SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
1,973 episodes - English - Latest episode: 3 days ago - ★★★★★ - 435 ratingsA brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
ISC StormCast for Wednesday, December 7th, 2022
December 07, 2022 03:30 - 5 minutes - 4.73 MBMirai Botnet and Gafgyt DDoS Team Up https://isc.sans.edu/forums/diary/Mirai%20Botnet%20and%20Gafgyt%20DDoS%20Team%20Up%20Against%20SOHO%20Routers./29304/Gafgyt/Mirai Sample; Packet Tuesday; Packet Tuesday Episode 4: TLS Client Hello https://www.youtube.com/playlist?list=PLs4eo9Tja8biVteSW4a3GHY8qi0t1lFLL Defcon Skimming: A new batch of Web Skimming attacks https://blog.jscrambler.com/defcon-skimming-a-new-batch-of-web-skimming-attacks Fake D-Link Vulnerability used by Moobot http...
ISC StormCast for Tuesday, December 6th, 2022
December 06, 2022 16:07 - 5 minutes - 4.91 MBVLCs Check For Updates No Updates https://isc.sans.edu/diary/VLCs+Check+For+Updates+No+Updates/29300 AMI MegaRAC Baseboard Managment Controller Vulnerabilities https://eclypsium.com/2022/12/05/supply-chain-vulnerabilities-put-server-ecosystem-at-risk/ Netgear IPv6 Firewall Misconfiguration https://medium.com/tenable-techblog/netgear-router-network-misconfiguration-70ac695c81a6 Veritas NetBackup Patch https://www.veritas.com/content/support/en_US/security/VTS22-019
ISC StormCast for Monday, December 5th, 2022
December 05, 2022 04:40 - 9 minutes - 7.54 MBQBot Update https://isc.sans.edu/forums/diary/obama224%20distribution%20Qakbot%20tries%20.vhd%20%28virtual%20hard%20disk%29%20images/29294/ Living of the Land: Unix tools in Windows https://isc.sans.edu/diary/Linux%20LOLBins%20Applications%20Available%20in%20Windows/29296 https://isc.sans.edu/forums/diary/Fingerexe+LOLBin/29298/ CVE-2022-44721 Crowdstrike Falcon Uninstaller https://github.com/purplededa/CVE-2022-44721-CsFalconUninstaller Android Platform Key Leak https://twitter.com...
ISC StormCast for Friday, December 2nd, 2022
December 02, 2022 02:00 - 6 minutes - 5.43 MBQuarkus Java Framework Vulnerability CVE-2022-4116 https://www.contrastsecurity.com/security-influencers/localhost-attack-against-quarkus-developers-contrast-security https://access.redhat.com/security/cve/CVE-2022-4116 FreeBSD Ping RCE CVE-2022-23093 https://www.freebsd.org/security/advisories/FreeBSD-SA-22:15.ping.asc NVidia GPU Display Driver Vulnerablities CVE-2022-34669 https://nvidia.custhelp.com/app/answers/detail/a_id/5415 TrustCor CA Revoked https://www.washingtonpost.co...
ISC StormCast for Thursday, December 1st, 2022
December 01, 2022 02:00 - 5 minutes - 4.85 MBWhat is the deal wtih these router vulnerabilities https://isc.sans.edu/diary/Whats+the+deal+with+these+router+vulnerabilities/29288/ Apple Updates https://support.apple.com/en-us/HT201222 VLC Media Player Updates CVE-2022-41325 https://www.videolan.org/security/sb-vlc3018.html VIN used to authenticate to Sirius XM Connected Vehicle Services https://www.theregister.com/2022/11/30/siriusxm_connected_cars_hacking/
ISC StormCast for Wednesday, November 30th, 2022
November 30, 2022 02:35 - 6 minutes - 5.71 MBLinkedIn Bots https://isc.sans.edu/diary/Identifying%20Groups%20of%20%22Bot%22%20Accounts%20on%20LinkedIn/29282 Oracle Fusion Middle Ware Exploited CVE-2021-35587 https://www.cisa.gov/known-exploited-vulnerabilities-catalog Windows IKE Flaw Exploited CVE-2022-34721 https://www.cyfirma.com/outofband/windows-internet-key-exchange-ike-remote-code-execution-vulnerability-analysis/ Anker Eufy Cameras Sending Images to Cloud even if asked not to https://www.macrumors.com/2022/11/29/eufy-...
