Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

DShield pfSense Client Update https://isc.sans.edu/diary/DShield%20pfSense%20Client%20Update/29994 Exposed Industrial Control Systems https://isc.sans.edu/diary/Controlling%20network%20access%20to%20ICS%20systems/30000 Analysis Method for Custom Encoding https://isc.sans.edu/diary/Analysis%20Method%20for%20Custom%20Encoding/29946 SNAPPY: Detecting Rogue WiFi Access Points https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/snappy-detecting-rogue-and-fake-80211-wireless-access-points-through-fingerprinting-beacon-management-frames/ RUSTBUCKET Mac Malware https://www.elastic.co/security-labs/DPRK-strikes-using-a-new-variant-of-rustbucket

GuLoader or BatLoader/Modiloader infection fro Remcos RAT https://isc.sans.edu/diary/GuLoader-%20or%20DBatLoader%20ModiLoader-style%20infection%20for%20Remcos%20RAT/29990 CVE-2023-26258 Remote Code Execution in Arcserve UDP Backup https://www.mdsec.co.uk/2023/06/cve-2023-26258-remote-code-execution-in-arcserve-udp-backup/ Sysmon Update https://learn.microsoft.com/en-us/sysinternals/downloads/sysmon https://medium.com/@olafhartong/sysmon-15-0-file-executable-detected-40fd64349f36 Drone Security and Fault Injection Attacks https://labs.ioactive.com/2023/06/applying-fault-injection-to-firmware.html

Kazkhastan: The world's last SSLv2 Super Power https://isc.sans.edu/diary/Kazakhstan%20-%20the%20world%27s%20last%20SSLv2%20superpower...%20and%20a%20country%20with%20potentially%20vulnerable%20last-mile%20internet%20infrastructure/29988 npm manifest issues https://blog.vlt.sh/blog/the-massive-hole-in-the-npm-ecosystem Process Mockingjay: Echoing RWX In Userland To Achieve Code Execution https://www.securityjoes.com/post/process-mockingjay-echoing-rwx-in-userland-to-achieve-code-execution

The Importance of Malware Triage https://isc.sans.edu/diary/The+Importance+of+Malware+Triage/29984/ RowPress: Amplifying Read Disturbance in Modern DRAM Chips https://dl.acm.org/doi/abs/10.1145/3579371.3589063 Dell BIOS Updates https://www.dell.com/support/kbdoc/de-de/000214778/dsa-2023-174-dell-client-bios-security-update-for-an-out-of-bounds-write-vulnerability Google Chrome Update https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop_26.html

BlackLotus Mitigation Guide https://media.defense.gov/2023/Jun/22/2003245723/-1/-1/0/CSI_BlackLotus_Mitigation_Guide.PDF Camaro Dragon Infects USB Drives as well as Network Drives https://research.checkpoint.com/2023/beyond-the-horizon-traveling-the-world-on-camaro-dragons-usb-flash-drives/ Grafana Security Release https://grafana.com/blog/2023/06/22/grafana-security-release-for-cve-2023-3128/

Email Spam With Modiloader Attached https://isc.sans.edu/diary/Email%20Spam%20with%20Attachment%20Modiloader/29978 Word Document with an Online Attached Template https://isc.sans.edu/diary/Word%20Document%20with%20an%20Online%20Attached%20Template/29976 Quakbot Activity Obama271 Distrubution Tag https://isc.sans.edu/diary/Qakbot%20%28Qbot%29%20activity%2C%20obama271%20distribution%20tag/29968 Microsoft Teams External Tenant Confusion https://labs.jumpsec.com/advisory-idor-in-microsoft-teams-allows-for-external-tenants-to-introduce-malware/ Free Smart Watches https://www.darkreading.com/threat-intelligence/suspicious-smartwatches-mailed-us-army-personnel

Apple Updates Already Exploited Vulnerabilities https://isc.sans.edu/diary/Apple%20Patches%20Exploited%20Vulnerabilities%20in%20iOS%20iPadOS%2C%20macOS%2C%20watchOS%20and%20Safari/29972 Heap Buffer Overflow in VMWare VCenter https://www.vmware.com/security/advisories/VMSA-2023-0014.html GitHub RepoJacking https://blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking

