Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 Phishing HTML Attachment as Voicemail Audio Transcription https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability https://security.paloaltonetworks.com/CVE-2022-0028

InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html Ivanti Pulse Connect Secure Privilege Escalation Vulnerability https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-asaftd-rsa-key-leak-Ms7UEfZz

And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Microsoft-vulnerability-and-IPS-SNORT/ba-p/156649

Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/security/security-bulletin.html

JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Malicious Python Packages https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry New Orchard Botnet https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/

Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broadcast Messaging System Vulnerabilities https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326 Slack Leaks Hashed Passwords https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets Zimbra Flaw Exploited https://nvd.nist.gov/vuln/detail/CVE-2022-27924

TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ rsync arbitrary file write vulnerablity https://www.openwall.com/lists/oss-security/2022/08/02/1 Local privilege escalation in Kaspersky VPN https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/

l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability http://derekabdine.com/blog/2022-arris-advisory 35,000 Malicious Repo Forks Flood GitHub https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/ Palo Alto Master Key https://twitter.com/rqu50/status/1554566757704089600#m Laravel Unserialize RCE https://github.com/beicheng-maker/vulns/issues/1 Unuathenticated Remote Code Execution in DrayTek Vigor Routers https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/rce-in-dratyek-routers.html

Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0021.html https://twitter.com/VietPetrus Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html

A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/

PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camera Vulnerability https://www.nozominetworks.com/blog/vulnerability-in-dahua-s-onvif-implementation-threatens-ip-camera-security/ Nuki Smart Lock Vulnerabilities https://research.nccgroup.com/2022/07/25/technical-advisory-multiple-vulnerabilities-in-nuki-smart-locks-cve-2022-32509-cve-2022-32504-cve-2022-32502-cve-2022-32507-cve-2022-32503-cve-2022-32510-cve-2022-32506-cve-2022-32508-cve-2/ Foxit PDF Reader https://www.foxit.com/support/security-bulletins.html

Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS22-004#c1 IBM Patches https://www.ibm.com/support/pages/node/6606251 https://www.ibm.com/support/pages/node/6607135

IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/

How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html

PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/

An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/

Maldoc with non-ASCII VBA Identifiers https://isc.sans.edu/diary/Maldoc%3A+non-ASCII+VBA+Identifiers/28866 Cisco Security Updates https://tools.cisco.com/security/center/publicationListing.x? Outlook 365 Odd Supicious Login Attempt Warnings https://www.theregister.com/2022/07/21/outlook_sign_ins/ Windows RDP Brute Force Protection https://twitter.com/dwizzzleMSFT/status/1549870156771340288 Microsoft resuming blocking macros https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805

Malicious Python Script Behaving Like a Rubber Ducky https://isc.sans.edu/diary/Malicious+Python+Script+Behaving+Like+a+Rubber+Ducky/28860 Apple Patches Everything https://isc.sans.edu/diary/Apple+Patches+Everything+Day/28862 Confluence Atlasian Hard Coded Password https://confluence.atlassian.com/doc/questions-for-confluence-security-advisory-2022-07-20-1142446709.html Zyxel Vulnerablity https://www.zyxel.com/support/Zyxel-security-advisory-authenticated-directory-traversal-vulnerabilities-of-firewalls.shtml DNS over HTTP/3 https://security.googleblog.com/2022/07/dns-over-http3-in-android.html

Beacon Request https://isc.sans.edu/diary/Requests+For+beacon.http-get.+Help+Us+Figure+Out+What+They+Are+Looking+For/28856 Oracle July 2022 CPU https://www.oracle.com/security-alerts/cpujul2022.html CloudMensis MacOS Spyware https://www.welivesecurity.com/2022/07/19/i-see-what-you-did-there-look-cloudmensis-macos-spyware/ GPS Tracker Vulnerabilities https://www.bitsight.com/sites/default/files/2022-07/MiCODUS-GPS-Report-Final.pdf

Adding Your Own Keywords to My PDF Tools https://isc.sans.edu/diary/Adding+Your+Own+Keywords+To+My+PDF+Tools/28852 Tor Improvements https://blog.torproject.org/new-release-tor-browser-115/ Trojan Horse Malware Password Cracker https://www.dragos.com/blog/the-trojan-horse-malware-password-cracking-ecosystem-targeting-industrial-operators/ CVE-2022-33891 Apache Spark Shell Command Injection Vulnerability https://securityonline.info/cve-2022-33891-apache-spark-shell-command-injection-vulnerability/ Juniper Junos Vulnerabilities https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=date%20descending&f:ctype=[Security%20Advisories]