PLAY PODCASTS
SANS Internet Storm Center's Daily Network Security News Podcast

SANS Internet Storm Center's Daily Network Security News Podcast

1,029 episodes — Page 17 of 21

Network Security News Summary for Tuesday January 24th, 2023

Who Resolved What? Apple Updates Everything; NSA IPv6 Guidance; Roaming Mantis Who's Resolving This Domain https://isc.sans.edu/forums/diary/Who's%20Resolving%20This%20Domain%3F/29462/ Apple Updates Everything https://support.apple.com/en-us/HT201222 NSA IPv6 Security Guidance https://media.defense.gov/2023/Jan/18/2003145994/-1/-1/0/CSI_IPV6_SECURITY_GUIDANCE.PDF Roaming Mantis Implements new DNS Changer in tis malicious mobile app https://thehackernews.com/2023/01/roaming-mantis-spreading-mobile-malware.html keywords: roaming mantis; nsa; ipv6; Apple; patches; dns; resolution sysmon; linux

Jan 23, 20235 min

Network Security News Summary for Monday January 23rd, 2023

Windows Auth Signing; Fanduel/Mailchimp Leak; Malicious OneNotes; Cisco Vuln; Possible KeePass Vuln Imortance of Signing in Windows Environments https://isc.sans.edu/diary/Importance%20of%20signing%20in%20Windows%20environments/29456 FanDuel Discloses Data Breach Caused by Recent Mailchimp Hack https://www.bleepingcomputer.com/news/security/fanduel-discloses-data-breach-caused-by-recent-mailchimp-hack/ OneNote Documents Used to Embed Malicious Office Documents https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/trojanized-onenote-document-leads-to-formbook-malware/ Cisco Unified Communications Manager SQL Injection https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cucm-sql-rpPczR8n Possible KeePass Vulnerability https://twitter.com/vomanc/status/1617135599030530054 keywords: keepass; cisco; sql injection; unified communications manager; onenote; office; macros; signing; windows; ntlm; relay attack; fanduel; mailchimp

Jan 22, 20236 min

Network Security News Summary for Friday January 20th, 2023

Popular Domains and SPF/DMARC; Sysmon Exploit; ManageEngine Exploit; Netcomm Patch; Outdated Office Check SPF and DMARC use on 100k most popular domains https://isc.sans.edu/diary/SPF%20and%20DMARC%20use%20on%20100k%20most%20popular%20domains/29452 Sysmon Exploit Released CVE-2022-41120, CVE-2022-44704 https://github.com/Wh04m1001/SysmonEoP ManageEngine CVE-2022-47966 Technical Deep Dive https://www.horizon3.ai/manageengine-cve-2022-47966-technical-deep-dive/ Netcomm Router Vulnerablities https://kb.cert.org/vuls/id/986018 Microsoft Pushes Outdated Office Install Check https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-kb5021751-to-check-for-outdated-office-installs/ keywords: office; microsoft; netcomm; router; manageengine; sysmon; spf; dmarc

Jan 20, 20235 min

Network Security News Summary for Thursday January 19th, 2023

More Malicous Google Ads; Oracle Patches; QT/QML Bug/Vuln; Sudo Vuln; Malicious Google Ads for Fake Notepad++ Lead to Aurora Stealer https://isc.sans.edu/diary/Malicious%20Google%20Ad%20--%3E%20Fake%20Notepad%2B%2B%20Page%20--%3E%20Aurora%20Stealer%20malware/29448 Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujan2023.html QT QML Vulnerability https://blog.talosintelligence.com/vulnerability-spotlight-integer-and-buffer-overflow-vulnerabilities-found-in-qt-qml/ sudo sudoedit vulnerablity https://www.synacktiv.com/sites/default/files/2023-01/sudo-CVE-2023-22809.pdf keywords: sudo; sudoedit; qt; qml; oracle; google ads; aurora

