VMware VRealize Update https://www.vmware.com/security/advisories/VMSA-2023-0001.html keywords: microsoft; xll; blocking; azure; kerberos; cloud; onenote
Network Security News Summary for Wednesday January 25th, 2023
Apple Patch Summary; ManageEngine News; KSMBD News; Bitwarden Weakness; Apple Patch Summary https://isc.sans.edu/forums/diary/Apple%20Updates%20%28almost%29%20Everything%3A%20Patch%20Overview/29472/ ManageEngine News; https://github.com/vonahisec/CVE-2022-47966-Scan KSMBD Vulnerability https://sysdig.com/blog/cve-2023-0210-linux-kernel-unauthenticated-remote-heap-overflow/ BitWarden Server Side Iterations https://palant.info/2023/01/23/bitwarden-design-flaw-server-side-iterations/ Packet Tuesday: Neighbor Advertisements https://www.youtube.com/watch?v=CoaZjuuY1do keywords: bitwarden; ksmbd; manageengine; apple; patches;