SANS Internet Storm Center's Daily Network Security News Podcast
1,029 episodes — Page 20 of 21
Network Security News Summary for Tuesday June 7th, 2022
Follina Analysis Helper; Obscured Phishing; Unpatched Horde RCE; Passwordstate Looses Priv. Key MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ keywords: clickstudio; passwordstate; horde; webmail; phishing; ms-msdt; rtf; maldocs; oledump; follina;
Network Security News Summary for Monday June 6th, 2022
Simple Analysis Evasion; Confluence Exploit; Gitlab Patch; u-boot Vuln; Unisoc Vuln Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ Unisoc Baseband Chip Vulnerability https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/ keywords: sandbox; filename, gitlab; uboot; unisoc; atlasian; confluence
Network Security News Summary for Friday June 3rd, 2022
Intro to RECmd.exe; Confluence 0-Day; JetPort Backdoor; Elasticsearch Wiper; Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note keywords: elasticsearch; korenix; jetport; zero-day; atlassian; confluence; redmd.exe
Network Security News Summary for Friday June 3rd, 2022
Better HTML Phishing; Follina Update; Windows Search Vuln; WhatsApp Takeover; Weak RSA Keys HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info keywords: badkeys; fuji; xeros; canon; rsa; fermat; whatsapp; windows; search; follina; phishing; html; obfuscation
Network Security News Summary for Wednesday June 1st, 2022
Follina Update; OAS Platform Vuln; Exposed MySQL; Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/ keywords: follina; ms-msdt; oas; open automation software; mysql
Network Security News Summary for Tuesday May 31st, 2022
Microsoft Office MS-MSDT URL Scheme Exploit (0-Day) #follina New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/ keywords: microsoft; ms-msdt; debug tool; follina; office
Network Security News Summary for Friday May 27th, 2022
Huge Signed PE Files; CVE-2022-22972 PoC; BMC Vuln.; Trend Micro vs. MSFT Patch; Nate Street @sans_edu Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement https://www.sans.edu/cyber-research/38685/ keywords: siem; sans_edu; windows 11; server 2022; quanta; bmc; huge file; vmware
Network Security News Summary for Thursday May 26th, 2022
nmap resolve all; Unethical Research; Heroku GibHub Update; Tails Vuln; Chrome Bugs Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/prototype_pollution/index.en.html Google Chrome Update https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html keywords: google; chrome; tail; firefox; github; heroku; nmap
Network Security News Summary for Wednesday May 25th, 2022
Python/PHP Library Backdoor; Zoom Patches; VMWare Exploit; Zyxel Patches ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml keywords: zyxel; vmware; horizon3; zoom; ctx; php; python; pypi;
Network Security News Summary for Tuesday May 24th, 2022
jQuery-File-Upload Scans; Oracle OOB Patch; NPM Hijack Detection; Account Pre-Hijacking Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf keywords: jquery; hijacking; file upload; oracle; npm
Network Security News Summary for Monday May 23rd, 2022
Zip bomb AV Evasion; Cisco Redis Patch; pwn2own Results; Cobalt Strike via PyPi; Netgear No Patch; A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Security Advisory for BR200, BR500 and PSV-2021-0286 https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286 keywords: netgear; br200; br500; pypi; cobalt strike; pwn2own; zipbomb; cisco
Network Security News Summary for Friday May 20th, 2022
Bumblebee via TransferXL; MSFT OOB Update; SonicWall SMA1000; QNAP Deadbolt; DOJ Policy Update; Exposed Kubernetes Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version 380,000 open Kubernetes API Servers https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/ Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act keywords: Bumblebee; sonicwall; windows; patch; AD; qnap; deadbolt; kubernetes; doj;
Network Security News Summary for Thursday May 19th, 2022
VMWare Flaws; Tesla BLE Attacks; Credit Card Scraping; MSFT DAP to GDAP Update VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Privileges https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13 keywords: microsoft; credit card; php; tesla; bluetooth; ble; vmware
Network Security News Summary for Wednesday May 18th, 2022
Chrome Browser Wallet; SQL Server Attacks; macOS Malware; Spring/Zyxel Exploited Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog keywords: spring; zyxel; updateagent; macos; sql server; browser; chrome
Network Security News Summary for Tuesday May 17th, 2022
Apple Updates; Evil Never Sleeps; JS Tracker Keystroke Logging Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/ keywords: web trackers; javascript; keystroke logging; bluetooth; iphone; uwb; patches; apple
Network Security News Summary for Monday May 16th, 2022
BIG-IP Review; Sonicwall Patch; Zonealarm Priv Esc Vuln; Taking over npm account From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/ keywords: npm; zonealarm; sonicwall; big-ip; f5; mirai
Network Security News Summary for Friday May 13rd, 2022
Get-WebRequest Fails; HP BIOS Patch; INTEL BIOS Patch; Zyxel RCE; When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/ keywords: get-webrequest; bios; hp; intel; zyxel; firewall; rce
Network Security News Summary for Thursday May 12nd, 2022
