Fileless Powershell Dropper https://isc.sans.edu/forums/diary/Fileless%20Powershell%20Dropper/29156/ Apache Commons Text Vulnerablity https://www.openwall.com/lists/oss-security/2022/10/13/4 How a Microsoft Blunder Opened Millions of PCs to Potent Malware Attacks https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/...
Horizon3 Publishes FortiOS Vulnerablity Details and Exploit https://www.horizon3.ai/fortios-fortiproxy-and-fortiswitchmanager-authentication-bypass-technical-deep-dive-cve-2022-40684/ More Exchange Vulnerability Workaround Bypasses https://twitter.com/wdormann/status/1576922677675102208 Analysis of a Malicious HTML File and QBot https://isc.sans.edu/forums/diary/Analysis+of+a+Malicious+HTML+File+QBot/29146 End of Life VMWare ESXi Versions https://www.lansweeper.com/eol/vmware-esxi-end-of-life/...
Alchimist Offensive Framework https://blog.talosintelligence.com/2022/10/alchimist-offensive-framework.html#more VM2 Sandbox Vulnerability https://www.oxeye.io/blog/vm2-sandbreak-vulnerability-cve-2022-36067 private npm package disclosure https://blog.aquasec.com/private-packages-disclosed-via-timing-attack-on-npm Zimbra Updates https://wiki.zimbra.com/wiki/Zimbra_Releases/9.0.0/P27#Security_Fixes...
Adobe October Patch Tuesday https://helpx.adobe.com/sa_en/security/security-bulletin.html Fortinet Guidance https://www.horizon3.ai/fortinet-iocs-cve-2022-40684/ https://isc.sans.edu/forums/diary/Scans+for+old+Fortigate+Vulnerability+Building+Target+Lists/29142 Android VPN Issues https://mullvad.net/en/blog/2022/10/10/android-leaks-connectivity-check-traffic/ iOS VPN Issues https://9to5mac.com/2022/10/12/ios-vpn-apps-2/ Aruba Patches https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2022-015....
Microsoft October 2022 Patches https://isc.sans.edu/forums/diary/October%202022%20Microsoft%20Patch%20Tuesday/29138/ SAP Patchday https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10 Top CVEs Actively Exploited By People s Republic of China State-Sponsored Cyber Actors https://www.cisa.gov/uscert/ncas/alerts/aa22-279a...
Wireshark Display Filter Update https://isc.sans.edu/forums/diary/Wireshark+Specifying+a+Protocol+Stack+Layer+in+Display+Filters/29130 Fortinet Vulnerablity Update https://twitter.com/Horizon3Attack/status/1579285863108087810 BazarCall Social Engineering Tactics https://www.trellix.com/en-us/about/newsroom/stories/research/evolution-of-bazarcall-social-engineering-tactics.html RPKI Rate Limiting https://www.usenix.org/system/files/sec22-hlavacek.pdf...
Fortinet Update https://docs.fortinet.com/document/fortigate/7.2.2/fortios-release-notes/760203/introduction-and-supported-models Zimbra Vulnerability https://twitter.com/iagox86/status/1578084484720734209 https://attackerkb.com/topics/1DDTvUNFzH/cve-2022-41352/rapid7-analysis?referrer=activityFeed Microsoft Exchange Workaround Improved Again https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Ikea Smart Bulb Exploit ht...
Infosec Calendar https://isc.sans.edu/forums/diary/What+is+in+your+Infosec+Calendar/29118 OnionPoison: infected Tor Browser installer distributed through popular YouTube channel https://securelist.com/onionpoison-infected-tor-browser-installer-youtube/107627/ MacOS Architve Utility Vulnerability Details https://www.jamf.com/blog/jamf-threat-labs-macos-archive-utility-vulnerability/...
Credential Harvesting with Telegram https://isc.sans.edu/forums/diary/Credential%20Harvesting%20with%20Telegram%20API/29112/ Updated Microsoft Exchange Fix https://msrc-blog.microsoft.com/2022/09/29/customer-guidance-for-reported-zero-day-vulnerabilities-in-microsoft-exchange-server/ Impacket and Exfiltration Tool Used to Steal Sensitive Information from Defense Industrial Base Organization https://www.cisa.gov/uscert/ncas/alerts/aa22-277a A New Supply Chain Attack on PHP https://blog.sonarsourc...
Microsoft Exchange Vulnerability Fix Bypassed https://twitter.com/testanull/status/1576774007826718720 Schneider Electric UMAS Patch Bypass https://securelist.com/the-secrets-of-schneider-electrics-umas-protocol/107435/ Supply Chain Attack via Trojanized Comm100 Chat Installer https://www.crowdstrike.com/blog/new-supply-chain-attack-leverages-comm100-chat-installer/...