Jan 19, 20236 min

Network Security News Summary for Wednesday January 18th, 2023

Finding GPO Settings; git audit and vulns; Azure SSRF Flaws; Windows 11 Pro Nixes Guest Auth Finding that one GPO setting in a pool of hundreds of GPOs https://isc.sans.edu/diary/Finding%20that%20one%20GPO%20Setting%20in%20a%20Pool%20of%20Hundreds%20of%20GPOs/29442 GIT Code Audit https://x41-dsec.de/security/research/news/2023/01/17/git-security-audit-ostif/ Azure SSRF Flaws https://orca.security/resources/blog/ssrf-vulnerabilities-in-four-azure-services/ SMB Insecure Guest Auth Off By Default In Windows 11 Pro https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb-insecure-guest-auth-now-off-by-default-in-windows-insider/ba-p/3715014 Packet Tuesday: IPv6 Router Advertisements https://www.youtube.com/watch?v=uRWpB_lYIZ8 keywords: Packet tuesday; ipv6; router advertisement; smb; windows 11 pro; ssrf; azure; git; GPO

Jan 18, 20235 min

Network Security News Summary for Tuesday January 17th, 2023

Malicious Google Ads; NortonLifeLock Password Manager Bruteforcing; nftables vulnerability; MSI insecure boot; PSA: Why you must run an ad blocker when using Google https://isc.sans.edu/diary/PSA%3A%20Why%20you%20must%20run%20an%20ad%20blocker%20when%20using%20Google/29438 NortonLifeLock Password Manager Bruteforcing https://webcache.googleusercontent.com/search?q=cache%3A91Bmx_jTJIkJ%3Ahttps%3A%2F%2Fago.vermont.gov%2Fwp-content%2Fuploads%2F2023%2F01%2F2023-01-09-NortonLifeLock-Gen-Digital-Data-Breach-Notice-to-Consumers.pdf&cd=3&hl=de&ct=clnk&gl=de CVE-2023-0179 Linux kernel stack buffer overflow in nftables: PoC and writeup https://seclists.org/oss-sec/2023/q1/20 MSI (in)Secure Boot https://dawidpotocki.com/en/2023/01/13/msi-insecure-boot/ keywords: msi; secure boot; nftables; linux; kernel; nortonlifelock; password managers; pse;

Jan 17, 20236 min

Network Security News Summary for Monday January 16th, 2023

YouTube Crypto Scam; Voice Impersonation; Missing Start Menu Elon Musk Themed Crypto Scams Flooding YouTube Today https://isc.sans.edu/diary/Elon%20Musk%20Themed%20Crypto%20Scams%20Flooding%20YouTube%20Today/29434 Microsoft Text to Speech Synthesizer https://arxiv.org/pdf/2301.02111.pdf Missing Windows Start Menu https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22H2#2998msgdesc keywords: start menu; windows; defender; text to speech; musk; crypto; scan; youtube

Jan 16, 20235 min

Network Security News Summary for Friday January 13rd, 2023

Prowler Cloud Assessments; Pre-Pw0ned Android TV; RevoLTE LTE Sniffing; NGFW Exfiltration; Prowler v3: AWS & Azure security assessments https://isc.sans.edu/diary/Prowler%20v3%3A%20AWS%20%26%20Azure%20security%20assessments/29430 Certified Pre-Pw0ned Android TV https://github.com/DesktopECHO/T95-H616-Malware Revolte Attack https://revolte-attack.net NGFW Data Exfiltration https://cymulate.com/blog/data-exfiltration-firewall/ keywords: ngfw; exfiltration; revolte; lte; decryption; android; tv; malware; prowler; aws; azure; cloud

Jan 13, 20236 min

Network Security News Summary for Thursday January 12nd, 2023

Shodan KEV Scans; New KSMBD Issue; Cisco RVx Vulnerabilities; Gootkit Abusing VLC; Zoom Updates Passive Detection of Internet-Connected Systems Affected by Exploited Vulnerabilities https://isc.sans.edu/diary/Passive%20detection%20of%20internet-connected%20systems%20affected%20by%20vulnerabilities%20from%20the%20CISA%20KEV%20catalog/29426 Unauthenticed Remote DoS in ksmbd NTLMv2 Authentication https://seclists.org/oss-sec/2023/q1/4 Cisco RV Series Vulnerabilities CVE-2023-20025 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sbr042-multi-vuln-ej76Pke5 Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ Gootkit Abusing VLC https://www.trendmicro.com/en_us/research/23/a/gootkit-loader-actively-targets-the-australian-healthcare-indust.html keywords: Gootkit; VLC; Zoom; Cisco; ksmbd; shodan; kev

