Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

23:59, Time to Exfiltrate! https://isc.sans.edu/diary/23%3A59%2C%20Time%20to%20Exfiltrate!/31272 Critical VMWare VCenter Vulnerability https://blogs.vmware.com/cloud-foundation/2024/09/17/vmsa-2024-0019-questions-answers/ Zero-Click Calendar invite - Critical zero-click vulnerability chain in macOS https://mikko-kenttala.medium.com/zero-click-calendar-invite-critical-zero-click-vulnerability-chain-in-macos-a7a434fc887b Google Adds Latest Post Quantum Encryption Standard to Chrome https://security.googleblog.com/2024/09/a-new-path-for-kyber-on-web.html

Managing PE Files with Overlays https://isc.sans.edu/forums/diary/Managing%20PE%20Files%20With%20Overlays/31268/ Apple Updates https://support.apple.com/en-us/100100 Ivanti EOL Cloud Service Appliances https://www.cisa.gov/news-events/alerts/2024/09/13/ivanti-releases-security-update-cloud-services-appliance Microsoft Revises September Update https://msrc.microsoft.com/update-guide/en-US/advisory/CVE-2024-43461 DLink Vulnerabilities https://www.twcert.org.tw/en/cp-139-8081-3fb39-2.html https://www.twcert.org.tw/en/cp-139-8091-bcd52-2.html https://www.twcert.org.tw/en/cp-139-8089-32df6-2.html

Finding Honeypot Clusters Using DBSCAN https://isc.sans.edu/diary/Finding%20Honeypot%20Data%20Clusters%20Using%20DBSCAN%3A%20Part%202/31194 Auto IT Credential Flusher https://research.openanalysis.net/credflusher/kiosk/stealer/stealc/amadey/autoit/2024/09/11/cred-flusher.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-Ivanti-Cloud-Service-Appliance-CSA-CVE-2024-8190?language=en_US https://www.horizon3.ai/attack-research/attack-blogs/cve-2024-29847-deep-dive-ivanti-endpoint-manager-agentportal-deserialization-of-untrusted-data-remote-code-execution-vulnerability/ File Sender Vulnerability https://filesender.org/vulnerability-in-filesender-versions-below-2-49-and-3-x-beta/ Docker Patches https://docs.docker.com/desktop/release-notes/#4342

Compromise of old hostname .mobi whois server https://labs.watchtowr.com/we-spent-20-to-achieve-rce-and-accidentally-became-the-admins-of-mobi/ Microsoft Reconsidering Security Tool API https://blogs.windows.com/windowsexperience/2024/09/12/taking-steps-that-drive-resiliency-and-security-for-windows-customers/ Microsoft implents PQC in SymCrypt https://techcommunity.microsoft.com/t5/security-compliance-and-identity/microsoft-s-quantum-resistant-cryptography-is-here/ba-p/4238780 GitLab Patch https://about.gitlab.com/releases/2024/09/11/patch-release-gitlab-17-3-2-released/#execute-environment-stop-actions-as-the-owner-of-the-stop-action-job

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20September%202024%20Patch%20Tuesday/31254 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Ivanti Patches https://forums.ivanti.com/s/article/Security-Advisory-EPM-September-2024-for-EPM-2024-and-EPM-2022?language=en_US

Critical Loadmaster Security Vulnerability https://support.kemptechnologies.com/hc/en-us/articles/29196371689613-LoadMaster-Security-Vulnerability-CVE-2024-7591 HA Proxy Patch https://www.mail-archive.com/haproxy%40formilux.org/msg45280.html Akira Ransomware Campaign Targeting Sonicwall SSLVPN Accounts https://arcticwolf.com/resources/blog/arctic-wolf-observes-akira-ransomware-campaign-targeting-sonicwall-sslvpn-accounts/ Kibana Deserializatio Vulnerability https://discuss.elastic.co/t/kibana-8-15-1-security-update-esa-2024-27-esa-2024-28/366119 Stately Taurus Abuses VSCode https://unit42.paloaltonetworks.com/stately-taurus-abuses-vscode-southeast-asian-espionage/

Password Cracking Energy: More Details https://isc.sans.edu/diary/Password%20Cracking%20%26%20Energy%3A%20More%20Dedails/31242 Python Notpad ++ https://isc.sans.edu/diary/Python%20%26%20Notepad%2B%2B/31240 Fake LinkedIn Job Ads https://cloud.google.com/blog/topics/threat-intelligence/examining-web3-heists/ Android Crypto Passphrase Stealer with OCR https://www.mcafee.com/blogs/other-blogs/mcafee-labs/new-android-spyagent-campaign-steals-crypto-credentials-via-image-recognition/ Sextortion Scam Now use Your Chating Spouses Name as a Lure https://www.bleepingcomputer.com/news/security/sextortion-scam-now-use-your-cheating-spouses-name-as-a-lure/

