Tech News

ISC StormCast for Monday, September 12th, 2022 September 11, 2022

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/ Lets Encrypt Reviving Certificate Revocation Lists https://letsencrypt.org/2022/09/07/new-life-for-crls.html

ISC StormCast for Friday, September 9th, 2022 September 08, 2022

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ GifShell attack creates reverse shell using microsoft teams gifs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/

Episode 298 – Clearing the deck for Ignite September 08, 2022

In Episode 298, Ben and Scott talk through some of the recent GA announcements, including Change Analysis, Managed Grafana, and Ampere Altra processor availability. Like what you hear and want to support the show? Check out our membership options. Show Notes Basic Authentication Deprecation in Exchange Online – September 2022 Read More

ISC StormCast for Thursday, September 8th, 2022 September 07, 2022

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis Cisco publishes unpatched Small Business Router Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O Shikitega - New stealthy malware targeting Linux https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html

ISC StormCast for Wednesday, September 7th, 2022 September 06, 2022

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Zyxel Patches RCE Vulnerability https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml Moobot Going after D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/

ISC StormCast for Tuesday, September 6th, 2022 September 05, 2022

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1

ISC StormCast for Friday, September 2nd, 2022 September 01, 2022

Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microsoft Basic Authentication Deprecation in Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws Gitlab Update https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled

Episode 297 – Microsoft Teams, Planner, and PowerApps Rough Edges September 01, 2022

In Episode 297, Ben and Scott talk about some of the rough edges with Planner, Teams, and Microsoft PowerApps before they transition to some PowerShell weirdness with management plane and data plane operations in Azure Storage. Like what you hear and want to support the show? Check out our membership Read More

ISC StormCast for Thursday, September 1st, 2022 August 31, 2022

Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised as Google Translate Desktop App https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Apache Geode Deserialization Flaw https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr Foxit PDF Reader Update https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/

ISC StormCast for Wednesday, August 31st, 2022 August 30, 2022

Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Malicious Chrome Extensions https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ Chromium Based Browsers Allow Access to Clipboard https://bugs.chromium.org/p/chromium/issues/detail?id=1334203

ISC StormCast for Tuesday, August 30th, 2022 August 29, 2022

Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine Popular PDF Reader Adware https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads Google changing its VPN Ad Blocker Policy https://support.google.com/googleplay/android-developer/answer/12253906?hl=en

ISC StormCast for Monday, August 29th, 2022 August 28, 2022

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990 HTTP2 Packet Analysis with Wireshark https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986 Paypal Phishing/Coinbase in One Image https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984 Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988 eth.link domain at risk https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/

ISC StormCast for Friday, August 26th, 2022 August 25, 2022

Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Group IB Connects Twilio and Cloudflare Phishing attacks to others https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/ Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html LastPass Security Incident https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ Bitbucket Vulnerability https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/

Episode 296 – Microsoft Purview data loss prevention August 25, 2022

In Episode 296, Ben and Scott continue their whirlwind tour of Microsoft Purview by turning their attention to the data loss prevention capabilities that fall under the Purview banner. They talk through what you can do with DLP policies and things to consider as you start to configure them. Like Read More

ISC StormCast for Thursday, August 25th, 2022 August 24, 2022

Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers Carbon Black Blue Screens https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369 Gitlab Vulnerability https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import

ISC StormCast for Wednesday, August 24th, 2022 August 23, 2022

Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.chainguard.dev/taming-python-malware-scanners/ New Iranian APT Data Extraction Tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/ IBM MQ Update https://www.ibm.com/support/pages/node/6613021

ISC StormCast for Tuesday, August 23rd, 2022 August 22, 2022

32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf DirtyCred Linux Privilege Escalation Vulnerablity https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169 Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

ISC StormCast for Monday, August 22nd, 2022 August 21, 2022

Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser

ISC StormCast for Friday, August 19th, 2022 August 18, 2022

Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994

Episode 295 – The artist formerly known as Azure Purview August 18, 2022

In Episode 295, Ben and Scott follow up last weeks episode on Microsoft Purview and dive into the Azure side of it - Data Map, Data Catalog, In-place Data Share, and Data Estate Insights. Like what you hear and want to support the show? Check out our membership options. Show Read More

Older Entries Newer Entries