Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Home Office/Small Business Hurricane Prep https://isc.sans.edu/diary/Home%20Office%20%20%20Small%20Business%20Hurricane%20Prep/30166 Notepad++ Vulnerabilities https://securitylab.github.com/advisories/GHSL-2023-092_Notepad__/ 7-Zip Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1164/ BGP Error Handling Issues https://blog.benjojo.co.uk/post/bgp-path-attributes-grave-error-handling

Survival Time for Web Sites https://isc.sans.edu/diary/Survival%20time%20for%20web%20sites/30170 PDF/ActiveMime Polyglot Maldocs https://blogs.jpcert.or.jp/en/2023/08/maldocinpdf.html https://blog.didierstevens.com/2023/08/29/quickpost-pdf-activemime-maldocs-yara-rule/ RocketMQ Vulnerability Exploited https://blogs.juniper.net/en-us/threat-research/dreambus-botnet-resurfaces-targets-rocketmq-vulnerability ManageEngine Vulnerabilty https://www.manageengine.com/security/advisory/CVE/CVE-2023-35785.html

Analysis of RAR Exploit Files (CVE-2023-38831) https://isc.sans.edu/diary/Analysis+of+RAR+Exploit+Files+CVE202338831/30164 Juniper Exploit CVE-2023-36844 , CVE-2023-36845 , CVE-2023-36846 , CVE-2023-36847 https://labs.watchtowr.com/cve-2023-36844-and-friends-rce-in-juniper-firewalls/ Microsoft Will Enabled Extended Protection for Exchange Server by Default https://techcommunity.microsoft.com/t5/exchange-team-blog/coming-soon-enabling-extended-protection-on-exchange-server-by/ba-p/3911849 Rust Malware Stages on Crates.io https://blog.phylum.io/rust-malware-staged-on-crates-io/ SANS Community Night London Signup https://www.sans.org/mlp/community-night-cloud-security-london-september-2023

Python Malware Using Postgresql for C2 Communications https://isc.sans.edu/diary/Python%20Malware%20Using%20Postgresql%20for%20C2%20Communications/30158 macOS: Who is Behind This Network Connection? https://isc.sans.edu/diary/macOS%3A%20Who%3Fs%20Behind%20This%20Network%20Connection%3F/30160 CVE-2020-19909 Is Everything that is Wrong with CVEs https://daniel.haxx.se/blog/2023/08/26/cve-2020-19909-is-everything-that-is-wrong-with-cves/ Windows Certificate Confusion https://arstechnica.com/security/2023/08/a-renegade-certificate-is-removed-from-windows-then-it-returns-confusion-ensues/ NPM E-Mail Validator Package Malware https://blog.phylum.io/npm-emails-validator-package-malware/

How I made a "QWERTY" Keyboard Walk Password Generator with ChatGPT https://isc.sans.edu/diary/How%20I%20made%20a%20qwerty%20%3Fkeyboard%20walk%3F%20password%20generator%20with%20ChatGPT%20%20%5BGuest%20Diary%5D/30152 FBI Warns of Persistent Barracuda Backdoors https://www.ic3.gov/Media/News/2023/230823.pdf Ivanti Sentry Athentication Bypass Deep Diver CVE-2023-38035 https://www.horizon3.ai/ivanti-sentry-authentication-bypass-cve-2023-38035-deep-dive/ Smoke Loader Drops Whiffy Recon WiFi Scanning and Geolocation Malware https://www.secureworks.com/blog/smoke-loader-drops-whiffy-recon-wi-fi-scanning-and-geolocation-malware

More Exotic Excel Files Dropping AgentTesla https://isc.sans.edu/diary/More%20Exotic%20Excel%20Files%20Dropping%20AgentTesla/30150 CVE-2023-38831 WinRAR Vulnerability Exploited https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/ Aruba Vulnerabilities https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-012.txt

