The strange case of the Great Honeypot of China https://isc.sans.edu/diary/The%20strange%20case%20of%20Great%20honeypot%20of%20China/29750 The LockBit ransomware (kinda) comes for macOS https://objective-see.org/blog/blog_0x75.html Google Cloud Used as C&C https://thehackernews.com/2023/04/google-uncovers-apt41s-use-of-open.html...
Attack Campaing Tht Uses Fake Google Chrome Errors https://insight-jp.nttsecurity.com/post/102icvb/attack-campaign-that-uses-fake-google-chrome-error-to-distribute-malware-from-com Chromium Publishes Emergency Update https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_14.html LAPS Update Errors https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview Manage Engine Vulnerability https://hnd3884.github.io/posts/CVE-2023-29084-Command-injection-in-Man...
HTTP: What's Left of it and the OCSP Problem https://isc.sans.edu/diary/HTTP%3A%20What%27s%20Left%20of%20it%20and%20the%20OCSP%20Problem/29744 NTP Vulnerability Update https://github.com/spwpun/ntp-4.2.8p15-cves/issues/1#issuecomment-1506667321 SecurePoint UTM Vulnerability CVE-2023-22897 https://www.rcesecurity.com/2023/04/securepwn-part-1-bypassing-securepoint-utms-authentication-cve-2023-22620/ https://www.rcesecurity.com/2023/04/securepwn-part-2-leaking-remote-memory-contents-cve-2023-22897/...
Recent IcedID (Bokbot) activity https://isc.sans.edu/forums/diary/Recent%20IcedID%20%28Bokbot%29%20activity/29740/ Microsoft Message Queue Vulnerabilities Details https://research.checkpoint.com/2023/queuejumper-critical-unauthorized-rce-vulnerability-in-msmq-service/ NTP Vulnerabilities https://github.com/spwpun/ntp-4.2.8p15-cves https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-0938...
Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20April%202023%20Patch%20Tuesday/29736 Windows LAPS Available as part of Windows https://techcommunity.microsoft.com/t5/windows-it-pro-blog/by-popular-demand-windows-laps-available-now/ba-p/3788747 SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Adobe Patches https://helpx.adobe.com/security/security-bulletin.html...
Another Malicious HTA File Analysis - Part 2 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%202/29676 Apple Updates for Older Operating Systems https://support.apple.com/en-us/HT201222 MSI Attack May Affect BIOS Updates https://www.msi.com/news/detail/MSI-Statement-141688 KB5021130: How to manage the Netlogon protocol changes related to CVE-2022-38023 https://support.microsoft.com/en-us/topic/kb5021130-how-to-manage-the-netlogon-protocol-changes-related-to-cve-...
Detecting Suspicious API Usage with YARA Rules https://isc.sans.edu/diary/Detecting%20Suspicious%20API%20Usage%20with%20YARA%20Rules/29724 Apple Patching Two 0-Day Vulnerabilities in iOS and macOS https://isc.sans.edu/diary/Apple%20Patching%20Two%200-Day%20Vulnerabilities%20in%20iOS%20and%20macOS/29726 VM2 Sandbox Escape https://github.com/patriksimek/vm2/security/advisories/GHSA-7jxr-cg7f-gpgv https://gist.github.com/seongil-wi/2a44e082001b959bfe304b62121fb76d Microsoft Netlogon: Potential Upco...
Self Extracting Archives https://www.crowdstrike.com/blog/self-extracting-archives-decoy-files-and-their-hidden-payloads/ loldrivers https://www.loldrivers.io Trellix Privilege Escalation https://kcm.trellix.com/corporate/index?page=content&id=SB10396 HP LaserJet Vuln. https://support.hp.com/us-en/document/ish_7905330-7905358-16/hpsbpi03838...
Exploration of DShield Cowrie Data with jq https://isc.sans.edu/diary/Exploration%20of%20DShield%20Cowrie%20Data%20with%20jq/29714 NEXX Garage Door Vulnerability https://medium.com/@samsabetan/the-uninvited-guest-idors-garage-doors-and-stolen-secrets-e4b49e02dadc OneNote Changes https://learn.microsoft.com/en-us/deployoffice/security/onenote-extension-block MSFT Changes to Auto-Update https://learn.microsoft.com/en-us/windows/release-health/windows-message-center#3060 NPM Spam DDoS Attacks https...
Analyzing the efile.com Malware https://isc.sans.edu/diary/Analyzing+the+efilecom+Malware+efail/29712 ALPHV Ransomware Targets Backup Installations https://www.mandiant.com/resources/blog/alphv-ransomware-backup Sophos Web Appliance Vulnerability (and EoL) https://www.sophos.com/en-us/security-advisories/sophos-sa-20230404-swa-rce Zimbra Exploited in Targeted Attacks https://www.proofpoint.com/us/blog/threat-insight/exploitation-dish-best-served-cold-winter-vivern-uses-known-zimbra-vulnerability...
efile.com compromise https://isc.sans.edu/forums/diary/Supply%20Chain%20Compromise%20or%20False%20Positive%3A%20The%20Intriguing%20Case%20of%20efile.com%20%5Bupdated%20-%20confirmed%20malicious%20code%5D/29708/ Western Digital MyCloud Breach https://www.bleepingcomputer.com/news/security/western-digital-discloses-network-breach-my-cloud-service-down/ 3CX Compromise Affected Cryptocoin Exchanges https://securelist.com/gopuram-backdoor-deployed-through-3cx-supply-chain-attack/109344/...
