Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Apple Updates https://isc.sans.edu/diary/Apple+Patches+Exploited+WebKit+Vulnerabilitiues+in+iOSiPadOSmacOS/30444 Prophetic Post by Intern on CVE-2023-1389 Foreshadows Mirai Botnet Expansion Today https://isc.sans.edu/forums/diary/Prophetic+Post+by+Intern+on+CVE20231389+Foreshadows+Mirai+Botnet+Expansion+Today/30442/ Zyxel Vulnerabilities https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-authentication-bypass-and-command-injection-vulnerabilities-in-nas-products Solarwinds Update https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-4_release_notes.htm#link3 DNS Looking Glass https://isc.sans.edu/tools/dnslookup/

Decoding the Patterns: Analzying DShield Honeypot Activity https://isc.sans.edu/diary/Decoding%20the%20Patterns%3A%20Analyzing%20DShield%20Honeypot%20Activity%20%5BGuest%20Diary%5D/30428 Arcserve Unified Data Protection Multiple Vulnerabilities https://www.tenable.com/security/research/tra-2023-37 Hikvision Vulnerabilities https://www.hikvision.com/hk/support/cybersecurity/security-advisory/security-vulnerability-in-some-hikvision-products/ Assessing Prompt Injection Risks in 200+ Custom GPTs https://arxiv.org/pdf/2311.11538.pdf

Pro-Russian Attackers Scanning for Sharepoint Servers to Exploit CVE-2023-29357 https://isc.sans.edu/diary/Pro%20Russian%20Attackers%20Scanning%20for%20Sharepoint%20Servers%20to%20Exploit%20CVE-2023-29357/30436 Microsoft Deprecates Microsoft Defender Application Guard for Office https://learn.microsoft.com/en-us/windows/whats-new/deprecated-features Synology Vulnerability https://www.synology.com/en-global/security/advisory/Synology_SA_23_16 Apache Tomcat Request Smuggling Vulnerability CVE-2023-46589 https://lists.apache.org/thread/0rqq6ktozqc42ro8hhxdmmdjm1k1tpxr

Scans for ownCloud Vulnerability (CVE-2023-49103) https://isc.sans.edu/diary/Scans%20for%20ownCloud%20Vulnerability%20%28CVE-2023-49103%29/30432 Windows Hello Fingerprint Reader Weakness https://blackwinghq.com/blog/posts/a-touch-of-pwn-part-i/

DShield Birthday https://isc.sans.edu/diary/Happy%20Birthday%20DShield/30420 Mirai uses CVE-2023-1389 https://isc.sans.edu/diary/CVE-2023-1389%3A%20A%20New%20Means%20to%20Expand%20Botnets/30418 More Mirai Vulnerabilities https://www.akamai.com/blog/security-research/new-rce-botnet-spreads-mirai-via-zero-days Analyzing OVA Files https://isc.sans.edu/diary/OVA%20Files/30424 Static Code Injections in OpenCart (CVE-2023-47444) https://github.com/opencart/opencart/issues/12947 Holiday Hackchallenge https://www.sans.org/mlp/holiday-hack-challenge-2023/

Beyond -n: Optimizign tcpdump performance https://isc.sans.edu/forums/diary/Beyond%20-n%3A%20Optimizing%20tcpdump%20performance/30408/ Zimbra 0-day used to target international government organizations https://blog.google/threat-analysis-group/zimbra-0-day-used-to-target-international-government-organizations/ FortiSIEM OS command injection in Report Server https://www.fortiguard.com/psirt/FG-IR-23-135 AI Exploit Collection https://github.com/protectai/ai-exploits CrushFTP Remote Code Execution https://convergetp.com/2023/11/16/crushftp-zero-day-cve-2023-43177-discovered/ Scott Poley: The Cyber Date Paradox: Storing Less, Discovering More https://www.sans.edu/cyber-research/cyber-data-paradox-storing-less-discovering-more/

