Email Spam With Modiloader Attached https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978 Word Document with an Online Attached Template https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976 Quakbot Activity Obama271 Distrubution Tag https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968 Microsoft Teams External Tenant Confusion https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ Free Smart Watches https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel
In Episode 339, Ben and Scott get side railed with the current Redditt drama around their paid API and some of their favorite apps going away. They also cover and update on Azure AD Graph Retirement before they move on to some new sample scripts from the Intune team that Read More
Formbook From Possible ModiLoaeder (DBatLoader) https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958 Brute-Force ZIP Password Cracking with zipdump.py https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948 Malware Delivered Through .inf File https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960 FortiNAC - Just a few more RCEs https://frycos.github.io/vulns4free/2023/06/18/fortinac.html
In Episode 338, Ben comes back from vacation which prompts Scott to start a discussion on mailbox management tips before they move on to some changes in the Apple Developer Program that could impact your users. Then they close out with some Azure announcements for AKS. Like what you hear Read More
Deobfuscating a VBS Script With Custom Encoding https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940 Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann How to Manage the Vulnerailbity Associated with CVE-2023-32019 https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 Fake Security Research GitHub Repos https://vulncheck.com/blog/fake-repos-deliver-malicious-implant Fortigate Vuln Details https://blog.lexfo.fr/xortigate-cve-2023-27997.html Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/
Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936 Fortinet Update CVE-2023-27997 https://www.fortiguard.com/psirt/FG-IR-23-097 Bitwarden Key Accessible By Low Privileged User https://hackerone.com/reports/1874155 Western Digital SMART Flag Abuse https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/
Undetected PowerShell Backdoor Disduigsed as a Profiled File https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930 DShield Honeypot Activity for May 2023 https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932 Second MOVEit Vulnerability https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability Fortinet Patches CVE-2023-27997 https://twitter.com/cfreal_/status/1667852157536616451
In Episode 337, Ben and Scott through recommendations for securing your Office 365 tenants and admin accounts. They also address a listener question on how you can address the disparities in logging and metrics collections when you’re using multiple SaaS products. Like what you hear and want to support the Read More
DMARC in .co TLD https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922 Three Vulnerabilities in VMWare Aria Operations for Networks https://www.vmware.com/security/advisories/VMSA-2023-0012.html SpinOK Spyware SDK found in Android Apps https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk Cisco Anyconnect Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw RSA Webcast https://www.rsaconference.com/library/webcast/149-sans-followup-2023
Github Copilot vs Google: Which Code is More Secure https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/ Android Update https://source.android.com/docs/security/bulletin/2023-06-01 Chrome Updates https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html FBI Warns of Manipulated Photos and Videos For Sextortion https://www.ic3.gov/Media/Y2023/PSA230605
After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733
In Episode 336, Ben and Scott discuss some of the marquee announcements from Microsoft Build 2023. Like what you hear and want to support the show? Check out our membership options. (more…)