Use of X-Frame-Options and CSP frame-ancestors security headers https://isc.sans.edu/diary/Use%20of%20X-Frame-Options%20and%20CSP%20frame-ancestors%20security%20headers%20on%201%20million%20most%20popular%20domains/29698 oledump supporting MSI Files https://isc.sans.edu/diary/Update+oledump+MSI+Files/29700/ 3CX Update https://www.3cx.com/blog/news/chrome-blocks-latest-msi/ PinDuoDuo App shows anomalous behaviour https://edition.cnn.com/2023/04/02/tech/china-pinduoduo-malware-cybersecurity-analys...
Malicious 3CX Dekstop App Update Lifestream (Friday March 31st 1400 ET, 1800 UTC) https://www.youtube.com/watch?v=cCf3Km_j5bY 3CX Update: https://www.3cx.com/blog/news/desktopapp-security-alert/ SentinelOne: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software-supply-chain-attack/ Objective-See Blog Post: https://objective-see.org/blog/blog_0x73.html Crowdstrike: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-cam...
Extracting Multiple Streams From OLE Files https://isc.sans.edu/diary/Extracting%20Multiple%20Streams%20From%20OLE%20Files/29688 3CXDesktop App Compromise https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targeting-3cxdesktopapp-customers/ Microsoft Defender False Positives https://twitter.com/MSFT365Status/status/1641048649525260289 https://admin.microsoft.com/Adminportal/Home?ref=/servicehealth/:/alerts/DZ534539 (requires login) Active Exploitation of ...
Network Data Collector Placement Makes a Difference https://isc.sans.edu/diary/Network%20Data%20Collector%20Placement%20Makes%20a%20Difference/29664 Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online https://techcommunity.microsoft.com/t5/exchange-team-blog/throttling-and-blocking-email-from-persistently-vulnerable/ba-p/3762078 Bypassing Wi-Fi Encryption by Manipulating Transmit Queues https://papers.mathyvanhoef.com/usenix2023-wifi.pdf...
Another Malicious HTA File Analysis Part 1 https://isc.sans.edu/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%201/29674 Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything%20%28including%20Studio%20Display%29/29682 MacStealer Malware Exfiltrates Mac Secrets https://www.uptycs.com/blog/macstealer-command-and-control-c2-malware...
Update for Windows Snipping Tool https://isc.sans.edu/diary/Microsoft%20Released%20an%20Update%20for%20Windows%20Snipping%20Tool%20Vulnerability/29670 GitHub Rotates SSH Keys https://github.blog/2023-03-23-we-updated-our-rsa-ssh-host-key/ redis-py vulnerability leads to mixed up sessions, affects ChatGPT https://openai.com/blog/march-20-chatgpt-outage Linux Tech Tips YouTube Hack https://www.theverge.com/2023/3/23/23653115/linus-tech-tips-youtube-hack-crypto-scam https://isc.sans.edu/diary/Elon%...
Cropping and Redacting Images Safely https://isc.sans.edu/diary/Cropping%20and%20Redacting%20Images%20Safely/29666 Untitled Goose Tool https://github.com/cisagov/untitledgoosetool Veeam Vulnerability Details https://www.horizon3.ai/veeam-backup-and-replication-cve-2023-27532-deep-dive/ Unicode Support in Python used to Evade Detection https://blog.phylum.io/malicious-actors-use-unicode-support-in-python-to-evade-detection...
Windows Snipping Tool Privacy Bug: Inspecting PNG Files https://isc.sans.edu/diary/Windows%2011%20Snipping%20Tool%20Privacy%20Bug%3A%20Inspecting%20PNG%20Files/29660 Acropalypse Detection and Sanitization Tools https://github.com/infobyte/CVE-2023-21036 WooCommerce Skimmer Reveals Tampered Gateway Plugin https://blog.sucuri.net/2023/03/woocommerce-skimmer-reveals-tampered-gateway-plugin.html Netgear Orbi Router Vulnerable https://blog.talosintelligence.com/vulnerability-spotlight-netgear-orbi-ro...
String Obfuscation: Character Pair Reversal https://isc.sans.edu/diary/String%20Obfuscation%3A%20Character%20Pair%20Reversal/29654 Windows 11 Snipping Tool Privacy Bug https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/ Malicious .Net Packages https://jfrog.com/blog/attackers-are-starting-to-target-net-developers-with-malicious-code-nuget-packages/ Spring Framework Vulnerability https://spring.io/blog/2023/03/20/spring-framework-6-0...
From Phishing Kit to Telegram ... or Not https://isc.sans.edu/diary/From%20Phishing%20Kit%20To%20Telegram...%20or%20Not!/29650 Emotet uses OneNote https://cofense.com/blog/emotet-sending-malicious-emails-after-three-month-hiatus/ WSUS Update https://learn.microsoft.com/en-us/windows-server/administration/windows-server-update-services/plan/plan-your-wsus-deployment#uup-considerations DOTRUNPEX .Net Injector https://research.checkpoint.com/2023/dotrunpex-demystifying-new-virtualized-net-injector-...
Old Backdoor, New Obfuscation https://isc.sans.edu/diary/Old%20Backdoor%2C%20New%20Obfuscation/29646 Samsung Exynos Chip Vulnerability https://googleprojectzero.blogspot.com/2023/03/multiple-internet-to-baseband-remote-rce.html Android Image Cropping Problem https://twitter.com/ItsSimonTime/status/1636857478263750656/photo/1 https://acropalypse.app/ Bitwarden Pins https://ambiso.github.io/bitwarden-pin/...
Simple Shellcode Dissection https://isc.sans.edu/diary/Simple%20Shellcode%20Dissection/29642 Threat Actors Exploit Progress Telerik Vulnerablity https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-074a Abusing Adobe Acrobat Sign to Distribute Malware https://blog.avast.com/adobe-acrobat-sign-malware Zoom Patches https://explore.zoom.us/en/trust/security/security-bulletin/ Array Networks Advisory https://support.arraynetworks.net/prx/001/http/supportportal.arraynetworks.net/documentati...
IPFS Phishing and the need for correctly set HTTP security headers https://isc.sans.edu/diary/IPFS%20phishing%20and%20the%20need%20for%20correctly%20set%20HTTP%20security%20headers/29638 Exploiting CVE-2023-23397: Microsoft Outlook Elevation of Privilege Vulnerability https://www.mdsec.co.uk/2023/03/exploiting-cve-2023-23397-microsoft-outlook-elevation-of-privilege-vulnerability/ CVE-2023-23415 ICMP RCE https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23415 Chromium Certificate Pro...
Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20March%202023%20Patch%20Tuesday/29634 Adobe Cold Fusion and Magento (Adobe Commerce) patches https://helpx.adobe.com/security/products/magento/apsb23-17.html https://helpx.adobe.com/security/products/coldfusion/apsb23-25.html SAP Patches https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Firefox Patches https://www.mozilla.org/en-US/security/advisories/mfsa2023-09/...
SVB Scams and New Domain Registrations https://isc.sans.edu/diary/Incoming%20Silicon%20Valley%20Bank%20Related%20Scams/29630 CISA Adds Older PLEX and VMWare Vulnerablities to Known-Exploited List https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-plex-bug-after-lastpass-breach/ FortiOS Vulnerability Exploited https://www.fortiguard.com/psirt/FG-IR-22-369...
AsynRAT Trojan - Bill Payment (Pago de la factura) https://isc.sans.edu/diary/AsynRAT+Trojan+Bill+Payment+Pago+de+la+factura/29626 Mirai Payload Generator https://isc.sans.edu/diary/Overview%20of%20a%20Mirai%20Payload%20Generator/29624 Multi-Technology Script Leading to Browser Hijacking https://isc.sans.edu/diary/Multi-Technology%20Script%20Leading%20to%20Browser%20Hijacking/29620 OneNote will warn users of embeded content https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=OneNote%2C...
Suspected Chinese Campaign to Persist on SonicWall Devices https://www.mandiant.com/resources/blog/suspected-chinese-persist-sonicwall Old Cyber Gang Uses New Crypted - ScrubCrypt https://www.fortinet.com/blog/threat-research/old-cyber-gang-uses-new-crypter-scrubcrypt Home Assistant Supervisor Security Vulnerability https://www.home-assistant.io/blog/2023/03/08/supervisor-security-disclosure/ Fake ChatGPT Chrome Extensions https://www.helpnetsecurity.com/2023/03/09/fake-chatgpt-extension/ Crimin...
Increase in exploits against Joomla (CVE-2023-23752) https://isc.sans.edu/diary/Increase%20in%20exploits%20agains%20Joomla%20%28CVE-2023-23752%29/29614 Jenkins RCE Vulnerability https://blog.aquasec.com/jenkins-server-vulnerabilities Bitwarden: The Curious Use-Case of Password Pilfering https://flashpoint.io/blog/bitwarden-password-pilfering/ FortiOS Vulnerabilities https://www.fortiguard.com/psirt/FG-IR-23-001 Veeam Backup Vulnerabilities https://www.veeam.com/kb4245...
Hackers Love This VSCode Extension: What You Can Do to Stay Safe https://isc.sans.edu/diary/Hackers%20Love%20This%20VSCode%20Extension%3A%20What%20You%20Can%20Do%20to%20Stay%20Safe/29610 Protecting Android Clipboard Content from Unintended Exposure https://www.microsoft.com/en-us/security/blog/2023/03/06/protecting-android-clipboard-content-from-unintended-exposure/ SYS01 Stealer Targeting Facebook Accounts https://blog.morphisec.com/sys01stealer-facebook-info-stealer...
