Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Update https://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsoft https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation's Cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/

Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5) https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scans https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishing https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templates https://mrd0x.com/browser-in-the-browser-phishing-attack/

npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkit https://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routers https://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/

Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers https://asec.ahnlab.com/en/32572/ dompdf 0 day https://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerability https://www.openssl.org/news/secadv/20220315.txt

Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Users https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukraine https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukraine https://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoor https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/

Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windows https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilities https://www.veeam.com/kb4288 Linux Netfilter Privilege Escalation https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/

Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/

Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer...) https://blog.sonarsource.com/securing-developer-tools-package-managers

Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROS https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletins https://helpx.adobe.com/security/security-bulletin.html

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html

Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030

Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk

Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/

The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection

Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/

PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/

Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc

Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/

New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/