Tech News

Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md https://twitter.com/matrosov/status/1654560343295934464 PHP Packages Compromised https://blog.packagist.com/packagist-org-maintainer-account-takeover/

Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce

In Episode 332, Ben and Scott dive into the recent announcements around Microsoft 365 Copilot and its impending integration into the entirety of the Microsoft 365 product suite. Like what you hear and want to support the show? Check out our membership options. (more…)

Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717

VBA Project References https://isc.sans.edu/diary/VBA%20Project%20References/29800 BGP Message Parsing Vulnerabilities in FRRouting https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/ JWT ECDSA Algorithm Confusion https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f

Passive Analysis of a Phishing Attachment https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798 Apple Rapid Security Response https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/ Grafana Security Release https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/ Illumina Vulnerability https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cybersecurity-vulnerability-affecting-universal-copy-service-software-may-present-risks

You can catch the podcast aired live every other Monday at 8pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Featured on this Episode:TheDirectEdition: https://www.twitch.tv/thedirectedition/Jonoalmighty: https://www.twitch.tv/jonoalmightyMoose: https://www.twitch.tv/dot_musao/Srv0: https://www.twitch.tv/srv0/

Quick IOC Scan With Docker https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788 Dobfuscation Scripts When Encodings Help https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792 Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram https://blog.cyble.com/2023/04/26/threat-actor-selling-new-atomic-macos-amos-stealer-on-telegram/ Zyxel Firewall Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-remote-command-injection-vulnerability-of-firewalls

You can catch the podcast aired live every other Monday at 8pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Featured on this Episode:TheDirectEdition: https://www.twitch.tv/thedirectedition/Jonoalmighty: https://www.twitch.tv/jonoalmightyMoose: https://www.twitch.tv/dot_musao/Srv0: https://www.twitch.tv/srv0/

Ransomware Gang Exploiting Unpatches Veeam Backup Products https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products Google Authenticator Sync Encryption https://security.googleblog.com/2023/04/google-authenticator-now-supports.html Keycloak Vulnerability https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN9qv3m2SWXEOMIm&app_name=web2x&user_id=33629461&web_redirect=true

You can catch the podcast aired live every other Monday at 8pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Featured on this Episode:TheDirectEdition: https://www.twitch.tv/thedirectedition/Jonoalmighty: https://www.twitch.tv/jonoalmightyMoose: https://www.twitch.tv/dot_musao/Srv0: https://www.twitch.tv/srv0/

In Episode 331, Ben and Scott dive into the announcement of the retirement of SharePoint 2013 Workflows and the release of SharePoint Workflow Manager for SharePoint Server 2013, 2016, 2019 and Subscription Edition. Like what you hear and want to support the show? Check out our membership options. (more…)

Strolling Through Cyberspace and Hunting for Phishing Sites https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780 RSA Panel: Five most dangerous new attack techniques https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques SANS.edu Research Journal https://www.sans.edu/cyber-security-research

Calculating CVSS Scores with ChatGPT https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774 Amplifying SLP Traffic https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp Insecure Default Configuration in Apache Superset https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE; PoC Exploit for Sophos Web Appliciance https://github.com/W01fh4cker/CVE-2023-1671-POC

You can catch the podcast aired live every other Monday at 8pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Featured on this Episode:TheDirectEdition: https://www.twitch.tv/thedirectedition/Jonoalmighty: https://www.twitch.tv/jonoalmightyMoose: https://www.twitch.tv/dot_musao/Srv0: https://www.twitch.tv/srv0/

Aukill EDR Killer Malware Abuses Process Explorer Driver https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/ Papercut Vulnerability Deep Dive https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise Solarwinds Patches https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm Schneider Electric Update https://download.schneider-electric.com/files?p_Doc_Ref=SEVD-2023-101-04&p_enDocType=Security%20and%20Safety%20Notice&p_File_Name=SEVD-2023-101-04.pdf Virustotal Code Insight https://blog.virustotal.com/2023/04/introducing-virustotal-code-insight.html

Management of DMARC control for email impersonation fo domains in the .co TLD https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/ X_Trader Supply Chain Attack Fallout https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain Car Hacking with Old Nokia Phones https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyless Dog Hunt Finding Decoy Dog Toolkit https://blogs.infoblox.com/cyber-threat-intelligence/cyber-threat-advisory/dog-hunt-finding-decoy-dog-toolkit-via-anomalous-dns-traffic/

Taking a Bite Out of Password Expiry Helpdesk Calls https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758 3CX Software Supply Chain Compromise https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise Google Ghost Tokens https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ PyPi Trusted Publishers https://blog.pypi.org/posts/2023-04-20-introducing-trusted-publishers/

In Episode 330, Ben and Scott talk about Home Assistant and how it fits into their home automation workflows. Like what you hear and want to support the show? Check out our membership options. (more…)

Yet Another Google Chrome 0-Day https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Oracle Critical Patch Update April 2023 https://www.oracle.com/security-alerts/cpuapr2023.html Github Provenance Action for npm Packages https://www.theregister.com/2023/04/19/github_actions_npm_origins/ Microsoft Revises Threat Actor Naming https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming