Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html Pentaho Business Analytics Vulnerablity https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf

Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks Kaspersky Lost Amazon Simple Email Service Token https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing

Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/ Google Chrome Updates https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html AbstractEmu Malware Roots Android https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign Microsoft Defender For Endpoint Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357

Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Shrootless Vulnerability in MacOS https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ More Malicious NPM Libraries https://www.theregister.com/2021/10/27/npm_roblox_ransomware/

Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple.com/en-us/HT201222 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PinkBot Botnet Uses DoH https://blog.netlab.360.com/pinkbot/ Jira Insight Patch https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html

Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist UltimaSMS Android Malware https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast Firefox Proxy Malware https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/

Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse Discourse Discussion Platform RCE https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq https://0day.click/recipe/discourse-sns-rce/ ua-parser-js malware https://github.com/advisories/GHSA-pjwm-rvh2-c87w Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware

Malware Quiz https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug

Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices

Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor

Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a

Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia

Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf

Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware.com/security/advisories/VMSA-2021-0023.html

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333

Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c

Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/

Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Rootkit https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Security https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos

Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensics https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Push https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/

Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerability https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Released https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/ https://www.microsoft.com/en-us/download/details.aspx?id=55319