ISO Bumblebee Files; Google Drive Malware; Vanity URL Abuse; not so advanced npm attack TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/ keywords: npm; vanity; url; google drive; malware; pdf; ta578; iso; bumblebee
Network Security News Summary for Wednesday May 11st, 2022
Microsoft Patch Tuesday; Adobe Updates; npm foreach; Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/ keywords: npm; foreach; domain; email; adobe; microsoft; may; patches
Network Security News Summary for Tuesday May 10th, 2022
Octopus Backdoor is Back; CVE-2022-1388 (BIG-IP) Exploits; Trend Micro Fix; Azure RCE Vuln; Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/ keywords: orca; msrc; microsoft; azure; synapse; trend micro; big-ip; bigip; f5; octopus; backdoor
Network Security News Summary for Monday May 9th, 2022
BIG IP Vuln; QNAP Update; Raspberry Robin; rubygems flaw; F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/ keywords: fork bomb; malware; windows; ruby; gems; raspberry; robin; worm; usb; qnap; big-ip; f5
Network Security News Summary for Friday May 6th, 2022
Excel to Remcos RAT; FIDO Support; Heroku Breach Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413 keywords: heroku; microsoft; apple; google; heroku; excel; remcos rat;
Network Security News Summary for Thursday May 5th, 2022
Windows Last Patched Day; Fake Updates; Malvuln; Cisco Patches; F5 Big IP iControl REST Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346 keywords: f5; big-ip; cisco; heroku; malvuln; ransomware; patches; windows; fake updates
Network Security News Summary for Wednesday May 4th, 2022
Honeypot Updates; NanoSSL Vuln; uClibc DNS Bugs; AV Exploits; Trend Micro Flase Positive #GOSENTINELS Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem- keywords: edge; trend micro; microsoft; plugx; shadowpad; dns; queryid; uclibc; tlstorm; nanossl; honeypot
Network Security News Summary for Tuesday May 3rd, 2022
VSTO Office Files; Gmail SMTP Relay; OpenSSF Package Analysis; M1 Prefetcher Leak Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info keywords: M1; apple; prefetcher; openssf; gmail; smtp; vsto; office
Network Security News Summary for Monday May 2nd, 2022
Passive DNS; Microsoft Edge "VPN"; Weibo Making IPs Public; SonicWall Vuln; Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/ keywords: zoom; sonicwall; vpn; dll hijack; sina; weibo; edge secure network; microsoft; passive dns
Network Security News Summary for Friday April 29th, 2022
SMB/RPC Honeypot Results; Azure PostgreSQL Priv Esc; GitHub Update A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege Escalation https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Security alert: Attack campaign involving stolen OAuth user tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens Netatalk Vulnerability Affecting Synology, QNAP, Others? https://www.synology.com/en-global/security/advisory/Synology_SA_22_06 keywords: netatalk; linux; qnap; synology; oauth; travis ci; postgrasql; heroku; azure; smb; rpc; honeypot
Network Security News Summary for Thursday April 28th, 2022
MITRE ATT&CK Update; MSFT Ukraine Report; Nimuspwn; npm Package Planting MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd Linux Privilege Escalation Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ npm Package Planting https://blog.aquasec.com/npm-package-planting keywords: npm; linux; nimbuspwn; privilege escalation; ukraine; microsoft; att&ck;
Network Security News Summary for Wednesday April 27th, 2022
WSO2 Vuln Exploited; Core Impact via VMware; VirusTotal Update; WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.morphisec.com/vmware-identity-manager-attack-backdoor VirusTotal Exploit Update https://twitter.com/bquintero/status/1518738072820670464 Emotet Experimenting With New Delivery Techniques https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques keywords: wso2; xmrig; vmware; iran; core impact; virustotal; emotet;
Network Security News Summary for Tuesday April 26th, 2022
PDF leads to PPT; VirusTotal Vuln; Apple Private Relay; Emotet fixes broken installer Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-blog Apple's Private Relay can Cause the System to Ignore Firewall Rules https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/ Emotet Breaks and Later Fixes Installer https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/ keywords: emotet; apple; private relay; firewall; virustotal; pdf; link; malware
Network Security News Summary for Monday April 25th, 2022
Analyzing Word Phish; Targeting Roku; ECDSA JWT PoC; IBM DB2 Expat Vuln; Jira Vuln Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/ JWT Null Signature Vulnerability PoC https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app Expat XML Vulnerabilities https://www.ibm.com/support/pages/node/6573293 Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html keywords: atlassian; jira; expat; xml; jwt; java; ecdsa; roku; phishing
Network Security News Summary for Friday April 22nd, 2022
Crypto Clipboard Swapper; AWS log4j Bug; Psychic Sig PoC; ALAC Audio Decoder Bug Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bulletins/AWS-2022-006/ Cisco Fixes https://tools.cisco.com/security/center/publicationListing.x Psychic Signature PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC ALAC Audio Decoder Bug https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/ keywords: python; windows; cryptocurrency; clipboard; aws; log4j; cisco; java; ecdsa; alac; audio decoder