Redline Dropped Through MSIX Package https://isc.sans.edu/diary/Redline%20Dropped%20Through%20MSIX%20Package/30404 ChatGPT Code Interpreter Security Hole https://www.tomshardware.com/news/chatgpt-code-interpreter-security-hole Directory Traversal in Reactor Netty CVE-2023-34062 https://spring.io/security/cve-2023-34062 Aruba Networking Product Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-017.txt HARArmor https://harmor.dev/

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20November%202023/30400 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html Intel CPU Glitch State Patch https://lock.cmpxchg8b.com/reptar.html https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00950.html

Noticing command control channels by reviewing DNS protocols https://isc.sans.edu/diary/Noticing%20command%20and%20control%20channels%20by%20reviewing%20DNS%20protocols/30396 Passive SSH Key Compromise via Lattices https://eprint.iacr.org/2023/1711.pdf Juniper Vulnerabilities Exploited https://supportportal.juniper.net/s/article/2023-08-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-can-be-combined-to-allow-a-preAuth-Remote-Code-Execution?language=en_US

Routers Targeted for Gafgyt Botnet https://isc.sans.edu/forums/diary/Routers%20Targeted%20for%20Gafgyt%20Botnet%20%5BGuest%20Diary%5D/30390/ ScreenConnect used to Attack Healthcare https://www.huntress.com/blog/third-party-pharmaceutical-vendor-linked-to-pharmacy-and-health-clinic-cyberattack Fake Skills Assessment Portals Associated with Sapphire Sleet https://twitter.com/MsftSecIntel/status/1722316019920728437 OpenVPN Access Server Vulnerabilities https://openvpn.net/security-advisory/access-server-security-update-cve-2023-46849-cve-2023-46850/

Visual Examples of Code Injection https://isc.sans.edu/diary/Visual%20Examples%20of%20Code%20Injection/30388 SysAid Exploited by Cl0p Ransomware (CVE-2023-47246) https://www.sysaid.com/blog/service-desk/on-premise-software-security-vulnerability-notification WS_FTP Server Update CVE-2023-42659 https://community.progress.com/s/article/WS-FTP-Server-Service-Pack-November-2023 Malvertiser copies PC news site to delivery infostealer https://www.malwarebytes.com/blog/threat-intelligence/2023/11/malvertiser-copies-pc-news-site-to-deliver-infostealer pyArrow/Apache Arrow Vulnerability https://lists.apache.org/thread/yhy7tdfjf9hrl9vfrtzo8p2cyjq87v7n

Example of a Phishing Campaing Project File https://isc.sans.edu/diary/Example%20of%20Phishing%20Campaign%20Project%20File/30384 Cryptomining with Microsoft Azure Automation Services https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure Windows 11 Insider Changing Firewall Behaviour https://blogs.windows.com/windows-insider/2023/11/08/announcing-windows-11-insider-preview-build-25992-canary-channel/ CISA Adds SLP Vulnerability to Known Exploited Vulnerabilty List https://www.cisa.gov/news-events/alerts/2023/11/08/cisa-adds-one-known-exploited-vulnerability-catalog

What's Normal: New uses of DNS, Discovery of Designated Resolvers (DDR) https://isc.sans.edu/diary/What%27s%20Normal%3A%20New%20uses%20of%20DNS%2C%20Discovery%20of%20Designated%20Resolvers%20%28DDR%29/30380 BlueNoroff macOS Malware https://www.jamf.com/blog/bluenoroff-strikes-again-with-new-macos-malware/ Emphasizing Security by Default wiht Advanced Microsoft Authenticator Features https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/emphasizing-security-by-default-with-advanced-microsoft/ba-p/3773130

Confluence CVe-2023-22518 Exploited https://isc.sans.edu/diary/Exploit%20Activity%20for%20CVE-2023-22518%2C%20Atlassian%20Confluence%20Data%20Center%20and%20Server/30376 Google Threat Horizons Report https://services.google.com/fh/files/blogs/gcat_threathorizons_full_oct2023.pdf https://www.sans.edu/cyber-research/bookmark-bruggling-novel-data-exfiltration-with-brugglemark/ Veeam Update https://www.veeam.com/kb4508 QNAP Update https://www.qnap.com/de-de/security-advisory/qsa-23-35

