SANS Internet Storm Center's Daily Network Security News Podcast
1,030 episodes — Page 19 of 21
Network Security News Summary for Monday August 22nd, 2022
Astaroth Malware targeting Brazil; Android Ring App XSS; Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser keywords: ios; android; browser; inappbrowser; ring; amazon; xss; privacy; astaroth; malspam; malware;
Network Security News Summary for Friday August 19th, 2022
Cowrie Summaries; TP-Link; Safari Update; iOS VPN Leaks Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994 keywords: cowrie; tp-link; safari; ios; vpn; janet jackson; ddos
Network Security News Summary for Thursday August 18th, 2022
Voip Experiment; Apple 0-Days; Chrome 0-Day; Insufficient Cisco Patch A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952 Google Chrome Update https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Cisco staystaystay exploit tool https://www.youtube.com/watch?v=ySgbHClk9HE keywords: voip; cisco; astersik; sip; google; chrome; apple; iPadOS; iOS; macOS
Network Security News Summary for Wednesday August 17th, 2022
UTF7 Maldoc; SEABORGIUM Shutdown; UWB RTLS Security VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice. keywords: utf7, maldoc, vba, seaborgium; linkedin; uwb; rtls; wifi
Network Security News Summary for Tuesday August 16th, 2022
Realtek Vuln Followup; MacOS Priv Escalatio; Zoom; Vuln Bootloaders; HPE ILO Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 MacOS Privilege Escalation https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Zoom Update https://explore.zoom.us/en/trust/security/security-bulletin/ Microsoft Block Vulnerable Bootloaders https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/ HPE Integrated Lights Out 5 Vulnerablities https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us keywords: hpe; ilo; light out; microsoft; bios; bootloader; uefi; zoom; macos; realtek; deserialization; object; sip
Network Security News Summary for Monday August 15th, 2022
CVE-2022-27255 Realtek SDK Vuln; Voicmail HTML Phish; Palo Alto DDoS Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 Phishing HTML Attachment as Voicemail Audio Transcription https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability https://security.paloaltonetworks.com/CVE-2022-0028 keywords: realtek; ecos; sdk; sip; alg; phishing; html; voicemail; cve-2022-0028; pan-os
Network Security News Summary for Friday August 12nd, 2022
Infostealing with NSudo; Cisco Breach; Pulse Connect Secure Vuln; Cisco Vuln; InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html Ivanti Pulse Connect Secure Privilege Escalation Vulnerability https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz keywords: cisco; asa; firepower; rsa; ivanti; pulse secure; breach; infostealer; nsudo; curl
Network Security News Summary for Thursday August 11st, 2022
DNS Attacks; Defaultinator; Zimbra Compromise; vRealize Vuln; Snort/O365 false pos; And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649 keywords: snort, microsoft 365, vmware, flase positive, vrealize, zimbra, rapid 7; defaultinator; dns; ddos
Network Security News Summary for Wednesday August 10th, 2022
Microsoft Patches; AEPIC Leak; Adobe Updates Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/security/security-bulletin.html keywords: adobe; amd; intel; aepic; microsoft; patch tuesday; exchange server
Network Security News Summary for Tuesday August 9th, 2022
JSON Logs; Edge Security; Malicious Python; New Orchard Botnet JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Malicious Python Packages https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry New Orchard Botnet https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/ keywords: json; logs; elk; edge; javascript; python; pypi; setup.py; orchard; dga;
Network Security News Summary for Monday August 8th, 2022
Exim Vuln; DockDockGo and Microsoft; Emergency Alerts; Slack Hash Leak; Zimbra flaw exploited Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broadcast Messaging System Vulnerabilities https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326 Slack Leaks Hashed Passwords https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets Zimbra Flaw Exploited https://nvd.nist.gov/vuln/detail/CVE-2022-27924 keywords: IPAWS; EAS; emergency alert system; fema; duckduckgo; microsoft; tracking; exim; zimbra; slack;