Enrichment Data: Keeping it Fresh https://isc.sans.edu/diary/Enrichment%20Data%3A%20Keeping%20it%20Fresh/31236 Veeam Update https://www.veeam.com/kb4649 New OFBiz Vulnerabilities https://www.rapid7.com/blog/post/2024/09/05/cve-2024-45195-apache-ofbiz-unauthenticated-remote-code-execution-fixed/ Cisco Smart License Manager Patches https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cslu-7gHMzWmw

Scans for Moodle Learning Platform Following Recent Update https://isc.sans.edu/diary/Scans+for+Moodle+Learning+Platform+Following+Recent+Update/31230 PyPi Rivival HiJack https://jfrog.com/blog/revival-hijack-pypi-hijack-technique-exploited-22k-packages-at-risk/ Android Updates https://source.android.com/docs/security/bulletin/2024-09-01 Mediatec WAPPD PoC Exploit https://blog.coffinsec.com/0day/2024/08/30/exploiting-CVE-2024-20017-four-different-ways.html#wrapping-up

Protected OOXML Text Documents https://isc.sans.edu/diary/Protected%20OOXML%20Text%20Documents/31078 Sextortion E-Mails with Photos https://krebsonsecurity.com/2024/09/sextortion-scams-now-include-photos-of-your-home/ Zyxel OS Command Injection Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-os-command-injection-vulnerability-in-aps-and-security-router-devices-09-03-2024 D-Link DIR-846W Unpatched RCE Vulnerabilities https://supportannouncement.us.dlink.com/security/publication.aspx?name=SAP10411 VMWare Priviledge Escalation Vulnerability CVe-2024-38811 https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24939 YubiKey Sidechannel Attack https://ninjalab.io/wp-content/uploads/2024/09/20240903_eucleak.pdf https://www.yubico.com/support/security-advisories/ysa-2024-03/

Wireshark 4.4: Converting Display Filters to BPF Capture Filters https://isc.sans.edu/diary/Wireshark+44+Converting+Display+Filters+to+BPF+Capture+Filters/31224 GitHub Comments Used to Spread Malware https://www.reddit.com/r/Malware/comments/1f2n1h4/comment/lkbi5gi/ Voldemort Malware Curses Orgs Using Global Tax Authorities https://www.darkreading.com/threat-intelligence/voldemort-malware-curses-orgs-global-tax-authorities Analysis of CVE-2024-43044 From file read to RCE in Jenkins through agents https://blog.convisoappsec.com/en/analysis-of-cve-2024-43044/

Live Patching DLLs with Python https://isc.sans.edu/diary/Live%20Patching%20DLLs%20with%20Python/31218 Global Protect Phishing https://www.trendmicro.com/en_us/research/24/h/threat-actors-target-middle-east-using-fake-tool.html BlackByte Ransomware Update https://blog.talosintelligence.com/blackbyte-blends-tried-and-true-tradecraft-with-newly-disclosed-vulnerabilities-to-support-ongoing-attacks/ The Risks Lurking in Publicly Exposed GenAI Development Services https://www.legitsecurity.com/blog/the-risks-lurking-in-publicly-exposed-genai-development-services Finding Lateral Movement of Adversaries Through the Noise of Systems Administration https://www.sans.edu/cyber-research/finding-lateral-movement-adversaries-through-noise-systems-administration/ YouTube Channel: https://www.youtube.com/c/CyberAttackDefense

Vega-Lite With Kibana To Parse and Display IP Activity Over Time https://isc.sans.edu/diary/Vega-Lite%20with%20Kibana%20to%20Parse%20and%20Display%20IP%20Activity%20over%20Time/31210 Attack tool update impairs Windows computers https://news.sophos.com/en-us/2024/08/27/burnt-cigar-2/ Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-241a Confluence Vulnerabilty Exploited for Crypto Miners https://www.trendmicro.com/en_us/research/24/h/cve-2023-22527-cryptomining.html Fortra FileCatalyst Workflow Hard Coded HSQLDB Credentials https://www.fortra.com/security/advisories/product-security/fi-2024-011

