Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Ancient TP-Link Backdoor Discovered by Attackers https://isc.sans.edu/diary/Ancient%20TP-Link%20Backdoor%20Discovered%20by%20Attackers/31442 GitHub Projects Targeted with Malicious Commits To Frame Researchers https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ PaloAlto and Fortinet Vulnerabilities https://labs.watchtowr.com/hop-skip-fortijump-fortijumphigher-cve-2024-23113-cve-2024-47575/ https://security.paloaltonetworks.com/PAN-SA-2024-0015 https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/

Microsoft November 2024 Patch Tuesday https://isc.sans.edu/diary/Microsoft%20November%202024%20Patch%20Tuesday/31438 CISA Top Routinely Exploited Vulnerabilities https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-317a APT Actors Embed Malware within macOS Flutter Applications https://www.jamf.com/blog/jamf-threat-labs-apt-actors-embed-malware-within-macos-flutter-applications/

PDF Object Streams https://isc.sans.edu/diary/PDF%20Object%20Streams/31430 Mazda Infotainment Vulnerabilities https://www.zerodayinitiative.com/blog/2024/11/7/multiple-vulnerabilities-in-the-mazda-in-vehicle-infotainment-ivi-system Ruby SAML CVE-2024-45409: As bad as it gets and hiding in plain sight https://workos.com/blog/ruby-saml-cve-2024-45409 Veeam Backup Enterprise Manager Vulnerability https://www.veeam.com/kb4682 Security Update for Dell Enterprise SONiC Distribution Vulnerabilities https://www.dell.com/support/kbdoc/en-us/000245655/dsa-2024-449-security-update-for-dell-enterprise-sonic-distribution-vulnerabilities Easy Access to Information for Conducting Fraudulent Emergency Data Requests Impacts US-Based Companies and Law Enforcement Agencies https://www.ic3.gov/CSA/2024/241104.pdf

zipdump and pkzip records https://isc.sans.edu/diary/zipdump%20%26%20PKZIP%20Records/31428 Am I Isolated https://github.com/edera-dev/am-i-isolated Locked iPhones Reboot https://www.404media.co/police-freak-out-at-iphones-mysteriously-rebooting-themselves-locking-cops-out/ https://x.com/naehrdine/status/1854896392797360484 Palo Alto Networks Bulletin https://security.paloaltonetworks.com/PAN-SA-2024-0015 D-Link Vulnerability https://netsecfish.notion.site/Command-Injection-Vulnerability-in-name-parameter-for-D-Link-NAS-12d6b683e67c80c49ffcc9214c239a07

Steam Account Checker Poisoned with Infostealer https://isc.sans.edu/diary/Steam%20Account%20Checker%20Poisoned%20with%20Infostealer/31420 Cisco Ultra Reliable Wireless Backhaul Vulnerability https://www.cisco.com/site/us/en/products/networking/industrial-wireless/ultra-reliable-wireless-backhaul/index.html Breaking Down Multipart Parsers: File upload validation bypass https://blog.sicuranext.com/breaking-down-multipart-parsers-validation-bypass/ Evasive ZIP Concatenation: Trojan Targets Windows Users https://perception-point.io/blog/evasive-concatenated-zip-trojan-targets-windows-users/ Veeam Backup Enterprise Manager Vulnerability (CVE-2024-40715) https://www.veeam.com/kb4682 SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge-2024

Insights from August Web Traffic Surge https://isc.sans.edu/forums/diary/%5BGuest%20Diary%5D%20Insights%20from%20August%20Web%20Traffic%20Surge/31408/ Talkative Air Fryer https://www.which.co.uk/policy-and-insight/article/why-is-my-air-fryer-spying-on-me-which-reveals-the-smart-devices-gathering-your-data-and-where-they-send-it-a9Fa24K6gY1c Pygmy Goat Malware Report https://www.ncsc.gov.uk/section/keep-up-to-date/malware-analysis-reports Apple CVE-2024-44258 PoC Exploit https://github.com/ifpdz/CVE-2024-44258 HPE Arruba vulnerabilities https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbnw04722en_us&docLocale=en_US

Python RAT with a Nice Screensharing Feature https://isc.sans.edu/diary/Python%20RAT%20with%20a%20Nice%20Screensharing%20Feature/31414 Android Security Bulletin November 2024 https://source.android.com/docs/security/bulletin/2024-11-01 Malware Delivered as Virtual Machine https://www.securonix.com/blog/crontrap-emulated-linux-environments-as-the-latest-tactic-in-malware-staging/ Fake Docusign Invoices https://lab.wallarm.com/attackers-abuse-docusign-api-to-send-authentic-looking-invoices-at-scale/

