Tech News

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More

RedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/ Linux Kernel Privilege Escalation / Container Escape https://seclists.org/oss-sec/2022/q1/54 https://access.redhat.com/security/cve/cve-2022-0185 Crypto.com 2FA Bypass https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/ Windows Policies to Avoid https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178

In Episode 265, Ben and Scott talk about Azure Automation State Configuration and Azure Policy guest configuration for using DSC at-scale with your virtual machines in Azure. Sponsors Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Using Policy with Azure Site Read More

0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247

Phishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujan2022.html Box MFA Bypass https://www.varonis.com/blog/box-mfa-bypass-sms

Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 Google Chrome Restricting Private Network Read More

Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/

MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configuration Decryptor https://github.com/drole/qakbot-registry-decrypt Android allows Disabling 2G https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Weakness in Microsoft Defender https://twitter.com/splinter_code/status/1481073265380581381

In Episode 264, Ben and Scott kick off 2022 with some Azure CLI follow-up from 2021, and then they talk about some new settings available for managing per-user meeting expiration policies. Sponsors Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Streamline Read More

A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Inside https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html

Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html

New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/

Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malicious USB Sticks https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/

Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams Norton Crypto Miner https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx

In Episode 263, Ben and Scott dive into their favorite tips and tricks for using Azure Cloud Shell and all the programs and functionality that come with it. Sponsors Intelligink - We focus on the Microsoft Cloud so you can focus on your business Show Notes Using the Azure Cloud Read More

Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/

A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/

McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html

Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf iLO Bleed Attack https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More