Tech News

Protected OOXML Spreadsheets https://isc.sans.edu/diary/Protected%20OOXML%20Spreadsheets/31070 Leaked PyPi Secret Token Revealed in Binary https://jfrog.com/blog/leaked-pypi-secret-token-revealed-in-binary-preventing-suppy-chain-attack/ Microsoft 365 Defender Affected by June Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#network-data-reporting-from-microsoft-365-defender-may-be-interrupted

16-Bit Hash Collisions in XLS Spreadsheets https://isc.sans.edu/diary/16-bit%20Hash%20Collisions%20in%20.xls%20Spreadsheets/31066 Attacks against the "Nette" PHP framework CVE-2020-15227 https://isc.sans.edu/forums/diary/Attacks+against+the+Nette+PHP+framework+CVE202015227/31076/ Squarespace Hijacked Domains https://github.com/security-alliance/advisories/blob/main/2024-07-squarespace.pdf

Understanding SSH Honeypot Logs: Attackers Fingerprinting Honeypots https://isc.sans.edu/diary/Understanding%20SSH%20Honeypot%20Logs%3A%20Attackers%20Fingerprinting%20Honeypots/31064 Patch or Peril: A Veeam Vulnerability Incident https://www.group-ib.com/blog/estate-ransomware/ Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&f:ctype=[Security%20Advisories] VMWare Aria Automation SQL Injection Vuln; https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24598 Leaked SMS Messages https://www.ccc.de/de/updates/2024/2fa-sms

Finding Honeypot Data Clusters Using DBSCAN Part 1 https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%201/31050 Second RegreSSHion Like OpenSSH Vulnerability https://lwn.net/ml/all/[email protected]/ Resurrecting Internet Explorer: Threat Actors Using Zero-Day Tricks in Internet Shortcut File CVE-2024-38112 https://research.checkpoint.com/2024/resurrecting-internet-explorer-threat-actors-using-zero-day-tricks-in-internet-shortcut-file-to-lure-victims-cve-2024-38112/ SharePoint Proof of Concept Exploit CVE-2024-38094 CVE-2024-38024 CVE-2024-38023 https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC/blob/main/poc_filtered.py Citrix Netscaler, Agent and SDX Security Bulletin CVE-2024-6235 CVE-2024-6236 https://support.citrix.com/article/CTX677998/netscaler-console-agent-and-sdx-security-bulletin-for-cve20246235-and-cve20246236 OpenVPN Updates Read More

Microsoft Patch Tuesday July 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20July%202024/31058 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html RADIUS protocol susceptible to forgery attacks https://kb.cert.org/vuls/id/456537 https://www.inkbridgenetworks.com/blastradius/faq

Kunai: Keep an Eye on your Linux Hosts Activity https://isc.sans.edu/diary/Kunai%3A%20Keep%20an%20Eye%20on%20your%20Linux%20Hosts%20Activity/31054 Decryptor for DoNex Ransomware https://decoded.avast.io/threatresearch/decrypted-donex-ransomware-and-its-predecessors/ Shelltorch Explained: Multiple Vulnerabilities in Pytorch Model Server (Torchserve) https://www.oligo.security/blog/shelltorch-explained-multiple-vulnerabilities-in-pytorch-model-server Exim Bypass Attachment Inspection https://bugs.exim.org/show_bug.cgi?id=3099#c4 Toshiba/Sharp Printer vulnerabilities https://pierrekim.github.io/blog/2024-06-27-toshiba-mfp-40-vulnerabilities.html https://pierrekim.github.io/blog/2024-06-27-sharp-mfp-17-vulnerabilities.html

OpenSSH RegreSSHion Vulnerability https://www.qualys.com/2024/07/01/cve-2024-6387/regresshion.txt https://isc.sans.edu/diary/SSH%20%22regreSSHion%22%20Remote%20Code%20Execution%20Vulnerability%20in%20OpenSSH./31046 Overlooked Domain Name Resliency Issues: Registrar Communications https://isc.sans.edu/diary/Overlooked%20Domain%20Name%20Resiliency%20Issues%3A%20Registrar%20Communications/31048 Cloudflare 1.1.1.1 incident on Juine 27th 2024 https://blog.cloudflare.com/cloudflare-1111-incident-on-june-27-2024