Network Security News Summary for Friday August 5th, 2022
TLP 2.0; Cloudflare Mail Routing Bug; rsync vuln; Kaspersky VPN Vuln; TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ rsync arbitrary file write vulnerablity https://www.openwall.com/lists/oss-security/2022/08/02/1 Local privilege escalation in Kaspersky VPN https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/ keywords: kaspersky; vpn; rsync; cloudflar; email; routing; tlp; first
Network Security News Summary for Thursday August 4th, 2022
l9explore User Agent; Arris Vulnerability; Malicious Fork Flood; Paloalto Master key; Laravel; Cisco and DrayTek Vulns; l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability http://derekabdine.com/blog/2022-arris-advisory 35,000 Malicious Repo Forks Flood GitHub https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/ Palo Alto Master Key https://twitter.com/rqu50/status/1554566757704089600#m Laravel Unserialize RCE https://github.com/beicheng-maker/vulns/issues/1 Unuathenticated Remote Code Execution in DrayTek Vigor Routers https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html keywords: cisco; laravel; draytek; paloalto; global protect; github; arris; l9explore; leakix;
Network Security News Summary for Wednesday August 3rd, 2022
Chinese Hacktivists; Zoho Password Manager Exploit; VMWare Update; Manjusaka Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0021.html https://twitter.com/VietPetrus Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html keywords: manjusaka; chinese; sliver; cobalt strike; vmware; zoho; password manager; hacktivism; china
Network Security News Summary for Tuesday August 2nd, 2022
DDoS Post Mortem; Exposed Twitter Keys; TCL LinkHub Vuln; Jenkins Plugin Updates; A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/ keywords: jenkins; tcl linkhub; twitter; api; ddos; china
Network Security News Summary for Monday August 1st, 2022
PDF Analysis Primer; IPFS Phishing; Mail Stealing Browser Extension; NPM Package Issues; IP Cameras; PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camera Vulnerability https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ Nuki Smart Lock Vulnerabilities https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ Foxit PDF Reader https://www.foxit.com/support/security-bulletins.html keywords: foxit; pdf; nuki; dahua; camera; lofylife; npm; email; aol; browser extension; ipfs; openactions
Network Security News Summary for Friday July 29th, 2022
Covert Bookmarks; SAMBA Bug; Apple BGP Hijack; Veritas and IBM Patches @sans_edu Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 IBM Patches https://www.ibm.com/support/pages/node/6606251 https://www.ibm.com/support/pages/node/6607135 keywords: IBM; Veritas; QRadar; BGP; Hijack; Rostelecom; Apple; Samba; Bookmarks;
Network Security News Summary for Thursday July 28th, 2022
IcedID Malware; WebAssembly Miners; Subzero and Knotweed; @sucurisecurity IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/ keywords: subzero; knotweek; webassembly; wasm; cryptojacking; miners; icedid, bokbot; darkvnc; cobalt strike
Network Security News Summary for Wednesday July 27th, 2022
macOS Security; Executable Registry Files; Facebook Business Phishing; Proxy Headers; @xme @x86matthew @Synacktiv How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html keywords: Macos; apple; registry; phishing; facebook; Forwarding; proxies; headers;
Network Security News Summary for Tuesday July 26th, 2022
Fileless Powershell; MDM Vulnerablity; CosmicStrand UEFI Rootkit; @securelist @claroty @xme PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/ keywords: cosmicstrand; mdm; uefi; kaspersky; filewave; powershell; fileless
Network Security News Summary for Monday July 25th, 2022
SMS and Phishing; Sonicwall SQLi; SHA Errors; An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/ keywords: sms; phishing; mobile; sonicwall; sql injection; sha2; error checking; tls;
Network Security News Summary for Friday July 22nd, 2022