Fernet Encryption in Malware https://isc.sans.edu/forums/diary/Have%20You%20Ever%20Heard%20of%20the%20Fernet%20Encryption%20Algorithm%3F/30146/ Malware Triage With Inotify Tools https://isc.sans.edu/diary/Quick+Malware+Triage+With+Inotify+Tools/30142/ Adobe Coldfusion Exploited https://www.cisa.gov/known-exploited-vulnerabilities-catalog Openfire Admin Console Vulnerability Exploited https://vulncheck.com/blog/openfire-cve-2023-32315 XLoader Mac Malware Updates https://www.sentinelone.com/blog/xloaders-latest-trick-new-macos-variant-disguised-as-signed-officenote-app/

SystemBC Scans and ProxyNation https://isc.sans.edu/diary/SystemBC%20Malware%20Activity%20/30138 https://cybersecurity.att.com/blogs/labs-research/proxynation-the-dark-nexus-between-proxy-apps-and-malware Exchange Server Security Update Re-Release https://techcommunity.microsoft.com/t5/exchange-team-blog/re-release-of-august-2023-exchange-server-security-update/ba-p/3900025 Ivanti Sentry Vulnerability Exploited https://forums.ivanti.com/s/article/CVE-2023-38035-API-Authentication-Bypass-on-Sentry-Administrator-Interface?language=en_US DUO Security Outage https://status.duo.com/incidents/rw7g0q7ztj8f mTLS Vulnerabilities https://github.blog/2023-08-17-mtls-when-certificate-authentication-is-done-wrong/

From a Zalando Phish to a RAT https://isc.sans.edu/diary/From%20a%20Zalando%20Phishing%20to%20a%20RAT/30136 RARLAB WinRAR Recovery Volume Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1152/ Hotmail SPF Record Error Leads to spam false positives https://www.bleepingcomputer.com/news/microsoft/hotmail-email-delivery-fails-after-microsoft-misconfigures-dns/ Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector https://www.sentinelone.com/labs/chinese-entanglement-dll-hijacking-in-the-asian-gambling-sector/ Google Chrome to Warn Users of Malicious Extensions https://betanews.com/2023/08/17/google-chrome-to-warn-users-about-problematic-extensions/

Command Line Parsing - Are These Really Unique Strings? https://isc.sans.edu/diary/Command%20Line%20Parsing%20-%20Are%20These%20Really%20Unique%20Strings%3F/30126 iOS 16 Fake Airplane Mode https://www.jamf.com/blog/fake-airplane-mode-a-mobile-tampering-technique-to-maintain-connectivity/ LinkedIn Attacks https://cyberint.com/blog/research/linkedin-accounts-under-attack-how-to-protect-yourself/ Robot Vacuum Privacy Issues https://dontvacuum.me/talks/DEFCON31/DEFCON31-vacuum-robots-final.pdf https://dontvacuum.me/

PowerShell Gallery Prone to Typosqatting, Other Sypply Chain Attacks https://www.darkreading.com/application-security/powershell-gallery-prone-to-typosquatting-other-supply-chain-attacks Windows Random Time Issues https://arstechnica.com/security/2023/08/windows-feature-that-resets-system-clocks-based-on-random-data-is-wreaking-havoc/ Energy Company Targeted in QR Code Campaign https://cofense.com/blog/major-energy-company-targeted-in-large-qr-code-campaign/ New Citrix Scanner from Mandiant https://www.mandiant.com/resources/blog/citrix-adc-vulnerability-ioc-scanner

macOS Background Task Manager Bypass https://www.wired.com/story/apple-mac-background-task-management-flaw/ Ivanti Avalanche Vulnerability https://www.tenable.com/security/research/tra-2023-27 Exploiting Synology NAS Cloud Connectivity https://claroty.com/team82/research/a-pain-in-the-nas-exploiting-cloud-connectivity-to-pwn-your-nas-synology-ds920-edition Fake Crypto Currency Apps Offered as "Beta" versions https://www.ic3.gov/Media/Y2023/PSA230814

