Files with TGZ Extension used as malspam attachements https://isc.sans.edu/diary/Files%20with%20TXZ%20extension%20used%20as%20malspam%20attachments/30958 Google 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_23.html Google Stops Trusting Globaltrust CA https://groups.google.com/a/ccadb.org/g/public/c/wRs-zec8w7k/m/G_9QprJ2AQAJ Checkpoint warns of password bruteforcing https://blog.checkpoint.com/security/enhance-your-vpn-security-posture?campaign=checkpoint...
May 28, 2024•6 min•Ep 8998•Transcript available on Metacast Analysis of 'redtail' file uploads to ISC Honeypot https://isc.sans.edu/diary/Analysis%20of%20%3Fredtail%3F%20File%20Uploads%20to%20ICS%20Honeypot%2C%20a%20Multi-Architecture%20Coin%20Miner%20%5BGuest%20Diary%5D/30950 Veeam Vulnerablity https://www.veeam.com/kb4581 C-Root Server Lost Touch With Peers https://arstechnica.com/security/2024/05/dns-glitch-that-threatened-internet-stability-fixed-cause-remains-unclear/ Ivanti Vulnerabilities https://forums.ivanti.com/s/article/Avalanche-6-4-3-602-add...
May 24, 2024•7 min•Ep 8996•Transcript available on Metacast NMAP Scanning Without Scanning - The ipinfo API https://isc.sans.edu/diary/NMAP%20Scanning%20without%20Scanning%20%28Part%202%29%20-%20The%20ipinfo%20API/30948 Why Your WiFi Router Doubles As An Apple Airtag https://krebsonsecurity.com/2024/05/why-your-wi-fi-router-doubles-as-an-apple-airtag/#more-67551 https://account.microsoft.com/privacy/location-services-opt-out https://answers.microsoft.com/en-us/windows/forum/all/wifi-sense-my-ssid-includes-optout-why-do-windows/1453142a-755a-476f-aa48-56d...
May 23, 2024•9 min•Ep 8994•Transcript available on Metacast Scanning without Scanning with nmap https://isc.sans.edu/diary/Scanning%20without%20Scanning%20with%20NMAP%20%28APIs%20FTW%29/30944 iTerm2 Vulnerablities https://vin01.github.io/piptagole/escape-sequences/iterm2/hyper/url-handlers/code-execution/2024/05/21/arbitrary-url-schemes-terminal-emulators.html GitHub Enterprise Vulnerablity CVE-2024-4985 https://nvd.nist.gov/vuln/detail/CVE-2024-4985 BitBucket Pipelines Leaking Secrets https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pi...
May 22, 2024•7 min•Ep 8992•Transcript available on Metacast Analyzing MSG Files https://isc.sans.edu/diary/Analyzing%20MSG%20Files/30940 Linguistic Lumberjack: Fluent Bit Vulnerability CVE-2024-4323 https://www.tenable.com/blog/linguistic-lumberjack-attacking-cloud-services-via-logging-endpoints-fluent-bit-cve-2024-4323 Fortinet FortiSIEM Command Injection Deep-Dive CVE-2023-23992 https://www.horizon3.ai/attack-research/cve-2023-34992-fortinet-fortisiem-command-injection-deep-dive/ Git Vulnerability CVE-2024-32002 PoC https://amalmurali.me/posts/git-rce/...
May 21, 2024•6 min•Ep 8990•Transcript available on Metacast Another PDF Streams Example: Extracting JPEGs https://isc.sans.edu/diary/Another%20PDF%20Streams%20Example%3A%20Extracting%20JPEGs/30924 QNAP QTS QNAPping At the Wheel https://labs.watchtowr.com/qnap-qts-qnapping-at-the-wheel-cve-2024-27130-and-friends/ May 2024 Security Update Problems with Windows 2019 https://learn.microsoft.com/en-us/windows/release-health/status-windows-10-1809-and-windows-server-2019#3299msgdesc Dlink Vulnerabilities Exploited https://www.cisa.gov/news-events/alerts/2024/0...
May 20, 2024•6 min•Ep 8988•Transcript available on Metacast Why yq? Adventurs in XML https://isc.sans.edu/diary/Why%20yq%3F%20%20Adventures%20in%20XML/30930 Black Basta Uses Quick Assist https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/ Various Chrome 0-Day Vulnerabilities https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_15.html Android Theft Protection Improvement https://blog.google/products/android/android-theft-protection/ Cr...