Microsoft Exchange 0-Day Update https://isc.sans.edu/forums/diary/Exchange+Server+0Day+Actively+Exploited/29106 https://microsoft.github.io/CSS-Exchange/Security/EOMTv2/ CISA Adds Atlasian Bitbucket Vulnerability to Exploited List https://www.cisa.gov/uscert/ncas/current-activity/2022/09/30/cisa-adds-three-known-exploited-vulnerabilities-catalog Every unsandboxed app has Full Disk Access if Terminal Does https://lapcatsoftware.com/articles/FullDiskAccess.html...
PNG Analysis with pngdump.py https://isc.sans.edu/forums/diary/PNG%20Analysis/29100/ Possible Exchange Server 0-Day Vulnerability https://www.gteltsc.vn/blog/warning-new-attack-campaign-utilized-a-new-0day-rce-vulnerability-on-microsoft-exchange-server-12715.html https://success.trendmicro.com/dcx/s/solution/000291651?language=en_US Bad VIB(E)s Part One: Investigating Novel Malware Persistence Within ESXi Hypervisors https://www.mandiant.com/resources/blog/esxi-hypervisors-malware-persistence...
10 Years Later: Attacker re-discovering old VTiger CRM Vulnerability https://isc.sans.edu/forums/diary/10+Years+Later+Attacker+rediscovering+old+VTiger+CRM+Vulnerability/29098 IRS Reports Significant Increase in Texting Scams https://www.irs.gov/newsroom/irs-reports-significant-increase-in-texting-scams-warns-taxpayers-to-remain-vigilant Cloudflare Releases Turnsitle, a user-friendly, privacy-preserving CAPTCHA alternative https://blog.cloudflare.com/turnstile-private-captcha-alternative/ Cisco ...
DNS Option 15 and Debugging DNSSEC Errors https://isc.sans.edu/forums/diary/DNS+Option+15+Debugging+DNSSEC+Errors/29094 Yari: A New Era of Yara Debugging https://engineering.avast.io/yari-a-new-era-of-yara-debugging/ HTTP Archive Almanac https://almanac.httparchive.org/en/2022/security...
Easy Python Sandbox Detection https://isc.sans.edu/forums/diary/Easy+Python+Sandbox+Detection/29090 Hackers use PowerPoint Files for "Mouseover" Malware Delivery https://blog.cluster25.duskrise.com/2022/09/23/in-the-footsteps-of-the-fancy-bear-powerpoint-graphite/ Redis 7.0 XAUTOCLAIM Heap Overflow https://github.com/redis/redis/security/advisories/GHSA-5gc4-76rx-22c9 Scoreboard Hacking https://maxwelldulin.com/BlogPost?post=7118102528...
Kids Like Cookies and Malware Likes them Too https://isc.sans.edu/forums/diary/Kids+Like+Cookies+Malware+Too/29082 Downloading Files from Removed Domains https://isc.sans.edu/forums/diary/Downloading%20Samples%20From%20Takendown%20Domains/29086/ WhatsApp Security Updates https://www.whatsapp.com/security/advisories/2022/ Sophos RCE Flaw https://www.sophos.com/en-us/security-advisories/sophos-sa-20220923-sfos-rce CircleCI Phishing Attacks Used to Access GitHub Accounts https://discuss.circleci.co...
RAT Delivered Through FODHelper https://isc.sans.edu/forums/diary/RAT+Delivered+Through+FODHelper/29078 Microsoft Endpoint Configuration Manager Spoofing Vulnerability https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-37972 New Fuzzing Tool: cifuzz https://github.com/CodeIntelligenceTesting/cifuzz No Security Updates from Apple https://support.apple.com/en-us/HT201222...
Phishing Campaigns Use Free Only Resources https://isc.sans.edu/forums/diary/Phishing%20Campaigns%20Use%20Free%20Online%20Resources/29074/ Insecure use of tarfile.extract in Python https://bugs.python.org/issue1044#msg55464 Twitter Failed to Logout Users After Password Reset https://privacy.twitter.com/en/blog/2022/an-issue-impacting-password-resets...
Chainsaw: Hunt, search and extract event log records https://isc.sans.edu/diary/Chainsaw%3A+Hunt%2C+search%2C+and+extract+event+log+records/29066 PDU Exploits past NAT https://claroty.com/team82/research/jumping-nat-to-shut-down-electric-devices Tamper Protection will be turned on for all Enterprise Customers https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/tamper-protection-will-be-turned-on-for-all-enterprise-customers/ba-p/3616478...
Preventing ISO Malware https://isc.sans.edu/diary/Preventing+ISO+Malware+/29062 State of Emotet https://www.advintel.io/post/advintel-s-state-of-emotet-aka-spmtools-displays-over-million-compromised-machines-through-2022 Undermining Microsoft Teams Security by Mining Tokens https://www.vectra.ai/blogpost/undermining-microsoft-teams-security-by-mining-tokens...
