Tech News

In Episode 323, Ben walks Scott through a recent customer project with Microsoft Graph, Azure Automation, and Logic Apps. It turns out that working with Microsoft Graph and Managed Identities gets a little confusing once you start throwing delegated vs application permissions into the mix. Like what you hear and Read More

Python Infostealer Targeting Gamers https://isc.sans.edu/diary/Python%20Infostealer%20Targeting%20Gamers/29596 DNS Abuse Techniques Matrix https://www.first.org/global/sigs/dns/DNS-Abuse-Techniques-Matrix_v1.1.pdf BlackLotus UEFI Bootkit https://www.welivesecurity.com/2023/03/01/blacklotus-uefi-bootkit-myth-confirmed/ TCG TPM2.0 implementations vulnerable to memory corruption https://kb.cert.org/vuls/id/782720 Aruba Vulnerability https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-002.txt Cisco VoIP Phone WebUI RCE https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ip-phone-cmd-inj-KMFynVcP

BB11 Distribution Qakbot (Qbot) activity https://isc.sans.edu/diary/BB17%20distribution%20Qakbot%20%28Qbot%29%20activity/29592 LastPass Incident Details https://support.lastpass.com/help/incident-1-additional-details-of-the-attack https://support.lastpass.com/help/incident-2-additional-details-of-the-attack CISA Red Team Shares Key Findings https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-059a Jailbreak Chat https://www.jailbreakchat.com

Phishing Again and Again https://isc.sans.edu/diary/Phishing%20Again%20and%20Again/29588 Unlocked Phone Stealing https://www.wsj.com/articles/apple-iphone-security-theft-passcode-data-privacya-basic-iphone-feature-helps-criminals-steal-your-digital-life-cbf14b1a More Fake Authenticator Apps https://nakedsecurity.sophos.com/2023/02/27/beware-rogue-2fa-apps-in-app-store-and-google-play-dont-get-hacked/ Zoneminder Vulnerability https://github.com/ZoneMinder/zoneminder/security/advisories/GHSA-72rg-h4vf-29gr WebLogic Exploit (not verified) CVE-2023-21839 https://github.com/4ra1n/CVE-2023-21839/blob/master/cmd/main.go

URL Files and WebDav used for IcedId Bockbot Infection https://isc.sans.edu/diary/URL%20files%20and%20WebDAV%20used%20for%20IcedID%20%28Bokbot%29%20infection/29578 oledump msi file plugin https://isc.sans.edu/diary/oledump%20%26%20MSI%20Files/29584 Automatic Disruption of Ransomware and BEC attacks with Microsoft 365 Defender https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/automatic-disruption-of-ransomware-and-bec-attacks-with/ba-p/3738294 Cisco Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-capic-csrfv-DMx6KSwV https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aci-lldp-dos-ySCNZOpX

Updated Exchange AV Guidance https://techcommunity.microsoft.com/t5/exchange-team-blog/update-on-the-exchange-server-antivirus-exclusions/ba-p/3751464 Best Practices for Securing Your Home Network https://media.defense.gov/2023/Feb/22/2003165170/-1/-1/0/CSI_BEST_PRACTICES_FOR_SECURING_YOUR_HOME_NETWORK.PDF Attacks on Data Center Organizations https://www.resecurity.com/blog/article/cyber-attacks-on-data-center-organizations NPM Package Phishing https://checkmarx.com/blog/how-npm-packages-were-used-to-spread-phishing-links/ Malicious PyPi Packages https://www.fortinet.com/blog/threat-research/more-supply-chain-attacks-via-new-malicious-python-packages-in-pypi

In Episode 322, Ben and Scott talk about the announced rebranding of Yammer to Viva Engage, a new admin center for Viva Engage, and the retirement of Run-As accounts. Oh, and please reach out to Ben and congratulate him on his newly minted MVP status! 🎉 Like what you hear Read More

Internet Wide Scan Fingerprinting Confluence Servers https://isc.sans.edu/diary/Internet%20Wide%20Scan%20Fingerprinting%20Confluence%20Servers/29574 Apple Updates Advisories https://support.apple.com/en-us/HT213606 https://support.apple.com/en-us/HT213605 https://www.trellix.com/en-us/about/newsroom/stories/research/trellix-advanced-research-center-discovers-a-new-privilege-escalation-bug-class-on-macos-and-ios.html Questionable two-factor Apps https://twitter.com/mysk_co/status/1627097291063435264 VMWare Carbon Black App Control Vulnerability https://www.vmware.com/security/advisories/VMSA-2023-0004.html

Phishing Page Branded with Your Corporate Website https://isc.sans.edu/diary/Phishing%20Page%20Branded%20with%20Your%20Corporate%20Website/29570 Fortinet FortiNAC CVE-2022-39952 Deep-Dive and IOCs https://www.horizon3.ai/fortinet-fortinac-cve-2022-39952-deep-dive-and-iocs/ Apache Commons FileUpload Vulnerability https://lists.apache.org/thread/4xl4l09mhwg4vgsk7dxqogcjrobrrdoy VMWare Windows Server 2022 Fix https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3k-release-notes.html#resolvedissues

