Jolokie Scans: Possible Hunt for Vulnerable Apache Geode Servers https://isc.sans.edu/diary/Jolokia+Scans%3A+Possible+Hunt+for+Vulnerable+Apache+Geode+Servers+%28CVE-2022-37021%29/29006 Microsoft Basic Authentication Deprecation in Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/basic-authentication-deprecation-in-exchange-online-september/ba-p/3609437 Mobile App Supply Chain Vulnerabilities Could Endanger Sensitive Business Information https://symantec-enterprise-blogs...
Sep 02, 2022•7 min•Ep 8158•Transcript available on Metacast Underscores and DNS: The Privacy Story https://isc.sans.edu/diary/Underscores+and+DNS%3A+The+Privacy+Story/29002 iOS 12.5.6 Update https://support.apple.com/en-us/HT201222 Malware Disguised as Google Translate Desktop App https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/ Apache Geode Deserialization Flaw https://lists.apache.org/thread/qrvhmytsshsk5xcb68pwccw3y6m8o8nr Foxit PDF Reader Up...
Sep 01, 2022•6 min•Ep 8156•Transcript available on Metacast Two things that will never die: bash scripts and irc https://isc.sans.edu/diary/Two+things+that+will+never+die%3A+bash+scripts+and+IRC%21/28998 Malware using James Webb Telescope images https://www.securonix.com/blog/golang-attack-campaign-gowebbfuscator-leverages-office-macros-and-james-webb-images-to-infect-systems/ Malicious Chrome Extensions https://www.mcafee.com/blogs/other-blogs/mcafee-labs/malicious-cookie-stuffing-chrome-extensions-with-1-4-million-users/ Chromium Based Browsers Allow A...
Aug 31, 2022•7 min•Ep 8154•Transcript available on Metacast Update: VBA Malcode & UTF7 (APT-C-35) https://isc.sans.edu/diary/Update%3A+VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28994 Twilio Breach used to access 2FA Tokens https://sec.okta.com/scatterswine Popular PDF Reader Adware https://www.malwarebytes.com/blog/news/2022/08/adware-found-on-google-play-pdf-reader-servicing-up-full-screen-ads Google changing its VPN Ad Blocker Policy https://support.google.com/googleplay/android-developer/answer/12253906?hl=en...
Aug 30, 2022•6 min•Ep 8152•Transcript available on Metacast Dealing With False Positives when Scanning Memory Dumps for Cobalt Strike Beacons https://isc.sans.edu/diary/Dealing+With+False+Positives+when+Scanning+Memory+Dumps+for+Cobalt+Strike+Beacons/28990 HTTP2 Packet Analysis with Wireshark https://isc.sans.edu/diary/HTTP2+Packet+Analysis+with+Wireshark/28986 Paypal Phishing/Coinbase in One Image https://isc.sans.edu/diary/Paypal+PhishingCoinbase+in+One+Image/28984 Sysinternals Updates: Sysmon v14.0 and ZoomIt v6.01 https://isc.sans.edu/diary/Sysintern...
Aug 29, 2022•6 min•Ep 8150•Transcript available on Metacast Taking Apart URL Shorteners https://isc.sans.edu/diary/Taking+Apart+URL+Shorteners/28980 Python Developers Phished for PyPi Credentials https://twitter.com/pypi/status/1562442188285308929 Group IB Connects Twilio and Cloudflare Phishing attacks to others https://www.helpnetsecurity.com/2022/08/25/0ktapus-twilio-cloudflare-phishers-targets/ Ransomware Actor Abuses Genshin Impact Anti-Cheat Driver to Kill Antivirus https://www.trendmicro.com/en_us/research/22/h/ransomware-actor-abuses-genshin-impa...
Aug 26, 2022•7 min•Ep 8148•Transcript available on Metacast Monster Libra -> IcedID -> Cobalt Strike and DarkVNC https://isc.sans.edu/forums/diary/VNC/28974/ Is Tox the New C&C Method for Coinminers? https://www.uptycs.com/blog/is-tox-the-new-cc-method-for-coinminers Carbon Black Blue Screens https://community.carbonblack.com/t5/Knowledge-Base/Endpoint-Standard-Sudden-Blue-Screens-on-Windows-Devices-23rd/ta-p/114369 Gitlab Vulnerability https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/#Remote%20Command%20Execu...
