News

Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ Printing Shellz HP Printer Vulnerabilities https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485 Unpatched Local Privilege Escalation in Mobile Device Management Service https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html

Hiring a marketing agency is a large expense most companies can't afford to pay. I know this because I used to work at an agency, I operate one now, and I also know it was an uphill battle to get a large marketing budget buy-in from my exec team at Read More

Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf Zoom Patch https://explore.zoom.us/en/trust/security/security-bulletin/ Slack DNSSEC Experience Reports https://slack.engineering/what-happened-during-slacks-dnssec-rollout/

In this episode we recap Thanksgiving for everyone, Bobby tries to get Vik and Judah into the Christmas spirit, we plan to step out more as a group, someone has been living a secret night life, Judah has some questionable marketing strategies, Bobby begins to visualize what this next year Read More

Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Trickbot Phishing Checks Screen Resolution to Evade Researchers https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ QNAP QVR Patch https://www.qnap.com/de-de/security-advisory/qsa-21-51 CronRAT Malware Hiding in cron https://sansec.io/research/cronrat

There’s a fascinating thing going on with robotics entering the workforce.One part of the population is terrified of them--rightfully so as there are some legitimate concerns. But the other side gets to enjoy the way cooler aspect of it--at least in my opinion, anyway. And that side is the wearables. In Read More

Ben and Scott cover SFTP support on Azure Blob Storage, the GA of NFS v4.1 on Azure Files, and the new AZ-305 exam.

 @PhilTheFilipino & @MrEricAlmighty are back with our most casual episode on the podcast called Tirades and Hot Takes, where each month, we rant on different topics and unpopular opinions that we get from the internet, friends, and/or our listeners, with no limits on where we can go next. After coming Read More

YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ VMWare VCenter Vulnerability and Patch https://www.vmware.com/security/advisories/VMSA-2021-0027.html

Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/ PoC of CVE-2021-42321: pop mspaint.exe on the target https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398 BeC Via Exchange Flaws https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html Windows Priv. Escalation PoC https://github.com/klinix5/InstallerFileTakeOver PHP deserialize vulnerablity in CloudLinux Imunity360 https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html

To celebrate making it out of the 30's we did a quick recap of appreciation for the big interviews on the podcast, Vincent Bryant, Ali Siddiq, Tony Roberts and Lance Woods. The whole gang went out to the late show Saturday night at the Comedy Zone to see Trevor Wallace Read More

Welcome back to our monthly series, The Game Room Where It Happens! Since we've been gaming practically our entire lives, we discuss a different gaming franchise each month. This month, @PhilTheFilipino & @MrEricAlmighty enlist the help of Eric's brother, Stefan, to talk about our love for the Left 4 Dead Read More

Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/

JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www.theregister.com/2021/11/18/firefox_cookies_github/ FBI Warns of Fatpipe VPN Exploits https://www.ic3.gov/Media/News/2021/211117-2.pdf Abusing ClouDNS https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/

In Episode 256, Ben and Scott dive into some of the new features available for Azure AD Conditional Access and Microsoft Defender for Cloud Apps. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their business to the Office 365 or SharePoint, automate their Office 365 governance, and Read More

Marketers and entrepreneurs have probably been faced with the temptation of obtaining emails and contact information for potential prospects. But what happens after you’ve pulled the trigger on that decision? How do you make sure that outreach doesn’t damage your brand but also gets your name in front of someone who may Read More

DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/ Netgear UPNP Stack Based Buffer Overflow https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html

@PhilTheFilipino & @MrEricAlmighty are bringing a new series to the podcast. After the success of Squid Game, and Parasite before it, we have had an interest to explore foreign shows and films more than ever before. So for that reason, we will occasionally highlight international gems, starting with Train to Read More

Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debug Vulnerability https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html Home Router Vulnerability Listing https://modemly.com/m1/pulse

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More