SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1,932 episodes - English - Latest episode: about 1 month ago - ★★★★★ - 435 ratingsA brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
ISC StormCast for Monday, March 18th, 2024
March 18, 2024 02:00 - 6 minutes - 5.63 MB5GHoul Revisted: Thress Months Later https://isc.sans.edu/diary/5Ghoul%20Revisited%3A%20Three%20Months%20Later/30746 Obfuscated Hexadecimal Payload https://isc.sans.edu/diary/Obfuscated%20Hexadecimal%20Payload/30750 ChatGPT Related OAUTH Issues https://salt.security/blog/security-flaws-within-chatgpt-extensions-allowed-access-to-accounts-on-third-party-websites-and-sensitive-data?utm_source=social&utm_medium=reddit RedCanary Threat Detection Report https://redcanary.com/threat-dete...
ISC StormCast for Friday, March 15th, 2024
March 15, 2024 02:00 - 20 minutes - 16.8 MBIncrease in the number of phishing messages pointing to IPFS and to R2 buckets https://isc.sans.edu/diary/Increase%20in%20the%20number%20of%20phishing%20messages%20pointing%20to%20IPFS%20and%20to%20R2%20buckets/30744 Fortinet New Vulnerabilities https://www.horizon3.ai/attack-research/attack-blogs/fortiwlm-the-almost-story-for-the-forti-forty/ Fortinet Updates https://www.helpnetsecurity.com/2024/03/14/cve-2023-48788-poc/ Arcserve UDP Vulnerability and PoC https://www.tenable.com/s...
ISC StormCast for Thursday, March 14th, 2024
March 14, 2024 02:00 - 5 minutes - 4.67 MBUsing ChatGPT to Deofuscate Malicious Scripts https://isc.sans.edu/diary/Using%20ChatGPT%20to%20Deobfuscate%20Malicious%20Scripts/30740 Critical Fortinet Vulnerabilities https://fortiguard.fortinet.com/psirt Adobe Security Bulletins https://helpx.adobe.com/security/security-bulletin.html Kubernetes Local Volumes Command Injection Vulnerability https://www.akamai.com/blog/security-research/kubernetes-local-volumes-command-injection-vulnerability-rce-system-privileges
ISC StormCast for Wednesday, March 13th, 2024
March 13, 2024 02:00 - 5 minutes - 4.82 MBMicrosoft Patch Tuesday March 2024 https://isc.sans.edu/diary/Microsoft%20Patch%20Tuesday%20-%20March%202024/30736 Death Knell of NVD https://resilientcyber.substack.com/p/death-knell-of-the-nvd Unrestricted file upload vulnerability in ManageEngine Desktop Central https://www.incibe.es/en/incibe-cert/notices/aviso/unrestricted-file-upload-vulnerability-manageengine-desktop-central Siemens Fire Protection System Updates https://cert-portal.siemens.com/productcert/html/ssa-225840.ht...
ISC StormCast for Tuesday, March 12th, 2024
March 12, 2024 02:00 - 6 minutes - 5.33 MBWhat happens when you accidentially leak your AWS API Keys https://isc.sans.edu/diary/What%20happens%20when%20you%20accidentally%20leak%20your%20AWS%20API%20keys%3F%20%5BGuest%20Diary%5D/30730 How Crypto Imposters are using Calendly to infect Macs with Malware https://cyberguy.com/news/how-crypto-imposters-are-using-calendly-to-infect-macs-with-malware/ https://krebsonsecurity.com/2024/02/calendar-meeting-links-used-to-spread-mac-malware/ Misconfiguration Manager: Overlooked and Overp...
ISC StormCast for Monday, March 11th, 2024
March 11, 2024 02:00 - 7 minutes - 6.13 MBAttack Wrangles Thousands of Web Users into a Password Cracking Botnet https://arstechnica.com/security/2024/03/attack-wrangles-thousands-of-web-users-into-a-password-cracking-botnet Cisco VPN Client Vuln https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-secure-client-crlf-W43V4G7 Fortinet Vulnerability Exploited https://bishopfox.com/blog/cve-2024-21762-vulnerability-scanner-for-fortigate-firewalls pgAdmin Path Traversal https://www.shielder.co...