OneNote Suricata Rules https://isc.sans.edu/diary/OneNote%20Suricata%20Rules/29564 New IIS Backdoor https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/frebniis-malware-iis Outlook Spam https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-flooded-with-spam-due-to-broken-email-filters/ Godaddy Breach and Website Redirects https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx

Phishing Emails to out Handlers Inbox https://isc.sans.edu/diary/Spear%20Phishing%20Handlers%20for%20Username%20Password/29560 Twitter Alters 2FA https://blog.twitter.com/en_us/topics/product/2023/an-update-on-two-factor-authentication-using-sms-on-twitter Fortinet Updates https://www.fortiguard.com/psirt-monthly-advisory/february-2023-vulnerability-advisories https://twitter.com/Horizon3Attack/status/1626692778062237713 Cisco ClamAV Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy

HTML Phishing Attachment with Browser-in-the-Browser Technique https://isc.sans.edu/diary/HTML%20phishing%20attachment%20with%20browser-in-the-browser%20technique/29556 Windows Server 2022 Might Not Start Up After Updates https://learn.microsoft.com/en-us/windows/release-health/status-windows-server-2022#windows-server-2022-might-not-start-up New ESXiArgs Encryption Routing Outmaneuvers Recovery Methods https://www.malwarebytes.com/blog/news/2023/02/new-esxiargs-encryption-routine-outmaneuvers-recovery-methods PHP Updates https://www.php.net ClamAV Patches https://blog.clamav.net/2023/02/clamav-01038-01052-and-101-patch.html

In Episode 321, Ben takes Scott through his current experience with the new Bing experience and ChatGPT integration. Then they talk about a quirk in the retirement/not retirement for free Teams business users and close out with the recently announced support for Multimedia Redirection (MMR) on Azure Virtual Desktop and Read More

DNS Recon Redux https://isc.sans.edu/diary/DNS%20Recon%20Redux%20-%20Zone%20Transfers%20%28plus%20a%20time%20machine%29%20for%20When%20You%20Can%27t%20do%20a%20Zone%20Transfer/29552 GitHub Copilot Update https://github.blog/2023-02-14-github-copilot-now-has-a-better-ai-model-and-new-capabilities/ Hyundai Software Update https://www.hyundaiantitheft.com Citrix Patches CVE-2023-24486, CVE-2023-24484, CVE-2023-24485, and CVE-2023-24483 https://www.cisa.gov/uscert/ncas/current-activity/2023/02/14/citrix-releases-security-updates-workspace-apps-virtual-apps-and HA Proxy Patch CVE-2023-25725 https://www.mail-archive.com/[email protected]/msg43229.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-05/

Microsoft February 2023 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202023%20Patch%20Tuesday/29548 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel OpenBMC Vulnerabilities https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00737.html

Apple Patches Exploited Vulnerablity https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerability/29544 Venmo Phishing Abusing LinkedIn "slink" https://isc.sans.edu/diary/Venmo+Phishing+Abusing+LinkedIn+slink/29542/ Malicious PyPi Packages Install Browser Extensions https://blog.phylum.io/phylum-discovers-revived-crypto-wallet-address-replacement-attack

Obfuscated Deactivation of Script Block Logging https://isc.sans.edu/diary/Obfuscated%20Deactivation%20of%20Script%20Block%20Logging/29538 PCAP Data Analysis with Zeek https://isc.sans.edu/diary/PCAP%20Data%20Analysis%20with%20Zeek/29530 Bing Chat Prompt Injection https://arstechnica.com/information-technology/2023/02/ai-powered-bing-chat-spills-its-secrets-via-prompt-injection-attack/ More Malicious Python Packages https://blog.sonatype.com/malicious-aptx-python-package-drops-meterpreter-shell-deletes-netstat

A Backdoor with Smart Screenshot Capability https://isc.sans.edu/diary/A%20Backdoor%20with%20Smart%20Screenshot%20Capability/29534 KeePass Patches Issue Allowing Password Export https://keepass.info/news/n230109_2.53.html AWS Phishing via Google Ads https://www.sentinelone.com/blog/cloud-credentials-phishing-malicious-google-ads-target-aws-logins/ Apache Kafka Vulnerability https://lists.apache.org/thread/vy1c7fqcdqvq5grcqp6q5jyyb302khyz

In Episode 320, Ben and Scott get a little sidetracked and talk about their monitor setups, frustrations with Twitter and where we are on Mastodon, and then close out on Teams Premium. Like what you hear and want to support the show? Check out our membership options. (more…)

Simple HTML Phishing via Telegram Bot https://isc.sans.edu/forums/diary/Simple%20HTML%20Phishing%20via%20Telegram%20Bot/29528/ Recovering from ESXiArgs Ransomware https://www.cisa.gov/uscert/ncas/alerts/aa23-039a NIST Standardizes Lightweight Cryptography https://csrc.nist.gov/Projects/lightweight-cryptography Sonicwall Web Content Filtering on Windows 11 22H2 https://www.sonicwall.com/support/product-notification/limitation-with-web-content-filtering-on-windows-11-22h2/230208075107457/ Google Chrome Release Changes https://developer.chrome.com/blog/early-stable/