SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) Podcast Republic

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

By Johannes B. Ullrich

Listen to a podcast, please open Podcast Republic app. Available on Google Play Store.

Category: Tech News

Open in Apple Podcasts

Open RSS feed

Open Website

Rate for this podcast

Subscribers: 1194
Reviews: 7

Jun 16, 2022

Aug 1, 2021

May 13, 2021

May 2, 2020

Jan 10, 2019

Description

Daily update on current cyber security threats

Episode	Date
ISC StormCast for Thursday, June 30th, 2022 6:45 https://traffic.libsyn.com/securitypodcast/8070.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 61099596740 https://traffic.libsyn.com/securitypodcast/8070.mp3 Its New Phone Day: Time to Migrate Your MFA https://isc.sans.edu/forums/diary/Its+New+Phone+Day+Time+to+migrate+your+MFA/28800/ Managing Human Risk Security Awareness Report https://go.sans.org/lp-wp-2022-sans-security-awareness-report Microsoft Azure Service Fabric Container Elevation of Privilege Vulnerability https://unit42.paloaltonetworks.com/fabricscape-cve-2022-30137/#The-Vulnerability https://msrc.microsoft.com/update-guide/vulnerability/CVE-2022-30137 Zimbra RCE Vulnerability https://blog.sonarsource.com/zimbra-pre-auth-rce-via-unrar-0day/ FBI Warns of Deep Fakes Beeing Used in Job Interviews https://www.ic3.gov/Media/Y2022/PSA220628	Jun 30, 2022
ISC StormCast for Wednesday, June 29th, 2022 5:48 https://traffic.libsyn.com/securitypodcast/8068.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 61018335308 https://traffic.libsyn.com/securitypodcast/8068.mp3 Possible Scans for HiByMusic Devices https://isc.sans.edu/forums/diary/Possible+Scans+for+HiByMusic+Devices/28796/ OpenSSL Heap Overflow https://guidovranken.com/2022/06/27/notes-on-openssl-remote-memory-corruption/ https://github.com/openssl/openssl/issues/18625#issuecomment-1165012549 ZuoRat MalwareHijacking Home Office Routers https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/	Jun 29, 2022
ISC StormCast for Tuesday, June 28th, 2022 6:30 https://traffic.libsyn.com/securitypodcast/8066.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60942655586 https://traffic.libsyn.com/securitypodcast/8066.mp3 Encrypted Client Hello: Anybody Using it Yet? https://isc.sans.edu/forums/diary/Encrypted+Client+Hello+Anybody+Using+it+Yet/28792/ Jenkins Advisory https://www.jenkins.io/security/advisory/2022-06-22/ Instagram Age Verification https://about.fb.com/news/2022/06/new-ways-to-verify-age-on-instagram/ CodeSys V2 Vulnerability https://github.com/ic3sw0rd/Codesys_V2_Vulnerability	Jun 28, 2022
ISC StormCast for Monday, June 27th, 2022 7:51 https://traffic.libsyn.com/securitypodcast/8064.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60857310838 https://traffic.libsyn.com/securitypodcast/8064.mp3 Python Abusing the Windows GUI https://isc.sans.edu/forums/diary/Python+abusing+The+Windows+GUI/28780/ Malicious Code Passed to PowerShell via the Clipboard https://isc.sans.edu/forums/diary/Malicious+Code+Passed+to+PowerShell+via+the+Clipboard/28784/ Attacking With WebView2 Applications https://mrd0x.com/attacking-with-webview2-applications/ Bronze Starlight Ransomware Operations Use Hui Loaders https://www.secureworks.com/research/bronze-starlight-ransomware-operations-use-hui-loader Novel Exploit Detected in Mitel VoIP Appliance https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29499	Jun 27, 2022
ISC StormCast for Thursday, June 23rd, 2022 5:31 https://traffic.libsyn.com/securitypodcast/8062.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60529189717 https://traffic.libsyn.com/securitypodcast/8062.mp3 Malicious PowerShell Targeting Cryptocurrency Browser Extensions https://isc.sans.edu/forums/diary/Malicious+PowerShell+Targeting+Cryptocurrency+Browser+Extensions/28772/ Keeping PowerShell: Security Measures to Use and Embrace https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF Client-Side Magecart Attacks Still Around, But More Covert https://blog.malwarebytes.com/threat-intelligence/2022/06/client-side-magecart-attacks-still-around-but-more-covert/ Chinese actor takes aim, armed with Nim Language and Bizarro AES https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/ Israeli Air Raid Sirens Hacked https://twitter.com/Israel_Cyber/status/1538821467785265153	Jun 23, 2022
ISC StormCast for Wednesday, June 22nd, 2022 6:16 https://traffic.libsyn.com/securitypodcast/8060.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60442306724 https://traffic.libsyn.com/securitypodcast/8060.mp3 Experimental New Domain / Domain Age API https://isc.sans.edu/forums/diary/Experimental+New+Domain+Domain+Age+API/28770/ Forescout Vedere Labs Discovers 56 OT Vulnerabilities https://www.forescout.com/resources/ot-icefall-report/ Cloudflare Outage https://blog.cloudflare.com/cloudflare-outage-on-june-21-2022/ Does Acrobat Reader Unload Injection of Security Products https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products 7-Zip Mark-of-the-Web Support https://www.7-zip.org/history.txt	Jun 22, 2022