ISC StormCast for Friday, March 8th, 2024
March 08, 2024 02:00 - 5 minutes - 4.47 MBAWS Deploymnet Risks - Configuration and Credential File Targeting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20AWS%20Deployment%20Risks%20-%20Configuration%20and%20Credential%20File%20Targeting/30722 Apple Updates https://isc.sans.edu/diary/MacOS%20Patches%20%28and%20Safari%2C%20TVOS%2C%20VisionOS%2C%20WatchOS%29/30726 NSA/CISA Secure Cloud Guides https://media.defense.gov/2024/Mar/07/2003407866/-1/-1/0/CSI-CloudTop10-Identity-Access-Management.PDF https://media.defense.gov/202...
ISC StormCast for Thursday, March 7th, 2024
March 07, 2024 02:00 - 6 minutes - 5.19 MBScanning and Abusing the QUIC Protocol https://isc.sans.edu/diary/Scanning%20and%20abusing%20the%20QUIC%20protocol/30720 Google Chrome Update https://chromereleases.googleblog.com/2024/03/stable-channel-update-for-desktop.html Spinning YARN https://www.cadosecurity.com/spinning-yarn-a-new-linux-malware-campaign-targets-docker-apache-hadoop-redis-and-confluence/ Teamcity Exploited https://twitter.com/leak_ix/status/1765460190621581347
ISC StormCast for Wednesday, March 6th, 2024
March 06, 2024 02:00 - 6 minutes - 5.64 MBiOS/iPadOS Updates with Zero Day Fixes https://isc.sans.edu/diary/Apple%20Releases%20iOS%20iPadOS%20Updates%20with%20Zero%20Day%20Fixes./30716 Why Your Firewall Will Kill You https://isc.sans.edu/diary/Why+Your+Firewall+Will+Kill+You/30714/ QEMU Tunnel https://securelist.com/network-tunneling-with-qemu/111803/ VMware Vulnerabilities Patched https://www.vmware.com/security/advisories/VMSA-2024-0006.html
ISC StormCast for Tuesday, March 5th, 2024
March 05, 2024 02:15 - 5 minutes - 4.84 MBCapturing DShield Packets with a LAN Tap https://isc.sans.edu/diary/Capturing%20DShield%20Packets%20with%20a%20LAN%20Tap%20%5BGuest%20Diary%5D/30708 Additional Critical Security Issues Affecting Teamcity https://blog.jetbrains.com/teamcity/2024/03/additional-critical-security-issues-affecting-teamcity-on-premises-cve-2024-27198-and-cve-2024-27199-update-to-2023-11-4-now/ GitHub Push Protection Now On By Default https://github.blog/2024-02-29-keeping-secrets-out-of-public-repositories/...
ISC StormCast for Monday, March 4th, 2024
March 04, 2024 02:00 - 5 minutes - 4.67 MBScanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/
ISC StormCast for Friday, March 1st, 2024
March 01, 2024 02:00 - 6 minutes - 5.47 MBDissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https:/...
ISC StormCast for Thursday, February 29th, 2024
February 29, 2024 02:00 - 5 minutes - 4.8 MBExploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
ISC StormCast for Wednesday, February 28th, 2024
February 28, 2024 02:00 - 6 minutes - 5.27 MBTake Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists...
ISC StormCast for Tuesday, February 27th, 2024
February 27, 2024 02:00 - 6 minutes - 5.38 MBUtilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935
ISC StormCast for Monday, February 26th, 2024
February 26, 2024 02:00 - 5 minutes - 4.94 MBUpdate MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operatio...
ISC StormCast for Friday, February 23rd, 2024
February 23, 2024 02:00 - 5 minutes - 4.97 MBFriend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Sna...