May 17, 2024•5 min•Ep 8986•Transcript available on Metacast Got MFA? If not, now is the time! https://isc.sans.edu/diary/Got%20MFA%3F%20%20If%20not%2C%20Now%20is%20the%20Time!/30926 SSID Confusion: Making Wi-Fi Clients Connect to the Wrong Network CVE-2023-52424 https://www.top10vpn.com/assets/2024/05/Top10VPN-x-Vanhoef-SSID-Confusion.pdf FIDO2 MitM Session Hijacking https://www.silverfort.com/blog/using-mitm-to-bypass-fido2/?web_view=true#but-first-some-background...
May 16, 2024•6 min•Ep 8984•Transcript available on Metacast Microsoft Patches https://isc.sans.edu/diary/Microsoft%20May%202024%20Patch%20Tuesday/30920 Detecting Bluetooth Trackers https://security.googleblog.com/2024/05/google-and-apple-deliver-support-for.html Adobe Patches https://helpx.adobe.com/security/products/acrobat/apsb24-29.html VMWare Updates https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24280 Revoking Vulnerability Windows Boot Managers https://techcommunity.microsoft.com/t5/windows...
May 15, 2024•8 min•Ep 8982•Transcript available on Metacast Apple Updates Everything https://isc.sans.edu/diary/Apple%20Patches%20Everything%3A%20macOS%2C%20iOS%2C%20iPadOS%2C%20watchOS%2C%20tvOS%20updated./30916 Juniper OpenSSH Update https://supportportal.juniper.net/s/article/2024-05-Reference-Advisory-Junos-OS-and-Junos-OS-Evolved-Multiple-CVEs-reported-in-OpenSSH?language=en_US Malicious Go Binary Delivered via Steganography in PyPi https://blog.phylum.io/malicious-go-binary-delivered-via-steganography-in-pypi/...
May 14, 2024•6 min•Ep 8980•Transcript available on Metacast DNS Suffixes on Windows https://isc.sans.edu/diary/DNS%20Suffixes%20on%20Windows/30912 Black Basta Ransomware Advisory https://www.cisa.gov/news-events/cybersecurity-advisories/aa24-131a Possible Exploitation of Arcserve Unified Data Protection Vuln https://digital.nhs.uk/cyber-alerts/2024/cc-4487 Chrome Patches 0-Day https://chromereleases.googleblog.com/2024/05/stable-channel-update-for-desktop_9.html Solarwinds ARM Vulnerablities https://documentation.solarwinds.com/en/success_center/arm/cont...
May 13, 2024•6 min•Ep 8978•Transcript available on Metacast Analyzing PDF Streams https://isc.sans.edu/diary/Analyzing%20PDF%20Streams/30908 F5 Next Central Manager Vulnerabilities https://eclypsium.com/blog/big-vulnerabilities-in-next-gen-big-ip/ Veeam Patches https://www.veeam.com/kb4441 https://www.veeam.com/kb4509 Citrix Hypervisor Security Update CVE-2024-31497 https://support.citrix.com/article/CTX633416/citrix-hypervisor-security-update-for-cve202431497...
May 10, 2024•6 min•Ep 8976•Transcript available on Metacast Analzying Synology Disks https://isc.sans.edu/diary/Analyzing%20Synology%20Disks%20on%20Linux/30904 RSA Panel https://www.rsaconference.com/usa/agenda/session/The%20Five%20Most%20Dangerous%20New%20Attack%20Techniques%20You%20Need%20to%20Know%20About SANS.edu Research Journal https://www.sans.edu/cyber-security-research...
May 09, 2024•6 min•Ep 8974•Transcript available on Metacast Detecting XFinity/Comcast DNS Spoofing https://isc.sans.edu/diary/Detecting%20XFinity%20Comcast%20DNS%20Spoofing/30898 Weblogic PoC CVE-2024-21006 https://pwnull.github.io/2024/oracle%20weblogic%20CVE-2024-21006%20Double-JNDInjection%20RCE%20analyze/ https://github.com/momika233/CVE-2024-21006 PDF.js React PDF Vulnerablity https://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/ Tinyproxy Response https://github.com/tinyproxy/tiny...
May 08, 2024•8 min•Ep 8972•Transcript available on Metacast DHCP Based VPN Routing Leaks https://www.leviathansecurity.com/blog/tunnelvision Mullvad VPN DNS Traffic Leak https://mullvad.net/en/blog/dns-traffic-can-leak-outside-the-vpn-tunnel-on-android Tiny Proxy Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2023-1889...