ISC StormCast for Tuesday, November 29th, 2022
November 29, 2022 02:00 - 7 minutes - 5.96 MBUkraine Themed Twitter Spam Pushing iOS Scareware https://isc.sans.edu/diary/Ukraine%20Themed%20Twitter%20Spam%20Pushing%20iOS%20Scareware/29276 Google Maps Privacy Issues https://garrit.xyz/posts/2022-11-24-smart-move-google ACER UEFI BIOS Vulnerabilities https://community.acer.com/en/kb/articles/15520-security-vulnerability-regarding-vulnerability-that-may-allow-changes-to-secure-boot-settings OpenSSL Usage in UEFI Firmware Exposes Weakness in SBOMs https://www.binarly.io/posts/O...
ISC StormCast for Monday, November 28th, 2022
November 28, 2022 02:00 - 7 minutes - 5.9 MBLog4Shell campaigns are using Nashorn to get reverse shell on victim's machines https://isc.sans.edu/diary/Log4Shell%20campaigns%20are%20using%20Nashorn%20to%20get%20reverse%20shell%20on%20victim%27s%20machines/29266 Attackers Keep Phishing Victms Under Stress https://isc.sans.edu/diary/Attackers%20Keep%20Phishing%20Victims%20Under%20Stress/29270 Vulnerable SDK components lead to supply chian risks in IoT and OT environments https://www.microsoft.com/en-us/security/blog/2022/11/22/vul...
ISC StormCast for Friday, November 18th, 2022
November 18, 2022 02:00 - 14 minutes - 11.6 MBLessons Learned from Automatic Failover https://isc.sans.edu/diary/Lessons%20Learned%20from%20Automatic%20Failover%3A%20When%208.8.8.8%20%22disappears%22.%20IPv6%20to%20the%20Rescue%3F/29260 Bitbucket Server and Data Center Vulnerability https://jira.atlassian.com/browse/BSERV-13522 Amazon RDS Snapshot Leaks https://www.mitiga.io/blog/how-mitiga-found-pii-in-exposed-amazon-rds-snapshots Adobe Commerce merchants to be hit with TrojanOrders this season https://sansec.io/research/troj...
ISC StormCast for Thursday, November 17th, 2022
November 17, 2022 02:00 - 6 minutes - 5.55 MBEvil Maid Attacks - Remediation for the Cheap https://isc.sans.edu/diary/Evil%20Maid%20Attacks%20-%20Remediation%20for%20the%20Cheap/29256 F5 Big IP CVE-2022-41622 and CVE-2022-41800 Vulnerability Details https://www.rapid7.com/blog/post/2022/11/16/cve-2022-41622-and-cve-2022-41800-fixed-f5-big-ip-and-icontrol-rest-vulnerabilities-and-exposures/ Details about iPad/iOS Neural Engine Vulnerability CVE-2022-32899 https://github.com/0x36/weightBufs/ Disneyland Malware Team: It's a Puny W...
ISC StormCast for Wednesday, November 16th, 2022
November 16, 2022 02:00 - 5 minutes - 4.62 MBPacket Tuesday https://packettuesday.com Stealing Passwords From Infosec Mastodon - Without Bypassing CSP https://portswigger.net/research/stealing-passwords-from-infosec-mastodon-without-bypassing-csp SQLi and Access Flaws in Zendesk https://www.varonis.com/blog/zendesk-sql-injection-and-access-flaws Electric Vehicle Charging Infrastructure https://newsreleases.sandia.gov/ev_security/
ISC StormCast for Tuesday, November 15th, 2022
November 15, 2022 02:45 - 5 minutes - 4.65 MBExtracting "HTTP CONNECT" Requests with Python https://isc.sans.edu/diary/Extracting%20%27HTTP%20CONNECT%27%20Requests%20with%20Python/29246 Windows Kerberos Authentication Breaks After November Updates https://www.bleepingcomputer.com/news/microsoft/windows-kerberos-authentication-breaks-after-november-updates/ https://learn.microsoft.com/en-us/windows/release-health/status-windows-11-22h2#2953msgdesc Cookies for MFA Bypass Gain Traction Among Cyberattackers https://www.darkreading...
ISC StormCast for Monday, November 14th, 2022
November 14, 2022 02:00 - 6 minutes - 5.16 MBExtracting Information From "logfmt" Files with CyberChef https://isc.sans.edu/diary/Extracting%20Information%20From%20%22logfmt%22%20Files%20With%20CyberChef/29244 Soccer Worldcup Risks https://www.theregister.com/2022/11/11/world_cup_security/ https://www.welivesecurity.com/2022/11/11/fifa-world-cup-2022-scams-fake-lotteries-ticket-fraud/ Mysterious Company With Government Ties Plays Key Internet Role https://www.washingtonpost.com/technology/2022/11/08/trustcor-internet-addresses...
