Sans Internet Storm Center Daily Network/cyber Security And Information Security Podcast

April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440

Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/

Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploited Via Google Chrome Vulnerability https://leethax0.rs/2021/04/ElectricChrome/

No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Strike DNS Intrastructure https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors

Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm Google Chrome Blocking Port 10080 https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444

WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy

Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html

LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/

C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehackernews.com/2021/04/533-million-facebook-users-phone.html

April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system Older QNAP Devices Vulnerable And No Longer Patched https://securingsam.com/new-vulnerabilities-allow-complete-takeover/

Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax

Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/

Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/

A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/

"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html

One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952

NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855

Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193 Malware Installs Honeypot https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/ Twitter "Memphis" Bug https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/

Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ Windows 10 Crashes After March 10th Updates https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/ DNS Vulnerability Updates https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dynamic-updates/ Rob Upchurch: Preventing Windows 10 SMHNR DNS Leakage https://www.sans.org/reading-room/whitepapers/dns/preventing-windows-10-smhnr-dns-leakage-40165

SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities https://support.f5.com/csp/article/K02566623 Netgear Updates https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ Linux Foundation sigstore https://sigstore.dev