Malspam Pushes ModiLoader Infection for Remocs Rat https://isc.sans.edu/diary/Malspam%20pushes%20ModiLoader%20%28DBatLoader%29%20infection%20for%20Remcos%20RAT/29896 MacOS SIP Bypass https://www.microsoft.com/en-us/security/blog/2023/05/30/new-macos-vulnerability-migraine-could-bypass-system-integrity-protection/ OpenSSL Update https://www.openssl.org/news/secadv/20230530.txt Barracuda Email Security Gateway Applicance Vulnerability Details https://www.barracuda.com/company/legal/esg-vulnerabili...
May 31, 2023•6 min•Ep 8518•Transcript available on Metacast Analyzing Office Documents Embedded Inside PowerPoint Files https://isc.sans.edu/diary/Analyzing%20Office%20Documents%20Embedded%20Inside%20PPT%20%28PowerPoint%29%20Files/29894 DocuSign Themed Email Leads to Script-Based Infection https://isc.sans.edu/diary/DocuSign-themed%20email%20leads%20to%20script-based%20infection/29888 File Archiver In The Browser https://mrd0x.com/file-archiver-in-the-browser/ Securing PyPI accounts via Two-Factor Authentication https://blog.pypi.org/posts/2023-05-25-sec...
May 30, 2023•6 min•Ep 8516•Transcript available on Metacast IR Case/Alert Management https://isc.sans.edu/diary/IR%20Case%20Alert%20Management/29880 Exploit for CVE-2023-2825 GitLab Vulnerability https://github.com/Occamsec/CVE-2023-2825 Expo Framework OAUTH Vulnerability CVE-2023-28131 https://salt.security/blog/a-new-oauth-vulnerability-that-may-impact-hundreds-of-online-services Mitel MiVoice Vulnerability CVE-2023-31457 CVE-2023-32748 https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0004 D-Link Vulnerabilities http...
May 26, 2023•5 min•Ep 8514•Transcript available on Metacast More Data Enrichment for Cowrie Logs https://isc.sans.edu/diary/More%20Data%20Enrichment%20for%20Cowrie%20Logs/29878 Volt Typhoon: Living of the Land https://media.defense.gov/2023/May/24/2003229517/-1/-1/0/CSA_Living_off_the_Land.PDF Android App Breaking Bad https://www.welivesecurity.com/2023/05/23/android-app-breaking-bad-legitimate-screen-recording-file-exfiltration/ Zyxel Updates https://www.zyxel.com/global/en/support/security-advisories/zyxel-security-advisory-for-multiple-buffer-overflow...
May 25, 2023•6 min•Ep 8512•Transcript available on Metacast Apache Nifi Scans https://isc.sans.edu/diary/Help+us+figure+this+out+Scans+for+Apache+Nifi/29874/ Samsung Updates fix 0-Day https://security.samsungmobile.com/securityUpdate.smsb Lenovo All-In One Bricked by Windows Update https://www.reddit.com/r/Lenovo/comments/136tatm/lenovo_firmware_10055_bricking_thinkcentre_v53024/ Dell VxRail Security Update https://www.dell.com/support/kbdoc/en-us/000213011/dsa-2023-071-dell-vxrail-security-update-for-multiple-third-party-component-vulnerabilities-7-0-45...
May 24, 2023•6 min•Ep 8510•Transcript available on Metacast Probes for recent ABUS Security Camera Vulnerability https://isc.sans.edu/diary/Probes%20for%20recent%20ABUS%20Security%20Camera%20Vulnerability%3A%20Attackers%20keep%20an%20eye%20on%20everything./29870 .ZIP Domains Confuse Virustotal https://twitter.com/imohanasundaram/status/1660678184977805316 Synology DSM 6.2 Patch https://www.synology.com/en-global/security/advisory/Synology_SA_22_25 Jenkins Fixes Multiple Plugin Vulnerabilities https://www.jenkins.io/security/advisory/2023-05-16/ PyPi Susp...
May 23, 2023•5 min•Ep 8508•Transcript available on Metacast Another Malicious HTA File Analysis - Part 3 https://isc.sans.edu/forums/diary/Another%20Malicious%20HTA%20File%20Analysis%20-%20Part%203/29678/ When the Phisher Messes Up With Encoding https://isc.sans.edu/diary/When%20the%20Phisher%20Messes%20Up%20With%20Encoding/29864 PyPi Suspends New Users and Projects https://status.python.org/incidents/qy2t9mjjcc7g PGP Signatures on PyPi: Worse than useless https://blog.yossarian.net/2023/05/21/PGP-signatures-on-PyPI-worse-than-useless RATs found hiding i...