ISC StormCast for Friday, November 11th, 2022
November 11, 2022 02:00 - 6 minutes - 5.76 MBDo you collect "Observables" or "IOCs" https://isc.sans.edu/diary/Do%20you%20collect%20%22Observables%22%20or%20%22IOCs%22%3F/29238 Android Update fixes Lock Screen Bypass https://source.android.com/docs/security/bulletin/2022-11-01 https://bugs.xdavidhu.me/google/2022/11/10/accidental-70k-google-pixel-lock-screen-bypass/ libxml Vulnerability Details https://gitlab.gnome.org/GNOME/libxml2/-/issues/381 CVE-2022-45063: xterm remote code execution vulnerability https://www.openwall....
ISC StormCast for Thursday, November 10th, 2022
November 10, 2022 02:00 - 5 minutes - 4.49 MBAnother Script-Based Ransomware https://isc.sans.edu/diary/Another%20Script-Based%20Ransomware/29234 Apple Security Updates https://support.apple.com/en-us/HT201222 Lenovo UEFI Patch https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/ FoxIT Update https://www.foxit.com/support/security-bulletins.html SAP Update https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10
ISC StormCast for Wednesday, November 9th, 2022
November 09, 2022 02:00 - 7 minutes - 6.3 MBMicrosoft Patches https://isc.sans.edu/diary/Microsoft%20November%202022%20Patch%20Tuesday/29230 VMWare Workspace One Updates CVE-2022-31686, CVE-2022-31687, CVE-2022-31688 https://www.vmware.com/security/advisories/VMSA-2022-0028.html Citrix Gateway / Citrix ADC Vulnerabilities CVE-2022-27510 https://support.citrix.com/article/CTX463706/citrix-gateway-and-citrix-adc-security-bulletin-for-cve202227510-cve202227513-and-cve202227516 Microsoft Exchange Updates https://msrc-blog.micr...
ISC StormCast for Tuesday, November 8th, 2022
November 08, 2022 02:00 - 6 minutes - 5.14 MBIPv4 Address Representations https://isc.sans.edu/diary/IPv4%20Address%20Representations/29224 Azure AD Certificate-based Authentication (CBA) on Mobile https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/azure-ad-certificate-based-authentication-cba-on-mobile/ba-p/2365672 Twitter Scams https://nakedsecurity.sophos.com/2022/11/04/twitter-blue-badge-email-scams-dont-fall-for-them/ Facebook Personal Information Removal https://www.facebook.com/contacts/removal RSA C...
ISC StormCast for Monday, November 7th, 2022
November 07, 2022 02:00 - 5 minutes - 4.76 MBRemcos Downloader With Unicode Obfuscation https://isc.sans.edu/diary/Remcos%20Downloader%20with%20Unicode%20Obfuscation/29220 Windows Malware With VHD Extension https://isc.sans.edu/diary/Windows%20Malware%20with%20VHD%20Extension/29222 PyPi Packages Attempting to Deliver w4sp Stealer https://blog.phylum.io/phylum-discovers-dozens-more-pypi-packages-attempting-to-deliver-w4sp-stealer-in-ongoing-supply-chain-attack
ISC StormCast for Friday, November 4th, 2022
November 04, 2022 02:00 - 6 minutes - 5.87 MBBreakpoints in Burp https://isc.sans.edu/forums/diary/Breakpoints%20in%20Burp/29214/ TA569 Supply Chain Attack Injects JavaScript https://twitter.com/threatinsight/status/1587865920130752515 https://www.darkreading.com/application-security/supply-chain-attack-pushes-out-malware-to-more-than-250-media-websites Link to old story similar to the above JavaScript injection https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/ Hitachi Infrastructure Analytics Advisor http...
ISC StormCast for Thursday, November 3rd, 2022
November 03, 2022 02:00 - 6 minutes - 5.27 MBWho Put the "Dark" in DarkVNC? https://isc.sans.edu/forums/diary/Who+put+the+Dark+in+DarkVNC/29210 sigstore General Availability https://openssf.org/press-release/2022/10/25/sigstore-announces-general-availability-at-sigstorecon/ https://github.blog/2022-10-25-why-were-excited-about-the-sigstore-general-availability/ URLScan.io's SOAR Spot: Chatty Security Tools Leaking Private Data https://positive.security/blog/urlscan-data-leaks Checkmk: Remote Code Execution by Chaining Multipl...