Aug 25, 2022•6 min•Ep 8146•Transcript available on Metacast Who's Looking at Your security.txt File https://isc.sans.edu/diary/Who%27s+Looking+at+Your+security.txt+File%3F/28972 Assessing Python Malware Detectors with a Benchmark Dataset https://blog.chainguard.dev/taming-python-malware-scanners/ New Iranian APT Data Extraction Tool https://blog.google/threat-analysis-group/new-iranian-apt-data-extraction-tool/ Firefox Update https://www.mozilla.org/en-US/security/advisories/mfsa2022-33/ IBM MQ Update https://www.ibm.com/support/pages/node/6613021...
Aug 24, 2022•7 min•Ep 8144•Transcript available on Metacast 32 or 64 Bits Malware https://isc.sans.edu/diary/32+or+64+bits+Malware%3F/28968 Proxies and Configurations Used for Credential Stuffing Attacks https://www.ic3.gov/Media/News/2022/220818.pdf DirtyCred Linux Privilege Escalation Vulnerablity https://www.blackhat.com/us-22/briefings/schedule/#cautious-a-new-exploitation-method-no-pipe-but-as-nasty-as-dirty-pipe-27169 Fake DDos Pages on WordPress Sites Lead to Drive-By-Downloads https://blog.sucuri.net/2022/08/fake-ddos-pages-on-wordpress-lead-to-d...
Aug 23, 2022•7 min•Ep 8142•Transcript available on Metacast Brazil malspam pushes Astaroth (Guildma) malware https://isc.sans.edu/diary/Brazil+malspam+pushes+Astaroth+%28Guildma%29+malware/28962 Android Ring App XSS https://checkmarx.com/blog/amazon-quickly-fixed-a-vulnerability-in-ring-android-app-that-could-expose-users-camera-recordings/ iOS in App Browser Security Issues https://krausefx.com/blog/announcing-inappbrowsercom-see-what-javascript-commands-get-executed-in-an-in-app-browser iOS in-App Browser Issues https://krausefx.com/blog/ios-privacy-in...
Aug 22, 2022•6 min•Ep 8140•Transcript available on Metacast Honeypot Attack Summaries with Python https://isc.sans.edu/diary/Honeypot+Attack+Summaries+with+Python/28956 TP-Link Vulnerability https://blog.viettelcybersecurity.com/1day-to-0day-on-tl-link-tl-wr841n/ Safari Update https://support.apple.com/en-us/HT213414 iOS VPN Leaks https://www.michaelhorowitz.com/VPNs.on.iOS.are.scam.php Janet Jackson Hard Drive DDoS https://devblogs.microsoft.com/oldnewthing/20220816-00/?p=106994...
Aug 19, 2022•6 min•Ep 8138•Transcript available on Metacast A Quick VoIP Experiment https://isc.sans.edu/diary/A+Quick+VoIP+Experiment/28950 Apple Patches Two Exploited Vulnerabilities https://isc.sans.edu/diary/Apple+Patches+Two+Exploited+Vulnerabilities/28952 Google Chrome Update https://chromereleases.googleblog.com/2022/08/stable-channel-update-for-desktop_16.html Cisco staystaystay exploit tool https://www.youtube.com/watch?v=ySgbHClk9HE...
Aug 18, 2022•6 min•Ep 8136•Transcript available on Metacast VBA Maldoc and UTF7 (APT-C-35) https://isc.sans.edu/diary/VBA+Maldoc+%26+UTF7+%28APT-C-35%29/28946 Disrupting SEABORGIUM's Ongoing Phishing Operations https://www.microsoft.com/security/blog/2022/08/15/disrupting-seaborgiums-ongoing-phishing-operations/ UWB Real Time Location Systems: How Secure Radio Communcations May Fail in Practice....
Aug 17, 2022•6 min•Ep 8134•Transcript available on Metacast Realtek CVE-2022-27255 Followup (snort signature and presentation) https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 MacOS Privilege Escalation https://sector7.computest.nl/post/2022-08-process-injection-breaking-all-macos-security-layers-with-a-single-vulnerability/ Zoom Update https://explore.zoom.us/en/trust/security/security-bulletin/ Microsoft Block Vulnerable Bootloaders https://eclypsium.com/2022/08/11/vuln...
