Tech News

In Episode 369, Ben and Scott explore the new Backup and Archive options for Microsoft 365 and Office 365 workloads – Microsoft 365 Archive and Microsoft 365 Backup. These two features may sound similar, but they have different functionalities. Microsoft 365 Archive provides coverage for SharePoint, while Microsoft 365 Backup Read More

The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-2024-1019-2024-01-30

What did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?language=en_US https://www.theregister.com/2024/01/30/juniper_networks_vulnerabilities/ Chat GPT Leaking Conversations Again https://arstechnica.com/security/2024/01/ars-reader-reports-chatgpt-is-sending-him-conversations-from-unrelated-ai-users/

Exploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200

A Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users https://www.malwarebytes.com/blog/threat-intelligence/2024/01/malicious-ads-for-restricted-messaging-applications-target-chinese-users

Fecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/

How Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacker.com/2024/01/23/exploiting-0-click-android-bluetooth-vulnerability-to-inject-keystrokes-without-pairing/ CVE-2024-0769 D-Link DIR-859 https://securityonline.info/cve-2024-0769-the-vulnerability-d-link-wont-fix-in-dir-859-router/ SANS.edu Dean's List https://www.sans.edu/students/awards

Update on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://www.reversinglabs.com/blog/gitgot-cybercriminals-using-github-to-store-stolen-data

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure-Gateways?language=en_US Czech Republic Sets IPv4 Shutdown date https://konecipv4.cz/en/

macOS Python Script Replacing Walling Applications with Rogue Apps https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572 Microsoft Breach https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Juniper Vulnerabilities https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ Brave Removing Strict Fingerprint Mode https://brave.com/privacy-updates/28-sunsetting-strict-fingerprinting-mode/

More Scans for Ivanti Connect "Secure" VPN. Exploits Public https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568 Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Attacks against Exposed Databases https://twitter.com/fasterthanlime/status/1741935393413402739 Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www.varonis.com/blog/outlook-vulnerability-new-ways-to-leak-ntlm-hashes

In Episode 368, Ben and Scott talk through the differences between Notion and Microsoft Loop with a sprinkling of Confluence. Like what you hear and want to support the show? Check out our membership options. (more…)

Number Usage in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540 A Lightweight Method to Detect Potential iOS Malware https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ CISA and FBI Release Known IOCs Associated with Androxgh0st Malware https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware

Ivanti Vulnerability Widespread Scanning https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Citrix Patches Already Exploited Vulnerability https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Atlassian Confluence Remote Code Execution Vulnerability https://confluence.atlassian.com/security/cve-2023-22527-rce-remote-code-execution-vulnerability-in-confluence-data-center-and-confluence-server-1333990257.html macOS Infostealers https://www.sentinelone.com/blog/the-many-faces-of-undetected-macos-infostealers-keysteal-atomic-cherrypie-continue-to-adapt/ Google Chrome 0-day https://chromereleases.googleblog.com/2024/01/stable-channel-update-for-desktop_16.html GitHub Key Rotation https://www.bleepingcomputer.com/news/security/github-rotates-keys-to-mitigate-impact-of-credential-exposing-flaw/

One File, Two Payloads https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558 Ivanti Vulnerability Updates https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/ NVidia DGX H100 and A100 Updates https://nvidia.custhelp.com/app/answers/detail/a_id/5510 GitLab Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-7028

Timeline to Remove DSA Support in OpenSSH https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] ManageEngine ADSelfService Plus Patch CVE-2024-0252 https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Atomic Stealer for Mac Update https://www.malwarebytes.com/blog/threat-intelligence/2024/01/atomic-stealer-rings-in-the-new-year-with-updated-version

Jenkins Brute Force Scans https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546 Ivanti Connect Security VPN Vulnerability Exploited https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ Zoom Privilege Escalation Vulnerability https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ Apache Applictions Targeted by Stealthy Attacker https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-stealthy-attacker Infosec Toolshed https://youtu.be/qDK1PQ1OZjk?si=_vTpHqlovD2Hjd4M

Microsoft January 2024 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/ Adobe Vulnerabilities https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ Network Connected Wrenches Used in Factories can be hacked https://arstechnica.com/security/2024/01/network-connected-wrenches-used-in-factories-can-be-hacked-for-sabotage-or-ransomware/

What is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp

Netstat But Better and in PowerShell https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532 Double Phishing Submission https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534 Suspicious Prometei Botnet Activity https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538 Spectral Blur Mac Malware https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html Google Malware Abusing API is Standard Token Theft not an API Issue https://www.bleepingcomputer.com/news/security/google-malware-abusing-api-is-standard-token-theft-not-an-api-issue/