Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Microsoft Patches https://isc.sans.edu/diary/Microsoft%20December%202022%20Patch%20Tuesday/29336 Apple Patches https://isc.sans.edu/diary/Apple%20Updates%20Everything/29338 Citrix Patches https://www.citrix.com/blogs/2022/12/13/critical-security-update-now-available-for-citrix-adc-citrix-gateway/

Quickie: CyberChef Sorting By String Length https://isc.sans.edu/diary/Quickie%3A%20CyberChef%20Sorting%20By%20String%20Length/29328 FortiOS Buffer Overlow https://www.fortiguard.com/psirt/FG-IR-22-398 A Custom Python Backdoor for VMWare ESXi Servers https://blogs.juniper.net/en-us/threat-research/a-custom-python-backdoor-for-vmware-esxi-servers Fuzzing Ping https://tlakh.xyz/fuzzing-ping.html

Fast Port Scanning in Powershell https://isc.sans.edu/diary/Port%20Scanning%20in%20Powershell%20Redux%3A%20Speeding%20Up%20the%20Results%20%28challenge%20accepted!%29/29324 Bypassing WAFs with JSON https://claroty.com/team82/research/js-on-security-off-abusing-json-based-sql-to-bypass-waf Invisbile npm malware evading security checks https://jfrog.com/blog/invisible-npm-malware-evading-security-checks-with-crafted-versions/ PCI Secre Software Standard V 1.2 https://docs-prv.pcisecuritystandards.org/Software%20Security/Standard/PCI-Secure-Software-Standard-v1_2.pdf VMWare/VCenter Patches https://www.vmware.com/security/advisories/VMSA-2022-0030.html

Finding Gaps in Syslog https://isc.sans.edu/diary/Finding%20Gaps%20in%20Syslog%20-%20How%20to%20find%20when%20nothing%20happened/29314 Internet Explorer Vulnerabilty used in Malicious Word Document https://blog.google/threat-analysis-group/internet-explorer-0-day-exploited-by-north-korean-actor-apt37/ Zombinder Obfuscation Service used by Ermac https://www.threatfabric.com/blogs/zombinder-ermac-and-desktop-stealers.html Cisco IP Phone Vulnerability CVE-2022-20968 https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ipp-oobwrite-8cMF5r7U daloRADIUS Vulnerablity CVE-2022-23475 https://securityonline.info/cve-2022-23475-account-take-over-flaw-in-open-source-radius-web-management-app/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/

ZeroBot / WSZero IoT Botnet https://www.fortinet.com/blog/threat-research/zerobot-new-go-based-botnet-campaign-targets-multiple-vulnerabilities https://blog.netlab.360.com/new-ddos-botnet-wszeor/ Cacti Vulnerability CVE-2022-46169 https://github.com/Cacti/cacti/security/advisories/GHSA-6p93-p743-35gf Wireshark Updates https://www.wireshark.org/docs/relnotes/wireshark-4.0.2.html Apple iCloud Security Improvements https://www.apple.com/newsroom/2022/12/apple-advances-user-security-with-powerful-new-data-protections/

Mirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot https://vulncheck.com/blog/moobot-uses-fake-vulnerability Android Patches CVE-2022-20411 https://source.android.com/docs/security/bulletin/2022-12-01?hl=en

VLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019

QBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com/MishaalRahman/status/1598426974594433025 GitHub Pipeline Vulnerability https://www.legitsecurity.com/blog/artifact-poisoning-vulnerability-discovered-in-rust

Quarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.com/technology/2022/11/30/trustcor-internet-authority-mozilla/ Android Platform Certificates Used to Sign Malware https://bugs.chromium.org/p/apvi/issues/detail?id=100

What is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/

LinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras Sending Images to Cloud even if asked not to https://www.macrumors.com/2022/11/29/eufy-camera-cloud-uploads-no-user-consent/ Packet Tuesday https://packettuesday.com SANS Holiday Hack Challenge Sign Up https://www.sans.org/mlp/holiday-hack-challenge/

Ukraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/posts/2022-11-24-smart-move-google ACER UEFI BIOS Vulnerabilities https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs https://www.binarly.io/posts/OpenSSL_Usage_in_UEFI_Firmware_Exposes_Weakness_in_SBOMs/index.html

Log4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vulnerable-sdk-components-lead-to-supply-chain-risks-in-iot-and-ot-environments/ Google Chrome Patches 0-Day https://chromereleases.googleblog.com/2022/11/stable-channel-update-for-desktop_24.html Hacking Smartwatches for Spear Phishing https://cybervelia.com/?p=1380

Lessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bitbucket Server and Data Center Vulnerability https://jira.atlassian.com/browse/BSERV-13522 Amazon RDS Snapshot Leaks https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots Adobe Commerce merchants to be hit with TrojanOrders this season https://sansec.io/research/trojanorder-magento SANS EDU Research: Detecting and Mitigating the GateKeeper User Override on macOS in an Enterprise Environment; Antonio Piazza https://www.sans.edu/cyber-research/detecting-and-mitigating-the-gatekeeper-user-override-on-macos-in-an-enterprise-environment/

Evil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899 https://github.com/0x36/weightBufs/ Disneyland Malware Team: It's a Puny World After All https://krebsonsecurity.com/2022/11/disneyland-malware-team-its-a-puny-world-after-all/#more-61870

Packet Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/

Extracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After November Updates https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc Cookies for MFA Bypass Gain Traction Among Cyberattackers https://www.darkreading.com/threat-intelligence/cookies-mfa-bypass-cyberattackers

Extracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https://www.theregister.com/2022/11/11/world_cup_security/ https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/ Mysterious Company With Government Ties Plays Key Internet Role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses-government-connections/ Extortion Scams Hit Website Owners https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-damage-sites-reputation-leak-data/

Do you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall.com/lists/oss-security/2022/11/10/1

Another Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ FoxIT Update https://www.foxit.com/support/security-bulletins.html SAP Update https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10