Scanning for Confluence CVE-2022-26134 https://isc.sans.edu/diary/Scanning%20for%20Confluence%20CVE-2022-26134/30704 Exploiting CSP Wildcards for Google Domains https://attackshipsonfi.re/p/exploiting-csp-wildcards-for-google Silver SAML: Golden SAML in the Cloud https://www.semperis.com/blog/meet-silver-saml/...
Mar 04, 2024•5 min•Ep 8878•Transcript available on Metacast Dissecting DarkGate: Module Malware Delivery and Persistence as a Service https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Dissecting%20DarkGate%3A%20Modular%20Malware%20Delivery%20and%20Persistence%20as%20a%20Service./30700 Ivanti Incident Response Update https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-060b Github Flooded with Infected Repos https://apiiro.com/blog/malicious-code-campaign-github-repo-confusion-attack Security Flaws in NoName Doorbell Cameras https://www.consumerr...
Mar 01, 2024•6 min•Ep 8876•Transcript available on Metacast Exploit Attempts for Unknown Password Reset Vulnerability https://isc.sans.edu/diary/Exploit%20Attempts%20for%20Unknown%20Password%20Reset%20Vulnerability/30698 StopRansomware: Updated ALPHV Blackcat Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-353a GlobalBlock Service To Prevent Trademark abuse https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/...
Feb 29, 2024•6 min•Ep 8874•Transcript available on Metacast Take Downs and the Rest of Us: Do they matter? https://isc.sans.edu/diary/Take%20Downs%20and%20the%20Rest%20of%20Us%3A%20Do%20they%20matter%3F/30694 Joint Cybersecurity Advisory https://www.ic3.gov/Media/News/2024/240227.pdf SVR Cyber Actors Adapt Tactics for Initial Cloud Access https://www.ncsc.gov.uk/news/svr-cyber-actors-adapt-tactics-for-initial-cloud-access Data Scientists Targeted by Malicious Hugging Face ML Models with Silent Backdoor https://jfrog.com/blog/data-scientists-targeted-by-m...
Feb 28, 2024•6 min•Ep 8872•Transcript available on Metacast Utilizing the VirusTotal API to Query Files Uploaded to the DShield Honeypot https://isc.sans.edu/diary/Utilizing%20the%20VirusTotal%20API%20to%20Query%20Files%20Uploaded%20to%20DShield%20Honeypot%20%5BGuest%20Diary%5D/30688 New WiFi Authentication Vulnerabilities Discovered https://www.top10vpn.com/research/wifi-vulnerabilities/ Subdomain Takeover Spam https://labs.guard.io/subdomailing-thousands-of-hijacked-major-brand-subdomains-found-bombarding-users-with-millions-a5e5fb892935...
Feb 27, 2024•6 min•Ep 8870•Transcript available on Metacast Update MGLNDD * Scans https://isc.sans.edu/forums/diary/Update%3A%20MGLNDD_*%20Scans/30686/ Simple Anti-Sandbox Technique: Where's the Mouse https://isc.sans.edu/diary/Simple%20Anti-Sandbox%20Technique%3A%20Where%27s%20The%20Mouse%3F/30684 Security Vulnerabilities in Apex Code Could Leak Salesforce Data https://www.varonis.com/blog/apex-code-vulnerabilities IBM Operation Decision Manager Exploit CVE-2024-22319 CVE-2024-22320 https://labs.watchtowr.com/double-k-o-rce-in-ibm-operation-decision-man...
Feb 26, 2024•6 min•Ep 8868•Transcript available on Metacast Friend, Foe or Something In Between https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Friend%2C%20foe%20or%20something%20in%20between%3F%20The%20grey%20area%20of%20%27security%20research%27/30670 Large AT&T Wireless Network Outage https://isc.sans.edu/diary/Large%20AT%26T%20Wireless%20Network%20Outage%20%23att%20%23outage/30680 Connect Wise Screenconnect Userd by LockBit https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/ SSH Snake Abused in ...
Feb 23, 2024•6 min•Ep 8866•Transcript available on Metacast Phishing Pages Hosted on Archive.org https://isc.sans.edu/forums/diary/Phishing%20pages%20hosted%20on%20archive.org/30676/ ScreenConnect Authentication Bypass Exploit CVE-2024-1709 CVE-2024-1708) https://www.huntress.com/blog/a-catastrophe-for-control-understanding-the-screenconnect-authentication-bypass iMessage with PQ3 https://security.apple.com/blog/imessage-pq3/...