May 07, 2024•6 min•Ep 8970•Transcript available on Metacast DNS Debugging with nslookup https://isc.sans.edu/diary/nslookups+Debug+Options/30894/ Microsoft Plans DNS Lockdown https://techcommunity.microsoft.com/t5/networking-blog/announcing-zero-trust-dns-private-preview/ba-p/4110366 Microsoft Graph API Abuse https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/graph-api-threats SANSFIRE SEC522 Defending Web Applications https://www.sans.org/cyber-security-training-events/sansfire-2024/...
May 06, 2024•6 min•Ep 8968•Transcript available on Metacast https://isc.sans.edu/diary/Scans%20Probing%20for%20LB-Link%20and%20Vinga%20WR-AC1200%20routers%20CVE-2023-24796/30890 Scans Probing for LB-Link and Vinga WR-AC1200 routers CVE-2023-24796 Buffer Overflow Vulnerabilities in ArubaOS https://www.arubanetworks.com/support-services/security-bulletins/ The Cuttlefish Malware https://blog.lumen.com/eight-arms-to-hold-you-the-cuttlefish-malware/...
May 03, 2024•6 min•Ep 8966•Transcript available on Metacast Linux Trojan - Xorddos with Filename eyshcjdmzg https://isc.sans.edu/diary/Linux%20Trojan%20-%20Xorddos%20with%20Filename%20eyshcjdmzg/30880 AWS S3 Denial of Wallet Amplification Attack https://medium.com/@maciej.pocwierz/how-an-empty-s3-bucket-can-make-your-aws-bill-explode-934a383cb8b1 https://blog.limbus-medtec.com/the-aws-s3-denial-of-wallet-amplification-attack-bc5a97cc041d EU iOS Safari Allows User Tracking https://www.mysk.blog/2024/04/28/safari-tracking/ BentoML Critical Deserialization ...
May 02, 2024•7 min•Ep 8964•Transcript available on Metacast Another Day, Another NAS: Attacks against Zyxel NAS326 Devices CVE-2023-4473, CVE-2023-4474 https://isc.sans.edu/diary/Another%20Day%2C%20Another%20NAS%3A%20Attacks%20against%20Zyxel%20NAS326%20devices%20CVE-2023-4473%2C%20CVE-2023-4474/30884 R-Bitrary Code Execution: Vulnearbility in R's Deserialization https://hiddenlayer.com/research/r-bitrary-code-execution/ Coordinated Docker Hub Attacks using Malicious Repositories https://jfrog.com/blog/attacks-on-docker-with-millions-of-malicious-reposit...
May 01, 2024•7 min•Ep 8962•Transcript available on Metacast DLink NAS Exploit Variation https://www.qnap.com/en/security-advisory/qsa-24-09 Muddling Meerkat DNS Abuse https://blogs.infoblox.com/threat-intelligence/a-cunning-operator-muddling-meerkat-and-chinas-great-firewall/ Android TV Data Leakage https://www.youtube.com/watch?v=QiyBXXO8QpA https://www.404media.co/android-tvs-can-expose-user-email-inboxes/ SEC522: SANSFIRE https://www.sans.org/cyber-security-courses/application-security-securing-web-apps-api-microservices/ SEC522 Demo (requires free ac...
Apr 30, 2024•7 min•Ep 8960•Transcript available on Metacast Okta warns of increase in credential stuffing https://sec.okta.com/blockanonymizers Fake payment cards used by Police in Japan https://twitter.com/vxunderground/status/1783522097425211887 Phishing Campaigns Targeting USPS https://www.akamai.com/blog/security-research/phishing-usps-malicious-domains-traffic-equal-to-legitimate-traffic Chrome 124 Breaks TLS Handshake https://www.reddit.com/r/sysadmin/comments/1carvpd/chrome_124_breaks_tls_handshake/...
Apr 29, 2024•7 min•Ep 8958•Transcript available on Metacast Does it matter if iptables isn't running on my honeypot? https://isc.sans.edu/forums/diary/Does%20it%20matter%20if%20iptables%20isn't%20running%20on%20my%20honeypot%3F/30862/ Unplugging PlugX: Singholing the PlugX USB worm botnet https://blog.sekoia.io/unplugging-plugx-sinkholing-the-plugx-usb-worm-botnet/ pfSense Updates https://docs.netgate.com/advisories/index.html GitLab Updates https://about.gitlab.com/releases/2024/04/24/patch-release-gitlab-16-11-1-released/ Matthew Alan Vorhees: Preventi...
Apr 26, 2024•20 min•Ep 8956•Transcript available on Metacast API Rug Pull - The NIST NVD Database and API https://isc.sans.edu/diary/API%20Rug%20Pull%20-%20The%20NIST%20NVD%20Database%20and%20API%20%28Part%204%20of%203%29/30868 Cisco Patches Vulnerabilities and Discovers Arcane Backdoor https://blog.talosintelligence.com/arcanedoor-new-espionage-focused-campaign-found-targeting-perimeter-network-devices/ Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal...
