Tech News

In this episode of the SANS Internet Storm Center's Stormcast, we cover critical vulnerabilities affecting OpenSSH, BeyondTrust, and Nuclei, including the newly discovered "RegreSSHion" flaw and a bypass vulnerability in Nuclei. We also discuss how malware evasion techniques can impact analysis environments and highlight the dangers of fake exploits targeting Read More

In this episode of the SANS Internet Storm Center's Stormcast, we cover the latest cybersecurity threats and defenses, including Python-delivered malware, goodware hash sets, SSL/TLS protocol updates, and critical vulnerabilities in ASUS routers and Paessler PRTG. Stay informed and secure your systems! Full details and links to all stories: SwaetRAT Read More

Welcome to Episode 392 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben interviews AvePoint CTO John Peluso. Listen in as they discuss Copilot in Microsoft 365 and how to govern and gain insights on your Copilot usage in your organization. Copilot in Microsoft 365 is becoming a Read More

PHPUnit and Androxgh0st https://isc.sans.edu/diary/Command%20Injection%20Exploit%20For%20PHPUnit%20before%204.8.28%20and%205.x%20before%205.6.3%20%5BGuest%20Diary%5D/31528 Mirai Attacks Session Smart Routers https://supportportal.juniper.net/s/article/2024-12-Reference-Advisory-Session-Smart-Router-Mirai-malware-found-on-systems-when-the-default-password-remains-unchanged?language=en_US FortiWLM Unauthenticated limited file read vulnerability https://fortiguard.fortinet.com/psirt/FG-IR-23-144 https://securityonline.info/kaspersky-uncovers-active-exploitation-of-fortinet-vulnerability-cve-2023-48788/ Beyond Trust Security Advisory https://www.beyondtrust.com/trust-center/security-advisories/bt24-10 BadBox Update https://www.bitsight.com/blog/badbox-botnet-back

Welcome to Episode 391 of the Microsoft Cloud IT Pro Podcast. In this episode, Scott sits down with Kamal Srinivasan from Parallels to talk how you can think about delivering applications and desktops to your users in post-Citrix world. As the traditional “Citrix” model faces disruption, we explore how remote Read More

A Deep Dive into TeamTNT and Spinning YARN https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20A%20Deep%20Dive%20into%20TeamTNT%20and%20Spinning%20YARN/31530 Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks https://www.trendmicro.com/en_us/research/24/l/earth-koshchei.html Okta Social Engineering Impersonation Report https://sec.okta.com/articles/2024/okta-social-engineering-report-response-and-recommendation US considers banning TP-Link routers over cybersecurity risks https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/ CISA Releases Best Practice Guidance for Mobile Communications https://www.cisa.gov/news-events/alerts/2024/12/18/cisa-releases-best-practice-guidance-mobile-communications

Python Delivering AnyDesk Client as RAT https://isc.sans.edu/diary/Python+Delivering+AnyDesk+Client+as+RAT/31524/ Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion https://www.trendmicro.com/en_us/research/24/l/darkgate-malware.html SS7 Attacks https://www.404media.co/email/ac709882-1e4b-42fc-bcca-cf7ce4793716/ CrushFTP Vulnerability https://crushftp.com/crush11wiki/Wiki.jsp?page=Update

MUT-1244 Targeting Offensive Actors https://securitylabs.datadoghq.com/articles/mut-1244-targeting-offensive-actors/ Golang Crypto Vulnerability https://github.com/golang/crypto/commit/b4f1988a35dee11ec3e05d6bf3e90b695fbd8909 Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows https://www.cadosecurity.com/blog/meeten-malware-threat

Exploit Attempts Inspired by Recent Struts 2 File Upload Vulnerability https://isc.sans.edu/diary/Exploit%20attempts%20inspired%20by%20recent%20Struts2%20File%20Upload%20Vulnerability%20%28CVE-2024-53677%2C%20CVE-2023-50164%29/31520 Citrix Netscaler Password Spraying Mitigation https://www.citrix.com/blogs/2024/12/13/password-spraying-attacks-netscaler-december-2024/ Let's Encrypt Six Day Certifiates https://letsencrypt.org/2024/12/11/eoy-letter-2024/ Devices in Germany Arrived Pre-Pw0n3d https://cybersecuritynews.com/30000-devices-in-germany-discovered-with-pre-installed-malware-badbox/

Windows 11 and TPM https://techcommunity.microsoft.com/blog/windows-itpro-blog/tpm-2-0-%E2%80%93-a-necessity-for-a-secure-and-future-proof-windows-11/4339066 https://www.forbes.com/sites/zakdoffman/2024/12/12/microsoft-warns-400-million-windows-users-do-not-update-your-pc/ Microsoft Azure MFA Bypass https://www.oasis.security/resources/blog/oasis-security-research-team-discovers-microsoft-azure-mfa-bypass Struts 2 Arbitrary File Upload CVE-2024-53677 https://cwiki.apache.org/confluence/display/WW/S2-067 Russian actor Secret Blizzard using tools of other groups to attack Ukraine https://www.microsoft.com/en-us/security/blog/2024/12/11/frequent-freeloader-part-ii-russian-actor-secret-blizzard-using-tools-of-other-groups-to-attack-ukraine/

Vulnerability Symbiosis: vSphere's CVE-2024-38812 and CVE-2024-38813 https://isc.sans.edu/diary/Vulnerability%20Symbiosis%3A%20vSphere%3Fs%20CVE-2024-38812%20and%20CVE-2024-38813%20%5BGuest%20Diary%5D/31510 Apple Updates Everything (iOS, iPadOS, macOS, watchOS, tvOS, visionOS) https://isc.sans.edu/diary/Apple+Updates+Everything+iOS+iPadOS+macOS+watchOS+tvOS+visionOS/31514/ Widespread exploitation of Cleo file transfer software (CVE-2024-50623) https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild https://labs.watchtowr.com/cleo-cve-2024-50623/

