Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742...
Sep 20, 2021•6 min•Ep 7678•Transcript available on Metacast Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-a...
Sep 17, 2021•7 min•Ep 7676•Transcript available on Metacast Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution...
Sep 16, 2021•5 min•Ep 7674•Transcript available on Metacast Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html
Sep 15, 2021•5 min•Ep 7672•Transcript available on Metacast Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/...
Sep 14, 2021•5 min•Ep 7670•Transcript available on Metacast Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilit...
Sep 13, 2021•6 min•Ep 7668•Transcript available on Metacast ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md...
Sep 10, 2021•7 min•Ep 7666•Transcript available on Metacast Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-...
Sep 09, 2021•6 min•Ep 7664•Transcript available on Metacast Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-usi...
Sep 08, 2021•6 min•Ep 7662•Transcript available on Metacast Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-S...
Sep 07, 2021•5 min•Ep 7660•Transcript available on Metacast Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.c...
Sep 03, 2021•14 min•Ep 7658•Transcript available on Metacast STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html...
Sep 02, 2021•6 min•Ep 7656•Transcript available on Metacast BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/...
Sep 01, 2021•5 min•Ep 7654•Transcript available on Metacast Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html...
Aug 31, 2021•6 min•Ep 7652•Transcript available on Metacast ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/...
Aug 30, 2021•5 min•Ep 7650•Transcript available on Metacast Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html...
Aug 27, 2021•6 min•Ep 7648•Transcript available on Metacast There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/...
Aug 26, 2021•6 min•Ep 7646•Transcript available on Metacast Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all...
Aug 25, 2021•5 min•Ep 7644•Transcript available on Metacast Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps...
Aug 24, 2021•6 min•Ep 7642•Transcript available on Metacast Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audi...
Aug 23, 2021•5 min•Ep 7640•Transcript available on Metacast When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory ...
Aug 20, 2021•15 min•Ep 7638•Transcript available on Metacast 5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html...
Aug 19, 2021•5 min•Ep 7636•Transcript available on Metacast Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/...
Aug 18, 2021•6 min•Ep 7634•Transcript available on Metacast Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection ...
Aug 17, 2021•5 min•Ep 7632•Transcript available on Metacast Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html...
Aug 16, 2021•6 min•Ep 7630•Transcript available on Metacast Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/...
Aug 13, 2021•3 min•Ep 7628•Transcript available on Metacast TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping htt...
Aug 12, 2021•6 min•Ep 7626•Transcript available on Metacast Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/...
Aug 11, 2021•5 min•Ep 7624•Transcript available on Metacast Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction ...
Aug 10, 2021•6 min•Ep 7622•Transcript available on Metacast Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Sec...
Aug 09, 2021•5 min•Ep 7620•Transcript available on Metacast 
