ISC StormCast for Wednesday, May 12th, 2021
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
A brief daily summary of what is important in information security. The podcast is published every weekday and designed to get you ready for the day with a brief, usually 5 minute long, summary of current network security related events. The content is late breaking, educational and based on listener input as well as on input received by the SANS Internet Stormcenter. You may submit questions and comments via our contact form at https://isc.sans.edu/contact.html .
Episodes
ISC StormCast for Tuesday, May 11th, 2021
Validating IP Addresses: Why Encoding Matters https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTags https://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activities https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df...
ISC StormCast for Monday, May 10th, 2021
Who is Probing the Internet for Research Purposes https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attack https://github.com/SIDN/CycleHunter https://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundation https://lore...
ISC StormCast for Friday, May 7th, 2021
Scans for Exposed Azure Storage Containers https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerability https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SF https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announced https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html...
ISC StormCast for Thursday, May 6th, 2021
May 2021 Forensic Contest https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patch https://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HX https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir...
ISC StormCast for Wednesday, May 5th, 2021
Android Update https://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerability https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilities https://www.qualys.com/2021/05/04/21nails/21...
ISC StormCast for Tuesday, May 4th, 2021
Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS https://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange) https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Update https://blog.pulsesecure.net/pul...
ISC StormCast for Monday, May 3rd, 2021
Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input validation https://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilities https://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systems https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via Soni...
ISC StormCast for Friday, April 30th, 2021
From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablities https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04...
ISC StormCast for Thursday, April 29th, 2021
Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246...
ISC StormCast for Wednesday, April 28th, 2021
Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ L...
ISC StormCast for Tuesday, April 27th, 2021
CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/...
ISC StormCast for Monday, April 26th, 2021
Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/...
ISC StormCast for Friday, April 23rd, 2021
How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/...
ISC StormCast for Thursday, April 22nd, 2021
Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/20210421130105.1226686-38-gregkh@linuxfoundation.org/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.co...
ISC StormCast for Wednesday, April 21st, 2021
Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more ...
ISC StormCast for Tuesday, April 20th, 2021
Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Junipe...
ISC StormCast for Monday, April 19th, 2021
Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/...
ISC StormCast for Friday, April 16th, 2021
Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough;...
ISC StormCast for Thursday, April 15th, 2021
April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Lin...
ISC StormCast for Wednesday, April 14th, 2021
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/
ISC StormCast for Tuesday, April 13th, 2021
Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploite...
ISC StormCast for Monday, April 12th, 2021
No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Stri...
ISC StormCast for Friday, April 9th, 2021
Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-az...
ISC StormCast for Thursday, April 8th, 2021
WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security...
ISC StormCast for Wednesday, April 7th, 2021
Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gib...
ISC StormCast for Tuesday, April 6th, 2021
LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/...
ISC StormCast for Monday, April 5th, 2021
C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehacke...
ISC StormCast for Friday, April 2nd, 2021
April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https:/...
ISC StormCast for Thursday, April 1st, 2021
Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax...