Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/...
Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/...
A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/...
"American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-...
One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952...
NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855...
Wireshark Code Execution Exploit https://gitlab.com/wireshark/wireshark/-/issues/17232 Google Chrome Vulnerability Exploited in the Wild https://vulmon.com/vulnerabilitydetails?qid=CVE-2021-21193 Malware Installs Honeypot https://blog.netlab.360.com/new_threat_zhtrap_botnet_en/ Twitter "Memphis" Bug https://www.bleepingcomputer.com/news/technology/twitter-bug-automatically-suspends-you-when-tweeting-memphis/...
Pichktochart - Phishing with Infographics https://isc.sans.edu/forums/diary/Piktochart+Phishing+with+Infographics/27194/ ProxyLogon Public PoC https://www.praetorian.com/blog/reproducing-proxylogon-exploit/ Windows 10 Crashes After March 10th Updates https://www.bleepingcomputer.com/news/microsoft/windows-10-crashes-when-printing-due-to-microsoft-march-updates/ DNS Vulnerability Updates https://www.mcafee.com/blogs/other-blogs/mcafee-labs/seven-windows-wonders-critical-vulnerabilities-in-dns-dyn...
SharpRDP - PSExec with PSExec, PSRemoting without PowerShell https://isc.sans.edu/forums/diary/SharpRDP+PSExec+without+PSExec+PSRemoting+without+PowerShell/27188/ F5 Critical Vulnerabilities https://support.f5.com/csp/article/K02566623 Netgear Updates https://research.nccgroup.com/2021/03/08/technical-advisory-multiple-vulnerabilities-in-netgear-prosafe-plus-jgs516pe-gs116ev2-switches/ Linux Foundation sigstore https://sigstore.dev...
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2021+Patch+Tuesday/27184/ Adobe Updates https://helpx.adobe.com/security.html Network Camera Breach https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams https://www.bleepingcomputer.com/news/security/hackers-access-surveillance-cameras-at-tesla-cloudflare-banks-more/ git vulnerability https://www.openwall.com/lists/oss-security/2021/03/09/3...
YARA and CyberChef https://isc.sans.edu/forums/diary/YARA+and+CyberChef/27180/ Apple Updates Everything https://support.apple.com/en-us/HT201222 Google Adds Port 554 to "Restricted Ports" https://chromium.googlesource.com/chromium/src.git/+/refs/heads/master/net/base/port_util.cc Yet Another Intel Side Channel Attack https://arxiv.org/pdf/2103.03443.pdf...
Update on Microsoft Exchange Vulnerability https://github.com/microsoft/CSS-Exchange/tree/main/Security https://github.com/nccgroup/Cyber-Defence/tree/master/Intelligence/Exchange https://support.microsoft.com/en-us/topic/description-of-the-security-update-for-microsoft-exchange-server-2019-2016-and-2013-march-2-2021-kb5000871-9800a6bb-0a21-4ee7-b9da-fa85b3e1d23b Microsoft Adding Excel 4.0 Macro Hooks to AMSI https://www.microsoft.com/security/blog/2021/03/03/xlm-amsi-new-runtime-defense-against...
From VBS, PowerShell, C Sharp, Process Hollowing to RAT https://isc.sans.edu/forums/diary/From+VBS+PowerShell+C+Sharp+Process+Hollowing+to+RAT/27168/ Cisco Patches Snort Related Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-snort-ethernet-dos-HGXgJH8n VMWare View Planner Update https://www.vmware.com/security/advisories/VMSA-2021-0003.html Google's FLoC Algorithm https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea Supermicro Trickbot ...
Microsoft Exchange Followup https://blog.rapid7.com/2021/03/03/rapid7s-insightidr-enables-detection-and-response-to-microsoft-exchange-0-day/ Saltstack Vulnerability https://www.immersivelabs.com/resources/blog/why-so-salty-local-privilege-escalation-on-saltstack-minions/ GRUB2 Patches https://seclists.org/oss-sec/2021/q1/189 Dependency Confusion in the Wild https://threatpost.com/malicious-code-bombs-amazon-lyft-slack-zillow/164455/...
Qakbot Infection with Cobalt Strike https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike/27158/ Exchange Server 0-Day Exploits https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/ Google Chrome 0-Day Exploits https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop.html...
Fun with DNS over TLS and https://isc.sans.edu/forums/diary/Fun+with+DNS+over+TLS+DoT/27150/ Gootloader Update https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/ AOL Phishing https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/ Spectre Exploit in the Wild https://dustri.org/b/spectre-exploits-in-the-wild.html...
Pretending to be an Outlook Version Update https://isc.sans.edu/forums/diary/Pretending+to+be+an+Outlook+Version+Update/27144/ Geolocating Satori Botnet Scanning Port 26 https://isc.sans.edu/forums/diary/So+where+did+those+Satori+attacks+come+from/27140/ Alexa Skill Security https://www.ndss-symposium.org/wp-content/uploads/ndss2021_5A-1_23111_paper.pdf TMobile Data Breach / SIM Swapping https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach...
Forensicating Azure VMs https://isc.sans.edu/forums/diary/Forensicating+Azure+VMs/27136/ FriarFox Browser Extension Targeting GMail Accounts https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global JSON Parser Inconsistencies https://labs.bishopfox.com/tech-blog/an-exploration-of-json-interoperability-vulnerabilities Apple MacOS Update https://www.reddit.com/r/macbook/comments/kge24m/dead_m1_mac_with_usbc_multiport_adapters/...
