News

Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246

Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211

CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/

@PhilTheFilipino & @MrEricAlmighty watched Mortal Kombat on HBO MAX this past weekend. After flying under the radar for a while, it started to really gain some hype after an impressive first trailer, and that continued by releasing the opening scene of the film. So was this a flawless victory for Read More

Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp

Shay Lynn Dixon is the CEO of Allegiant Logistics and the first guest on my new Freightwaves show, Cyberly. In this episode, I’m sharing three of my favorite moments from our recent chat and if you dig it, check out the links below to listen or watch the full episode as Read More

How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/

In Episode 226, Ben and Scott talk through some of the latest Azure news, including the preview release of STIG VM deployments in the public cloud and GCC, 200TB 🤯. blobs in Azure storage, Azure Storage Day, and a PowerShell module called SecretManagement you can use to store your secrets Read More

TWB Podcast is BACK! With another finals de-stressor (its a word) of an episode for yall! We tried instagram live for the first time during the pod & The very first TWB guest FSU Senior & Chi Omega sister Lindsey Love joins us again back on the show as well Read More

Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/[email protected]/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html

@PhilTheFilipino & @MrEricAlmighty recently introduced this brand new series called Tirades and Hot Takes, where we will rant on different topics and unpopular opinions that we get from our friends or listeners, with no limits on where we can go next. For the third episode of this series, we've waited Read More

Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html

Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES

Welcome back to our monthly series, The Game Room Where It Happens! Since we've been gaming practically our entire lives, we tackle a new subject each month. This month, we have a full SPOILER-FREE & SPOILER discussion of Hazelight Studio's latest co-op adventure, It Takes Two! & for this special Read More

Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/

Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185

In Episode 225, Ben and Scott spend 30 minutes talking about several preview features available to Azure subscribers - WVD start on connect and Azure Cloud Services (extended support). Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to manage your Read More

Back for another week Merland and TJ Banks joined us again!! Last podcast was so much fun for me I asked to run it back again. This episode the guys and i talked about what its like being a comic in times of tragedies, the two Comedy Central performing comedians Read More

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440

When you’re given a new opportunity, you should give yourself permission to adjust to that new opportunity without being too hard on yourself. That’s what I’ve been struggling with ever since I started as a brand new host on Freightwaves TV with a live show called Cyberly. But after a few weeks Read More