ISC StormCast for Thursday, February 22nd, 2024
February 22, 2024 02:00 - 6 minutes - 5.52 MBPhishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/
ISC StormCast for Wednesday, February 21st, 2024
February 21, 2024 02:45 - 6 minutes - 5.38 MBPython InfoStealer Wtih Dynamic Sandbox Detection https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668 Connectwise Screenconnect Vulnerabilities https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250 https://kb.vmware.com/s/article/96442 Voltage Noise to Manipulate Wireless Chargers https://arxiv.org/pdf/2402.11423.pdf
ISC StormCast for Tuesday, February 20th, 2024
February 20, 2024 02:00 - 5 minutes - 4.73 MBOld Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks
ISC StormCast for Monday, February 19th, 2024
February 19, 2024 02:00 - 7 minutes - 6.41 MBSolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/
ISC StormCast for Friday, February 16th, 2024
February 16, 2024 02:00 - 13 minutes - 10.9 MBUSPS Anchors Snowballing Smishing Campaigns https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ Linux Issuing CVEs http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ Analyzing Pulse Secure Firmware and Bypassing Integrity Checking https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques https://www.sans.ed...
ISC StormCast for Thursday, February 15th, 2024
February 15, 2024 02:00 - 5 minutes - 4.88 MBGuest Diary: Learning by Doing An Interative Adventure in Troubleshooting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648 Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ The Risks of the Monikerlink Bug in Microsoft Outlook https://research.checkpoint.com/2024/the-risks-of-the-moniker...
ISC StormCast for Wednesday, February 14th, 2024
February 14, 2024 03:20 - 6 minutes - 5.42 MBMicrosoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646 DNSSEC DoS Vulnerability CVE-2023-50387 https://www.presseportal.de/pm/173495/5713546 Zoom Desktop Client Vuln https://www.zoom.com/en/trust/security-bulletin QNAP Vulnerablity https://www.qnap.com/de-de/security-advisory/qsa-23-57 https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/
ISC StormCast for Tuesday, February 13th, 2024
February 13, 2024 03:00 - 5 minutes - 4.74 MBExploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partner...
ISC StormCast for Monday, February 12th, 2024
February 12, 2024 02:25 - 5 minutes - 4.97 MBMSIX With Heaviliy Obfuscated PowerShell Script https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636 Too Many Honeypots https://vulncheck.com/blog/too-many-honeypots ClamAV Command Injection Vulnerability CVE-2024-20328 https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/ ExpressVPN DNS Leaks https://www.expressvpn.com/blog/windows-app-dns-requests/
ISC StormCast for Friday, February 9th, 2024
February 09, 2024 03:10 - 5 minutes - 4.91 MBA Python MP3 Player With Builtin Keylogger Capability https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632 Fake LastPass App in Apple App Store https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ Ivanti XXE Vulnerability https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure FortiOS sslvpnd vulnerability https://www.f...
ISC StormCast for Thursday, February 8th, 2024
February 08, 2024 02:55 - 5 minutes - 4.69 MBAnybody knows what this URL is about? Maybe Balena API request? https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/ Critical shim vulnerability and patch https://github.com/rhboot/shim/releases/tag/15.8 Volt Typhoon Lessons Learned https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques
ISC StormCast for Wednesday, February 7th, 2024
February 07, 2024 03:05 - 6 minutes - 5.58 MBComputer viruses are celebrating their 40th birthday (well, 54th, really) https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624 Three million malware-infected smart toothbrushes used in Swiss DDoS attacks https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Critical Security Issue Affecting TeamCity On-P...
ISC StormCast for Tuesday, February 6th, 2024
February 06, 2024 02:40 - 5 minutes - 5.02 MBPublic Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis Deepfake Exploits https://www.scmp.com/news/hong-kong/law-...