Apr 25, 2024•6 min•Ep 8954•Transcript available on Metacast Struts2 devmode Still a Problem Ten Years Later https://isc.sans.edu/forums/diary/Struts%20%22devmode%22%3A%20Still%20a%20problem%20ten%20years%20later%3F/30866/ Analyzing Forest Blizard's Custom Post-Compromise Tool for exploiting CVE-2022-38028 https://www.microsoft.com/en-us/security/blog/2024/04/22/analyzing-forest-blizzards-custom-post-compromise-tool-for-exploiting-cve-2022-38028-to-obtain-credentials/ April 2024 Exchange Server Hotfix Update https://techcommunity.microsoft.com/t5/exchange...
Apr 24, 2024•6 min•Ep 8952•Transcript available on Metacast Number of Industrial Devices Accessible From Internet Up 30 Thousand over three years https://isc.sans.edu/diary/It%20appears%20that%20the%20number%20of%20industrial%20devices%20accessible%20from%20the%20internet%20has%20risen%20by%2030%20thousand%20over%20the%20past%20three%20years/30860 Evil XDR: Turning an XDR into an Offensive Tool https://www.darkreading.com/application-security/evil-xdr-researcher-turns-palo-alto-software-into-perfect-malware GitLab Comment Bug https://www.bleepingcomputer...
Apr 23, 2024•6 min•Ep 8950•Transcript available on Metacast The CVE's They are A-Changing https://isc.sans.edu/diary/The%20CVE%27s%20They%20are%20A-Changing!/30850 CrushFTP 0-Day Vulnerability https://www.crushftp.com/crush11wiki/Wiki.jsp?page=Update https://www.reddit.com/r/crowdstrike/comments/1c88788/situational_awareness_20240419_crushftp_virtual/ GitHub Comment Bug Used to Distribute Malware https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ YubiKey Manager Privilege Escalation https://www....
Apr 22, 2024•6 min•Ep 8948•Transcript available on Metacast Delinea Secret Server Authn Authz Bypass https://straightblast.medium.com/all-your-secrets-are-belong-to-us-a-delinea-secret-server-authn-authz-bypass-adc26c800ad3 Ivanti Avalanche Poc/Details https://www.tenable.com/security/research/tra-2024-10 Advanced Phishing Campaign https://www.lookout.com/threat-intelligence/article/cryptochameleon-fcc-phishing-kit Hashicorp go-getter update CVE-2024-3817 https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-w...
Apr 19, 2024•5 min•Ep 8946•Transcript available on Metacast Malicious PDF File As Delivery Mechanism https://isc.sans.edu/diary/Malicious%20PDF%20File%20Used%20As%20Delivery%20Mechanism/30848 Updated Palo Alto Networks GlobalProtect Guidance https://security.paloaltonetworks.com/CVE-2024-3400 Coordinated Social Engineering Takeovers of Open Source Projects; https://openssf.org/blog/2024/04/15/open-source-security-openssf-and-openjs-foundations-issue-alert-for-social-engineering-takeovers-of-open-source-projects/ OpenMetaData Attacks https://www.microsoft...
Apr 18, 2024•5 min•Ep 8944•Transcript available on Metacast Palo Alto Networks GlobalProtect exploit public and widely exploited CVE-2024-3400 https://isc.sans.edu/forums/diary/Palo%20Alto%20Networks%20GlobalProtect%20exploit%20public%20and%20widely%20exploited%20CVE-2024-3400/30844/ Putty Private Key Recovery https://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-p521-bias.html Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuapr2024.html Ivanti Avalanche MDM Patches https://forums.ivanti.com/s/article/Avalanche-6-4-3-Sec...
Apr 17, 2024•6 min•Ep 8942•Transcript available on Metacast Quick Palo Alto Networks Global Protect Vulnerablity Update CVE-2024-3400 https://isc.sans.edu/diary/30838 Delinea patches critical vulnerability in secret manager https://trust.delinea.com/?tcuUid=17aaf4ef-ada9-46d5-bf97-abd3b07daae3 Lancom Windows Setup Assistant May Reset Password https://www.lancom-systems.com/service-support/general-security-information PHP Patches https://seclists.org/oss-sec/2024/q2/113 Duo SMS and VoiP Logs Leaked https://app.securitymsp.cisco.com/e/es?e=2785&eid=opguvrs...
Apr 16, 2024•6 min•Ep 8940•Transcript available on Metacast