Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Apache NiFi Attacks https://isc.sans.edu/diary/Your%20Business%20Data%20and%20Machine%20Learning%20at%20Risk%3A%20Attacks%20Against%20Apache%20NiFi/29900 Gigabyte App Center Backdoor; https://eclypsium.com/blog/supply-chain-risk-from-gigabyte-app-center-backdoor/ Salesforce Ghost Sites https://www.varonis.com/blog/salesforce-ghost-sites CVE-2023-34152: Shell Command Injection in ImageMagick https://securityonline.info/cve-2023-34152-shell-command-injection-bug-affecting-imagemagick/

Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerability#:~:text=the%20section%20below.-,Endpoint%20IOCs,-Table%204%20lists Void Rabisu RomCom Backdoor https://www.trendmicro.com/en_us/research/23/e/void-rabisu-s-use-of-romcom-backdoor-shows-a-growing-shift-in-th.html Nextcloud Vulnerability https://github.com/nextcloud/security-advisories/security/advisories/GHSA-mr7q-xf62-fw54 Zyxel NAS Vulnerability https://sternumiot.com/iot-blog/ntp-textbox-vulnerability-in-zyxel-nas326-nas540-and-nas542-devices/ Wait Just An Infosec: Higher Ed https://www.youtube.com/watch?v=

Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-securing-pypi-with-2fa/ Apache Casandra Vulnerabilities https://lists.apache.org/thread/mwd02nrw2go8shg29rnp3o4hgompvkp5 MOXA MXsecurity Vulerabilities https://www.moxa.com/en/support/product-support/security-advisory/mxsecurity-command-injection-and-hardcoded-credential-vulnerabilities

IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities https://supportannouncement.us.dlink.com/announcement/publication.aspx?name=SAP10332

More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow-vulnerabilities-of-firewalls Baracuda Email Security Gateway Vulnerability https://status.barracuda.com/incidents/34kx82j5n4q9 Gitlab Patch https://about.gitlab.com/releases/2023/05/23/critical-security-release-gitlab-16-0-1-released/

Apache Nifi Scans https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/ Samsung Updates fix 0-Day https://security.samsungmobile.com/securityUpdate.smsb Lenovo All-In One Bricked by Windows Update https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/ Dell VxRail Security Update https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-450 BrutePrint: Expose Smartphone Fingerprint Authentication to Brute-force Attack https://arxiv.org/pdf/2305.10791.pdf

Probes for recent ABUS Security Camera Vulnerability https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870 .ZIP Domains Confuse Virustotal https://twitter.com/imohanasundaram/status/1660678184977805316 Synology DSM 6.2 Patch https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 Jenkins Fixes Multiple Plugin Vulnerabilities https://www.jenkins.io/security/advisory/2023-05-16/ PyPi Suspension Lifted https://status.python.org/incidents/qy2t9mjjcc7g Nissan Sylphy Classic Key Vulnerability https://vulmon.com/vulnerabilitydetails?qid=CVE-2023-33281

Another Malicious HTA File Analysis - Part 3 https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/ When the Phisher Messes Up With Encoding https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864 PyPi Suspends New Users and Projects https://status.python.org/incidents/qy2t9mjjcc7g PGP Signatures on PyPi: Worse than useless https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless RATs found hiding in the npm attic https://www.reversinglabs.com/blog/rats-found-hiding-in-the-npm-attic

Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860 A Quick Survey of .zip Domains https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858 Dell NetWorker Security Update https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt KeePass 2.X Master Password Dumper https://github.com/vdohney/keepass-password-dumper

Increase in Malicious RAR SFX Files https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/ FriendlyName Buffer Overflow in Wemo Smartplug https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ Wago License Page Exploit https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/ Routers Turned Into Proxies https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/

Signals Defense With Faraday Bags https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/ Microsoft Sharepoint Scans Password Protected Files https://infosec.exchange/@threatresearch/110373860063222707# Critical Sandbox Escape Vulnerability in VM2 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-capabilities-to-macos-threat-actors/

Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848 Intel Microcode Updates Do Not Patch Vulnerability https://www.theregister.com/2023/05/15/intel_mystery_microcode/ Fake Trezor Hardware Crypto Wallet https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/ TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited https://www.fortiguard.com/threat-signal-report/5157/tp-link-archer-ax-21-command-injection-vulnerability-cve-2023-1389-exploited-in-the-wild

The .zip gTLD: Risks and Opportunities https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/ Brave Forgetful Browsing https://brave.com/privacy-updates/25-forgetful-browsing/ Intel Mystery Microcode Patch https://www.phoronix.com/news/Intel-12-May-2023-Microcode Netgear Updates https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_23_04 https://claroty.com/team82/research/chaining-five-vulnerabilities-to-exploit-netgear-nighthawk-rax30-routers-at-pwn2own-toronto-2022

Geolocating IPs is Harder Than You Think https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834 Pre-Infected Mobile Phones https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/ Dragos Breach https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/ AndoryuBot Targets Ruckus Admin RCE Vulnerability https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25717

Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2 https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828 Microsoft Patched Outlook (actually Windows) vulnerability again https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api Law Enforcement and Intelligence Agencies Disable "Snake" Malware https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL_SNAKE_MALWARE_20230509.PDF Fake System Update Drop Malware https://www.malwarebytes.com/blog/threat-intelligence/2023/05/fake-system-update-drops-new-highly-evasive-loader

Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826 GitHub "Push Protection" now out of Beta https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/

QR Codes Used in Fake Parking Tickets and Surveys https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/ Microsoft Edge Update https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Facebook Sees More Fake ChatGPT https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ CyberGhost VPN Vulnerability https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/

Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/SupplyChainAttacks/blob/main/MSI/ImpactedDevices.md https://twitter.com/matrosov/status/1654560343295934464 PHP Packages Compromised https://blog.packagist.com/packagist-org-maintainer-account-takeover/

Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce

Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717