Analyzing a YouTube Sponsorship Phishing E-Mail https://isc.sans.edu/diary/Analyzing%20a%20YouTube%20Sponsorship%20Phishing%20Mail%20and%20Malware%20Targeting%20Content%20Creators/29966 Malicious Code Can Be Anywhere https://isc.sans.edu/diary/Malicious%20Code%20Can%20Be%20Anywhere/29964 Zyxel Vulnerability https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-pre-authentication-command-injection-vulnerability-in-nas-products Huawei Vulnerability https://www.huawei.com/en/psirt/security-advisories/2023/huawei-sa-thvihr-7015cbae-en Asus Vulnerability https://www.asus.com/content/asus-product-security-advisory/ VMWare Aria Vuln Exploited https://www.vmware.com/security/advisories/VMSA-2023-0012.html

Formbook From Possible ModiLoaeder (DBatLoader) https://isc.sans.edu/diary/Formbook%20from%20Possible%20ModiLoader%20%28DBatLoader%29%20/29958 Brute-Force ZIP Password Cracking with zipdump.py https://isc.sans.edu/diary/Brute-Force%20ZIP%20Password%20Cracking%20with%20zipdump.py/29948 Malware Delivered Through .inf File https://isc.sans.edu/diary/Malware%20Delivered%20Through%20.inf%20File/29960 FortiNAC - Just a few more RCEs https://frycos.github.io/vulns4free/2023/06/18/fortinac.html

Supervision and Verfication in Vulnerability Management https://isc.sans.edu/diary/Supervision%20and%20Verification%20in%20Vulnerability%20Management/29952 More MOVEit issues https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-15June2023 Critical Citrix Sharefile Storagezones Controller https://support.citrix.com/article/CTX559517/sharefile-storagezones-controller-security-update-for-cve202324489 Chromeloader Malware Update https://threatresearch.ext.hp.com/shampoo-a-new-chromeloader-campaign/ Bignum NPM Package Compromise https://checkmarx.com/blog/hijacking-s3-buckets-new-attack-technique-exploited-in-the-wild-by-supply-chain-attackers

Deobfuscating a VBS Script With Custom Encoding https://isc.sans.edu/diary/Deobfuscating%20a%20VBS%20Script%20With%20Custom%20Encoding/29940 Every Signature is Broken: On the Insecurity of Microsoft Office s OOXML Signatures https://www.usenix.org/conference/usenixsecurity23/presentation/rohlmann How to Manage the Vulnerailbity Associated with CVE-2023-32019 https://support.microsoft.com/en-gb/topic/kb5028407-how-to-manage-the-vulnerability-associated-with-cve-2023-32019-bd6ed35f-48b1-41f6-bd19-d2d97270f080 Fake Security Research GitHub Repos https://vulncheck.com/blog/fake-repos-deliver-malicious-implant Fortigate Vuln Details https://blog.lexfo.fr/xortigate-cve-2023-27997.html Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/June%202023%20Microsoft%20Patch%20Tuesday/29942/ VMWare 0-Day https://www.mandiant.com/resources/blog/vmware-esxi-zero-day-bypass https://www.vmware.com/security/advisories/VMSA-2023-0013.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Geoserver Attack Details: More Cryptominers Against Unconfigured WebApps https://isc.sans.edu/diary/Geoserver%20Attack%20Details%3A%20More%20Cryptominers%20against%20Unconfigured%20WebApps/29936 Fortinet Update CVE-2023-27997 https://www.fortiguard.com/psirt/FG-IR-23-097 Bitwarden Key Accessible By Low Privileged User https://hackerone.com/reports/1874155 Western Digital SMART Flag Abuse https://arstechnica.com/gadgets/2023/06/clearly-predatory-western-digital-sparks-panic-anger-for-age-shaming-hdds/