Network Security News Summary for Thursday April 21st, 2022
Quakbot and DarkVNC; Java Psychic Signatures; Snort Modbus DoS AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/ keywords: snort; dos; java; ecdsa; psychic signatures; signatures; quakbot; qgot
Network Security News Summary for Wednesday April 20th, 2022
u-boot Password Reset; Oracle CPU; MetaMask iCloud Phishing; Less SMBv1; Lenovo removes accidental backdoors u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943 keywords: uboot; oracle; metamask; icloud; cryptocoins; smbv1; windows 11; lenovo; backdoors
Network Security News Summary for Tuesday April 19th, 2022
Sysmon BinaryData; Ukraine IcedID and Zimbra; NSO/Pegasus News; Fake Windows 11 Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/ keywords: Windows 11; Upgrade; microft; malware; pegasus; nso; ukraine; icedid; zimbra; sysmon; registryevent;
Network Security News Summary for Monday April 18th, 2022
Office and ISOs; Heroku/Travis CI GitHub OAuth Leak; Git Windows Bug; Cisco Wireless Controller Vuln; Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF keywords: Cisco; wireless controller; oauth; github; heroku; travis ci; office; iso
Network Security News Summary for Friday April 15th, 2022
CVE-2022-26809 Update/Webcast; Google Chrome 0-day; Cisco WebEx No-Mute; Grafana Enterprise An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/ keywords: grafana; cisco webex; mute; google chrome; 0 day; patch; cve-2022-26809
Network Security News Summary for Thursday April 14th, 2022
Ukraine/Russian Internet Stability; Windows Patches Followup; Adobe Updates; Struts 2 Patch How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062 keywords: struts; struts 2; apache; adobe; pdf; reader; acrobat; windows; cve-2022-26809; ukrain;
Network Security News Summary for Wednesday April 13rd, 2022
Microsoft Patch Tuesday; NGINX Statement; Industroyer2 Attack Against Ukraine Power Grid Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/ keywords: ukraine; power grid; industroyer; reloaded; industroyer2; LDAP; nginx; microsoft; patch tuesday;
Network Security News Summary for Tuesday April 12nd, 2022
Spring Cloud Functions Probed; MSFT Autopatch; npm protestware; Raspberry Pi Update Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/ keywords: raspberry pi; bullseye; npm; protestware; auto patch; windows; sprint; cloud function
Network Security News Summary for Monday April 11st, 2022
Misc Spring4Shell Items (Cisco, Mirai, Nginx); Russian CA Update; Conti Ransomware Copycats Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/ keywords: conti; coycat; russia; certifiates; CA; certificate authority; spring4shell; cisco; mirai; nginx; 0day
Network Security News Summary for Friday April 8th, 2022
What is BIMI? Watchguard Vuln.; Malware in Lambdas; Job Scam @sans_edu @infosec_taylor What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/ keywords: lambdas; sans_edu; domains; brand; job ads; scams; amazon; bimi; email; watchguard; cyclops blink
Network Security News Summary for Thursday April 7th, 2022
MetaStealer Malware; Cyclops Blink Takedown; Palo Alto TLS Bug; VMWare Bugs Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/ keywords: palo alot; vmware; cyclops blink; metastealer; apple
Network Security News Summary for Wednesday April 6th, 2022
CryptoMiner vs #Alibaba; #Cicada APT Techniques; Win11 Security; Fin7 Update WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7 keywords: fin7; windows 11; weblogic; cryptominer; alibaba; cloud; cicada; apt;
Network Security News Summary for Tuesday April 5th, 2022
WordPress/Google and Phishing; Mailchimp Breachs; GitHub Secret Leak Help; TruffleHog v3; Russian Certs Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/ keywords: russia; certificates; trufflehog; github; secrets; api keys; trezor; mailchimp; phishing;
Network Security News Summary for Monday April 4th, 2022
GitLab Patch; ViaSat KA-SAT Details; MacOS Bug Enables Phishing; PEAR Bug Fixed GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear keywords: php; pear; macos; phishing; viasat; ka-sat; wiper; gitlab; bug; vulnerability; patch
Network Security News Summary for Friday April 1st, 2022
Spring Clarifies Spring4Shell; Wyze Cam; Zyxel FW Patch; #Apple 0 Days #ipados #ios #0day Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml keywords: zyxel; wyze; spring; camera; firewall; macos; vulnerabilities; ipados; ios; apple
Network Security News Summary for Thursday March 31st, 2022
Spring4Shell/Java Confusion; XLSB Parsing; 3CX Phone Systems Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88 keywords: 3cx; phone management; xlsb; java; spring4shell; spring; spring cloud;
Network Security News Summary for Wednesday March 30th, 2022
More Twitter Abuse; Firewall Vuln Correction; UPS Attacks; MFA Bypass Attacks; Mars Stealer; Hacker Subpoena More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/ keywords: hackers; subpaena; data request; emergnecy; mfa; google; mars stealer; cisc; ups; sophos; sonicwall; ukraine; twitter; crypto; currencies
Network Security News Summary for Tuesday March 29th, 2022
Twitter BGP Hijack; Ukraine DDoS; Sophos Patches; Sonicwall Update; opnsense CARP bug BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7 keywords: opnsens; CARP; Sonicwall; Sophos; DDoS; Ukraine; BGP; Twitter