Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/...
Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre...
Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party ...
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html...
Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-u...
Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnera...
Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer...
The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/1787...
Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.c...
PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/...
Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/...
Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum...
New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisorie...
A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/...
Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarificatio...
Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://ww...
Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-usi...
Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216...
Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-noo...
Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Ch...
CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ ...
iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/2901...
Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack...
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25...
web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c Lockbit 2 Io...
Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://isc.sans.edu/forums/dia...
Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/secur...
Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.c...
Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automa...
Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpa...