Jan 12, 20236 min

Network Security News Summary for Wednesday January 11st, 2023

Patch Tuesday; Cacti Vuln Details; Text-to-SQL Vulnerabilities Microsoft January 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20January%202023%20Patch%20Tuesday/29420 Cacti Unauthenticated Remote Code Execution https://www.sonarsource.com/blog/cacti-unauthenticated-remote-code-execution/ On the Security Vulnerabilities of Text-to-SQL Models https://arxiv.org/pdf/2211.15363.pdf keywords: text-to-sql; nlp; ai; cacti; remote code execution; microsoft; patch tuesday; patches;

Jan 11, 20235 min

Network Security News Summary for Tuesday January 10th, 2023

CircleCI Config File Hunt; AWS S3 Encryption; MatrixSSL RCE; Auth0 JWT Library Vulnerablity New Year Old Tricks: Hunting for CircleCI Configuration Files https://isc.sans.edu/diary/New%20year%2C%20old%20tricks%3A%20Hunting%20for%20CircleCI%20configuration%20files/29416 Amazon S3 Encrypts New Objects By Default https://aws.amazon.com/blogs/aws/amazon-s3-encrypts-new-objects-by-default/ MatrixSSL Buffer Overflow https://github.com/matrixssl/matrixssl/security/advisories/GHSA-fmwc-gwc5-2g29 Auth0 JsonWebToken Vulnerability CVE-2022-23529 https://unit42.paloaltonetworks.com/jsonwebtoken-vulnerability-cve-2022-23529/ keywords: auth0; jsonwebtoken; jwt; matrixssl; amazone; s3; encryption; cricleci; configuration

Jan 10, 20236 min

Network Security News Summary for Monday January 9th, 2023

Reversing AutoIT; VSCode Extensions; Malicious Pypi Cloudflare Tunnel; Reversing AutoIT Scripts https://isc.sans.edu/diary/AutoIT%20Remains%20Popular%20in%20the%20Malware%20Landscape/29408 Can You Trust Your VSCode Extensions https://blog.aquasec.com/can-you-trust-your-vscode-extensions A Deep Dive Into Powerat https://blog.phylum.io/a-deep-dive-into-powerat-a-newly-discovered-stealer/rat-combo-polluting-pypi keywords: pypi; powerat; cloudflare; vscode; visual code; extensions; autoit; reversing;

Jan 9, 20235 min

Network Security News Summary for Friday January 6th, 2023

Malware AutoIT Script; CircleCI Breach; Twitter Leak; Slack Breach; Control Web Panel Bug; Turla USB Hack More Brazil Malspam Pushing Astaroth (Guildma) in January 2023 https://isc.sans.edu/forums/diary/More%20Brazil%20malspam%20pushing%20Astaroth%20%28Guildma%29%20in%20January%202023/29404/ CircleCI Breach https://circleci.com/blog/january-4-2023-security-alert/ Twitter Leak https://www.bleepingcomputer.com/news/security/200-million-twitter-users-email-addresses-allegedly-leaked-online/ Slack Source Code Leak https://slack.com/blog/news/slack-security-update Control Web Panel Patch CVE-2022-44877 https://github.com/numanturle/CVE-2022-44877 Turla: A Galaxy of Opportunity https://www.mandiant.com/resources/blog/turla-galaxy-opportunity keywords: turla; control web panel; slack; twitter; circleci; brazil; malware;