PDFiD False Positives Revisited https://isc.sans.edu/diary/PDFiD%3A%20False%20Positives%20Revisited/30122 CVE-2023-32019 Fix Enabled by Default; https://support.microsoft.com/en-us/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 CyberPower and Dataprobe Vulnerabilities https://www.trellix.com/en-us/about/newsroom/stories/research/the-threat-lurking-in-data-centers.html Ford WiFi Driver Vulnerability https://www.ti.com/lit/er/swra773/swra773.pdf?ts=1691717352391&ref_url=https%253A%252F%252Fmedia.ford.com%252F

Show Me All Your Windows https://isc.sans.edu/diary/Show%20me%20All%20Your%20Windows!/30116 Zero Touch Pwn https://blog.syss.com/posts/zero-touch-pwn/ Maginot DNS Spoofing Attack https://www.usenix.org/conference/usenixsecurity23/presentation/li-xiang

Some things never change, such as SQL Authentication "Encryption" https://isc.sans.edu/diary/Some%20things%20never%20change%20%3F%20such%20as%20SQL%20Authentication%20%3Fencryption%3F/30112 Defender Pretender: When Windows Defender Updates Become a Security Risk https://www.blackhat.com/us-23/briefings/schedule/#defender-pretender-when-windows-defender-updates-become-a-security-risk-32706 Dell Compellent Hardcoded Key https://www.dell.com/support/kbdoc/en-us/000216615/dsa-2023-282-security-update-for-dell-storage-integration-tools-for-vmware-dsitv-vulnerabilities Vulnerabilities in Sogou Keyboard https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/

Tunnelcrack VPN Vulnerability https://papers.mathyvanhoef.com/usenix2023-tunnelcrack.pdf Mozilla VPN Vulnerablity https://www.openwall.com/lists/oss-security/2023/08/03/1 Non English Exchange Server Patch Issues https://techcommunity.microsoft.com/t5/exchange-team-blog/released-august-2023-exchange-server-security-updates/bc-p/3894481/highlight/true VSCode Token Security https://cycode.com/blog/exposing-vscode-secrets/ Weekly Updates for Google Chrome https://security.googleblog.com/2023/08/an-update-on-chrome-security-updates.html

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20August%202023%20Patch%20Tuesday/30106 Adobe Updates https://helpx.adobe.com/security/security-bulletin.html

Update: Researchers Scanning the Internet https://isc.sans.edu/diary/Update%3A%20Researchers%20scanning%20the%20Internet/30102 Malicious OpenBullet Configuration Files https://www.kasada.io/threat-intel-openbullet-malware/ Abusing Cloudflare Tunnels https://www.guidepointsecurity.com/blog/tunnel-vision-cloudflared-abused-in-the-wild/

Are Leaked Credential Dumps Used by Attackers? https://isc.sans.edu/diary/Are%20Leaked%20Credentials%20Dumps%20Used%20by%20Attackers%3F/30098 New PaperCut RCE Vulnerability https://www.horizon3.ai/cve-2023-39143-papercut-path-traversal-file-upload-rce-vulnerability/ Microsoft mitigates Power Platform Custom Code information disclosure vulnerability https://msrc.microsoft.com/blog/2023/08/microsoft-mitigates-power-platform-custom-code-information-disclosure-vulnerability/ Microsoft Publishes Token theft Playbook https://learn.microsoft.com/en-us/security/operations/token-theft-playbook

From small LNK to large malicious BAT file with zero VT score https://isc.sans.edu/diary/From%20small%20LNK%20to%20large%20malicious%20BAT%20file%20with%20zero%20VT%20score/30094 Social Engineering via Microsoft Teams https://www.microsoft.com/en-us/security/blog/2023/08/02/midnight-blizzard-conducts-targeted-social-engineering-over-microsoft-teams/ Automating the Search for LOLBAS https://pentera.io/resources/whitepapers/the-lolbas-odyssey-finding-new-lolbas-and-how-you-can-too/ Sneaky Versioning Used to Bypass Scanners https://thehackernews.com/2023/08/malicious-apps-use-sneaky-versioning.html Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2023-010.txt Mitel Patches https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0008