Tech News

Exploring Anti-Phishing Measures in Microsoft 365 https://certitude.consulting/blog/en/o365-anti-phishing-measures/ SSHamble Security Testing Tool https://www.runzero.com/blog/sshamble-unexpected-exposures-in-the-secure-shell/ macOS Sequoia Weekly Permission Prompts https://9to5mac.com/2024/08/06/macos-sequoia-screen-recording-privacy-prompt/ .internal domain https://www.icann.org/en/public-comment/proceeding/proposed-top-level-domain-string-for-private-use-24-01-2024

0.0.0.0 Day Exploiting Localhost APIs from the Browser https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser Apple Hardens Gatekeeper https://developer.apple.com/news/?id=saqachfa Downgrade Attacks Using Windows Updates https://www.safebreach.com/blog/downgrade-attacks-using-windows-updates/

A Survey of Scans For GeoServer Vulnerabilities https://isc.sans.edu/diary/A%20Survey%20of%20Scans%20for%20GeoServer%20Vulnerabilities/31148 Crowdstrike Root Cause Analysis https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ Kibana Vulnerability https://discuss.elastic.co/t/kibana-8-14-2-7-17-23-security-update-esa-2024-22/364424 Android August 2024 Bulletin https://source.android.com/docs/security/bulletin/2024-08-01 Ubiquity Amplication Attack Vulnerability Update https://blog.checkpoint.com/research/over-20000-ubiquiti-cameras-and-routers-are-vulnerable-to-amplification-attacks-and-privacy-risks/

Script Obfuscation Using Multiple Instances of the Same Function https://isc.sans.edu/diary/Script%20obfuscation%20using%20multiple%20instances%20of%20the%20same%20function/31144 Disclosure of key technical details of CrowdStrike's large-scale blue screen https://mp.weixin.qq.com/s/uD7mhzyRSX1dTW-TMg4UhQ New OFBiz Vulnerability https://issues.apache.org/jira/browse/OFBIZ-13128 https://www.youtube.com/watch?v=J_IxCBjd4Pw Roundcube XSS Vulnerabilities https://securityonline.info/roundcube-webmail-releases-security-updates-to-patch-multiple-vulnerabilities/

Current Secure Boot Certifiate Authority Expires in 2026 https://isc.sans.edu/diary/Even+Linux+users+should+take+a+look+at+this+Microsoft+KB+article/31140 OOXML Spreadsheets Protected by Verifier Hashes https://isc.sans.edu/diary/OOXML%20Spreadsheets%20Protected%20By%20Verifier%20Hashes/31072 StormBamboo Compromises ISP to Abuse Insecure Software Update Mechanisms https://www.volexity.com/blog/2024/08/02/stormbamboo-compromises-isp-to-abuse-insecure-software-update-mechanisms/ DARPA TRACTOR Program for Translating C to Rust https://www.darpa.mil/news-events/2024-07-31a

Tracking Proxy Scans with IPv4.Games https://isc.sans.edu/diary/Tracking%20Proxy%20Scans%20with%20IPv4.Games/31136 Threat Actor Impersonates Google via Fake Ad For Authenticator https://www.malwarebytes.com/blog/news/2024/07/threat-actor-impersonates-google-via-fake-ad-for-authenticator Who Knew? Domain Hijacking is so easy https://blogs.infoblox.com/threat-intelligence/who-knew-domain-hijacking-is-so-easy/

Welcome to Episode 381 of the Microsoft Cloud IT Pro Podcast. In this episode we discuss Microsoft Graph Data Connect, a service that allows organizations to access and manage data from Microsoft 365 in a secure, scalable, and efficient manner. Like what you hear and want to support the show? Read More

Increased Activity Against Apache OFBiz CVS-2024-32113 https://isc.sans.edu/diary/Increased%20Activity%20Against%20Apache%20OFBiz%20CVE-2024-32113/31132 Digicert Certificate Revocation Incident https://www.digicert.com/support/certificate-revocation-incident Microsoft Azure Outage https://azure.status.microsoft/en-us/status/history/ Improving Security of Chrome Cookies https://security.googleblog.com/2024/07/improving-security-of-chrome-cookies-on.html

Apple Updates Everything: July 2024 Edition https://isc.sans.edu/diary/Apple%20Patches%20Everything.%20July%202024%20Edition/31128 VMWare ESXi Vulnerability Actively Exploited CVE-2024-37085 https://www.microsoft.com/en-us/security/blog/2024/07/29/ransomware-operators-exploit-esxi-hypervisor-vulnerability-for-mass-encryption/ Weak VoWiFi Encryption CVE-2024-22064 https://idw-online.de/en/news837652

CrowdStrike Outage Themed Maldoc https://isc.sans.edu/diary/CrowdStrike%20Outage%20Themed%20Maldoc/31116 HotJar XSS Puts OAuth at Risk https://salt.security/blog/over-1-million-websites-are-at-risk-of-sensitive-information-leakage---xss-is-dead-long-live-xss Proofpoint Echospoofing https://labs.guard.io/echospoofing-a-massive-phishing-campaign-exploiting-proofpoints-email-protection-to-dispatch-3dd6b5417db6