Why is Python so Popular to Infect Windows Hosts https://isc.sans.edu/diary/Why%20Is%20Python%20so%20Popular%20to%20Infect%20Windows%20Hosts%3F/31208 OFBiz Vulnerability Update https://www.cisa.gov/known-exploited-vulnerabilities-catalog https://nvd.nist.gov/vuln/detail/CVE-2024-38856 Versa Directory Vulnerability Exploited https://versa-networks.com/blog/versa-security-bulletin-update-on-cve-2024-39717-versa-director-dangerous-file-type-upload-vulnerability/ Google Chrome Vulnerability Exploited https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html SGX Key Leak https://x.com/_markel___/status/1828112469010596347

From Highly Obfuscated Batch File to XWorm and Redline https://isc.sans.edu/diary/From%20Highly%20Obfuscated%20Batch%20File%20to%20XWorm%20and%20Redline/31204 CVE-2024-38063 Windows IPv6 Issue PoC Exploit https://github.com/ynwarcs/CVE-2024-38063 Not a vulnerability https://github.com/juwenyi/CVE-2024-42992

Pandas Erros: What encoding are my logs in? https://isc.sans.edu/diary/Pandas%20Errors%3A%20What%20encoding%20are%20my%20logs%20in%3F/31200 Crowdstrike Performance Issues https://www.reddit.com/r/sysadmin/comments/1eyfex6/at_least_its_not_on_a_friday/ CopyBara Malware https://www.zscaler.com/blogs/security-research/technical-analysis-copybara#conclusion SonicWall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2024-0015

OpenAI Scans Honeypots https://isc.sans.edu/diary/OpenAI%20Scans%20for%20Honeypots.%20Artificially%20Malicious%3F%20Action%20Abuse%3F/31196 Broken Linux Boot Partitions after August Microsoft Update https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-23H2#3377msgdesc Google Fixes Chrome 0-day https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_21.html Cisco Zero Day Exploited (now Patched) https://www.sygnia.co/blog/china-threat-group-velvet-ant-cisco-zero-day/ Solar Winds Helpdesk Backdoor https://support.solarwinds.com/SuccessCenter/s/article/SolarWinds-Web-Help-Desk-12-8-3-Hotfix-2 Securing the Future: How Memory-Safe Programming Languages Impact Industry Safety (Christopher Ross) https://www.sans.edu/cyber-research/securing-future-how-memory-safe-programming-languages-impact-industry-safety/

Mapping Threats wiht DNSTwist and the Internet Storm Center https://isc.sans.edu/diary/Mapping%20Threats%20with%20DNSTwist%20and%20the%20Internet%20Storm%20Center%20%5BGuest%20Diary%5D/31188 Slack AI Prompt Injection https://promptarmor.substack.com/p/slack-ai-data-exfiltration-from-private Phishing in PWA Applications https://www.welivesecurity.com/en/eset-research/be-careful-what-you-pwish-for-phishing-in-pwa-applications/ QNAP Ransomware Security Center https://www.qnap.com/en/news/2024/qnap-officially-releases-qts-5-2-introducing-security-center-for-active-file-activity-monitoring-elevated-security-and-data-protection

Where are we with CVE-2024-38063: Microsoft IPv6 Vulnerability https://isc.sans.edu/diary/Where+are+we+with+CVE202438063+Microsoft+IPv6+Vulnerability/31186 Microsoft August Update Prevents Linux from Booting https://community.frame.work/t/sbat-verification-error-booting-linux-after-windows-update/56354 PHP CGI Vulnerability Exploited CVE-2024-4577 https://symantec-enterprise-blogs.security.com/threat-intelligence/taiwan-malware-dns F5 Updates https://my.f5.com/manage/s/article/K000140111 https://my.f5.com/manage/s/article/K000140108

Do you like donuts? Here is a donut Shellcode Delivered Through PowerShell Python https://isc.sans.edu/diary/Do%20you%20Like%20Donuts%3F%20Here%20is%20a%20Donut%20Shellcode%20Delivered%20Through%20PowerShell%20Python/31182 How Vulnerabilities in Microsoft Apps for MacOS allow Stealing Permissions https://blog.talosintelligence.com/how-multiple-vulnerabilities-in-microsoft-apps-for-macos-pave-the-way-to-stealing-permissions/ Digital Wallet Security Loophole https://www.umass.edu/news/article/new-study-reveals-loophole-digital-wallet-security-even-if-rightful-cardholder-doesnt Microsoft IPv6 Vulnerability CVE-2024-38063 https://x.com/f4rmpoet/status/1825472703223992323 YouTube Video (going live 10am ET) https://www.youtube.com/watch?v=miBb1llFOYQ