ISC StormCast for Wednesday, November 2nd, 2022
November 02, 2022 02:00 - 8 minutes - 6.78 MBOpenSSL 3.0 Punycode Vulnerability Fix https://isc.sans.edu/forums/diary/Critical+OpenSSL+30+Update+Released+Patches+CVE20223786+CVE20223602/29208 https://www.openssl.org/blog/blog/2022/11/01/email-address-overflows/
ISC StormCast for Tuesday, November 1st, 2022
November 01, 2022 02:00 - 6 minutes - 5.44 MBNMAP without NMAP - Port Testing and Scanning with PowerShell https://isc.sans.edu/diary/NMAP+without+NMAP+Port+Testing+and+Scanning+with+PowerShell/29202 ConnectWise Recover and R1Soft Server Backup Critical Vulnerability https://www.connectwise.com/company/trust/security-bulletins/r1soft-and-recover-security-bulletin Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/10/stable-channel-update-for-desktop_27.html LODEINFO 2022 Abusing Security Software https://sec...
ISC StormCast for Monday, October 31st, 2022
October 31, 2022 02:00 - 5 minutes - 5.07 MBSupersizing you DUO and 365 Integration https://isc.sans.edu/forums/diary/Supersizing%20your%20DUO%20and%20365%20Integration/29194/ TCP/IP Vulnerability CVE-2022 34718 PoC Restoration and Analysis https://medium.com/numen-cyber-labs/analysis-and-summary-of-tcp-ip-protocol-remote-code-execution-vulnerability-cve-2022-34718-8fcc28538acf Juniper SSLVON / JunOS RCE Vulnerabilities https://octagon.net/blog/2022/10/28/juniper-sslvpn-junos-rce-and-multiple-vulnerabilities/ Raspberry Robin U...
ISC StormCast for Friday, October 28th, 2022
October 28, 2022 02:00 - 5 minutes - 5.06 MBUpcoming Critical OpenSSL Vulnerability: What will be Affected? https://isc.sans.edu/forums/diary/Upcoming+Critical+OpenSSL+Vulnerability+What+will+be+Affected/29192 Apple Updates https://support.apple.com/en-us/HT201222 Fodcha Botnet Reaches 1Tbps https://blog.netlab.360.com/ddosmonster_the_return_of__fodcha_cn/ https://www.bleepingcomputer.com/news/security/fodcha-ddos-botnet-reaches-1tbps-in-power-injects-ransoms-in-packets/
ISC StormCast for Thursday, October 27th, 2022
October 27, 2022 02:00 - 6 minutes - 5.26 MBWhy is My Cat Using Baidu And Other IoT DNS Oddities https://isc.sans.edu/forums/diary/Why+is+My+Cat+Using+Baidu+And+Other+IoT+DNS+Oddities/29188 OpenSSL Critical Flaw to Be Patched https://mta.openssl.org/pipermail/openssl-announce/2022-October/000238.html MacOS Ventura Blocks Security Tools https://www.wired.com/story/apple-macos-ventura-bug-security-tools/ Critical VMWare Security Tools https://www.vmware.com/security/advisories/VMSA-2022-0027.html
ISC StormCast for Wednesday, October 26th, 2022
October 26, 2022 02:00 - 5 minutes - 5.01 MBMassing Cryptomining Operation via Github Actions https://sysdig.com/blog/massive-cryptomining-operation-github-actions/ Daixin Team Ransomware Targeting Healthcare Providers https://www.ic3.gov/Media/News/2022/221021.pdf Cisco Anyconnect Client Exploited in the Wild https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-dll-F26WwJW https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ac-win-path-traverse-qO4HWBsj SQLite ...
ISC StormCast for Tuesday, October 25th, 2022
October 25, 2022 02:00 - 6 minutes - 5.37 MBC2 Communications Through Outlook.com https://isc.sans.edu/forums/diary/C2+Communications+Through+outlookcom/29180 Apple Patches Everything October 2022 Edition https://isc.sans.edu/forums/diary/Apple%20Patches%20Everything%3A%20October%202022%20Edition/29182/ Cisco ISE Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ise-path-trav-Dz5dpzyM Dormant Colors Live Campaign With Over 1m Data Stealing Extensions Installed https://guardiosecurity.medium...
ISC StormCast for Monday, October 24th, 2022
October 24, 2022 02:00 - 6 minutes - 5.73 MBSczriptzzbn Inject Pushes Malware for NetSupport RAT https://isc.sans.edu/forums/diary/sczriptzzbn%20inject%20pushes%20malware%20for%20NetSupport%20RAT/29170/ rtfdump find options https://isc.sans.edu/forums/diary/rtfdumps+Find+Option/29174 Exploited Windows Zero Day Lets JavaScript Files Bypass Security Warnings https://www.bleepingcomputer.com/news/security/exploited-windows-zero-day-lets-javascript-files-bypass-security-warnings/ A study of malicious CVE proof of concept exploits ...