Aug 16, 2022•7 min•Ep 8132•Transcript available on Metacast Realtek eCOS SDK SIP ALG Vulnerability https://isc.sans.edu/diary/Realtek+SDK+SIP+ALG+Vulnerability%3A+A+Big+Deal%2C+but+not+much+you+can+do+about+it.+CVE+2022-27255/28940 Phishing HTML Attachment as Voicemail Audio Transcription https://isc.sans.edu/diary/Phishing+HTML+Attachment+as+Voicemail+Audio+Transcription/28938 CVE-2022-0028 PAN-OS: Reflected Amplification Denial-of-Service Vulnerability https://security.paloaltonetworks.com/CVE-2022-0028...
Aug 15, 2022•12 min•Ep 8130•Transcript available on Metacast InfoStealer Script Based on Curl and NSudo https://isc.sans.edu/diary/InfoStealer+Script+Based+on+Curl+and+NSudo/28932 Cisco Breach Details https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html Ivanti Pulse Connect Secure Privilege Escalation Vulnerability https://gist.github.com/JGarciaSec/2060ec1c8efc1d573a1ddb754c6b4f84 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software RSA Private Key Leak Vulnerablity https://tools.cisco.com/security/center/conten...
Aug 12, 2022•7 min•Ep 8128•Transcript available on Metacast And Here They Come Again: DNS Reflection Attacks https://isc.sans.edu/diary/And+Here+They+Come+Again%3A+DNS+Reflection+Attacks/28928 Rapid 7 Defaultinator https://defaultinator.com Zimbra Mass Compromise https://www.volexity.com/blog/2022/08/10/mass-exploitation-of-unauthenticated-zimbra-rce-cve-2022-27925/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0022.html Microsoft Vulnerability and IPS/Snort https://community.meraki.com/t5/Meraki-Service-Notices/Micro...
Aug 11, 2022•6 min•Ep 8126•Transcript available on Metacast Microsoft August 2022 Patch Tuesday https://isc.sans.edu/diary/Microsoft+August+2022+Patch+Tuesday/28924 AEPIC Leak https://aepicleak.com Adobe security bulletins https://helpx.adobe.com/security/security-bulletin.html
Aug 10, 2022•6 min•Ep 8124•Transcript available on Metacast JSON All the Logs! https://isc.sans.edu/diary/JSON+All+the+Logs%21/28920 Microsoft Edge Enhanced Security https://docs.microsoft.com/en-us/deployedge/microsoft-edge-security-browse-safer Malicious Python Packages https://www.darkreading.com/application-security/10-malicious-packages-slither-pypi-registry New Orchard Botnet https://blog.netlab.360.com/a-new-botnet-orchard-generates-dga-domains-with-bitcoin-transaction-information/...
Aug 09, 2022•6 min•Ep 8122•Transcript available on Metacast Exim Vulnerability Silently Patched https://github.com/ivd38/exim_overflow DuckDuckGo Stopping Microsoft Tracking Code https://spreadprivacy.com/more-privacy-and-transparency/ Emergency Broadcast Messaging System Vulnerabilities https://content.govdelivery.com/accounts/USDHSFEMA/bulletins/3263326 Slack Leaks Hashed Passwords https://slack.com/intl/en-in/blog/news/notice-about-slack-password-resets Zimbra Flaw Exploited https://nvd.nist.gov/vuln/detail/CVE-2022-27924...
Aug 08, 2022•6 min•Ep 8120•Transcript available on Metacast TLP 2.0 is Here https://isc.sans.edu/diary/TLP+2.0+is+here/28914 Hijacking email with Cloudflare Email Routing https://albertpedersen.com/blog/hijacking-email-with-cloudflare-email-routing/ rsync arbitrary file write vulnerablity https://www.openwall.com/lists/oss-security/2022/08/02/1 Local privilege escalation in Kaspersky VPN https://www.synopsys.com/blogs/software-security/cyrc-advisory-kasperksy-vpn-microsoft-windows/...
Aug 05, 2022•7 min•Ep 8118•Transcript available on Metacast l9explore and LeakIX Internet Wide Recon Scans https://isc.sans.edu/diary/l9explore+and+LeakIX+Internet+wide+recon+scans./28910 Arris / Arris Variant DSL/Fiber Router Critical Vulnerability http://derekabdine.com/blog/2022-arris-advisory 35,000 Malicious Repo Forks Flood GitHub https://www.bleepingcomputer.com/news/security/35-000-code-repos-not-hacked-but-clones-flood-github-to-serve-malware/ Palo Alto Master Key https://twitter.com/rqu50/status/1554566757704089600#m Laravel Unserialize RCE htt...