ISC StormCast for Monday, February 5th, 2024
February 05, 2024 02:00 - 5 minutes - 4.9 MBDShield Sensor Log Collection with Elasticsearch https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/ Anydesk Breach https://anydesk.com/en/public-statement Leaky Vessels https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/
ISC StormCast for Friday, February 2nd, 2024
February 02, 2024 02:00 - 7 minutes - 5.94 MBWhat is a Top Level Domain https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/ Updated CISA Ivanti Policy https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure Cloudflare Publishes Breach Details https://blog.cloudflare.com/thanksgiving-2023-security-incident Vision Pro Update https://support.apple.com/en-us/HT214070
ISC StormCast for Thursday, February 1st, 2024
February 01, 2024 02:00 - 5 minutes - 5 MBThe Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity...
ISC StormCast for Wednesday, January 31st, 2024
January 31, 2024 02:00 - 6 minutes - 5.77 MBWhat did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addres...
ISC StormCast for Tuesday, January 30th, 2024
January 30, 2024 02:15 - 5 minutes - 4.85 MBExploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200
ISC StormCast for Monday, January 29th, 2024
January 29, 2024 02:15 - 7 minutes - 5.92 MBA Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users...
ISC StormCast for Friday, January 26th, 2024
January 26, 2024 02:00 - 6 minutes - 5.47 MBFecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/
ISC StormCast for Thursday, January 25th, 2024
January 25, 2024 02:00 - 5 minutes - 4.69 MBHow Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacke...
ISC StormCast for Wednesday, January 24th, 2024
January 24, 2024 02:00 - 5 minutes - 4.86 MBUpdate on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://ww...
ISC StormCast for Tuesday, January 23rd, 2024
January 23, 2024 02:00 - 7 minutes - 6.12 MBApple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connec...
ISC StormCast for Monday, January 22nd, 2024
January 22, 2024 02:00 - 6 minutes - 5.6 MBmacOS Python Script Replacing Walling Applications with Rogue Apps https://isc.sans.edu/diary/macOS%20Python%20Script%20Replacing%20Wallet%20Applications%20with%20Rogue%20Apps/30572 Microsoft Breach https://msrc.microsoft.com/blog/2024/01/microsoft-actions-following-attack-by-nation-state-actor-midnight-blizzard/ Juniper Vulnerabilities https://labs.watchtowr.com/the-second-wednesday-of-the-first-month-of-every-quarter-juniper-0day-revisited/ Brave Removing Strict Fingerprint Mode ...
ISC StormCast for Friday, January 19th, 2024
January 19, 2024 02:00 - 6 minutes - 5.61 MBMore Scans for Ivanti Connect "Secure" VPN. Exploits Public https://isc.sans.edu/diary/More%20Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN.%20Exploits%20Public/30568 Ivanti Endpoint Manager Mobile / MobileIron Core Vuln exploited CVE-2023-35082 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Attacks against Exposed Databases https://twitter.com/fasterthanlime/status/1741935393413402739 Outlook Vulnerability Discovery and New Ways to Leak NTLM Hashes https://www....
ISC StormCast for Thursday, January 18th, 2024
January 18, 2024 02:00 - 6 minutes - 5.71 MBNumber Usage in Passwords https://isc.sans.edu/diary/Number%20Usage%20in%20Passwords/30540 A Lightweight Method to Detect Potential iOS Malware https://securelist.com/shutdown-log-lightweight-ios-malware-detection-method/111734/ CISA and FBI Release Known IOCs Associated with Androxgh0st Malware https://www.cisa.gov/news-events/alerts/2024/01/16/cisa-and-fbi-release-known-iocs-associated-androxgh0st-malware
ISC StormCast for Wednesday, January 17th, 2024
January 17, 2024 02:00 - 5 minutes - 4.86 MBIvanti Vulnerability Widespread Scanning https://isc.sans.edu/diary/Scans%20for%20Ivanti%20Connect%20%22Secure%22%20VPN%20%20Vulnerability%20%28CVE-2023-46805%2C%20CVE-2024-21887%29/30562 https://www.volexity.com/blog/2024/01/15/ivanti-connect-secure-vpn-exploitation-goes-global/ Citrix Patches Already Exploited Vulnerability https://support.citrix.com/article/CTX584986/netscaler-adc-and-netscaler-gateway-security-bulletin-for-cve20236548-and-cve20236549 Atlassian Confluence Remote C...
