Tech News

Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/

In Episode 271, Ben and Scott take a break from Microsoft 365 and Azure talk about smart home devices, including their favorite uses for different categories of devices such as lights, locks, and even blinds/shades. If you've been thinking about building out your smart home, give it a listen. We're Read More

The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection

Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/

PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/

Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc

Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/

In Episode 270, Ben and Scott talk about a new Microsoft Teams phone from Yealink that Ben is testing and then talk about a recently GA'd capability which impacts how resources associated with a Virtual Machine are treated on deletion of the VM. Sponsors Intelligink - We focus on the Read More

New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/

Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html

Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt

Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/

In Episode 269, Ben and Scott talk about the just released CalDigit TS4 Thunderbolt 4 dock and then get into some news and updates around Azure AD, including the public preview of certificate based authentication and proof of concept for impersonating device identities of Windows clients. Sponsors Intelligink - We Read More

Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216

Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More

Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Chrome 0-Day Fixed https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html Moxa MXview Vulnerabilities and Patch https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/

CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ Project Zero Summary of Zero Day Bugs https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html