Jan 6, 20235 min

Network Security News Summary for Thursday January 5th, 2023

RTRBK diff feature; Google Legacy Windows Support Ending; SHC Malware; ManageEngine SQLi; ForiADC command injection; Update to RTRBK - Diff and File Dates in PowerShell https://isc.sans.edu/diary/Update%20to%20RTRBK%20-%20Diff%20and%20File%20Dates%20in%20PowerShell/29400 Google Chrome Sunsetting Legacy Windows Support https://support.google.com/chrome/thread/185534985/sunsetting-support-for-windows-7-8-8-1-in-early-2023?hl=en SHC used to compile cryptominer malware https://asec.ahnlab.com/en/45182/ ManageEngine Password Manager Pro SQL Injection https://pitstop.manageengine.com/portal/en/community/topic/manageengine-security-advisory—important-security-fix-released-for-manageengine-password-manager-pro-2-1-2023#:~:text=critical%20security%20vulnerability ForiADC Command Injection in Web Interface https://www.fortiguard.com/psirt/FG-IR-22-061 Raspberry Robin Developments https://www.securityjoes.com/post/raspberry-robin-detected-itw-targeting-insurance-financial-institutes-in-europe keywords: raspberry robin; foriadc; manageengine; password manager; cryptominer; shc; google chrome; windows; router; backup

Jan 5, 20237 min

Network Security News Summary for Wednesday January 4th, 2023

NTP Fingerprinting; Misc Car Vulnerabilities; Flipper Zero Phish; Trend Micro Patch; NTP Fingerprinting https://isc.sans.edu/diary/Its%20about%20time%3A%20OS%20Fingerprinting%20using%20NTP/29394 Misc Car Vulnerabilities https://samcurry.net/web-hackers-vs-the-auto-industry/ Flipper Zero Phishing https://twitter.com/AlvieriD/status/1609945425871609858 Trend Micro Patch https://helpcenter.trendmicro.com/en-us/article/TMKA-11252 Packet Tuesday: IP Options https://www.youtube.com/watch?v=HldNL3SLLwM keywords: packettuesday; trend micro; Flipper zero; car; vulnerability; ntp

Jan 4, 20236 min

Network Security News Summary for Tuesday January 3rd, 2023

Kyverno image swap vuln; Google Home Vuln; 3G CDMA Decomissioning; EarSpy Cell Phone Evesdropping Kyverno's container image signature verification bypass https://www.armosec.io/blog/cve-2022-47633-kyvernos-container-image-signature-verification/ Google Smart Spaeker Vulnerability https://downrightnifty.me/blog/2022/12/26/hacking-google-home.html Verizon Decomissions 3G CDMA Network https://www.fiercewireless.com/wireless/verizon-tells-3g-customers-upgrade-they-lose-service EarSpy: Spying Caller Speech and Identity Through Speaker Vibrations https://arxiv.org/pdf/2212.12151.pdf keywords: earspy; evesdropping; google; home; smart speaker; verizon; cdma; 3g; kyversno; container; signature; kubernetes

Jan 3, 20235 min

Network Security News Summary for Monday January 2nd, 2023

GOV Domain SPF/DMARC Use; ksmbd vuln; netgear patch; PyTorch dependency polution SPF and DMARC use on GOV domains in different ccTLDs https://isc.sans.edu/forums/diary/SPF+and+DMARC+use+on+GOV+domains+in+different+ccTLDs/29384/ CVE-2022-47939 ksmbd Vulnerability https://ubuntu.com/security/CVE-2022-47939 Netgear Vulnerabilities https://kb.netgear.com/000065495/Security-Advisory-for-Pre-Authentication-Buffer-Overflow-on-Some-Routers-PSV-2019-0208 PyTorch Malicious Dependency https://pytorch.org/blog/compromised-nightly-dependency/ keywords: pytorch; netgear; ksmbd; cve-2022-47939; spf; dmark; gov

Jan 1, 20236 min

Network Security News Summary for Friday December 23rd, 2022

OWASSRF Exploit Variant; ksmbd RCE Vulnerability; LastPass Incident Update Exchange OWASSRF Exploited for Remote Code Execution https://isc.sans.edu/forums/diary/Exchange%20OWASSRF%20Exploited%20for%20Remote%20Code%20Execution/29374/ ksmbd Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-22-1690/ LastPass Incident Update https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ keywords: lastpass; ksmbd; exchange; owassrf;

