Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerability https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ FBI Warns of Deep Fakes Beeing Used in Job Interviews https://www.ic3.gov/Media/Y2022/PSA220628
Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499
In Episode 287, Ben and Scott take a detour to talk about Field Parameters in Power BI before they get back on track and dive into Microsoft Entra. Like what you hear and want to support the show? Check out our membership options. Show Notes Using the new amazing Power Read More
Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153
Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt
Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time
Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/
In Episode 286, Ben and Scott run down some of their favorite announcements from Microsoft Build 2022. Like what you hear and want to support the show? Check out our membership options. Show Notes Build 2022 Book of News Announcing Azure DNS Private Resolver: Now in preview What is Azure Read More
Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/
In Episode 285, Ben and Scott have some follow-up on the deprecation of basic auth in Exchange Online, a new learning collection for CMMC, and the pilot release of the new Outlook client for Windows. Like what you hear and want to support the show? Check out our membership options. Read More
SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