May 22, 2023•6 min•Ep 8506•Transcript available on Metacast Apple Updates Everything https://isc.sans.edu/diary/Apple%20Updates%20Everything/29860 A Quick Survey of .zip Domains https://isc.sans.edu/diary/A%20Quick%20Survey%20of%20.zip%20Domains%3A%20Your%20highest%20risk%20is%20running%20into%20Rick%20Astley./29858 Dell NetWorker Security Update https://www.dell.com/support/kbdoc/en-us/000211267/dsa-2023-060-dell-networker-security-update-for-an-nsrcapinfo-vulnerability?lwp=rt KeePass 2.X Master Password Dumper https://github.com/vdohney/keepass-passwor...
May 19, 2023•7 min•Ep 8504•Transcript available on Metacast Increase in Malicious RAR SFX Files https://isc.sans.edu/forums/diary/Increase%20in%20Malicious%20RAR%20SFX%20files/29852/ FriendlyName Buffer Overflow in Wemo Smartplug https://sternumiot.com/iot-blog/mini-smart-plug-v2-vulnerability-buffer-overflow/ Wago License Page Exploit https://onekey.com/blog/security-advisory-wago-unauthenticated-remote-command-execution/ Routers Turned Into Proxies https://research.checkpoint.com/2023/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant/...
May 18, 2023•6 min•Ep 8502•Transcript available on Metacast Signals Defense With Faraday Bags https://isc.sans.edu/forums/diary/Signals%20Defense%20With%20Faraday%20Bags%20%26%20Flipper%20Zero/29840/ Microsoft Sharepoint Scans Password Protected Files https://infosec.exchange/@threatresearch/110373860063222707# Critical Sandbox Escape Vulnerability in VM2 https://github.com/patriksimek/vm2/security/advisories/GHSA-whpj-8f3w-67p5 Geacon Brings Cobalt Strike Capabilities to MacOS Threat Actors https://www.sentinelone.com/blog/geacon-brings-cobalt-strike-ca...
May 17, 2023•6 min•Ep 8500•Transcript available on Metacast Ongoing Facebook Phishing campaign Without a Sender and (almost) without Links https://isc.sans.edu/diary/Ongoing%20Facebook%20phishing%20campaign%20without%20a%20sender%20and%20%28almost%29%20without%20links/29848 Intel Microcode Updates Do Not Patch Vulnerability https://www.theregister.com/2023/05/15/intel_mystery_microcode/ Fake Trezor Hardware Crypto Wallet https://www.kaspersky.com/blog/fake-trezor-hardware-crypto-wallet/48155/ TP-Link Archer AX-21 Command Injection CVE-2023-1389 Exploited...
May 16, 2023•5 min•Ep 8498•Transcript available on Metacast The .zip gTLD: Risks and Opportunities https://isc.sans.edu/forums/diary/The+zip+gTLD+Risks+and+Opportunities/29838/ Brave Forgetful Browsing https://brave.com/privacy-updates/25-forgetful-browsing/ Intel Mystery Microcode Patch https://www.phoronix.com/news/Intel-12-May-2023-Microcode Netgear Updates https://kb.netgear.com/000065619/Security-Advisory-for-Multiple-Vulnerabilities-on-the-RAX30-PSV-2022-0348 Synology Updates https://www.synology.com/en-global/security/advisory/Synology_SA_23_04 ht...
May 15, 2023•7 min•Ep 8496•Transcript available on Metacast Geolocating IPs is Harder Than You Think https://isc.sans.edu/diary/Geolocating%20IPs%20is%20harder%20than%20you%20think/29834 Pre-Infected Mobile Phones https://www.theregister.com/2023/05/11/bh_asia_mobile_phones/ Dragos Breach https://www.dragos.com/blog/deconstructing-a-cybersecurity-event/ AndoryuBot Targets Ruckus Admin RCE Vulnerability https://www.fortinet.com/blog/threat-research/andoryubot-new-botnet-campaign-targets-ruckus-wireless-admin-remote-code-execution-vulnerability-cve-2023-25...
May 12, 2023•6 min•Ep 8494•Transcript available on Metacast Exploratory Data Analysis with CISSM Cyber Attacks Database Part 2 https://isc.sans.edu/diary/Exploratory%20Data%20Analysis%20with%20CISSM%20Cyber%20Attacks%20Database%20-%20Part%202/29828 Microsoft Patched Outlook (actually Windows) vulnerability again https://www.akamai.com/blog/security-research/important-outlook-vulnerability-bypass-windows-api Law Enforcement and Intelligence Agencies Disable "Snake" Malware https://media.defense.gov/2023/May/09/2003218554/-1/-1/1/JOINT_CSA_HUNTING_RU_INTEL...