Non ASCII VBA; Cisco Update; Odd Outlook 365 Warnings; Windows RDP and Office Macro Updates Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 keywords: microsoft; windows; rdp; brute force; outlook; password; login attempts; cisco; maldoc; vba; ascii
Network Security News Summary for Thursday July 21st, 2022
Python Ducky; Apple Patches; Zyxel Vuln; DNS over HTTP/3; Atlasian Update Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml DNS over HTTP/3 https://security.googleblog.com/2022/07/dns-over-http3-in-android.html keywords: python; rubber ducky; apple; patches; ios; macos; watchos; tvos; zyxel;
Network Security News Summary for Wednesday July 20th, 2022
Beacon Request; Zyxel Vuln; Oracle CPU; MacOS Spyware; GPS Tracker Vulnerablity Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf keywords: beacon; oracle; cpu; cloudmensis; macos; spyware; gps; micodus; tracker; vulnerability
Network Security News Summary for Tuesday July 19th, 2022
PDF Tools Keywords; Tor Improvements; Fake ICS Password Cracker; Apache Spark Vuln; Juniper Vuln Adding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Trojan Horse Malware Password Cracker https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/ CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/ Juniper Junos Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories] keywords: pdf; didier; trojan; passwords; isc; apache; spark; juniper; junos; tor;
Network Security News Summary for Monday July 18th, 2022
Python File In Use; Google Data Safety; Google Play Malware @ingraomaxime; Faking Github Metadata; Python: Files in Use By Another Process https://isc.sans.edu/diary/Python%3A+Files+In+Use+By+Another+Process/28848 Google Removing App Permissions List for Data Safety https://twitter.com/MishaalRahman/status/1547307555407421443 Google Play Malware https://twitter.com/IngraoMaxime/status/1547164768401858560 Faking Github Metadata https://checkmarx.com/blog/unverified-commits-are-you-unknowingly-trusting-attackers-code/ keywords: python; locked files; google; play store; app permissions; data safety; github; metadata
Network Security News Summary for Friday July 15th, 2022
Debugging Broadcast Storms; Deanonymizing Browsers; MFA Phishing; VMWare Patch Debugging Broadcast Storms https://isc.sans.edu/diary/A+%22DHCP+is+Broken%22+story%2C+and+a+Blast+from+the+Past+%28or+should+I+say+%22Storm%22+from+the+past%29/28844 Targeted Deanonymization via Side Channel Attacks https://leakuidatorplusteam.github.io/preprint.pdf Cookie Theft to BEC https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/ VMWare Patch https://www.vmware.com/security/advisories/VMSA-2021-0025.html keywords: vmware; cookie; bec; anonymity; deanonymization; side channel; broadcast storm; networks
Network Security News Summary for Thursday July 14th, 2022
Phishing Referrers; Callback Phishing; Retbleed Spectre; MacOS Sandbox Escape; Lenovo UEFI Using Referrers to Detect Phishing Attacks https://isc.sans.edu/diary/Using+Referers+to+Detect+Phishing+Attacks/28836 Callback Phishing Campaigns Impersonating Security Companies https://www.crowdstrike.com/blog/callback-malware-campaigns-impersonate-crowdstrike-and-other-cybersecurity-companies/ Retbleed Spectre Attack https://comsec.ethz.ch/wp-content/files/retbleed_sec22.pdf Uncovering a macOS App Sandbox escape vulnerability: A deep dive into CVE-2022-26706 https://www.microsoft.com/security/blog/2022/07/13/uncovering-a-macos-app-sandbox-escape-vulnerability-a-deep-dive-into-cve-2022-26706/ Buffer Overflow Vulnerabilities in UEFI firmware of several Lenovo Notebook https://twitter.com/ESETresearch/status/1547166334651334657 keywords: uefi; lenovo; eset; macos; sandbox; microsoft; retbleed; spectre; intel; amd; phishing; referrer; callback; security companies
Network Security News Summary for Wednesday July 13rd, 2022
Microsoft Patch Tuesday; Adobe Patches; SAP Patches; IBM Patches Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft+July+2022+Patch+Tuesday/28838 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html SAP Patches https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 IBM Patches https://www.ibm.com/support/pages/node/6602255 https://www.ibm.com/support/pages/node/6602259 https://www.ibm.com/support/pages/node/6602251 keywords: IBM; MQ; log4j; sap; adobe; microsoft