ISC StormCast for Friday, October 21st, 2022
October 21, 2022 02:00 - 5 minutes - 5.02 MBForensic Value of Prefetch https://isc.sans.edu/forums/diary/Forensic%20Value%20of%20Prefetch/29168/ Microsoft TLS Fix https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5 CISA Releases ScubaGear to Audit M365 https://github.com/cisagov/ScubaGear HTTP/3 Connection Contamination https://portswigger.net/research/http-3-connection-contamination
ISC StormCast for Thursday, October 20th, 2022
October 20, 2022 02:00 - 6 minutes - 5.18 MBAre Internet Scanning Services Good or Bad for You? https://isc.sans.edu/forums/diary/Are+Internet+Scanning+Services+Good+or+Bad+for+You/29164 FBI Warns of Student Loan Foregiveness Scams https://www.ic3.gov/Media/Y2022/PSA221018 Fully Undetectable Powershell Backdoor https://www.safebreach.com/resources/blog/safebreach-labs-researchers-uncover-new-fully-undetectable-powershell-backdoor/
ISC StormCast for Wednesday, October 19th, 2022
October 19, 2022 02:00 - 5 minutes - 4.66 MBPython Obfuscation for Dummies https://isc.sans.edu/forums/diary/Python%20Obfuscation%20for%20Dummies/29160/ Oracle October 2022 Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2022.html Weak Encryption in Microsoft Office 365 https://labs.withsecure.com/advisories/microsoft-office-365-message-encryption-insecure-mode-of-operation Tesla 3 Hack https://www.synacktiv.com/sites/default/files/2022-10/tesla_hexacon.pdf
ISC StormCast for Tuesday, October 18th, 2022
October 18, 2022 02:00 - 6 minutes - 5.42 MBFileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/
ISC StormCast for Monday, October 17th, 2022
October 17, 2022 02:00 - 5 minutes - 5.07 MBHorizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-...
ISC StormCast for Friday, October 14th, 2022
October 14, 2022 02:00 - 5 minutes - 5.05 MBAlchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes
ISC StormCast for Thursday, October 13th, 2022
October 13, 2022 02:00 - 5 minutes - 4.34 MBAdobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/...
ISC StormCast for Wednesday, October 12th, 2022
October 12, 2022 02:00 - 5 minutes - 5.05 MBMicrosoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a
ISC StormCast for Tuesday, October 11th, 2022
October 11, 2022 02:00 - 6 minutes - 5.3 MBWireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf
ISC StormCast for Monday, October 10th, 2022
October 10, 2022 02:00 - 6 minutes - 5.4 MBFortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart B...
ISC StormCast for Friday, October 7th, 2022
October 07, 2022 02:00 - 5 minutes - 5.03 MBInfosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/
ISC StormCast for Wednesday, October 5th, 2022
October 05, 2022 02:00 - 5 minutes - 4.58 MBCredential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://b...
ISC StormCast for Tuesday, October 4th, 2022
October 04, 2022 02:00 - 5 minutes - 4.31 MBMicrosoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/
ISC StormCast for Monday, October 3rd, 2022
October 03, 2022 02:00 - 5 minutes - 4.54 MBMicrosoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html
ISC StormCast for Friday, September 30th, 2022
September 30, 2022 02:00 - 6 minutes - 5.14 MBPNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-p...
ISC StormCast for Thursday, September 29th, 2022
September 29, 2022 02:00 - 6 minutes - 5.56 MB10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Significant Increase in Texting Scams https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative https://blog.cloudflare.com/turnstile-private-captcha-alternat...
ISC StormCast for Wednesday, September 28th, 2022
September 28, 2022 02:00 - 7 minutes - 5.99 MBDNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security
ISC StormCast for Tuesday, September 27th, 2022
September 27, 2022 02:00 - 5 minutes - 5.04 MBEasy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528
ISC StormCast for Monday, September 26th, 2022
September 26, 2022 02:00 - 5 minutes - 4.91 MBKids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://di...
ISC StormCast for Friday, September 23rd, 2022
September 23, 2022 02:00 - 5 minutes - 4.58 MBRAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222
ISC StormCast for Thursday, September 22nd, 2022
September 22, 2022 02:00 - 6 minutes - 5.75 MBPhishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets
ISC StormCast for Wednesday, September 21st, 2022
September 21, 2022 02:00 - 6 minutes - 5.47 MBChainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478