Dec 22, 20226 min

Network Security News Summary for Thursday December 22nd, 2022

Quick NTP Measurement; FBI favors Ad Blockers; Parental Control Issues; ProxyNotShell Bypass Quick NTP Measurement https://isc.sans.edu/diary/Can%20you%20please%20tell%20me%20what%20time%20it%20is%3F%20Adventures%20with%20public%20NTP%20servers./29368 FBI Favors Ad Blockers https://www.ic3.gov/Media/Y2022/PSA221221 Hidden Costs of Parental Control Apps https://sec-consult.com/blog/detail/the-hidden-costs-of-parental-control-apps/ ProxyNotShell Mitigtation Bypass https://www.crowdstrike.com/blog/owassrf-exploit-analysis-and-recommendations/ keywords: proxynotshell; exchange; mitigation; bypass; parental control; fbi; ad blockers; ntp;

Dec 22, 20226 min

Network Security News Summary for Wednesday December 21st, 2022

Monitoring Linux Files; NTP and Mostodon IP Feeds; Android Root Cert Updates; Elastic IP Hijack; HyperV Update Linux File System Monitoring and Actions https://isc.sans.edu/diary/Linux%20File%20System%20Monitoring%20%26%20Actions/29362 Feed of NTP Server IP Addresses https://isc.sans.edu/api/threatlist/ntpservers?json Feed of Mastodon Server IP Addresses https://isc.sans.edu/api/threatlist/mastodon?json Packet Tuesday TLS Server Hello https://www.youtube.com/watch?v=2HymU4dxWEQ Android Preparing Support for Updatable Root Certificates https://blog.esper.io/android-14-updatable-certificates/ Elastic IP Hijacking https://www.mitiga.io/blog/elastic-ip-hijacking-a-new-attack-vector-in-aws Microsoft Fixes HyperV issues With Latest Patch https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#2988 keywords: microsoft; hyperv; elastic ip; amazon; aws; android; root certs; packet tuesday; tls; ntp; mastodon; linux; monitoring

Dec 21, 20227 min

Network Security News Summary for Tuesday December 20th, 2022

Hunting Mastodons; IE Disabled in February; Gatekeeper Bypass Details; Corsair Keyboard Bug; SentinelOne Fake Python Package Hunting for Mastodon Servers https://isc.sans.edu/diary/Hunting%20for%20Mastodon%20Servers/29358 KB5021233 Blue Screen https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-22H2#2986msgdesc Edge Update will disable Internet Explorer in February https://learn.microsoft.com/en-us/deployedge/edge-learnmore-neededge Gatekeeper's Achilles heel: Unearthin a macOS vulnerability https://www.microsoft.com/en-us/security/blog/2022/12/19/gatekeepers-achilles-heel-unearthing-a-macos-vulnerability/ Corsair Bug not causing keystroke logging https://arstechnica.com/gadgets/2022/12/corsair-says-bug-not-keylogger-behind-some-k100-keyboards-creepy-behavior/ SentinelSneak: Malicious PyPi module poses as security software development kit keywords: sentinelone; pypi; sentinelsneak; mastodon; corsair; gatekeeper; macos; edge; internet explorer;

Dec 20, 20226 min

Network Security News Summary for Monday December 19th, 2022

HSBC Malware; GMail Encryption; OSV Scanner; Samba PAtches; Zyxel Vulnerability Infostealer Malware with Double Extension https://isc.sans.edu/diary/Infostealer%20Malware%20with%20Double%20Extension/29354 Client Side Encryption For GMail https://workspaceupdates.googleblog.com/2022/12/client-side-encryption-for-gmail-beta.html Google Releases OSV Scanner https://github.com/google/osv-scanner/releases/tag/v1.0.1 Samba Security Patches https://thehackernews.com/2022/12/samba-issues-security-updates-to-patch.html Zyxel Router Buffer Overflow https://sec-consult.com/blog/detail/enemy-within-unauthenticated-buffer-overflows-zyxel-routers/ keywords: hsbc; infostealer; malware; gmail; encryption; osv; samba; zyxel;