Analyzing an Encrypted Phishing PDF https://isc.sans.edu/diary/Analyzing%20an%20Encrypted%20Phishing%20PDF/31404 Okta Verify Desktop MFA For Windows Password Less Login CVE-2024-9191 https://trust.okta.com/security-advisories/okta-verify-desktop-mfa-for-windows-passwordless-login-cve-2024-9191/ QNAP QuRouter Vulnerability and Patch https://www.qnap.com/en/security-advisory/qsa-24-45 From Naptime to Big Sleep https://googleprojectzero.blogspot.com/2024/10/from-naptime-to-big-sleep.html Authenticated SQL injection vulnerability - ManageEngine ADManager Plus CVE-2024-48878 https://www.manageengine.com/products/ad-manager/admanager-kb/cve-2024-48878.html

October Activity with Username chenzilong https://isc.sans.edu/diary/October%202024%20Activity%20with%20Username%20chenzilong/31400 qpdf Extracting PDF Streams https://isc.sans.edu/diary/qpdf%3A%20Extracting%20PDF%20Streams/31406 Okta bcrypt issue https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ https://medium.com/@rajat29gupta/how-bcrypts-limitations-contributed-to-okta-s-vulnerability-a-lesson-for-developers-39425c644ed5 Synology Vulnerabilities https://www.synology.com/de-de/security/advisory/Synology_SA_24_19 https://www.synology.com/de-de/security/advisory/Synology_SA_24_18 Lastpass Fake Reviews https://blog.lastpass.com/posts/fake-web-store-reviews-attempting-to-steal-customer-data

Scans for RDP Gateways https://isc.sans.edu/diary/Scans%20for%20RDP%20Gateways/31398 CyberPanel Exploited https://www.bleepingcomputer.com/news/security/massive-psaux-ransomware-attack-targets-22-000-cyberpanel-instances/ Windows Themes Files Spoofing CVE-2024-38030 https://blog.0patch.com/2024/10/we-patched-cve-2024-38030-found-another.html QNAP Patches CVE-2024-50388, CVE-2024-50387 https://www.qnap.com/en/security-advisory/qsa-24-41 Facebook Malvertising https://www.bitdefender.com/en-us/blog/labs/unmasking-the-sys01-infostealer-threat-bitdefender-labs-tracks-global-malvertising-campaign-targeting-meta-business-pages/

Critical RCE Vulnerabilty in Cyberpanel https://dreyand.rs/code/review/2024/10/27/what-are-my-options-cyberpanel-v236-pre-auth-rce Spring WebFlux Vulnerability https://access.redhat.com/security/cve/cve-2024-38821 https://spring.io/security/cve-2024-38821 Inbound SMTP DANE with DNSSEC for Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/announcing-general-availability-of-inbound-smtp-dane-with-dnssec/ba-p/4281292 HeptaX: Unauthorized RDP Connections for Cyberespionage Operations https://cyble.com/blog/heptax-unauthorized-rdp-connections-for-cyberespionage-operations/

Apple Update Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/31390 Selfcontained HTML Phishing Attachment Using Telegram to Exfiltrate Credentials https://isc.sans.edu/diary/Selfcontained+HTML+phishing+attachment+using+Telegram+to+exfiltrate+stolen+credentials/31388/ ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits

Two currently (old) exploited Ivanti vulnerabilities https://isc.sans.edu/diary/Two%20currently%20%28old%29%20exploited%20Ivanti%20vulnerabilities/31384 Arcadyan FMIMG51AX000J (WiFi Alliance) RCE CVE-2024-41992 https://ssd-disclosure.com/ssd-advisory-arcadyan-fmimg51ax000j-wifi-alliance-rce/ Okta iOS App Vulnerability CVE-2024-10327 https://trust.okta.com/security-advisories/okta-verify-for-ios-cve-2024-10327/ Threat Alert TeamTNT's docker gatling gun campaign https://www.aquasec.com/blog/threat-alert-teamtnts-docker-gatling-gun-campaign/

Development Features Enabled in Production https://isc.sans.edu/diary/Development%20Features%20Enabled%20in%20Prodcution/31380 Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials https://blog.talosintelligence.com/large-scale-brute-force-activity-targeting-vpns-ssh-services-with-commonly-used-login-credentials/ Cisco Secure Firewall Management Center Software Command Injection Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-v3AWDqN7 Exposing the Danger Within: Hardcoded Cloud Credentials in Popular Mobile Apps https://www.security.com/threat-intelligence/exposing-danger-within-hardcoded-cloud-credentials-popular-mobile-apps

Everybody Loves Bash Scripts Including Attackers https://isc.sans.edu/diary/Everybody%20Loves%20Bash%20Scripts.%20Including%20Attackers./31376 Fortimanager Exploited Vulnerability https://www.fortiguard.com/psirt/FG-IR-24-423 Sharepoint Exploit https://www.cisa.gov/news-events/alerts/2024/10/22/cisa-adds-one-known-exploited-vulnerability-catalog https://github.com/testanull/MS-SharePoint-July-Patch-RCE-PoC OpenSSL Vulnerability https://openssl-library.org/news/secadv/20241016.txt Reduced Certificate Lifetime https://github.com/cabforum/servercert/pull/553