Feb 22, 2024•7 min•Ep 8864•Transcript available on Metacast Python InfoStealer Wtih Dynamic Sandbox Detection https://isc.sans.edu/diary/Python%20InfoStealer%20With%20Dynamic%20Sandbox%20Detection/30668 Connectwise Screenconnect Vulnerabilities https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8 Remove VMWare Enhanced Authentication Plugin (EAP) VE-2024-22245 CVE-2024-22250 https://kb.vmware.com/s/article/96442 Voltage Noise to Manipulate Wireless Chargers https://arxiv.org/pdf/2402.11423.pdf...
Feb 21, 2024•6 min•Ep 8862•Transcript available on Metacast Old Mirai New Exploits https://isc.sans.edu/diary/Mirai-Mirai%20On%20The%20Wall...%20%5BGuest%20Diary%5D/30658 KeyTrap PoC Exploit https://github.com/knqyf263/CVE-2023-50387 Google Open Sources Magika File ID System https://opensource.googleblog.com/2024/02/magika-ai-powered-fast-and-efficient-file-type-identification.html Exploiting Unsynchronised Clocks https://attackshipsonfi.re/p/exploiting-unsynchonised-clocks...
Feb 20, 2024•6 min•Ep 8860•Transcript available on Metacast SolarWinds Security Advisories https://documentation.solarwinds.com/en/success_center/arm/content/release_notes/arm_2023-2-3_release_notes.htm Google Chrome Adds Private Network Checks https://chromestatus.com/feature/4869685172764672 Gold Factory iOS Trojan https://www.group-ib.com/blog/goldfactory-ios-trojan/...
Feb 19, 2024•8 min•Ep 8858•Transcript available on Metacast USPS Anchors Snowballing Smishing Campaigns https://www.sentinelone.com/labs/sns-sender-active-campaigns-unleash-messaging-spam-through-the-cloud/ Linux Issuing CVEs http://www.kroah.com/log/blog/2024/02/13/linux-is-a-cna/ Analyzing Pulse Secure Firmware and Bypassing Integrity Checking https://eclypsium.com/blog/flatlined-analyzing-pulse-secure-firmware-and-bypassing-integrity-checking/ Jennifer Walker: Detecting Rogue Ethernet Switches Using Layer 1 Techniques https://www.sans.edu/cyber-resear...
Feb 16, 2024•13 min•Ep 8856•Transcript available on Metacast Guest Diary: Learning by Doing An Interative Adventure in Troubleshooting https://isc.sans.edu/diary/%5BGuest%20Diary%5D%20Learning%20by%20doing%3A%20Iterative%20adventures%20in%20troubleshooting/30648 Snap Trap: The Hidden Dangers within Ubuntu's Package Suggestion System https://www.aquasec.com/blog/snap-trap-the-hidden-dangers-within-ubuntus-package-suggestion-system/ The Risks of the Monikerlink Bug in Microsoft Outlook https://research.checkpoint.com/2024/the-risks-of-the-monikerlink-bug-in...
Feb 15, 2024•6 min•Ep 8854•Transcript available on Metacast Microsoft Patch Tuesday https://isc.sans.edu/diary/Microsoft%20February%202024%20Patch%20Tuesday/30646 DNSSEC DoS Vulnerability CVE-2023-50387 https://www.presseportal.de/pm/173495/5713546 Zoom Desktop Client Vuln https://www.zoom.com/en/trust/security-bulletin QNAP Vulnerablity https://www.qnap.com/de-de/security-advisory/qsa-23-57 https://unit42.paloaltonetworks.com/qnap-qts-firmware-cve-2023-50358/...
Feb 14, 2024•6 min•Ep 8852•Transcript available on Metacast Exploit Against Unnamed BYTEVALUE Router Vulnerablity Included in Mirai https://isc.sans.edu/diary/Exploit%20against%20Unnamed%20%22Bytevalue%22%20router%20vulnerability%20included%20in%20Mirai%20Bot/30642 Senior Executives Targeted in Ongoing Azure Account Takeover https://www.darkreading.com/cloud-security/senior-executives-targeted-ongoing-azure-account-takeover CISA Parners With OpenSSF To Secure Software Repositories https://www.cisa.gov/news-events/alerts/2024/02/08/cisa-partners-openssf-s...
Feb 13, 2024•6 min•Ep 8850•Transcript available on Metacast MSIX With Heaviliy Obfuscated PowerShell Script https://isc.sans.edu/diary/MSIX%20With%20Heavily%20Obfuscated%20PowerShell%20Script/30636 Too Many Honeypots https://vulncheck.com/blog/too-many-honeypots ClamAV Command Injection Vulnerability CVE-2024-20328 https://amitschendel.github.io/vulnerabilites/CVE-2024-20328/ ExpressVPN DNS Leaks https://www.expressvpn.com/blog/windows-app-dns-requests/...
