Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/

From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/

When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/

TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/

Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/

Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/

F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/

Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413

Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346

Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-

Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info

Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/

A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege Escalation https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Security alert: Attack campaign involving stolen OAuth user tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens Netatalk Vulnerability Affecting Synology, QNAP, Others? https://www.synology.com/en-global/security/advisory/Synology_SA_22_06

MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd Linux Privilege Escalation Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ npm Package Planting https://blog.aquasec.com/npm-package-planting

WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.morphisec.com/vmware-identity-manager-attack-backdoor VirusTotal Exploit Update https://twitter.com/bquintero/status/1518738072820670464 Emotet Experimenting With New Delivery Techniques https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques

Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-blog Apple's Private Relay can Cause the System to Ignore Firewall Rules https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/ Emotet Breaks and Later Fixes Installer https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/

Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/ JWT Null Signature Vulnerability PoC https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app Expat XML Vulnerabilities https://www.ibm.com/support/pages/node/6573293 Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html

Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bulletins/AWS-2022-006/ Cisco Fixes https://tools.cisco.com/security/center/publicationListing.x Psychic Signature PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC ALAC Audio Decoder Bug https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/

AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/

u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943