Welcome to Episode 379 of the Microsoft Cloud IT Pro Podcast. In this episode, Ben and Scott take a look at Azure Verified Modules, a new initiative from Microsoft to consolidate and set the standards for what a good Bicep and/or Terraform module looks like. Like what you hear and Read More

What Setting Live Traps For Cybercriminals Taught Me About Security https://isc.sans.edu/diary/What%20Setting%20Live%20Traps%20for%20Cybercriminals%20Taught%20Me%20About%20Security%20%5BGuest%20Diary%5D/31038 TeamViewer Compromise https://www.teamviewer.com/en-us/resources/trust-center/statement/ Fortra File Catalyst Vulnerability and PoC https://support.fortra.com/filecatalyst/kb-articles/advisory-6-24-2024-filecatalyst-workflow-sql-injection-vulnerability-YmYwYWY4OTYtNTUzMi1lZjExLTg0MGEtNjA0NWJkMDg3MDA0 https://www.tenable.com/security/research/tra-2024-25 GitLab Critical Update https://about.gitlab.com/releases/2024/01/11/critical-security-release-gitlab-16-7-2-released/ When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI https://jfrog.com/blog/prompt-injection-attack-code-execution-in-vanna-ai-cve-2024-5565/

Critical Progress MOVEit Authentication Bypass Vulnerability https://labs.watchtowr.com/auth-bypass-in-un-limited-scenarios-progress-moveit-transfer-cve-2024-5806/ https://community.progress.com/s/article/MOVEit-Transfer-Product-Security-Alert-Bulletin-June-2024-CVE-2024-5806 Polyfill.io Supply Chain Attack https://cside.dev/blog/more-than-100k-websites-targeted-in-web-supply-chain-attack Apple AirPods Firmware Update https://support.apple.com/en-us/HT214111

TCP Latency Sidechannel https://www.snailload.com/snailload.pdf Microsoft Management Console for Intial Access and Evasion https://www.elastic.co/security-labs/grimresource Wyze Camera Vulnerabilities https://forums.wyze.com/t/security-advisory/289256

Configuration Scans Expand https://isc.sans.edu/diary/Configuration%20Scanners%20Adding%20Java%20Specific%20Configuration%20Files/31032 SQL Server Emergency Fix https://support.microsoft.com/en-us/topic/june-20-2024-kb5041054-os-build-20348-2529-out-of-band-b746ffbd-934e-42ac-9c66-ed0636edf7f1 Juniper Security Analytics Update https://supportportal.juniper.net/s/article/On-Demand-JSA-Series-Multiple-vulnerabilities-resolved-in-Juniper-Secure-Analytics-in-7-5-0-UP8-IF03?language=en_US MacOS/iOS XNU Buffer Overflow Exploit CVE-2024-27815 https://jprx.io/cve-2024-27815/

Sysinternals Process Monitor Version 4 Released https://isc.sans.edu/diary/Sysinternals%27%20Process%20Monitor%20Version%204%20Released/31026 Kaspersky Sanctions https://home.treasury.gov/news/press-releases/jy2420 Phoenix UEFI Buffer Overflow Affects Wide Range of Systems https://eclypsium.com/blog/ueficanhazbufferoverflow-widespread-impact-from-vulnerability-in-popular-pc-and-server-firmware/ Ghostscript Update https://ghostscript.readthedocs.io/en/gs10.03.1/News.html js2py vulnerability https://github.com/Marven11/CVE-2024-28397-js2py-Sandbox-Escape

