Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222 Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/

Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/ Lets Encrypt Reviving Certificate Revocation Lists https://letsencrypt.org/2022/09/07/new-life-for-crls.html

Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ GifShell attack creates reverse shell using microsoft teams gifs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/

PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis Cisco publishes unpatched Small Business Router Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O Shikitega - New stealthy malware targeting Linux https://thehackernews.com/2022/09/new-stealthy-shikitega-malware.html

Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Zyxel Patches RCE Vulnerability https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml Moobot Going after D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/

James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/2022/1

Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microsoft Basic Authentication Deprecation in Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws Gitlab Update https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/#brute-force-attack-may-guess-a-password-even-when-2fa-is-enabled

Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised as Google Translate Desktop App https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Apache Geode Deserialization Flaw https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr Foxit PDF Reader Update https://sec-consult.com/vulnerability-lab/advisory/outdated-javascript-engine-leads-to-rce-in-foxit-pdf-reader/

Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Malicious Chrome Extensions https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ Chromium Based Browsers Allow Access to Clipboard https://bugs.chromium.org/p/chromium/issues/detail?id=1334203

Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine Popular PDF Reader Adware https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads Google changing its VPN Ad Blocker Policy https://support.google.com/googleplay/android-developer/answer/12253906?hl=en

Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990 HTTP2 Packet Analysis with Wireshark https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986 Paypal Phishing/Coinbase in One Image https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984 Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 https://isc.sans.edu/diary/Sysinternals+Updates%3A+Sysmon+v14.0+and+ZoomIt+v6.01/28988 eth.link domain at risk https://www.coindesk.com/tech/2022/08/26/web3-domain-name-service-could-lose-its-web-address-because-programmer-who-can-renew-it-sits-in-jail/

Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Group IB Connects Twilio and Cloudflare Phishing attacks to others https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/ Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impact-anti-cheat-driver-to-kill-antivirus.html LastPass Security Incident https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ Bitbucket Vulnerability https://securityonline.info/cve-2022-36804-bitbucket-server-and-data-center-command-injection-vulnerability/

Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers Carbon Black Blue Screens https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369 Gitlab Vulnerability https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execution%20via%20Github%20import

Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.chainguard.dev/taming-python-malware-scanners/ New Iranian APT Data Extraction Tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/ IBM MQ Update https://www.ibm.com/support/pages/node/6613021

32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf DirtyCred Linux Privilege Escalation Vulnerablity https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169 Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-drive-by-downloads.html

Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-instagram-and-facebook-can-track-anything-you-do-on-any-website-in-their-in-app-browser https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser

Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994

A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952 Google Chrome Update https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Cisco staystaystay exploit tool https://www.youtube.com/watch?v=ySgbHClk9HE

VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice.

Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 MacOS Privilege Escalation https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Zoom Update https://explore.zoom.us/en/trust/security/security-bulletin/ Microsoft Block Vulnerable Bootloaders https://eclypsium.com/2022/08/11/vulnerable-bootloaders-2022/ HPE Integrated Lights Out 5 Vulnerablities https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=emr_na-hpesbhf04333en_us