ExelaStealer Delivered "From Russia With Love" https://isc.sans.edu/diary/31118 Create Your Own BSOD: NotMyFault https://isc.sans.edu/diary/Create%20Your%20Own%20BSOD%3A%20NotMyFault/31120 PKFail Vulnerability https://pk.fail/ CrowdStrike Recovery https://arstechnica.com/information-technology/2024/07/97-of-crowdstrike-systems-are-back-online-microsoft-suggests-windows-changes/

X-Worm Hidden With Process Hollowing https://isc.sans.edu/diary/XWorm%20Hidden%20With%20Process%20Hollowing/31112 Anyone Can Access Deleted and Private Repo Data on GitHub https://trufflesecurity.com/blog/anyone-can-access-deleted-and-private-repo-data-github Google Chrome Scanning Encrypted Files https://arstechnica.com/security/2024/07/google-overhauls-chromes-safe-browsing-protection-to-scan-password-protected-files/

"Mouse Logger" Malicious Python Script https://isc.sans.edu/diary/%22Mouse%20Logger%22%20Malicious%20Python%20Script/31106 Crowdstrike Preliminary Post Incident Review https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ How a North Korean Fake IT Worker Tried to Infiltrate Us https://blog.knowbe4.com/how-a-north-korean-fake-it-worker-tried-to-infiltrate-us

New Exploit Variation Against D-Link NAS Devices https://isc.sans.edu/diary/New%20Exploit%20Variation%20Against%20D-Link%20NAS%20Devices%20%28CVE-2024-3273%29/31102 APKs Masquerading as Videos on Telegram https://www.welivesecurity.com/en/eset-research/cursed-tapes-exploiting-evilvideo-vulnerability-telegram-android/ Goodbye Attackers can Bypass Windows Hello Strong Authentication https://www.darkreading.com/endpoint-security/goodbye-attackers-can-bypass-windows-hello-strong-authentication Let's Encrypt Intends to End OCSP Service https://letsencrypt.org/2024/07/23/replacing-ocsp-with-crls.html Google Third-Party Cookies are hanging around https://privacysandbox.com/intl/en_us/news/privacy-sandbox-update/

CrowdStrike Update https://isc.sans.edu/diary/CrowdStrike%3A%20The%20Monday%20After/31098 https://www.theregister.com/2024/07/21/crowdstrike_linux_crashes_restoration_tools/ Keynote Recording https://www.sans.org/webcasts/sansfire-2024-keynote-25-years-of-the-internet-storm-center-time-traveling-through-sensor-data/

Widespread Windows Crashes Due to Crowdstrike Updates https://isc.sans.edu/diary/Widespread%20Windows%20Crashes%20Due%20to%20Crowdstrike%20Updates/31094 https://www.crowdstrike.com/falcon-content-update-remediation-and-guidance-hub/ https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ https://techcommunity.microsoft.com/t5/intune-customer-success/new-recovery-tool-to-help-with-crowdstrike-issue-impacting/ba-p/4196959

Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujul2024.html Exchange Online Implementing Inbound SMTP DANE with DNSSEC https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-public-preview-of-inbound-smtp-dane-with-dnssec-for/ba-p/4155257 VPN Port Shadowing Vulnerability https://petsymposium.org/popets/2024/popets-2024-0070.pdf

Welcome to Episode 380 of the Microsoft Cloud IT Pro Podcast. In this episode we discuss some of the latest security breaches that you should be on the lookout for and then we get into AD FS migrations and if you should consider it. Like what you hear and want Read More

Who You Gonna Call: Androx Gh0st Busters! https://isc.sans.edu/diary/Who%20You%20Gonna%20Call%3F%20AndroxGh0st%20Busters!%20%5BGuest%20Diary%5D/31086 Cisco Smart Software Manager Vulnerability CVE-2024-20419 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy Critical Security Flaw in Cisco Secure Email Gateway: CVE-2024-20401 https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-afw-bGG2UsjH Microsoft Introducing Checkpoint Updates https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-windows-11-checkpoint-cumulative-updates/ba-p/4182552 GeoServer Patches https://github.com/geoserver/geoserver/security/advisories/GHSA-6jj6-gm7p-fcvv

Reply Chain Phishing With a Twist https://isc.sans.edu/diary/%22Reply-chain%20phishing%22%20with%20a%20twist/31084 Claroty TP-Link and Synology IP Camera Exploits https://claroty.com/team82/research/pivoting-from-wan-to-lan-synology-bc500-ip-camera https://claroty.com/team82/research/pwn2own-wan-to-lan-exploit-showcase Cosmic Sting Hits Adobe Commerce Stores https://sansec.io/research/cosmicsting-hitting-major-stores