Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/

Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF

An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/

How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062

Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/

Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/

Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/

What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/

Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/

WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7

Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/

GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear

Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml

Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88

More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/

BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7

XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html

Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical

Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/

Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690