Network Security News Summary for Tuesday July 12nd, 2022
Rogers Outage; Rolling Pwn / Hacking Honda; GitHub Runners Crypto Mining; #SANSFIRE Keynote Stream Rogers Outage https://about.rogers.com/news-ideas/a-message-from-rogers-president-and-ceo/ Rolling Pwn https://rollingpwn.github.io/rolling-pwn/ GitHub Runners mine Cryptocoins https://www.trendmicro.com/en_us/research/22/g/unpacking-cloud-based-cryptocurrency-miners-that-abuse-github-ac.html SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ keywords: github, rolling pwn; rogers; outage; cryptomining; runners
Network Security News Summary for Monday July 11st, 2022
SANSFIRE; Emotet vs Cyberchef; Microsoft vs. Macros; Checkmate QNAP; PyPi 2FA; SANSFIRE Keynote Stream https://www.sans.org/webcasts/the-internet-storm-center-how-to-use-and-how-to-contribute-data/ Extracting URLs from Emotet with Cyberchef https://isc.sans.edu/forums/diary/Excel%204%20Emotet%20Maldoc%20Analysis%20using%20CyberChef/28830/ Microsoft rolling Back Macro Policy Change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Checkmate Ransomware Affected Poorly Configured QNAP NAS https://www.qnap.com/en/security-advisory/QSA-22-21 PyPi Requires 2FA for critical packages https://pypi.org/security-key-giveaway/ keywords: pypi; 2fa; mfa; titan; google; checkmate; qnap; microsoft; office; macro; emotet; cyberchef; sansfire; keynote
Network Security News Summary for Thursday July 7th, 2022
Max SANs; Fortinet July Updates; Ouch Phishing; Quantum Safe Ciphers; Apple Lockdown How Many SANs are Insane https://isc.sans.edu/forums/diary/How+Many+SANs+are+Insane/28820/ Fortinet July Updates https://fortiguard.fortinet.com/psirt?date=07-2022 Phishing Attacks Getting Trickier https://www.sans.org/newsletters/ouch/phishing-attacks-getting-trickier Quantum Safe Ciphers https://csrc.nist.gov/News/2022/pqc-candidates-to-be-standardized-and-round-4 Apple Proposes Lockdown Mode https://www.apple.com/newsroom/2022/07/apple-expands-commitment-to-protect-users-from-mercenary-spyware/ keywords: apple; lockdown; ciphers; quantum safe; phsihing; ouch; fortinet; sans;
Network Security News Summary for Wednesday July 6th, 2022
EternalBlue Retrospective; OpenSSL Update; Keystroke Logging NPM Packages EternalBlue 5 Years After WannaCry and NotPetya https://isc.sans.edu/forums/diary/EternalBlue+5+years+after+WannaCry+and+NotPetya/28816/ OpenSSL Patches Two Vulnerabilities https://www.openssl.org/news/secadv/20220705.txt Iconburst NPM Software Supply Chain Attack https://blog.reversinglabs.com/blog/iconburst-npm-software-supply-chain-attack-grabs-data-from-apps-websites keywords: iconburst; npm; openssl; eternalblue; wannacry; notpetya
Network Security News Summary for Tuesday July 5th, 2022
7-Zip and MotW; Session Manager Backdoor; Chrome 0Day Patch 7Zip Mark of the Web For Office Files https://isc.sans.edu/forums/diary/7Zip+MoW+For+Office+files/28812/ SessionManager Backdoor Seen with IIS https://securelist.com/the-sessionmanager-iis-backdoor/106868/ Googe Chrome Stable Channel Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html keywords: google; chrome; 0day; sessionmanager; iis; 7zip; motw; office
Network Security News Summary for Friday July 1st, 2022
Cobalt Strike Domain Suspension; ManageEngine Vuln Details; CWE Top 25 Update Case Study: Cobalt Strike Server Lives on After its Domain is Suspended https://isc.sans.edu/forums/diary/Case+Study+Cobalt+Strike+Server+Lives+on+After+Its+Domain+Is+Suspended/28804/ CVE-2022-28219: Unauthenticated XXE to RCE and Domain Compromise in ManageEngine ADAudit Plus https://www.horizon3.ai/red-team-blog-cve-2022-28219/ CWE Top 25 Update https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html#analysis keywords: cwe; cve; xxe; rce; cobalt strike; quakbot; manageengine
Network Security News Summary for Thursday June 30th, 2022
Moving MFA; Managing Human Risk Report; Service Fabric PoC; Zimbra RCE; Deepfake Interviews; Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerability https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ FBI Warns of Deep Fakes Beeing Used in Job Interviews https://www.ic3.gov/Media/Y2022/PSA220628 keywords: deepfake; fbi; job interview; zimbra; webmail; service fabric; container; escape; ssa; human risk; moving mfa; mfa