ISC StormCast for Tuesday, January 16th, 2024
January 16, 2024 02:00 - 6 minutes - 5.1 MBOne File, Two Payloads https://isc.sans.edu/diary/One%20File%2C%20Two%20Payloads/30558 Ivanti Vulnerability Updates https://labs.watchtowr.com/welcome-to-2024-the-sslvpn-chaos-continues-ivanti-cve-2023-46805-cve-2024-21887/ NVidia DGX H100 and A100 Updates https://nvidia.custhelp.com/app/answers/detail/a_id/5510 GitLab Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2023-7028
ISC StormCast for Friday, January 12th, 2024
January 12, 2024 02:00 - 5 minutes - 4.94 MBTimeline to Remove DSA Support in OpenSSH https://lists.mindrot.org/pipermail/openssh-unix-announce/2024-January/000156.html Juniper Patches https://supportportal.juniper.net/s/global-search/%40uri?language=en_US#sort=%40sfcec_community_publish_date_formula__c%20descending&numberOfResults=50&f:ctype=[Security%20Advisories] ManageEngine ADSelfService Plus Patch CVE-2024-0252 https://www.manageengine.com/products/self-service-password/advisory/CVE-2024-0252.html Atomic Stealer for Mac ...
ISC StormCast for Thursday, January 11th, 2024
January 11, 2024 02:00 - 5 minutes - 4.46 MBJenkins Brute Force Scans https://isc.sans.edu/diary/Jenkins%20Brute%20Force%20Scans/30546 Ivanti Connect Security VPN Vulnerability Exploited https://www.volexity.com/blog/2024/01/10/active-exploitation-of-two-zero-day-vulnerabilities-in-ivanti-connect-secure-vpn/ Zoom Privilege Escalation Vulnerability https://www.zoom.com/en/trust/security-bulletin/ZSB-24001/ Apache Applictions Targeted by Stealthy Attacker https://blog.aquasec.com/threat-alert-apache-applications-targeted-by-st...
ISC StormCast for Wednesday, January 10th, 2024
January 10, 2024 02:00 - 6 minutes - 5.18 MBMicrosoft January 2024 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+January+2024+Patch+Tuesday/30548/ Adobe Vulnerabilities https://helpx.adobe.com/security/products/substance3d_stager/apsb24-06.html CVE-2023-50916: Authentication Coercion Vulnerablity in Kyocera Device Manager https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-50916-authentication-coercion-vulnerability-in-kyocera-device-manager/ Network Connected Wrenches Used in Factories can be ...
ISC StormCast for Tuesday, January 9th, 2024
January 09, 2024 02:00 - 6 minutes - 5.16 MBWhat is That User Agent https://isc.sans.edu/diary/What%20is%20that%20User%20Agent%3F/30536 KyberSlash Vulnerability https://kyberslash.cr.yp.to/faq.html Netfilter DoS Vulnerability CVE-2024-0193 https://access.redhat.com/security/cve/CVE-2024-0193 Cacti Vulnerability https://github.com/Cacti/cacti/security/advisories/GHSA-pfh9-gwm6-86vp
ISC StormCast for Monday, January 8th, 2024
January 08, 2024 02:00 - 5 minutes - 4.41 MBNetstat But Better and in PowerShell https://isc.sans.edu/diary/Netstat%2C%20but%20Better%20and%20in%20PowerShell/30532 Double Phishing Submission https://isc.sans.edu/diary/Are%20you%20sure%20of%20your%20password%3F/30534 Suspicious Prometei Botnet Activity https://isc.sans.edu/diary/Suspicious%20Prometei%20Botnet%20Activity/30538 Spectral Blur Mac Malware https://g-les.github.io/yara/2024/01/03/100DaysofYARA_SpectralBlur.html Google Malware Abusing API is Standard Token Theft no...