Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct in MacOS https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/ Significant Vulnerabilities in MacOS Privacy Protections https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections Windows Hello Byp...
Aug 06, 2021•15 min•Ep. 7618
Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/IP Vulnerabilities https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/ Securing the Cloud https://www.sans.org/newsletters/ouch/securely-using-the-cloud/ Lockbit Recruiting Insiders https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-br...
Aug 05, 2021•6 min•Ep. 7616
2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/ Google Chrome Update https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ Google Android Update https://source.android.com/security/bulletin/2021-08-01?h...
Aug 03, 2021•5 min•Ep. 7614
Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ Empty NPM Package has Over 700,000 Downloads https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/ Blocking PetitPotam with netsh RPC Filters https://twitter.com/gentilkiwi/status/1421949715986403329 Pneumatic Tube Vulnerabilities https://www.blackhat.com/us-21...
Aug 03, 2021•6 min•Ep. 7612
Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=2186 Node.JS July 2021 Security Releases https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ Malicious PyPi Packages https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ REvil / Darkside May be Back as Blackmatter https://www.bleepingcomputer.com/news/secur...
Aug 01, 2021•5 min•Ep. 7610
Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 Crimea "manifesto" deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/...
Jul 30, 2021•6 min•Ep. 7608
A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/ Oscorp evolves into UBEL: Advanced Android Malware https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution QOMPLX Reboots Punkspider https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html AFRINIC IPv4 Address...
Jul 29, 2021•9 min•Ep. 7606
Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com/zimbra-webmail-compromise-via-email LockBit Ransomware Uses Group Policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/ Microsoft Extending SafeLinks to Teams https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/m...
Jul 28, 2021•7 min•Ep. 7604
Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic Programming Languages https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages LemonDuck/LemonCat Coinminers Going Multi-OS https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-...
Jul 27, 2021•6 min•Ep. 7602
PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Chrome / Telegram https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html Defunct Video Hosting Site Flooding Normal Websites With Porn https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn...
Jul 26, 2021•6 min•Ep. 7600
Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Available https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisory https://confluence.atlassian.com/adminjira...
Jul 23, 2021•6 min•Ep. 7598
Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Mac https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoors https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices...
Jul 22, 2021•7 min•Ep. 7596
Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layer https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-...
Jul 21, 2021•7 min•Ep. 7594
New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCE https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scams https://threatpost.com/attackers-target-florida-condo-co...
Jul 20, 2021•6 min•Ep. 7592
Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerability https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leaked https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwords https:/...
Jul 19, 2021•6 min•Ep. 7590
USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploited https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoor https://www.bleepingc...
Jul 16, 2021•6 min•Ep. 7588
One way to fail at malspam - give reipients the wrong password https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ SAP Netweaver Vulnerabilities https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Joker Android Fleezware https://blog.zimperium.com/joker-is-still-no-laughing-matter/ less.js RCE https://www.softwaresecured.co...
Jul 15, 2021•6 min•Ep. 7586
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM Vulnerability https://backstage.forgerock.com/knowledge/kb/article/a47894244 GMail Supporting BIMI https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace...
Jul 14, 2021•7 min•Ep. 7584
Kaseya Releases Patch and Hardening Guide https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 Mint Mobile Breach and Porting https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ Twitter Verified Account Mistake https://twitter.com/conspirator0/status/1414475519609999366...
Jul 13, 2021•6 min•Ep. 7582
Scanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware File https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updates https://source.android.com/security/bulletin/2021-07-01 Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicio...
Jul 12, 2021•6 min•Ep. 7580
Using Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload https://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojan https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east https://www.patreon.com/posts/53462690 iCloud Password Reset Weaknesss https://thezerohack.com/apple-...
Jul 09, 2021•6 min•Ep. 7578
Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage...
Jul 08, 2021•6 min•Ep. 7576
Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820...
Jul 07, 2021•9 min•Ep. 7574
Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the...
Jul 06, 2021•7 min•Ep. 7572
Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/...
Jul 04, 2021•5 min•Ep. 7570
Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675...
Jul 02, 2021•8 min•Ep. 7568
CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-i...
Jul 01, 2021•7 min•Ep. 7566
Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-...
Jun 30, 2021•6 min•Ep. 7564
Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/mi...
Jun 28, 2021•6 min•Ep. 7560
Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/...
Jun 25, 2021•6 min•Ep. 7558