May 11, 2023•6 min•Ep 8492•Transcript available on Metacast Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20May%202023%20Patch%20Tuesday/29826 GitHub "Push Protection" now out of Beta https://github.blog/2023-05-09-push-protection-is-generally-available-and-free-for-all-public-repositories/
May 10, 2023•6 min•Ep 8490•Transcript available on Metacast QR Codes Used in Fake Parking Tickets and Surveys https://www.bleepingcomputer.com/news/security/qr-codes-used-in-fake-parking-tickets-surveys-to-steal-your-money/ Microsoft Edge Update https://learn.microsoft.com/en-us/deployedge/microsoft-edge-relnote-stable-channel Facebook Sees More Fake ChatGPT https://about.fb.com/news/2023/05/metas-q1-2023-security-reports/ CyberGhost VPN Vulnerability https://www.pentestpartners.com/security-blog/bullied-by-bugcrowd-over-kape-cyberghost-disclosure/...
May 09, 2023•6 min•Ep 8488•Transcript available on Metacast Quickly Finding Encoded Payloads in Office Documents https://isc.sans.edu/forums/diary/Quickly+Finding+Encoded+Payloads+in+Office+Documents/29818/ Exploratory Data Analysis with CISSM Cyber Attacks Database Part 1 https://isc.sans.edu/forums/diary/Exploratory+Data+Analysis+with+CISSM+Cyber+Attacks+Database+Part+1/29816/ Guildma is now Abusing Colorcpl.exe LOLBIN https://isc.sans.edu/forums/diary/Guildma+is+now+abusing+colorcplexe+LOLBIN/29814/ Leaked MSI Keys https://github.com/binarly-io/Supply...
May 08, 2023•6 min•Ep 8486•Transcript available on Metacast Infostealer Embedded in a Word Document https://isc.sans.edu/diary/Infostealer%20Embedded%20in%20a%20Word%20Document/29810 Cisco SPA-112 Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-spa-unauth-upgrade-UqhyTWW Fortinet May Updates https://www.fortiguard.com/psirt?date=05-2023 PaperCut exploitation - A Different Path to Code Execution https://vulncheck.com/blog/papercut-rce...
May 05, 2023•6 min•Ep 8484•Transcript available on Metacast Increased Number of Configuration File Scans https://isc.sans.edu/diary/Increased%20Number%20of%20Configuration%20File%20Scans/29806 Google Enabling Passkeys https://blog.google/technology/safety-security/the-beginning-of-the-end-of-the-password/ Chrome to Drop Lock Icon from HTTPS https://blog.chromium.org/2023/05/an-update-on-lock-icon.html Attack Against AMD TPM Implementation https://arxiv.org/abs/2304.14717...
May 04, 2023•8 min•Ep 8482•Transcript available on Metacast VBA Project References https://isc.sans.edu/diary/VBA%20Project%20References/29800 BGP Message Parsing Vulnerabilities in FRRouting https://www.forescout.com/blog/three-new-bgp-message-parsing-vulnerabilities-disclosed-in-frrouting-software/ JWT ECDSA Algorithm Confusion https://blog.pentesterlab.com/exploring-algorithm-confusion-attacks-on-jwt-exploiting-ecdsa-23f7ff83390f...
May 03, 2023•6 min•Ep 8480•Transcript available on Metacast Passive Analysis of a Phishing Attachment https://isc.sans.edu/diary/%22Passive%22%20analysis%20of%20a%20phishing%20attachment/29798 Apple Rapid Security Response https://www.macrumors.com/2023/05/01/rapid-security-response-16-4-1/ Grafana Security Release https://grafana.com/blog/2023/04/26/grafana-security-release-new-versions-of-grafana-with-security-fixes-for-cve-2023-28119-and-cve-2023-1387/ Illumina Vulnerability https://www.fda.gov/medical-devices/letters-health-care-providers/illumina-cy...
May 02, 2023•6 min•Ep 8478•Transcript available on Metacast Quick IOC Scan With Docker https://isc.sans.edu/diary/Quick%20IOC%20Scan%20With%20Docker/29788 Dobfuscation Scripts When Encodings Help https://isc.sans.edu/diary/Deobfuscating%20Scripts%3A%20When%20Encodings%20Help/29792 Hackers Are Breaking Into AT&T Email Accounts To Steal Cryptocurrency https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Trheat Actor Selling New Atomic MacOS AMOS Stealer on Telegram https://blog.cyble.com/2023/04/26/threat-...