Dec 18, 20226 min

Network Security News Summary for Friday December 16th, 2022

Google Ads and IcedId; SVG Malware; GitHub Improvements; SHA-1 Retirement Google ads lead to fake software pages pushing IcedID (Bokbot) https://isc.sans.edu/diary/Google%20ads%20lead%20to%20fake%20software%20pages%20pushing%20IcedID%20%28Bokbot%29/29344 HTML smugglers turn to SVG images https://blog.talosintelligence.com/html-smugglers-turn-to-svg-images/ GitHub Improvements https://github.blog/2022-12-14-raising-the-bar-for-software-security-next-steps-for-github-com-2fa/ NIST Retires SHA-1 https://www.nist.gov/news-events/news/2022/12/nist-retires-sha-1-cryptographic-algorithm keywords: sha1, github, html, svg; icedid, bokbot, google, ads

Dec 16, 20226 min

Network Security News Summary for Friday December 16th, 2022

MSFT Patch Issues; SPNEGO Vuln now Critical; VMWare Escape; Veem Exploited; Repository Phishing Microsoft Patch Issues: https://support.microsoft.com/en-us/topic/december-13-2022-kb5021249-os-build-20348-1366-d5fe7608-bc9d-4055-a88c-fb2fd3d5fd45 https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/so-you-say-your-dc-s-memory-is-getting-all-used-up-after/ba-p/3696318 Critical Remote Code Execution Vulneraiblity in SPNEGO Extended Negotiation Security Mechanism https://securityintelligence.com/posts/critical-remote-code-execution-vulnerability-spnego-extended-negotiation-security-mechanism/ VMWare EHCI Controller Vulnerability CVE-2022-31705 https://www.vmware.com/security/advisories/VMSA-2022-0033.html Veem Vulnerability now Exploited https://www.veeam.com/kb4288 nuget / npm / pypi used to host phishing pages https://checkmarx.com/blog/how-140k-nuget-npm-and-pypi-packages-were-used-to-spread-phishing-links/ keywords: npm, npm, pypi, phishing, veem, backup, vmware, spnego, windows

Dec 15, 20226 min

Network Security News Summary for Wednesday December 14th, 2022

Microsoft Patches; Apple Patches; Citrix Patches Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/ keywords: citrix; apple; microsoft; patches

Dec 14, 20226 min

Network Security News Summary for Tuesday December 13rd, 2022

CyberChef Sorting; FortiOS sslvpnd vuln; Python VMWare Backdoor; Fuzzing Ping Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html keywords: ping; fuzzing; python backdoor; vmware; esxi; fortios; cyberchef;

Dec 13, 20226 min

Network Security News Summary for Monday December 12nd, 2022

Fast PS Portscanner; Bypassing WAFs; Invisible npm malware; PCI Software Security; vmware advisory Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html keywords: vmware, vcenter, powershell, nmap, portscanner, json, wab, npm, version

Dec 12, 20226 min

Network Security News Summary for Friday December 9th, 2022

Finding Log Gaps; IE Exploit; Zombinder; Cisco IP Phone Vuln; daloRADIUS vuln; SANS Holiday Hack Challenge Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/ keywords: cisco; logs; syslog; holiday; hack challenge; daloradius; ip phone; zombinder

Dec 9, 20225 min

Network Security News Summary for Thursday December 8th, 2022

IoT Bot WSZero; Cacti Vulnerability; Wireshark Updates; Apple iCloud Encryption ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/ keywords: apple; icloud; wireshark; cacti; zerobot; wszero; wss; websocket

Dec 8, 20225 min

Network Security News Summary for Wednesday December 7th, 2022

Gafgyt/Mirai Sample; Packet Tuesday; Defcon Skimming; Fake D-Link Vuln; Android Updates Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot https://vulncheck.com/blog/moobot-uses-fake-vulnerability Android Patches CVE-2022-20411 https://source.android.com/docs/security/bulletin/2022-12-01?hl=en keywords: android; bluetooth; d-link; moobot; defcon; tls; packet tuesday; mirai; gafgyt