Undetected PowerShell Backdoor Disduigsed as a Profiled File https://isc.sans.edu/diary/Undetected%20PowerShell%20Backdoor%20Disguised%20as%20a%20Profile%20File/29930 DShield Honeypot Activity for May 2023 https://isc.sans.edu/diary/DShield%20Honeypot%20Activity%20for%20May%202023%20/29932 Second MOVEit Vulnerability https://www.progress.com/security/moveit-transfer-and-moveit-cloud-vulnerability Fortinet Patches CVE-2023-27997 https://twitter.com/cfreal_/status/1667852157536616451

Geoserver Scans https://isc.sans.edu/diary/Ongoing%20scans%20for%20Geoserver/29926 Barracuda Recommends Replacing Compromised Devices https://www.barracuda.com/company/legal/esg-vulnerability Google improves Chrome Password Manager https://www.msn.com/en-us/news/other/chrome-adds-windows-biometric-logins-to-its-password-powers/ar-AA1ciCCf Minecraft Mods Include Malicious Code https://www.bleepingcomputer.com/news/security/new-fractureiser-malware-used-curseforge-minecraft-mods-to-infect-windows-linux/ Trend Micro Service Pack https://files.trendmicro.com/documentation/readme/Apex%20One/2020/apex_one_2019_win_cp_b12033_EN_Critical_Patch_Readme.html

DMARC in .co TLD https://isc.sans.edu/diary/Management%20of%20DMARC%20control%20for%20email%20impersonation%20of%20domains%20in%20the%20.co%20TLD%20-%20part%202/29922 Three Vulnerabilities in VMWare Aria Operations for Networks https://www.vmware.com/security/advisories/VMSA-2023-0012.html SpinOK Spyware SDK found in Android Apps https://vms.drweb.com/search/?q=Android.Spy.SpinOk&lng=en https://www.cloudsek.com/threatintelligence/supply-chain-attack-infiltrates-android-apps-with-malicious-sdk Cisco Anyconnect Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-csc-privesc-wx4U4Kw RSA Webcast https://www.rsaconference.com/library/webcast/149-sans-followup-2023

Github Copilot vs Google: Which Code is More Secure https://isc.sans.edu/forums/diary/Github%20Copilot%20vs.%20Google%3A%20Which%20code%20is%20more%20secure/29918/ Android Update https://source.android.com/docs/security/bulletin/2023-06-01 Chrome Updates https://chromereleases.googleblog.com/2023/06/stable-channel-update-for-desktop.html FBI Warns of Manipulated Photos and Videos For Sextortion https://www.ic3.gov/Media/Y2023/PSA230605

Brute Forcing Simple Archive Passwords https://isc.sans.edu/diary/Brute%20Forcing%20Simple%20Archive%20Passwords/29914 KeePass 2.54 Released https://keepass.info/news/n230603_2.54.html Splunk Advisories https://advisory.splunk.com/advisories Malicious Google Chrome Extensions https://palant.info/2023/05/31/more-malicious-extensions-in-chrome-web-store/ Symantec Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/22217

Critical Vulnerability in MoveIT Transfer Actively Exploited https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 https://www.rapid7.com/blog/post/2023/06/01/rapid7-observed-exploitation-of-critical-moveit-transfer-vulnerability/ https://www.mandiant.com/resources/blog/zero-day-moveit-data-theft Atomic Wallet Compromise https://www.bleepingcomputer.com/news/security/atomic-wallet-hacks-lead-to-over-35-million-in-crypto-stolen/ Magecart Update https://www.akamai.com/blog/security-research/new-magecart-hides-behind-legit-domains

After 28 Years, SSLv2 is Still Not Gone https://isc.sans.edu/forums/diary/After%2028%20years%2C%20SSLv2%20is%20still%20not%20gone%20from%20the%20internet...%20but%20we're%20getting%20there/29908/ Operation Triangulation: iOS Devices Targeted With Previously Unknown Malware https://securelist.com/operation-triangulation/109842/ MOVEit Transfer Criticial Vulnerability https://community.progress.com/s/article/MOVEit-Transfer-Critical-Vulnerability-31May2023 Code Injection Vulnerablity in Reportlab Python Library https://github.com/c53elyas/CVE-2023-33733