Tech News

In Episode 278, Ben and Scott go through follow-up on the end-user experience for working with Microsoft Teams Shared Channels. To learn about what needs to be done on the admin side, listen to Episode 274 – Microsoft Teams Connect shared channels and B2B direct connect. Like what you hear Read More

AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/

u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943

Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/

Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF

An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/

In Episode 277, Ben and Scott dive into the GA of "bring your own IP" (or BYOIP) in Azure, a capability that allows you to register your public IP blocks in Azure and associate public IPs that you own with public IP resources such as load balancers and virtual machines. Read More

How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062

Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/

Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/

In Episode 276, Ben and Scott start the episode talking about Teams display devices, Teams phones, and complimenting the Teams app on your computer. Then we wrap up the episode by addressing a listener's question about sharing content in SharePoint with external users while also maintaining certain security and compliance Read More

Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/

WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml

In Episode 275, Scott sits down with Karl Rautenstrauch, a Principal Product Manager at Microsoft to discuss the new Azure File Migration program. Karl explains how the program enables access to best of breed migration tooling which can help you easily perform managed migrations of files to Azure Storage, including Read More

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88