Tech News

Episode 237 – AzCopy Tips and Tricks July 08, 2021

In Episode 237, Ben and Scott dive into a customer scenario that involves copying hundreds of thousands of files from one storage account to another in Azure. Sponsors Spot by NetApp – The cloud automation platform that makes it easy to deliver continuously optimized infrastructure at the lowest possible cost ShareGate Read More

ISC StormCast for Thursday, July 8th, 2021 July 07, 2021

Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage

ISC StormCast for Wednesday, July 7th, 2021 July 06, 2021

Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820

ISC StormCast for Tuesday, July 6th, 2021 July 05, 2021

Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problem https://github.com/rpm-software-management/rpm/issues/1598 Node.JS Update https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/

ISC StormCast for Monday, July 5th, 2021 July 04, 2021

Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/

ISC StormCast for Friday, July 2nd, 2021 July 02, 2021

Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675

Episode 236 – YubiKeys and New DCs July 01, 2021

In Episode 236, Ben and Scott discuss an interesting question about MFA and using Microsoft Authenticator on personal devices, new Azure regions coming to Arizona (West US 3) and Georgia (East US 3), and a rebranding of Windows Virtual Desktop to Azure Virtual Desktop. Sponsors Sperry Software – Powerful Outlook Add-ins Read More

ISC StormCast for Thursday, July 1st, 2021 June 30, 2021

CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/

ISC StormCast for Wednesday, June 30th, 2021 June 29, 2021

Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/

Ads, Bans, and Apologies June 28, 2021

You can catch the podcast aired live every Sunday at 7pm EST at https://www.twitch.tv/remnantgamers/You can also view any other scheduled streams or other events going on at our website https://www.remnantgamers.com/Merch:Want a Remnant Gamer Jersey of your own? Head to https://www.remnantgamers.com/copy-of-events and pick out the style that suits you best!You can Read More

ISC StormCast for Monday, June 28th, 2021 June 27, 2021

Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit

ISC StormCast for Friday, June 25th, 2021 June 24, 2021

Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/

Episode 235 – Cortana, schedule a podcast June 24, 2021

In Episode 235, Ben and Scott talk about the release of Scheduler, the "new" AI, Cortana-based meeting scheduling service for Microsoft 365, updates on the timelines for disabling Basic Auth in Exchange, and a preview capability in SharePoint Online that will allow you to rename your SharePoint domain name. Sponsors Read More

ISC StormCast for Thursday, June 24th, 2021 June 23, 2021

DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement

ISC StormCast for Wednesday, June 23rd, 2021 June 22, 2021

Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/

ISC StormCast for Tuesday, June 22nd, 2021 June 21, 2021

Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004

ISC StormCast for Monday, June 21st, 2021 June 20, 2021

Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF

ISC StormCast for Friday, June 18th, 2021 June 17, 2021

Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/

This One is Not About E3 June 17, 2021

Episode 234 – Microsoft 365 Defender with Chris Givens June 17, 2021

In Episode 234, Ben sits down with Chris Givens at the Azure + AI conference (a part of DEV intersection) to talk about security in the Microsoft Cloud. Sponsors Sperry Software – Powerful Outlook Add-ins developed to make your email life easy even if you’re too busy to manage your inbox ShareGate - Read More

Older Entries Newer Entries