Sinopsis
Daily update on current cyber security threats
Episodios
-
![ISC StormCast for Monday, July 12th, 2021]()
ISC StormCast for Monday, July 12th, 2021
12/07/2021 Duración: 05minScanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware File https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updates https://source.android.com/security/bulletin/2021-07-01 Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicious Documents https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html
-
![ISC StormCast for Friday, July 9th, 2021]()
ISC StormCast for Friday, July 9th, 2021
09/07/2021 Duración: 05minUsing Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload https://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojan https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east https://www.patreon.com/posts/53462690 iCloud Password Reset Weaknesss https://thezerohack.com/apple-vulnerability-bug-bounty
-
![ISC StormCast for Thursday, July 8th, 2021]()
ISC StormCast for Thursday, July 8th, 2021
08/07/2021 Duración: 05minMicrosoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage
-
![ISC StormCast for Wednesday, July 7th, 2021]()
ISC StormCast for Wednesday, July 7th, 2021
07/07/2021 Duración: 08minMicrosoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820
-
![ISC StormCast for Tuesday, July 6th, 2021]()
ISC StormCast for Tuesday, July 6th, 2021
06/07/2021 Duración: 06minKaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problem https://github.com/rpm-software-management/rpm/issues/1598 Node.JS Update https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/
-
![ISC StormCast for Monday, July 5th, 2021]()
ISC StormCast for Monday, July 5th, 2021
04/07/2021 Duración: 05minKaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/
-
![ISC StormCast for Friday, July 2nd, 2021]()
ISC StormCast for Friday, July 2nd, 2021
02/07/2021 Duración: 07minPrint Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675
-
![ISC StormCast for Thursday, July 1st, 2021]()
ISC StormCast for Thursday, July 1st, 2021
01/07/2021 Duración: 06minCVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
-
![ISC StormCast for Wednesday, June 30th, 2021]()
ISC StormCast for Wednesday, June 30th, 2021
30/06/2021 Duración: 05minGoogle "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/
-
![ISC StormCast for Monday, June 28th, 2021]()
ISC StormCast for Monday, June 28th, 2021
28/06/2021 Duración: 06minIncrease in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
-
![ISC StormCast for Friday, June 25th, 2021]()
ISC StormCast for Friday, June 25th, 2021
25/06/2021 Duración: 06minDo You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
-
![ISC StormCast for Thursday, June 24th, 2021]()
ISC StormCast for Thursday, June 24th, 2021
24/06/2021 Duración: 06minDNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement
-
![ISC StormCast for Wednesday, June 23rd, 2021]()
ISC StormCast for Wednesday, June 23rd, 2021
23/06/2021 Duración: 06minPhishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/
-
![ISC StormCast for Tuesday, June 22nd, 2021]()
ISC StormCast for Tuesday, June 22nd, 2021
22/06/2021 Duración: 05minAttack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004
-
![ISC StormCast for Monday, June 21st, 2021]()
ISC StormCast for Monday, June 21st, 2021
21/06/2021 Duración: 05minNetwork Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF
-
![ISC StormCast for Friday, June 18th, 2021]()
ISC StormCast for Friday, June 18th, 2021
18/06/2021 Duración: 05minNetwork Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/
-
![ISC StormCast for Thursday, June 17th, 2021]()
ISC StormCast for Thursday, June 17th, 2021
17/06/2021 Duración: 05minJune 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730
-
![ISC StormCast for Wednesday, June 16th, 2021]()
ISC StormCast for Wednesday, June 16th, 2021
16/06/2021 Duración: 06minMulti Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138
-
![ISC StormCast for Tuesday, June 15th, 2021]()
ISC StormCast for Tuesday, June 15th, 2021
15/06/2021 Duración: 05minApple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Multiple Vulnerabilities https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ Bypassing MFA in Exchange Online https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
-
![ISC StormCast for Monday, June 14th, 2021]()
ISC StormCast for Monday, June 14th, 2021
14/06/2021 Duración: 06minEoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still Exploited https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf Linux Vulnerability in polkit https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
