DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researche...
Jun 24, 2021•6 min•Ep 7556•Transcript available on Metacast Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for...
Jun 23, 2021•6 min•Ep 7554•Transcript available on Metacast Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabili...
Jun 22, 2021•5 min•Ep 7552•Transcript available on Metacast Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1...
Jun 21, 2021•6 min•Ep 7550•Transcript available on Metacast Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/...
Jun 18, 2021•6 min•Ep 7548•Transcript available on Metacast June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-...
Jun 17, 2021•5 min•Ep 7546•Transcript available on Metacast Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-mo...
Jun 16, 2021•6 min•Ep 7544•Transcript available on Metacast Apple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Multiple Vulnerabilities https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ Bypassing MFA in Exchange Online https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-l...
Jun 15, 2021•6 min•Ep 7542•Transcript available on Metacast EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still Exploited https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Fr...
Jun 14, 2021•7 min•Ep 7540•Transcript available on Metacast Are Cookie Banners a Waste of Time or a Complete Waste of Time? https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/ Citrix Application Delivery Controller Vulnerability https://support.citrix.com/article/CTX297155 VoIP Monitor GUI XSS https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/ Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ https://www.synopsys.com/blogs/software-security/cyrc-adviso...
Jun 11, 2021•7 min•Ep 7538•Transcript available on Metacast Architecture, Compilers and Black Magic https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/ ALPACA TLS Attack https://alpaca-attack.com/ALPACA.pdf Google Chrome Update https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html...
Jun 10, 2021•6 min•Ep 7536•Transcript available on Metacast Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/ PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html Adobe Updates https://helpx.adobe.com/security.html Let's Encrypt and CentOS 7 https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3...
Jun 09, 2021•7 min•Ep 7534•Transcript available on Metacast Amazon Sidewalk https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/ Windows Container Malware https://unit42.paloaltonetworks.com/siloscape/ Darkside Ransom Confiscated https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945...
Jun 08, 2021•6 min•Ep 7532•Transcript available on Metacast Strange Goings on With Port 37 https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/ QNAP Video Station RCE Vulnerability https://www.qnap.com/de-de/security-advisory/qsa-21-21 Updated GitHub Policy https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/ Cisco WebEx Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT VMWare vCenter Server Vulnerability Actively Ex...
Jun 07, 2021•5 min•Ep 7530•Transcript available on Metacast Script to Test CIS Zoom Benchmark https://github.com/turbot/steampipe-mod-zoom-compliance F5 BIG-IP Edge Client for Windows Vulnerability https://support.f5.com/csp/article/K20346072 Fancy Product Designer Wordpress Plugin Vulnerability https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/ WordPress Pushes Jetpack Plugin Patch https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ We....
Jun 04, 2021•6 min•Ep 7528•Transcript available on Metacast Realtek RTL8170C Vulnerabilities https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day Huawei LTE USB Stick E3372 Vulnerablity https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/ NortonLifeLock Crypto https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx OpenPGP RNP Patch https://www.rnpgp.org/advisories/ri-2021-001/...
Jun 03, 2021•5 min•Ep 7526•Transcript available on Metacast Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/ Bypassing Protected Folders Protections https://dl.acm.org/doi/10.1145/3431286 Firefox 89 Released https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ Microsoft Edge Will make https default https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-yo...
Jun 02, 2021•6 min•Ep 7524•Transcript available on Metacast Malicious PowerShell Hosted on script.google.com https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/ Sonicwall Advisory https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/ Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us Memory Protection Bypa...
Jun 01, 2021•5 min•Ep 7522•Transcript available on Metacast AV evasion with 64-bit Executables https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/ Unpatches WebKit Vulnerablity in iOS/macOS https://blog.theori.io/research/webkit-type-confusion/ VSCode Extension Vulnerabilities https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/ M1RACLES https://m1racles.com...
May 28, 2021•7 min•Ep 7520•Transcript available on Metacast A Survey of Bluetooth Vulnerabilities https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/ Google Chrome Update https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html Attacks on PDF Certification https://www.pdf-insecurity.org nginx vulnerability https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/...
May 27, 2021•6 min•Ep 7518•Transcript available on Metacast Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/ VMware Advisory https://www.vmware.com/security/advisories/VMSA-2021-0010.html Trend Micro Bugs https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html...
May 26, 2021•5 min•Ep 7516•Transcript available on Metacast Apple Patches 0-Days https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/ https://support.apple.com/en-us/HT201222 Bluetooth Vulnerabilities https://kb.cert.org/vuls/id/799380 https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf NAGIOS Vulnerabilities https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/...
May 25, 2021•5 min•Ep 7514•Transcript available on Metacast Serverless Phishing Campaign https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/ Locking Kernel32.dll As Anti-Debugging Technique https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/ WinRM Vulnerable to http.sys Vulnerability https://twitter.com/JimDinMN/status/1395071966487269376 Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/...
May 24, 2021•6 min•Ep 7512•Transcript available on Metacast New YouTube Video Series: Everything you ever wanted to know about DNS and more https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ And Ransomware Just Got a Bit Meaner https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/ Attackers Scanned for Exchange Servers Five Minutes after Patch Release https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html GPS For Authen...
May 21, 2021•20 min•Ep 7510•Transcript available on Metacast May 2021 Forensic Contest: Answers and Analysis https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/ CIS Controls V8 https://www.cisecurity.org/controls/v8/ Dell iDRAC 9 Security Update https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-au...
May 20, 2021•6 min•Ep 7508•Transcript available on Metacast From RunDLL32 to JavaScript then PowerShell https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/ New Pulse Secure VPN Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ Android Stalkerware Vulnerabilities https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/ Double Encrypting Ransomware https://www.wired.com/story/ransomware-double-encryption/...
May 19, 2021•5 min•Ep 7506•Transcript available on Metacast Ransomware Defenses https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/ AXA Stops Ransomware Payments https://www.insurancejournal.com/news/international/2021/05/09/613255.htm http.sys Proof of Concept https://github.com/0vercl0k/CVE-2021-31166 Google/Mozilla colaborating on HTML Sanitizer API https://wicg.github.io/sanitizer-api/#sanitizer-api SANS Technology Institute Research Journal https://www.sans.edu/cyber-research...
May 18, 2021•6 min•Ep 7504•Transcript available on Metacast "Open" Access to Industrial Systems Interfaces is Also Far From Zero https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/ Malicious Rust Macro for VSCode https://github.com/lucky/bad_actor_poc Exim PoC Released https://adepts.of0x.cc/exim-cve-2020-28018/ Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-ac...
May 17, 2021•6 min•Ep 7502•Transcript available on Metacast Cross Browser Tracking with Schemeflood https://fingerprintjs.com/blog/external-protocol-flooding/ Cisco AnyConnect Secure Mobility Client Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK MSBuild Abused By Attackers https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly...
May 14, 2021•7 min•Ep 7500•Transcript available on Metacast Number of industrial control systems on the internet is lower then in 2020...but still far from zero https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/ Webcast: Ransoming Critical Infrastructure https://www.sans.org/webcasts/119775 Links to FragAttacks Vendor Bulletins (in German) https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html Adobe Acrobat Patches https://helpx.adobe...
May 13, 2021•6 min•Ep 7498•Transcript available on Metacast 