New Microsoft Exchange Zero Days https://www.bleepingcomputer.com/news/microsoft/new-microsoft-exchange-zero-days-allow-rce-data-theft-attacks/ StripedFly: Perennially Flying under the Radar https://securelist.com/stripedfly-perennially-flying-under-the-radar/110903/ Send My: Sending Data over Apple's Find My Network https://github.com/positive-security/send-my

Quick Tip for Artificially Inflated PE Files https://isc.sans.edu/diary/Quick%20Tip%20For%20Artificially%20Inflated%20PE%20Files/30370 Apache ActiveMQ Flaw Exploited https://activemq.apache.org/security-advisories.data/CVE-2023-46604-announcement.txt https://www.rapid7.com/blog/post/2023/11/01/etr-suspected-exploitation-of-apache-activemq-cve-2023-46604/ Critical Firepower Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-fmc-cmd-inj-29MP49hN Dozens of npm Packages Caught Attempting to Deploy Reverse Shell https://blog.phylum.io/dozens-of-npm-packages-caught-attempting-to-deploy-reverse-shell/

Malware Dropped Through a ZPAQ Archive https://isc.sans.edu/forums/diary/Malware%20Dropped%20Through%20a%20ZPAQ%20Archive/30366/ CVSS 4.0 Now Official https://www.first.org/cvss/v4-0/index.html MOZI Botnet Killswitch https://www.welivesecurity.com/en/eset-research/who-killed-mozi-finally-putting-the-iot-zombie-botnet-in-its-grave/ URL Shorteners in .us https://securityonline.info/infoblox-uncovers-malicious-wave-in-us-domain-registrations/ Impersonating Slack Users https://falconspy.org/redteam/tradecraft/2023/10/05/2023-10-05-Slack-Impersonation.html

Multiple Layers of Anti-Sandboxing Techniques https://isc.sans.edu/diary/Multiple%20Layers%20of%20Anti-Sandboxing%20Techniques/30362 CVE-2023-22518 Improper Authorization Vulnerability in Confluence Data Center and Server https://confluence.atlassian.com/security/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-server-1311473907.html Malvertisement Promotes Malicious PyCharm Version https://www.malwarebytes.com/blog/threat-intelligence/2023/10/malvertising-via-dynamic-search-ads-delivers-malware-bonanza Thorn SFTP Gateway Java Deserialization RCE CVE-2016-1000027 CVE-2023-47174 https://help.thorntech.com/docs/sftp-gateway-gcp-3.0/gcp-java-deserialization-rce/

Flying under the Radar: The Privacy Impact of Mulicast DNS https://isc.sans.edu/forums/diary/Flying%20under%20the%20Radar%3A%20The%20Privacy%20Impact%20of%20multicast%20DNS/30358/ Kubernetes ingress-nginx vulnerability https://github.com/kubernetes/ingress-nginx/issues/10571 Google Chrome HTTPS Upgrade https://github.com/dadrian/https-upgrade/blob/main/explainer.md Wordpad POC CVE-2023-36563 https://www.dillonfrankesecurity.com/posts/cve-2023-36563-wordpad-analysis/

Size Matters for Many Security Controls https://isc.sans.edu/diary/Size%20Matters%20for%20Many%20Security%20Controls/30352 Spam or Phishing? Looking for Credentials and Passwords https://isc.sans.edu/diary/Spam%20or%20Phishing%3F%20Looking%20for%20Credentials%20%26%20Passwords/30354 iOS Leaks MAC Address https://www.youtube.com/watch?v=T3XABxNogTA Zero Day Initiative Pwn2Own Summary https://www.zerodayinitiative.com/blog/2023/10/24/pwn2own-toronto-2023-day-one-results https://www.zerodayinitiative.com/blog/2023/10/25/pwn2own-toronto-2023-day-two-results https://www.zerodayinitiative.com/blog/2023/10/26/pwn2own-toronto-2023-day-three-results Microsoft Octo Tempest Writeup https://www.microsoft.com/en-us/security/blog/2023/10/25/octo-tempest-crosses-boundaries-to-facilitate-extortion-encryption-and-destruction/