May 01, 2023•5 min•Ep 8476•Transcript available on Metacast Ransomware Gang Exploiting Unpatches Veeam Backup Products https://www.computerweekly.com/news/365535586/Ransomware-gang-exploiting-unpatched-Veeam-backup-products Google Authenticator Sync Encryption https://security.googleblog.com/2023/04/google-authenticator-now-supports.html Keycloak Vulnerability https://out.reddit.com/t3_130km04?url=https%3A%2F%2Fwww.offensity.com%2Fen%2Fblog%2Fuser-impersonation-via-stolen-uuid-code-in-keycloak-cve-2023-0264%2F&token=AQAAjSdLZJTzQM37107hVzYY-tbz6ak81pMNqN...
Apr 28, 2023•6 min•Ep 8474•Transcript available on Metacast Strolling Through Cyberspace and Hunting for Phishing Sites https://isc.sans.edu/diary/Strolling%20through%20Cyberspace%20and%20Hunting%20for%20Phishing%20Sites/29780 RSA Panel: Five most dangerous new attack techniques https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques SANS.edu Research Journal https://www.sans.edu/cyber-security-research...
Apr 27, 2023•6 min•Ep 8472•Transcript available on Metacast Calculating CVSS Scores with ChatGPT https://isc.sans.edu/diary/Calculating%20CVSS%20Scores%20with%20ChatGPT/29774 Amplifying SLP Traffic https://www.bitsight.com/blog/new-high-severity-vulnerability-cve-2023-29552-discovered-service-location-protocol-slp Insecure Default Configuration in Apache Superset https://www.horizon3.ai/cve-2023-27524-insecure-default-configuration-in-apache-superset-leads-to-remote-code-execution/ SLP Amplification; Apache Superset RCE; PoC Exploit for Sophos Web Applic...
Apr 26, 2023•6 min•Ep 8470•Transcript available on Metacast Aukill EDR Killer Malware Abuses Process Explorer Driver https://news.sophos.com/en-us/2023/04/19/aukill-edr-killer-malware-abuses-process-explorer-driver/ Papercut Vulnerability Deep Dive https://www.horizon3.ai/papercut-cve-2023-27350-deep-dive-and-indicators-of-compromise Solarwinds Patches https://documentation.solarwinds.com/en/success_center/orionplatform/content/release_notes/solarwinds_platform_2023-2_release_notes.htm Schneider Electric Update https://download.schneider-electric.com/fil...
Apr 25, 2023•6 min•Ep 8468•Transcript available on Metacast Management of DMARC control for email impersonation fo domains in the .co TLD https://isc.sans.edu/forums/diary/Management+of+DMARC+control+for+email+impersonation+of+domains+in+the+co+TLD+part+1/29768/ X_Trader Supply Chain Attack Fallout https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/xtrader-3cx-supply-chain Car Hacking with Old Nokia Phones https://www.vice.com/en/article/v7beyj/car-thieves-tech-hidden-old-nokia-phones-bluetooth-speakers-emergency-engine-start-keyles...
Apr 24, 2023•6 min•Ep 8466•Transcript available on Metacast Taking a Bite Out of Password Expiry Helpdesk Calls https://isc.sans.edu/diary/Taking%20a%20Bite%20Out%20of%20Password%20Expiry%20Helpdesk%20Calls/29758 3CX Software Supply Chain Compromise https://www.mandiant.com/resources/blog/3cx-software-supply-chain-compromise Google Ghost Tokens https://astrix.security/ghosttoken-exploiting-gcp-application-infrastructure-to-create-invisible-unremovable-trojan-app-on-google-accounts/ PyPi Trusted Publishers https://blog.pypi.org/posts/2023-04-20-introducin...
Apr 21, 2023•7 min•Ep 8464•Transcript available on Metacast Yet Another Google Chrome 0-Day https://chromereleases.googleblog.com/2023/04/stable-channel-update-for-desktop_18.html Oracle Critical Patch Update April 2023 https://www.oracle.com/security-alerts/cpuapr2023.html Github Provenance Action for npm Packages https://www.theregister.com/2023/04/19/github_actions_npm_origins/ Microsoft Revises Threat Actor Naming https://learn.microsoft.com/de-de/microsoft-365/security/intelligence/microsoft-threat-actor-naming...
Apr 20, 2023•5 min•Ep 8462•Transcript available on Metacast UDDIs Are Back: Attackers Rediscovering Old Exploits. https://isc.sans.edu/diary/UDDIs%20are%20back%3F%20Attackers%20rediscovering%20old%20exploits./29754UDDIExplorer; UDDIExplorer; Russian Attacks against Routers https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-108 Information Leakage on Discarded Routers https://www.welivesecurity.com/2023/04/18/discarded-not-destroyed-old-routers-reveal-corporate-secrets/...
Apr 19, 2023•5 min•Ep 8460•Transcript available on Metacast