Microsoft Patch Tuesday December 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%3A%20December%202024/31508 Ivanty Security Advisory https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Services-Application-CSA-CVE-2024-11639-CVE-2024-11772-CVE-2024-11773?language=en_US Visual Studio Code Tunnels https://www.sentinelone.com/labs/operation-digital-eye-chinese-apt-compromises-critical-digital-infrastructure-via-visual-studio-code-tunnels/ Mitigating NTLM Relay Attacks https://msrc.microsoft.com/blog/2024/12/mitigating-ntlm-relay-attacks-by-default/

CURLing for Crypto on Honeypots https://isc.sans.edu/diary/CURLing%20for%20Crypto%20on%20Honeypots/31502 Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection https://flatt.tech/research/posts/compromising-openwrt-supply-chain-sha256-collision/ Android Monthly Update https://source.android.com/docs/security/bulletin/pixel/2024-12-01 RCS Not Always Encrypted https://daringfireball.net/linked/2024/12/04/shame-on-google-messages

Bypassing WAFs with the Phantom Version Cookie https://portswigger.net/research/bypassing-wafs-with-the-phantom-version-cookie URL File NTLM Hash Disclosure https://blog.0patch.com/2024/12/url-file-ntlm-hash-disclosure.html Ultralytics Library Infected with Miner https://github.com/ultralytics/ultralytics/issues/18027#issuecomment-2521578169 DaMAgeCard attack targets memory directly thru SD card reader https://swarm.ptsecurity.com/new-dog-old-tricks-damagecard-attack-targets-memory-directly-thru-sd-card-reader/

Business E-Mail Compromise https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Business%20Email%20Compromise/31474 Where There s Smoke, There s Fire - Mitel MiCollab CVE-2024-35286, CVE-2024-41713 And An 0day https://labs.watchtowr.com/where-theres-smoke-theres-fire-mitel-micollab-cve-2024-35286-cve-2024-41713-and-an-0day/ https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-misa-2024-0029 Lorex 2K Indoor Wi-Fi Security Camera https://www.rapid7.com/globalassets/_pdfs/research/pwn2own-iot-2024-lorex-2k-indoor-wi-fi-security-camera-research.pdf https://www.lorex.com/products/2k-indoor-wi-fi-security-camera HPE Aruba Vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04761en_us&docLocale=en_US Alan Paller Inducted into the Cybersecurity Hall of Fame https://cybersecurityhalloffame.org/

Welcome to Episode 390 of the Microsoft Cloud IT Pro Podcast, live from Microsoft Ignite 2024! In this episode Ben sits down for a chat with Melissa Grant, head of product marketing for Windows 11 Enterprise, Windows 365, and Azure Virtual Desktop at Microsoft. Melissa discusses her tenure at Microsoft Read More

Data Analysis: The Unsung Hero of Cybersecurity Expertise https://isc.sans.edu/diary/Data%20Analysis%3A%20The%20Unsung%20Hero%20of%20Cybersecurity%20Expertise%20%5BGuest%20Diary%5D/31494 FBI Warns iPhone and Android Users Stop Sending Texts https://www.forbes.com/sites/zakdoffman/2024/12/03/fbi-warns-iphone-and-android-users-stop-sending-texts/ IdentityIQ Improper Access Control Vulnerability CVE-2024-10905 https://www.sailpoint.com/security-advisories/identityiq-improper-access-control-vulnerability-cve-2024-10905 Solana web3.js Backdoor https://socket.dev/blog/supply-chain-attack-solana-web3-js-library

Extracting Files Embedded Inside Word Documents https://isc.sans.edu/diary/Extracting%20Files%20Embedded%20Inside%20Word%20Documents/31486 Korea arrests CEO for adding DDoS feature to satellite receivers https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Veeam Vulnerabilities https://www.veeam.com/kb4679 WPTaskScheduler Presistence and CVE-2024-49039 PoC https://github.com/je5442804/WPTaskScheduler_CVE-2024-49039

Credential Guard and Kerberos delegation https://isc.sans.edu/diary/Credential%20Guard%20and%20Kerberos%20delegation/31488 The Day We Unveiled the Secret Rotation Illusion https://www.clutch.security/blog/the-day-we-unveiled-the-secret-rotation-illusion Corrupt Word Documents used in Phshing https://x.com/anyrun_app/status/1861024182210900357 IBM Security Verify Access Appliance Vulnerabilities https://www.ibm.com/support/pages/security-bulletin-multiple-security-vulnerabilities-were-found-ibm-security-verify-access-appliance-cve-2024-49803-cve-2024-49804-cve-2024-49805-cve-2024-49806

AWS DShield Sensor + DShield SIEM https://isc.sans.edu/diary/SANS%20ISC%20Internship%20Setup%3A%20AWS%20DShield%20Sensor%20%2B%20DShield%20SIEM%20%5BGuest%20Diary%5D/31480 From a Regular Infostealer to its Obfuscated Version https://isc.sans.edu/diary/From%20a%20Regular%20Infostealer%20to%20its%20Obfuscated%20Version/31484 Credit Card Skimmer Malware Targeting Magento Checkout Pages https://blog.sucuri.net/2024/11/credit-card-skimmer-malware-targeting-magento-checkout-pages.html LogoFAIL Exploited to Deploy Bootkitty, the first UEFI bootkit for Linux https://www.binarly.io/blog/logofail-exploited-to-deploy-bootkitty-the-first-uefi-bootkit-for-linux Stickers: https://isc.sans.edu/stickers.html (code PODCAST)