How much HTTP (not HTTPS) Traffic is Traversing Your Perimeter? https://isc.sans.edu/diary/How%20much%20HTTP%20%28not%20HTTPS%29%20Traffic%20is%20Traversing%20Your%20Perimeter%3F/31372 VMSA-2024-0019:VMware vCenter Server updates address heap-overflow and privilege escalation vulnerabilities (CVE-2024-38812, CVE-2024-38813) https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24968 Unifi Security Advisory Bulletin 043 https://community.ui.com/releases/Security-Advisory-Bulletin-043-043/28e45c75-314e-4f07-a4f3-d17f67bd53f7 Fake attachment. Roundcube mail server attacks exploit CVE-2024-37383 vulnerability. https://global.ptsecurity.com/analytics/pt-esc-threat-intelligence/fake-attachment-roundcube-mail-server-attacks-exploit-cve-2024-37383-vulnerability Atlassian Security Bulletin - October 15 2024 https://confluence.atlassian.com/security/security-bulletin-october-15-2024-1442910972.html OneDev Arbitrary file reading for unauthenticated user https://g

A Network Nerd's Take on Emergency Preparedness https://isc.sans.edu/diary/A%20Network%20Nerd%27s%20Take%20on%20Emergency%20Preparedness/31356 HM Surf Vulnerability Access to Camera Exploited CVE-2024-44133 https://www.microsoft.com/en-us/security/blog/2024/10/17/new-macos-vulnerability-hm-surf-could-lead-to-unauthorized-data-access/ Fortinet releases patches for undisclosed critical FortiManager vulnerability https://www.helpnetsecurity.com/2024/10/21/fortimanager-critical-vulnerability/ ScienceLogic Vulnerability https://rackspace.service-now.com/system_status?id=detailed_status&service=4dafca5a87f41610568b206f8bbb35a6 https://docs.sciencelogic.com/latest/Content/Web_Admin_and_Accounts/System_Administration/sys_admin_system_upgrade.htm

Microsoft 365: Partially incomplete log data due to monitoring agent issue https://m365admin.handsontek.net/multiple-services-partially-incomplete-log-data-due-to-monitoring-agent-issue/ End-to-End Encrytped Cloud Storage in the Wild: A Broken Ecosystem https://brokencloudstorage.info/paper.pdf ESET Branded Malware https://x.com/ESETresearch/status/1847192384448172387 Synology Update https://www.synology.com/en-us/security/advisory/Synology_SA_24_17 Spring Framework Update CVe-2024-38819 CVE-2024-38820 https://spring.io/blog/2024/10/17/spring-framework-cve-2024-38819-and-cve-2024-38820-published Grafana Security Release CVE-2024-9264 https://grafana.com/blog/2024/10/17/grafana-security-release-critical-severity-fix-for-cve-2024-9264/

Scanning Activity from Subnet 15.184.0.0/16. https://isc.sans.edu/diary/Scanning%20Activity%20from%20Subnet%2015.184.0.0%2016/31362 Gatekeeper Bypass /unit42.paloaltonetworks.com/gatekeeper-bypass-macos/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2024.html Cisco ATA 190 Series Analog Telephone Adapter Firmware Vulnerabilities https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ata19x-multi-RDTEqRsy SAP Vulnerability https://redrays.io/blog/poc-sap-note-3433192-code-injection-vulnerability-in-sap-netweaver-as-java/ Dept. of Commerce Sites Advertising Medication https://x.com/tliston/status/1833542884047654984

The Top 10 Not So Common SSH Usernames and Passwords https://isc.sans.edu/diary/The%20Top%2010%20Not%20So%20Common%20SSH%20Usernames%20and%20Passwords/31360 CISA Product Security Bad Practices https://www.cisa.gov/resources-tools/resources/product-security-bad-practices Kubernetes Image Builder Vulnerability CVE-2024-9486 CVE-2024-9594 https://discuss.kubernetes.io/t/security-advisory-cve-2024-9486-and-cve-2024-9594-vm-images-built-with-kubernetes-image-builder-use-default-credentials/30119 Solarwinds Hardcoded Password Exploited CVE-2024-28987 https://www.bleepingcomputer.com/news/security/solarwinds-web-help-desk-flaw-is-now-exploited-in-attacks/ Bypassing noexec and executing arbitrary binaries https://iq.thc.org/bypassing-noexec-and-executing-arbitrary-binaries Workshop Website: https://www.sansapi.com/ https://www.sansapi.com/docs