SANS Internet Storm Center's Daily Network Security News Podcast

Twitter BGP Hijack; Ukraine DDoS; Sophos Patches; Sonicwall Update; opnsense CARP bug BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7 keywords: opnsens; CARP; Sonicwall; Sophos; DDoS; Ukraine; BGP; Twitter

XLSB File Analysis; Dirty Pipe Container Escape; PHP Filter Vuln; OpenBSD slaacd vuln; Google Chrome 0 Day XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html keywords: google; chrome; openbsd; php; filter_var; xlsb; container;

Malware via transfer.sh; WD PR4100 NAS Vuln; Crypto Malware; Lapsus$ Arrest; FBI Indictment Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical keywords: russian; ics; doj; lapsus$; lapsus; arrest; crypto; malware; android; ios; western digital; sharing; filesharing; afs; transfer.sh

Mars Stealer; Okta/MSFT/Lapsus$ Update; Azure npm Attack; Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/ keywords: mars; stealer; malware; microsoft; okta; lapsus$; lapsus; npm; azure

Whitehouse Statement; ASUS vs Cyclops; HP Vulnerabilities; Sophos UTM; MacOS GIMMICK; Possible Octa Breach Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690 keywords: octa; lapsus$; gimmick; macos; sophos; hp; printers; ASUS; HP; UTM

Analyzing Cleaned Maldoc; Serpent Backdoor; IBM Spectrum Protect; Lapsus$ vs Microsoft; Whitehouse Statement Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Update https://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsoft https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation's Cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/ keywords: biden; whitehouse; russia; ukraine; lapsus; lapsus$; microsoft; ibm; spectrum protect; serpent; backdoor; french; maldoc

Movable Type; SolarWinds Web Help Desk; MGLNDD Scans; CAPTCHA Phishing; Browser in Browser Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5) https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scans https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishing https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templates https://mrd0x.com/browser-in-the-browser-phishing-attack/ keywords: browser; phishing; captcha; mglndd; solarwinds; web help desk; whd; movable type

npm sabotage; Deepfakes; ATM Rootkit; Mikrotik Scanner; @sans_edu ICS NAC npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkit https://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routers https://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/ keywords: sans.edu; ron grohman; ICS; network access control; nac; scanner; mikrotik; atm; deepfakes; zelensky; npm; belarus; russia; ukraine

Qakbot News; Gh0stCringe via MySQL/MSSQL; dompdf 0 day; openssl dos; pfsense update Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers https://asec.ahnlab.com/en/32572/ dompdf 0 day https://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerability https://www.openssl.org/news/secadv/20220315.txt keywords: openssl; dompdf; gh0stcringe; rat; database; mysql; mssql; quakbot; cobalt strike; vnc

Odd Behaviours; MFA Bypass; Kaspersky Warning; CaddyWiper; Fake AV; DNS Tunnel Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Users https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukraine https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukraine https://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoor https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/ keywords: dns tunnel; antivirus; log4j; caddywiper; kaspersky

Apple Updates Everything; More Ukraine Scams; Curl on Windows; Veeam Vuln; netfilter priv esc; Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windows https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilities https://www.veeam.com/kb4288 Linux Netfilter Privilege Escalation https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/ keywords: linux; netfilter; veeam; curl; scam; crypto; bitcoin; ethereum; privilege escalation

WebSocket Malware; Telegram C&C Infostealer; USAHERDS Breach; YARA 4.2.0 Out Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/ keywords: yara; usaherds; racoon; info stealer; stealer; telegram; websockets

Credentials on Virustotal; GPS Problems; Russian CA; New Spectre; Package Manager Vuln Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer...) https://blog.sonarsource.com/securing-developer-tools-package-managers keywords: yarn, pip, bower, composer, package manager, spectre, russia, certifiate authority, gps, credentials, virustotal

batch infostealer; Mitel DDoS; Pro Ukrainian Hacking Tools Malware; Hack .ru Govt Sites Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROS https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletins https://helpx.adobe.com/security/security-bulletin.html keywords: adobe; siemens; ruggedcom; russian; government; supply chain; ukraine; malware; tp240phonehome; mitel; infostealer

Microsoft Patch Tuesday; @armissecurity APC UPS Vuln.; HP Firmware Bugs Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html keywords: microsoft; patch tuesday; apc; ups; schneider; firmware; hp; uefi

Ukraine Scam Followup; Dirty Pipe; Firefox Update; Azure AutoWarp; Terramaster Vuln Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030 keywords: terramaster; azure; autowarp; mozilla; firefox; thunderbird; dirty pipe; ukraine; scam

Ukraine Donation Scam; Cogent Disconnnects Russia; Russia DDoS Lists; Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk keywords: cisco; expressway; gitlab; nvidia; certificates; russia; ukraine; ddos; certificates; red cross; scam

Odd OpenWRT Scan; Alexa Hacks Alexa; Google Cloud Armor Update; Ukraine Updates Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/ keywords: google; cloud armor; openwrt; satellite; ukraine; alexa

Recognizing Biased/Fake News; FortiMail Bug; IBM; Google Chrome; Conti Leak; Middlebox DDoS The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection keywords: middle box; ddos; conti; ransomware; leak; google; chrome; ibm; fortinet

Geoblocking; IsaacWiper; PJSIP Vulnerability; Octa Patch; ViaSat Outage Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/ keywords: geoblocking; viasat; ukraine; octa; memory; pjsip; isaacwiper; hermetic wipter; isaac

PHP Update; Mozilla VPN Bug; Google Captcha Bypass; Samsung Encryption; Multiple IPs PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/ keywords: tshark; samsung; google; captcha; recaptcha; php; filter

Ukraine Update; Static Windows IPs; Snort and NetWitness; NVidia Breach; Incomplete Win11 Reset Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc keywords: Windows 11; NVidia; snort; netwitness; fixed address; apipa; ukraine

Ukraine Update and Webcast; Zabbix Vulnerability; Asustore Deadbolt; MSFT App Store Electron Malware Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/ keywords: social media takeover; electron; microsoft; asustor; firepower; certificate; deadbolt; ukraine; wiper; zabbix

New Sandworm; Ukraine Wiper; Log4Shell Wrapup; pfsense authenticated RCE; BVP47 New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf keywords: nsa; equation group; pfsense; log4shell; log4j; ukraine; wiper; backdoor

Old Vuln Still Used; Horde XSS Exploit; NoVNC Phishing A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/ keywords: novnc; phishing; horde; webmail; xss; equation editor

Odd E-Mail Addresses; SMS Number Rental; Xenomorph Banking Trojan; Cryptbot; Magento Clarification Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html keywords: magento; adobe; infostealer; cryptbot; xenomorph; android; sms; pve; email; ip address

Double Compressed; Cassandra Vuln.; Apple T2 Weakness; Snap Priv Escalation Weakness Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt keywords: snap; ubuntu; apple; t2; cassandra; file vault; disk encryption; compression; remcos rat

MSFT Teams Malware; Thunderbird Patch; Cisco DANE Vuln; GitHub Code Scanning Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/ keywords: zeek; geolocation; github; cisco; email; thunderbird; magento; teams

Astaroth Infection; Atlassian Jira Updates; VMWare Updates; BEC via Virtual Meeting Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216 keywords: fbi; vmware; atlassian; jira; astaroth; guildma; docusign; bec

Bot Breakdown; SquirrelWaffle; WD MyCloud; Nooie Baby Monitor; Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/ keywords: nooie; baby monitor; westerdan digital; mycloud; squirrelwaffle; exchange server; malspam; bec; bots; email; server; brute force