Malspam Pushes GuLoader for Remcos RAT https://isc.sans.edu/forums/diary/Malspam+pushes+GuLoader+for+Remcos+RAT/27132/ vCenter Exploit / Vulnerability Details https://swarm.ptsecurity.com/unauth-rce-vmware/#more-2477 DNS CNAME Tracking https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/ Cisco MSO Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-mso-authbyp-bb5GmBQv...
Qakbot In a Response to Full Disclosure Post https://isc.sans.edu/forums/diary/Qakbot+in+a+response+to+Full+Disclosure+post/27130/ Firefox Total Cookie Protection https://blog.mozilla.org/security/2021/02/23/total-cookie-protection/ VMWare ESXi / vCenter Server Update https://www.vmware.com/security/advisories/VMSA-2021-0002.html Replacing Content in Signed PDFs https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1B-4_24117_paper.pdf...
Unprotecting Malicious Documents For Inspection https://isc.sans.edu/forums/diary/Unprotecting+Malicious+Documents+For+Inspection/27126/ Brave Browser DNS Leak https://www.theregister.com/2021/02/22/in_brief_security/ Telephony DoS https://www.ic3.gov/Media/Y2021/PSA210217...
Dynamic Data Exchange (DDE) is Back in the Wild https://isc.sans.edu/forums/diary/Dynamic+Data+Exchange+DDE+is+Back+in+the+Wild/27116/ https://isc.sans.edu/forums/diary/DDE+and+oledump/27122/ macOS Malware "Prototype" https://redcanary.com/blog/clipping-silver-sparrows-wings/ New Phishing Attack Identifed: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Sonicwall SMA 100 Firmware Update https://www.sonicwall.com/support/product-notific...
Malspam Pushes Trickbot gtag rob13 https://isc.sans.edu/forums/diary/Malspam+pushing+Trickbot+gtag+rob13/27112/ AppleJeus https://us-cert.cisa.gov/ncas/alerts/aa21-048a Python 3 Buffer Overflow https://bugs.python.org/issue42938 Apple Platform Security Guide https://support.apple.com/guide/security/welcome/web...
The new "LinkedInSecureMessage" Phish https://isc.sans.edu/forums/diary/The+new+LinkedInSecureMessage/27110/ Apple M1 Optimized Malware https://objective-see.com/blog/blog_0x62.html QNAP Surveilance Station Vulnerability https://www.qnap.com/en/security-advisory/qsa-21-07 Masslogger Exfiltrates User Credentials https://blog.talosintelligence.com/2021/02/masslogger-cred-exfil.html...
More Weirdness on TCP Port 26 https://isc.sans.edu/forums/diary/More+weirdness+on+TCP+port+26/27106/ Microsoft Pulls Servicing Stack Update https://threatpost.com/microsoft-windows-update-patch-tuesday/163981/ Network Monitoring Company Centreon Compromised https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-005.pdf SHAREit Flaw Could Lead to Remote Code Execution https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html VSCode NPM Extension RCE https:...
Securing and Optimizing Networks Using pfSense Traffic Shaper to Combat Bufferbloat https://isc.sans.edu/forums/diary/Securing+and+Optimizing+Networks+Using+pfSense+Traffic+Shaper+Limiters+to+Combat+Bufferbloat/27102/ Apple to Proxy Safe Browsing Requests https://twitter.com/othermaciej/status/1359736220809531393 Power Outages and Some Network Outages as a Result https://downdetector.com Phone Scam Success Rates https://www.helpnetsecurity.com/2021/02/15/lost-money-to-phone-scams/ https://nakeds...
AgentTesla Dropped Through Automatic Click in Microsoft Help File https://isc.sans.edu/forums/diary/AgentTesla+Dropped+Through+Automatic+Click+in+Microsoft+Help+File/27092/ Telegram used to Defraud Delivery Serivces https://thefintechtimes.com/sift-finds-new-telegram-fraud-exploiting-increasing-use-of-food-delivery-services/ Singtel Suffers Zero-DAy Cyberattack https://threatpost.com/singtel-zero-day-cyberattack/163938/ Vulnerabilities in Mobile Health Apps https://approov.io/download/all-that-w...
Agent Tesla Hidden in Historical Anti-Malware Tool https://isc.sans.edu/forums/diary/Agent+Tesla+hidden+in+a+historical+antimalware+tool/27088/ McAfee Total Protection Vulnerabilities https://service.mcafee.com/webcenter/portal/oracle/webcenter/page/scopedMD/s55728c97_466d_4ddb_952d_05484ea932c6/Page29.jspx Intel Patches https://blogs.intel.com/technology/2021/02/ipas-security-advisories-for-february-2021 Discord Used to Distribute Malware https://www.zscaler.com/blogs/security-research/discord-...
Phishing Message to the ISC Handlers E-Mail Distro https://isc.sans.edu/forums/diary/Phishing+message+to+the+ISC+handlers+email+distro/27082/ Google Phishing Statistics https://cloud.google.com/blog/products/workspace/how-gmail-helps-users-avoid-email-scams Adobe Security Updates https://helpx.adobe.com/security/products/acrobat/apsb21-09.html Apple Sudo Patch https://support.apple.com/en-us/HT212177 Number:Jack ISN Generation Weaknesses https://www.forescout.com/company/resources/numberjack-wea...
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2021+Patch+Tuesday/27080/ https://www.theregister.com/2021/02/09/microsoft_patch_tuesday/ Dependency Confusion https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610 https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf...