Aug 04, 2022•7 min•Ep 8116•Transcript available on Metacast Increase in Chinese "Hacktivism" Attacks https://isc.sans.edu/diary/Increase+in+Chinese+%22Hacktivism%22+Attacks/28906 Zoho Password Manager Exploit https://xz.aliyun.com/t/11578 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0021.html https://twitter.com/VietPetrus Manjusaka: A Chinese sibling of Sliver and Cobalt Strike https://blog.talosintelligence.com/2022/08/manjusaka-offensive-framework.html...
Aug 03, 2022•6 min•Ep 8114•Transcript available on Metacast A Little DDoS in the Morning https://isc.sans.edu/diary/A+Little+DDoS+In+the+Morning/28900 Exposed Twitter API Keys https://cloudsek.com/whitepapers_reports/how-leaked-twitter-api-keys-can-be-used-to-build-a-bot-army/ TCL LinkHub Serialization Issues https://blog.talosintelligence.com/2022/08/vulnerability-spotlight-how-misusing.html Jenkins Plugin Updates https://www.jenkins.io/security/advisory/2022-07-27/...
Aug 02, 2022•7 min•Ep 8112•Transcript available on Metacast PDF Analysis Introduction and OpenActions Entries https://isc.sans.edu/diary/PDF+Analysis+Intro+and+OpenActions+Entries/28894 IPFS The New Hotbed of Phishing https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/ipfs-the-new-hotbed-of-phishing/ Mail Stealing Browser Extension https://www.volexity.com/blog/2022/07/28/sharptongue-deploys-clever-mail-stealing-browser-extension-sharpext/ Lofylife Malicious NPM Packages https://securelist.com/lofylife-malicious-npm-packages/107014/ IP Camer...
Aug 01, 2022•9 min•Ep 8110•Transcript available on Metacast Exfiltrating Data with Bookmarks https://isc.sans.edu/diary/Exfiltrating+Data+With+Bookmarks/28890 Critical Samba Bug Could Let Anyone Become Domain Admin https://nakedsecurity.sophos.com/2022/07/27/critical-samba-bug-could-let-anyone-become-domain-admin-patch-now/ Apple IP Address Range Hijacked by Rostelecom https://www.manrs.org/2022/07/for-12-hours-was-part-of-apple-engineerings-network-hijacked-by-russias-rostelecom/ Veritas Patches https://www.veritas.com/content/support/en_US/security/VTS...
Jul 29, 2022•7 min•Ep 8108•Transcript available on Metacast IcedID (BokBot) with Dark VNC and Cobalt Strike https://isc.sans.edu/diary//28884 Web Assembly Crypto Miners https://blog.sucuri.net/2022/07/cryptominers-webassembly-in-website-malware.html Subzero and Knotweed https://www.microsoft.com/security/blog/2022/07/27/untangling-knotweed-european-private-sector-offensive-actor-using-0-day-exploits/...
Jul 28, 2022•6 min•Ep 8106•Transcript available on Metacast How is Your macOS Security Posture https://isc.sans.edu/diary/How+is+Your+macOS+Security+Posture%3F/28882 Registry file with Executable Payload https://www.x86matthew.com/view_post?id=embed_exe_reg Targeted Phishing of Facebook Business Users https://labs.withsecure.com/assets/BlogFiles/Publications/WithSecure_Research_DUCKTAIL.pdf Forwarding Address is Hard https://www.synacktiv.com/publications/cve-2022-31813-forwarding-addresses-is-hard.html...
Jul 27, 2022•6 min•Ep 8104•Transcript available on Metacast PowerShell Script with Fileless Capability https://isc.sans.edu/diary/PowerShell+Script+with+Fileless+Capability/28878 With Management Comes Risk: Finding Flaws in Filewave MDM https://claroty.com/2022/07/25/blog-research-with-management-comes-risk-finding-flaws-in-filewave-mdm/ CosmicStrand: the discovery of a sophisticated UEFI firmware rootkit https://securelist.com/cosmicstrand-uefi-firmware-rootkit/106973/...
Jul 26, 2022•7 min•Ep 8102•Transcript available on Metacast An Analysis of a Discerning Phishing Website https://isc.sans.edu/diary/An+Analysis+of+a+Discerning+Phishing+Website+/28870 Sonicwall Vulnerability https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0007 Sh*load Exploids Episdoe V: Return of the Error https://dellfer.com/shload-exploits-episode-v-return-of-the-error/...
Jul 25, 2022•6 min•Ep 8100•Transcript available on Metacast 
