Tech News

ISC StormCast for Friday, September 10th, 2021 September 09, 2021

ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md

Episode 246 – Squirrels and Azure AD September 09, 2021

In Episode 246, Scott laments about the squirrel living in Scott's roof. Then they talk about how you can now access VS Code from your browser on GitHub.com by just pressing your period key and then discuss all of the updates you should be thinking about as AADConnect and Azure Read More

ISC StormCast for Thursday, September 9th, 2021 September 08, 2021

Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html

ISC StormCast for Wednesday, September 8th, 2021 September 07, 2021

Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html

ISC StormCast for Tuesday, September 7th, 2021 September 06, 2021

Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145

ISC StormCast for Friday, September 3rd, 2021 September 02, 2021

Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh Hackers are Selling Tool to Hide Malware in GPUs https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html Michael Beck: Cloud Forensics Triage Framework (CFTF) https://www.sans.org/white-papers/40415/

Episode 245 – When Good Viva Topics Go Bad September 02, 2021

In Episode 245, Ben and Scott discuss Viva Topics and some frustrations around managing topics as an end-user. Then they dive into some of the latest items that have appeared on the Microsoft 365 Roadmap. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their business to the Read More

ISC StormCast for Thursday, September 2nd, 2021 September 01, 2021

STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html

ISC StormCast for Wednesday, September 1st, 2021 August 31, 2021

BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/

Twitch Gets Hate Raided August 31, 2021

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More

ISC StormCast for Tuesday, August 31st, 2021 August 30, 2021

Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html

ISC StormCast for Monday, August 30th, 2021 August 30, 2021

ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/

ISC StormCast for Friday, August 27th, 2021 August 26, 2021

Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html

Episode 244 – Azure Updates and Microsoft 365 Price Increase August 26, 2021

In Episode 244, Ben tells Scott about his experience locking himself out of his Azure AD tenant and then they discuss recently GA'd features for Azure Storage including blob inventory, last access time tracking, and Archive storage events. Sponsors ShareGate - ShareGate's industry-leading products help IT professionals worldwide migrate their Read More

ISC StormCast for Thursday, August 26th, 2021 August 25, 2021

There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/

Soulja Boy's Back At It Again August 25, 2021

ISC StormCast for Wednesday, August 25th, 2021 August 24, 2021

Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all

ISC StormCast for Tuesday, August 24th, 2021 August 23, 2021

Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps

ISC StormCast for Monday, August 23rd, 2021 August 22, 2021

Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audit-logging/

ISC StormCast for Friday, August 20th, 2021 August 19, 2021

When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/

Older Entries Newer Entries