Tech News

ISC StormCast for Friday, October 28th, 2022 October 27, 2022

Upcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/

Episode 305 – Azure Savings Plans for compute October 27, 2022

It is Techtober and we're fundraising for Girls Who Code. Go to https://give.girlswhocode.com/msclouditpro and donate today to help ensure girls continue to have access to our educational experiences, programming, and incredible sisterhood. Because when you teach a girl to code, she’ll change the world. In Episode 305, Ben and Scott Read More

ISC StormCast for Thursday, October 27th, 2022 October 26, 2022

Why is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html MacOS Ventura Blocks Security Tools https://www.wired.com/story/apple-macos-ventura-bug-security-tools/ Critical VMWare Security Tools https://www.vmware.com/security/advisories/VMSA-2022-0027.html

ISC StormCast for Wednesday, October 26th, 2022 October 25, 2022

Massing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.gov/Media/News/2022/221021.pdf Cisco Anyconnect Client Exploited in the Wild https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj SQLite Vulnerability Details https://blog.trailofbits.com/2022/10/25/sqlite-vulnerability-july-2022-library-api/

ISC StormCast for Tuesday, October 25th, 2022 October 24, 2022

C2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/ Cisco ISE Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed https://guardiosecurity.medium.com/dormant-colors-live-campaign-with-over-1m-data-stealing-extensions-installed-9a9a459b5849

ISC StormCast for Monday, October 24th, 2022 October 23, 2022

Sczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174 Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/ A study of malicious CVE proof of concept exploits in GitHub https://arxiv.org/pdf/2210.08374.pdf F5 Patches https://support.f5.com/csp/article/K11830089 https://support.f5.com/csp/article/K30425568 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_22_17

ISC StormCast for Friday, October 21st, 2022 October 20, 2022

Forensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination

Episode 304 – Coming down from the Ignite high October 20, 2022

ISC StormCast for Thursday, October 20th, 2022 October 19, 2022

Are Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/

ISC StormCast for Wednesday, October 19th, 2022 October 18, 2022

Python Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf

ISC StormCast for Tuesday, October 18th, 2022 October 17, 2022

Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/

ISC StormCast for Monday, October 17th, 2022 October 16, 2022

Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/

ISC StormCast for Friday, October 14th, 2022 October 13, 2022

Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes

Episode 303 – We don’t talk about Viva October 13, 2022

ISC StormCast for Thursday, October 13th, 2022 October 12, 2022

Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015.txt

ISC StormCast for Wednesday, October 12th, 2022 October 11, 2022

Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a

ISC StormCast for Tuesday, October 11th, 2022 October 10, 2022

Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf

ISC StormCast for Monday, October 10th, 2022 October 09, 2022

Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit https://www.synopsys.com/blogs/software-security/cyrc-advisory-ikea-tradfri-smart-lighting/

ISC StormCast for Friday, October 7th, 2022 October 06, 2022

Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/

Episode 302 – Picking the right Azure VM October 06, 2022

In Episode 302, Ben and Scott follow up on Microsoft Dev Box pricing from the latest Two the Cloud stream before diving into how to decipher Azure VM naming and pick the VMs to run your workloads in Azure. Like what you hear and want to support the show? Check Read More

Older Entries Newer Entries