Word Maldoc With CustomXML and Renamed VBAProject.bin https://isc.sans.edu/diary/Word+Maldoc+With+CustomXML+and+Renamed+VBAProject.bin/29056 2FA on Lock Screens https://www.bbc.com/news/uk-england-london-62809151 Chrome and Edge Enhances Spellcheck Features Expose PII, Even Your Password https://www.otto-js.com/news/article/chrome-and-edge-enhanced-spellcheck-features-expose-pii-even-your-passwords Reconstructing Content Reflected in Glasses https://arxiv.org/abs/2205.03971...
Malicous Word Document With a Frameset https://isc.sans.edu/diary/Malicious+Word+Document+with+a+Frameset/29052 CVE-2022-34721 Exploit https://github.com/78ResearchLab/PoC/tree/main/CVE-2022-34721 Trojaned Putty Used in Attacks https://www.mandiant.com/resources/blog/dprk-whatsapp-phishing Lenovo BIOS Updates https://support.lenovo.com/us/en/product_security/LEN-94953#Desktop...
Easy Process Injection within Python https://isc.sans.edu/diary/Easy+Process+Injection+within+Python/29048 Queen Elizabeth Related Phishing https://twitter.com/threatinsight/status/1570092339984584705 Microsoft 365 Auto Updates Apps on Locked or Idle Devices https://techcommunity.microsoft.com/t5/microsoft-365-blog/update-under-lock-improved-update-experience-for-microsoft-365/ba-p/3618901...
Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+September+2022+Patch+Tuesday/29044/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Magento Vendor Fishpig Hacked, Backdoors Added https://sansec.io/research/rekoobe-fishpig-magento...
VirusTotal Result Comparisons for Honeypot Malware https://isc.sans.edu/diary/VirusTotal+Result+Comparisons+for+Honeypot+Malware/29040 Apple Patches https://support.apple.com/en-us/HT201222 Lorenz Ransomware Group Cracks MiVoice and Calls Back For Free https://arcticwolf.com/resources/blog/lorenz-ransomware-chiseling-in/...
Malware Abusing File Exchange Site https://isc.sans.edu/diary/Phishing+Word+Documents+with+Suspicious+URL/29034 Bypassing GitHub Required Reviewers to Submit Malicious Code https://www.legitsecurity.com/blog/bypassing-github-required-reviewers-to-submit-malicious-code Crimeware Trends: Ransomware Developers Turn to Intermittent Encryption https://www.sentinelone.com/labs/crimeware-trends-ransomware-developers-turn-to-intermittent-encryption-to-evade-detection/ Lets Encrypt Reviving Certificate R...
Analyzing Obfuscated VBS with CyberChef https://isc.sans.edu/diary/Analyzing+Obfuscated+VBS+with+CyberChef/2902 pfBlockerNG Unauthenticated RCE https://www.ihteam.net/advisory/pfblockerng-unauth-rce-vulnerability/ GifShell attack creates reverse shell using microsoft teams gifs https://www.bleepingcomputer.com/news/security/gifshell-attack-creates-reverse-shell-using-microsoft-teams-gifs/...
PHP Deserialization Exploit Attempt https://isc.sans.edu/diary/PHP+Deserialization+Exploit+attempt/29024 TA505 Group's TeslaGun In-Depth Analysis https://www.prodaft.com/resource/detail/ta505-ta505-groups-tesla-gun-depth-analysis Cisco publishes unpatched Small Business Router Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sb-rv-vpnbypass-Cpheup9O Shikitega - New stealthy malware targeting Linux https://thehackernews.com/2022/09/new-stealthy-shikiteg...
Analysis of an Encoded Cobalt Strike Beacon https://isc.sans.edu/diary/Analysis+of+an+Encoded+Cobalt+Strike+Beacon/29014 EvilProxy Phishing-As-A-Service with MFA Bypass https://resecurity.com/blog/article/evilproxy-phishing-as-a-service-with-mfa-bypass-emerged-in-dark-web Zyxel Patches RCE Vulnerability https://www.zyxel.com/support/Zyxel-security-advisory-for-format-string-vulnerability-in-NAS.shtml Moobot Going after D-Link Devices https://unit42.paloaltonetworks.com/moobot-d-link-devices/...
James Webb JPEG With Malware https://isc.sans.edu/diary/James+Webb+JPEG+With+Malware/29010 Windows Defender False Positive https://www.theregister.com/2022/09/05/windows_defender_chrome_false_positive/ Google Chrome 0-Day https://chromereleases.googleblog.com/2022/09/stable-channel-update-for-desktop.html Sharkbot Android Infostealer in Google Play Store https://blog.fox-it.com/2022/09/02/sharkbot-is-back-in-google-play/ Nmap 7.93 - 25th Anniversary Release https://seclists.org/nmap-announce/202...