No Excuses: Free Tools to Help Secure Authentication in Ubuntu https://isc.sans.edu/diary/No%20Excuses%2C%20Free%20Tools%20to%20Help%20Secure%20Authentication%20in%20Ubuntu%20Linux%20%5BGuest%20Diary%5D/31024 Handling BOM MIME Files https://isc.sans.edu/diary/Handling+BOM+MIME+Files/31022 Atlasiun Confluence Data Center and Server Vuln https://confluence.atlassian.com/security/security-bulletin-june-18-2024-1409286211.html Beyond the @ Symbol: Exploiting the Flexibility of Email Addresses For Offensive Purposes https://modzero.com/en/blog/beyond_the_at_symbol/ VMWare Patches https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453

New NetSupport Campaign Deleivered Through MSIX Packages https://isc.sans.edu/diary/New%20NetSupport%20Campaign%20Delivered%20Through%20MSIX%20Packages/31018 D-Link Router Backdoor https://www.twcert.org.tw/en/cp-139-7880-629f5-2.html https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10398 iTerm2 Vulnerablity https://vin01.github.io/piptagole/escape-sequences/iterm2/rce/2024/06/16/iterm2-rce-window-title-tmux-integration.html NextCloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c

Overview of My Tools That Handle JSON Data https://isc.sans.edu/diary/Overview%20of%20My%20Tools%20That%20Handle%20JSON%20Data/31012 Python Serialization and "Sleepy Pickle" https://x.com/MarkBaggett/status/1801732554740969561 Detecting Headless Chrome https://deviceandbrowserinfo.com/learning_zone/articles/detecting-headless-chrome-puppeteer-2024 Detecting Malicious VS Code Extensions https://medium.com/@amitassaraf/4-6-introducing-extensiontotal-how-to-assess-risk-in-vs-code-extensions-3ac5bfd83fb1 ASUS Router Critical Vulnerability https://www.asus.com/content/asus-product-security-advisory/

The Art of JQ and Command-Line Fu https://isc.sans.edu/diary/The%20Art%20of%20JQ%20and%20Command-line%20Fu%20%5BGuest%20Diary%5D/31006 Microsoft Outlook Vulnerablity Details https://blog.morphisec.com/cve-2024-30103-microsoft-outlook-vulnerability Keeping our Outlook Personal Email Users Safe https://techcommunity.microsoft.com/t5/outlook-blog/keeping-our-outlook-personal-email-users-safe-reinforcing-our/ba-p/4164184 Exploiting ML models with pickle file attacks https://blog.trailofbits.com/2024/06/11/exploiting-ml-models-with-pickle-file-attacks-part-1/

MSMQ Packets https://isc.sans.edu/diary/Port%201801%20Traffic%3A%20Microsoft%20Message%20Queue/31004 Adobe Updates https://helpx.adobe.com/security/products/magento/apsb24-40.html Black Basta Exploited CVE-2024-26169 Prior to Patch https://symantec-enterprise-blogs.security.com/threat-intelligence/black-basta-ransomware-zero-day Pixel Phone 0-Day Patched https://source.android.com/docs/security/bulletin/pixel/2024-06-01

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20June%202024/31000 JetBrains IntelliJ Based IDE GitHub Plugin Vulnerability https://blog.jetbrains.com/security/2024/06/updates-for-security-issue-affecting-intellij-based-ides-2023-1-and-github-plugin/ Veeam Recovery Orchestrator (VRO) vulnerability CVE-2024-29855 https://www.veeam.com/kb4585 Precor Threadmill Vulnerablity https://securityintelligence.com/x-force/internet-connected-treadmill-vulnerabilities-discovered/

Veeam Exploit CVE-2024-29849 https://summoning.team/blog/veeam-enterprise-manager-cve-2024-29849-auth-bypass/ SORBS Shutdown https://www.theregister.com/2024/06/07/sorbs_closed/ Rogue Cell Tower Shut Down in London https://www.cityoflondon.police.uk/news/city-of-london/news/2024/june/two-people-arrested-in-connection-with-investigation-into-homemade-mobile-antenna-used-to-send-thousands-of-smishing-text-messages-to-the-public/ Malicious Comfyui Modules https://www.youtube.com/watch?v=ntwGHjBCbeQ