Network Security News Summary for Wednesday June 29th, 2022
HiByMusic Scans; OpenSSL Heap Overflow; ZuoRat; Possible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549 ZuoRat MalwareHijacking Home Office Routers https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/ keywords: zuorat; openssl; hibymusic; radio.txt
Network Security News Summary for Tuesday June 28th, 2022
Encrypted Client Hello; Jenkins Patches; Instagram Age Verification; CodeSys Vuln Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability keywords: codesys; ics; ech; jenkins; tls;
Network Security News Summary for Monday June 27th, 2022
Python GUI Malware; Pasting Malcode; WebView2 Risks; Pretend Ransomware Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499 keywords: python; gui; powershell; clipboard; webview2; starlight; ransomware; hui loaders; mitel
Network Security News Summary for Thursday June 23rd, 2022
Coin Stealing Powershell; NSA PS Guidance; MageCart Update; Script Kiddies Hacked; Israeli Air Raid Sirens Hacked; Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153 keywords: israel; air raid; siren; hacked; chinese; nim; aes; magecart; powershell; crypto coin;
Network Security News Summary for Wednesday June 22nd, 2022
Domain Age API; OT Vulnerablities; Cloudflare Outage; Acrobat Blocks AV; 7zip MOTW; Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt keywords: 7zip; motw; acrobat; pdf; anti-virus; cloudflare; outage; forescout; ot; vulnerabilities; new domain; domain age; api
Network Security News Summary for Tuesday June 21st, 2022
TCP Fast Open Oddities; DFSCoerce NTLM Relay; Windows ARM Update; Safari Exploit; MSIE Remnants; Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time keywords: tcp; fast open; tfo; ntlm; relay; dfscoerce; ARM; windows; update; safari; vulnerablity; internet explorer; mshtml
Network Security News Summary for Monday June 20th, 2022
Splunk Vulnerability; Matanbuchus Malware; Office 365 Ransomware Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality keywords: malspam; malware; matanbuchus; cobalt strike; splunk; sharepoint; ransomware; office 365
Network Security News Summary for Friday June 17th, 2022
Houdini is Back; Drifting Cloud; FreeBSD Wifi Xploit; Csico Email Insecurity; Fastjson RCE Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/ keywords: houdini; cisco; email; freebsd; wifi; exploit; sophos; firewall; fastjson; rce;
Network Security News Summary for Thursday June 16th, 2022
Terraforming Honeypots; Zimbra Vulnerability; Cloud Middleware; Windows NFS Details; Citrix ADC; Nexans Switches Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/ keywords: nexans; citrix; ftto; adm; nfs; windows; cloud; middleware; zimbra; terraform; honeypot; azure; aws
Network Security News Summary for Wednesday June 15th, 2022
Microsoft Patch Tuesday; Adobe Patches; Synlaps Azure Vuln; Hetzbleed Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com keywords: adobe; microsoft; follina; synlapse; hertzbleed
Network Security News Summary for Tuesday June 14th, 2022
Decoding Saitama; Travis CI Leaks; Syslogk Rootkit; Mitel Backdoor Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/ keywords: mitel; phone; linux; syslogk; rootkit; travis ci; saitama
Network Security News Summary for Monday June 13rd, 2022
Exploit Prediction; PACMAN Attack; Carrier Access Panels; Malicious PyPi; EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/ keywords: python; keep; request; requests; carrier; mercury; lenels2; pacman; epsscall
Network Security News Summary for Friday June 10th, 2022
QBot/TA570 Follina Attempt; Facebook Phishing; Zyxel Adv; Fijuisu Centricstor Vuln; Meeting Owl Vuln TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf keywords: meetig owl; fujisu; centricstor; zyxel; facebook; phishing; qbot; follina; ta570
Network Security News Summary for Thursday June 9th, 2022
SANS RSA Panel; More Confluence; Fake CCleaner; Vebatim USB Drive Weakness SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/ keywords: verbatim; keypad; secure; usb; drive; ccleaner; fake; rsa; panel; atlassian; confluence