Dec 7, 20225 min

Network Security News Summary for Tuesday December 6th, 2022

VLC Update Issues; AMI MegaRAC BMC Vuln; Netgear IPv6; Veritas NetBackup VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019 keywords: videolan; vlc; bmc; megarac; ami; netgear; ipv6; veritas; netbackup

Dec 6, 20225 min

Network Security News Summary for Monday December 5th, 2022

QBot Update; Linux LOLBins in Windows; Crowdstrike Falcon; Android Cert Leak; Github Artifcat Poisoning QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com/MishaalRahman/status/1598426974594433025 GitHub Pipeline Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust keywords: github; android; crowdstrike; lolbin; finger; windows; unix; qbot

Dec 5, 20229 min

Network Security News Summary for Friday December 2nd, 2022

Quarkus Java RCE; FreeBSD Ping RCE; NVidia Updates; TrustCor Untrusted; Android Platform Certs Abused Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/ Android Platform Certificates Used to Sign Malware https://bugs.chromium.org/p/apvi/issues/detail?id=100 keywords: android; trustcor; nvidia; drivers; certificates; freebsd; ping; quarkus

Dec 2, 20226 min

Network Security News Summary for Thursday December 1st, 2022

Vulnerability Mysteries: Netgear, DLink, Apple; VLC Update; Unlock Cars thx to SirusXM What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/ keywords: sirius xm; vin; car hacking; vlc; videolan; apple; dlink; linksys

Dec 1, 20225 min

Network Security News Summary for Wednesday November 30th, 2022

LinkedIn Bots; Oracle Fusion Exploited; Windows IKE Exploit; Anker Eufy Privacy; SANS Holiday Hack Challenge LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras Sending Images to Cloud even if asked not to https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ Packet Tuesday https://packettuesday.com SANS Holiday Hack Challenge Sign Up https://www.sans.org/mlp/holiday-hack-challenge/ keywords: holiday hack challenge; packet tuesday; anker; eufy; privacy; cloud; aws; windows; ike; oracle; fusion; linkedin; bots

Nov 30, 20226 min

Network Security News Summary for Tuesday November 29th, 2022

Ukraine Scareware; Google Maps Privacy; ASUS BIOS Patch; OpenSSL and UEFI Ukraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/posts/2022-11-24-smart-move-google ACER UEFI BIOS Vulnerabilities https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html keywords: ukraine; google; maps; privacy; scareware; asus; bios; openssl; uefi

Nov 29, 20227 min

Network Security News Summary for Monday November 28th, 2022

Log4J Rev. Shell With Nashorn; Phishing with Urgency; BOA Risks; Chrome 0-Day; Smartwatch Phishing Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380 keywords: chrome; sdk; smartwatch; phishing; stress; log4shell; nashorn

Nov 28, 20227 min

Network Security News Summary for Friday November 18th, 2022

Ping vs. TMobile; Bitbucked Vuln; AWS RDS Leaks; Adobe Commerce; Lessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bitbucket Server and Data Center Vulnerability https://jira.atlassian.com/browse/BSERV-13522 Amazon RDS Snapshot Leaks https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots Adobe Commerce merchants to be hit with TrojanOrders this season https://sansec.io/research/trojanorder-magento keywords: adobe; magento; trojanorders; rds; amazon; aws; bitbucket; server; failover; tmobile;

Nov 18, 202214 min

Network Security News Summary for Thursday November 17th, 2022

Cheap Evil Maid Defenses; F5 Big-IP PoC; CVE-2022-32899 iOS Neural Engine; Disneyland Malware Team Evil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899 https://github.com/0x36/weightBufs/ Disneyland Malware Team: It's a Puny World After All https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870 keywords: disneyland; malware; punycode; ipad; ios; neural engine; evil maid; f5; big-ip

Nov 17, 20226 min

Network Security News Summary for Wednesday November 16th, 2022

Packet Tuesday; Mastodon Bug; Zendesk SQLi; EV Charger Security; Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/ keywords: packets; packet tuesday; dns; idn; punycode; passwords; mastodon; csp; sqli; zendesk; graphql; ev; chargers