Feb 12, 2024•6 min•Ep 8848•Transcript available on Metacast A Python MP3 Player With Builtin Keylogger Capability https://isc.sans.edu/diary/A%20Python%20MP3%20Player%20with%20Builtin%20Keylogger%20Capability/30632 Fake LastPass App in Apple App Store https://blog.lastpass.com/2024/02/warning-fraudulent-app-impersonating-lastpass-currently-available-in-apple-app-store/ Ivanti XXE Vulnerability https://forums.ivanti.com/s/article/CVE-2024-22024-XXE-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure FortiOS sslvpnd vulnerability https://www.fortiguard.com/...
Feb 09, 2024•6 min•Ep 8846•Transcript available on Metacast Anybody knows what this URL is about? Maybe Balena API request? https://isc.sans.edu/forums/diary/Anybody%20knows%20that%20this%20URL%20is%20about%3F%20Maybe%20Balena%20API%20request%3F/30628/ Critical shim vulnerability and patch https://github.com/rhboot/shim/releases/tag/15.8 Volt Typhoon Lessons Learned https://www.cisa.gov/resources-tools/resources/identifying-and-mitigating-living-land-techniques...
Feb 08, 2024•5 min•Ep 8844•Transcript available on Metacast Computer viruses are celebrating their 40th birthday (well, 54th, really) https://isc.sans.edu/diary/Computer%20viruses%20are%20celebrating%20their%2040th%20birthday%20%28well%2C%2054th%2C%20really%29/30624 Three million malware-infected smart toothbrushes used in Swiss DDoS attacks https://www.tomshardware.com/networking/three-million-malware-infected-smart-toothbrushes-used-in-swiss-ddos-attacks-botnet-causes-millions-of-euros-in-damages Critical Security Issue Affecting TeamCity On-Premises C...
Feb 07, 2024•7 min•Ep 8842•Transcript available on Metacast Public Information and Email Spam https://isc.sans.edu/diary/Public+Information+and+Email+Spam/30620/ Anydesk Update https://www.bleepingcomputer.com/news/security/anydesk-says-hackers-breached-its-production-servers-reset-passwords/ https://www.bsi.bund.de/SharedDocs/Cybersicherheitswarnungen/DE/2024/2024-213655-1032.pdf Ivanti POC For CVE-2024-21893 https://attackerkb.com/topics/FGlK1TVnB2/cve-2024-21893/rapid7-analysis Deepfake Exploits https://www.scmp.com/news/hong-kong/law-and-crime/articl...
Feb 06, 2024•6 min•Ep 8840•Transcript available on Metacast DShield Sensor Log Collection with Elasticsearch https://isc.sans.edu/forums/diary/DShield%20Sensor%20Log%20Collection%20with%20Elasticsearch/30616/ Anydesk Breach https://anydesk.com/en/public-statement Leaky Vessels https://snyk.io/blog/leaky-vessels-docker-runc-container-breakout-vulnerabilities/...
Feb 05, 2024•6 min•Ep 8838•Transcript available on Metacast What is a Top Level Domain https://isc.sans.edu/forums/diary/What%20is%20a%20%22Top%20Level%20Domain%22%3F/30612/ Updated CISA Ivanti Policy https://www.cisa.gov/news-events/directives/supplemental-direction-v1-ed-24-01-mitigate-ivanti-connect-secure-and-ivanti-policy-secure Cloudflare Publishes Breach Details https://blog.cloudflare.com/thanksgiving-2023-security-incident Vision Pro Update https://support.apple.com/en-us/HT214070...
Feb 02, 2024•7 min•Ep 8836•Transcript available on Metacast The Fun and Dangers of Top Level Domains (TLDs) https://isc.sans.edu/diary/The%20Fun%20and%20Dangers%20of%20Top%20Level%20Domains%20%28TLDs%29/30608 Ivanti Releases Patches and New Vulnerabilities https://forums.ivanti.com/s/article/CVE-2024-21888-Privilege-Escalation-for-Ivanti-Connect-Secure-and-Ivanti-Policy-Secure?language=en_US glibc syslog() vulnerablity https://www.qualys.com/2024/01/30/cve-2023-6246/syslog.txt modsecurity WAF bypass https://owasp.org/www-project-modsecurity/tab_cves#cve-...
Feb 01, 2024•6 min•Ep 8834•Transcript available on Metacast What did I say to make you stop talking to me https://isc.sans.edu/diary/What%20did%20I%20say%20to%20make%20you%20stop%20talking%20to%20me%3F/30604 Identification of a top-level domain for private use https://itp.cdn.icann.org/en/files/root-system/identification-tld-private-use-24-01-2024-en.pdf Juniper Patches Patching https://supportportal.juniper.net/s/article/2024-01-Out-of-Cycle-Security-Bulletin-Junos-OS-SRX-Series-and-EX-Series-Multiple-vulnerabilities-in-J-Web-have-been-addressed?languag...
Jan 31, 2024•7 min•Ep 8832•Transcript available on Metacast Exploit Flare Up Against Older Atlassian Confluence Vulnerability https://isc.sans.edu/diary/Exploit%20Flare%20Up%20Against%20Older%20Altassian%20Confluence%20Vulnerability/30600 Malicious Python Packages install Infostealer https://www.fortinet.com/blog/threat-research/info-stealing-packages-hidden-in-pypi Linux ICMPv6 Router Adv. RCE https://access.redhat.com/security/cve/cve-2023-6200...
Jan 30, 2024•6 min•Ep 8830•Transcript available on Metacast A Batch File With Multiple Payloads https://isc.sans.edu/diary/A%20Batch%20File%20With%20Multiple%20Payloads/30592 fritz.box domain used to advertise NFTs https://www.heise.de/news/Verwirrend-Internet-Domain-fritz-box-zeigt-NFT-Galerie-statt-Router-Verwaltung-9610149.html Jenkins CVE-2024-23897 PoC https://github.com/gquere/pwn_jenkins/blob/master/README.md#jenkins-cli-arbitrary-read-cve-2024-23897-applies-to-versions-below-2442-and-lts-24263 Malicious Google Ads Target Chinese Users https://www...
Jan 29, 2024•7 min•Ep 8828•Transcript available on Metacast Fecebook AdsManager Targeted by a Python Infostealer https://isc.sans.edu/diary/Facebook%20AdsManager%20Targeted%20by%20a%20Python%20Infostealer/30590 Privacy Concerns about Apple Push Notifications https://twitter.com/mysk_co/status/1750502700112916504 https://www.youtube.com/watch?v=4ZPTjGG9t7s Inside a Global Phone Spy Tool Monitoring Billions https://www.404media.co/inside-global-phone-spy-tool-patternz-nuviad-real-time-bidding/...
Jan 26, 2024•6 min•Ep 8826•Transcript available on Metacast How Bad User Interfaces Make Security Tools Harmful https://isc.sans.edu/diary/How%20Bad%20User%20Interfaces%20Make%20Security%20Tools%20Harmful/30586 Sys:All Loophole Alloed Us to Penetrate GKE Clusters in Production https://orca.security/resources/blog/sys-all-google-kubernetes-engine-risk-example/ Automotive Pwn2Own https://www.zerodayinitiative.com/blog/2024/1/23/pwn2own-automotive-2024-the-full-schedule Android Keystroke Injection Vulnerability Exploit https://www.mobile-hacker.com/2024/01/...
Jan 25, 2024•5 min•Ep 8824•Transcript available on Metacast Update on Atlassian Exploit Activity https://isc.sans.edu/forums/diary/Update%20on%20Atlassian%20Exploit%20Activity%20/30582/ POC For Fortra GoAnywhere MFT Authentication Bypass CVE-2024-0204 https://www.horizon3.ai/cve-2024-0204-fortra-goanywhere-mft-authentication-bypass-deep-dive/ Baracuda Web Application Firewall https://campus.barracuda.com/product/webapplicationfirewall/doc/102888530/security-advisory/ GitGot: GitHub leveraged by cybercriminals to store stolen data https://www.reversinglab...
Jan 24, 2024•6 min•Ep 8822•Transcript available on Metacast Apple Updates Everything https://isc.sans.edu/forums/diary/Apple%20Updates%20Everything%20-%20New%200%20Day%20in%20WebKit/30578/ Atlassian Confluence RCE Vulnerability Exploits CVE-2023-22527 https://isc.sans.edu/forums/diary/Scans%20Exploit%20Attempts%20for%20Atlassian%20Confluence%20RCE%20Vulnerability%20CVE-2023-22527/30576/ Updated Ivanti Mitigation Advise https://forums.ivanti.com/s/article/KB-CVE-2023-46805-Authentication-Bypass-CVE-2024-21887-Command-Injection-for-Ivanti-Connect-Secure-an...
Jan 23, 2024•7 min•Ep 8820•Transcript available on Metacast