Nov 16, 20225 min

Network Security News Summary for Tuesday November 15th, 2022

CONNECT Scans; Windows Kerberos Bug; Cookies vs MFA; Extracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After November Updates https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc Cookies for MFA Bypass Gain Traction Among Cyberattackers https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers keywords: cookies; mfa; kerberos; november; patch tuesday; updates; connect; proxy; scans;

Nov 15, 20225 min

Network Security News Summary for Monday November 14th, 2022

logfmt and Cyberchef; Worldcup Risks; CA Concerns; OpenLiteSpeed Vulns Extracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https://www.theregister.com/2022/11/11/world_cup_security/ https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/ Mysterious Company With Government Ties Plays Key Internet Role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ Extortion Scams Hit Website Owners https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/ keywords: extortion; scam; webserver; trustcor; certificate authorities; cyberchef; soccer; fifa;

Nov 14, 20226 min

Network Security News Summary for Friday November 11st, 2022

Observable vs IOC; Android Update; libxml vuln details; xterm vuln; Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1 keywords: cve-2022-45063; xterm; rce; libxml; android; lock screen; observables; ioc

Nov 11, 20226 min

Network Security News Summary for Thursday November 10th, 2022

PS Ransomware; iOS/MacOS XML Patches; Lenovo UEFI Patch; Another Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ FoxIT Update https://www.foxit.com/support/security-bulletins.html SAP Update https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 keywords: ransomware; powershell; apple; ipados; ios; xml; CVE-2022-40303; CVE-2022-40304; lenovo; uefi; secure boot; CVE‑2021-3971; CVE-2021-3972; CVE-2021-3970; foxit; CVE-2022-32774, CVE-2022-38097, CVE-2022-37332, CVE-2022-40129; sap

Nov 10, 20225 min

Network Security News Summary for Wednesday November 9th, 2022

Microsoft, VMWare and Citrix Patches and maybe Exchange Patches too? Microsoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware.com/security/advisories/VMSA-2022-0028.html Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510 https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 Microsoft Exchange Updates https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ https://techcommunity.microsoft.com/t5/exchange-team-blog/released-november-2022-exchange-server-security-updates/ba-p/3669045 keywords: citrix, adc, gateway, vmware, workspace, one, patches, microsoft, vulnerablities

Nov 9, 20227 min

Network Security News Summary for Tuesday November 8th, 2022

IPv4 Addresses; Azure AD CBA; Twitter Scams; Facebook Info Removal; Wifi Data Leak IPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA Conference Finds Unencrypted Confidential Data in WiFi Traffic https://www.darkreading.com/remote-workforce/unencrypted-traffic-weak-e-mail-passwords-still-undermining-wifi-security keywords: rsa; wifi; facebook; remove information; twitter; azure; ad; cba; certificates; yubikey; ip addresses

Nov 8, 20226 min

Network Security News Summary for Monday November 7th, 2022

Remcos RAT and Unicode; VHD Malware; PyPi w4sp Stealer; Remcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack keywords: pypi; w4sp stealer; vhd; malware; remcos; unicode

Nov 7, 20225 min

Network Security News Summary for Friday November 4th, 2022

Burp Breakpoints; TA589 JavaScript Injection; Hitachi, Fortinet, Nessus Patches Breakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor https://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/hitachi-sec-2022-134/index.html FortiNet Patches https://fortiguard.fortinet.com/psirt?date=11-2022 Nessus Patches https://www.tenable.com/security/tns-2022-24 keywords: nessus; fortinet; hitachi; javascript; ta569; breakpoints; burp

Nov 4, 20226 min

Network Security News Summary for Thursday November 3rd, 2022

DarkVNC History; Sigstore; URLScan.io Leak; Checkmk Exploitation Who Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multiple Bugs https://blog.sonarsource.com/checkmk-rce-chain-1/ keywords: checkmk; urlscan; urlscan.io; sigstore; darkvnc; hiddenvnc; vnc;

Nov 3, 20226 min

Network Security News Summary for Wednesday November 2nd, 2022

OpenSSL 3.0 Punycode Vulnerability Fix CVE-2022-3786, CVE-2022-3602 OpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/ keywords: openssl; punycode;

Nov 2, 20228 min
« Prev14151617181920Next »