ISC StormCast for Tuesday, June 21st, 2022 5:43 https://traffic.libsyn.com/securitypodcast/8058.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60355445860 https://traffic.libsyn.com/securitypodcast/8058.mp3 Odd TCP Fast Open Packets https://isc.sans.edu/forums/diary/Odd+TCP+Fast+Open+Packets+Anybody+understands+why/28766/ DFSCoerce NTLM Relay Attack https://github.com/Wh04m1001/DFSCoerce https://support.microsoft.com/en-us/topic/kb5005413-mitigating-ntlm-relay-attacks-on-active-directory-certificate-services-ad-cs-3612b773-4043-4aa9-b23d-b87910cd3429 Windows Emergency Update Fixes Microsoft 365 Issues on ARM Devices https://www.bleepingcomputer.com/news/microsoft/windows-emergency-update-fixes-microsoft-365-issues-on-arm-devices/ Safari Vulnerability Analysis https://googleprojectzero.blogspot.com/2022/06/an-autopsy-on-zombie-in-wild-0-day.html Internet Explorer Remnants Still an Issue https://www.darkreading.com/vulnerabilities-threats/internet-explorer-will-likely-remain-an-attacker-target-for-some-time	Jun 21, 2022
ISC StormCast for Monday, June 20th, 2022 8:34 https://traffic.libsyn.com/securitypodcast/8056.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60269113981 https://traffic.libsyn.com/securitypodcast/8056.mp3 Critical Vulnerability in Splunk Enterprise Deployment Server Functionality https://isc.sans.edu/forums/diary/Critical+vulnerability+in+Splunk+Enterprises+deployment+server+functionality/28760/ Malspam Pushes Matanbuchus Malware Leads to Cobalt Strike https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/ Proofpoint Discovers Potentially Dangerous Office 365 Functionality https://www.proofpoint.com/us/blog/cloud-security/proofpoint-discovers-potentially-dangerous-microsoft-office-365-functionality	Jun 20, 2022
ISC StormCast for Friday, June 17th, 2022 5:56 https://traffic.libsyn.com/securitypodcast/8054.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 60020115839 https://traffic.libsyn.com/securitypodcast/8054.mp3 Houdini is Back Delivered Through a JavaScript Dropper https://isc.sans.edu/forums/diary/Houdini+is+Back+Delivered+Through+a+JavaScript+Dropper/28746/ Drifting Cloud: Zero-Day Sophos Firewall Exploitation https://www.volexity.com/blog/2022/06/15/driftingcloud-zero-day-sophos-firewall-exploitation-and-an-insidious-breach/ Exploiting a Heap Overflow in the FreeBSD Wi-Fi Stack https://www.zerodayinitiative.com/blog/2022/6/15/cve-2022-23088-exploiting-a-heap-overflow-in-the-freebsd-wi-fi-stack Cisco Email Security Appliance and Cisco Secure Email and Web Manager https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sma-esa-auth-bypass-66kEcxQD Analyzing the Fastjson "Auto Type Bypass" RCE vulnerability https://jfrog.com/blog/cve-2022-25845-analyzing-the-fastjson-auto-type-bypass-rce-vulnerability/	Jun 17, 2022
ISC StormCast for Thursday, June 16th, 2022 5:57 https://traffic.libsyn.com/securitypodcast/8052.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59932962956 https://traffic.libsyn.com/securitypodcast/8052.mp3 Terraforming Honeypots: Using IaaC & Cloud to Attract Attacks https://isc.sans.edu/forums/diary/Terraforming+Honeypots+Installing+DShield+Sensors+in+the+Cloud/28748/ Zimbra Email - Stealing Clear=Text Credenitals via Memcache Injection https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/ Cloud Middleware Dataset https://github.com/wiz-sec/cloud-middleware-dataset CVE-2022-26937 Windows Network File System NLM Portmap Stack Buffer Overflow https://www.zerodayinitiative.com/blog/2022/6/7/cve-2022-26937-microsoft-windows-network-file-system-nlm-portmap-stack-buffer-overflow Citrix Application Delivery Management Security Bulletin https://support.citrix.com/article/CTX460016/citrix-application-delivery-management-security-bulletin-for-cve202227511-and-cve202227512 Hardcoded Backdoor User and Outdated Software Components in Nexans FTTO GigaSwitch https://sec-consult.com/vulnerability-lab/advisory/hardcoded-backdoor-user-outdated-software-components-nexans-ftto-gigaswitch/	Jun 16, 2022
ISC StormCast for Wednesday, June 15th, 2022 7:05 https://traffic.libsyn.com/securitypodcast/8050.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59843709073 https://traffic.libsyn.com/securitypodcast/8050.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2022+Patch+Tuesday/28742/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html SynLapse Vulnerability https://orca.security/resources/blog/synlapse-critical-azure-synapse-analytics-service-vulnerability/ Hertzbleed Attack https://www.hertzbleed.com	Jun 15, 2022
ISC StormCast for Tuesday, June 14th, 2022 5:48 https://traffic.libsyn.com/securitypodcast/8048.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59753063155 https://traffic.libsyn.com/securitypodcast/8048.mp3 Translating Saitama's DNS Tunneling https://isc.sans.edu/forums/diary/Translating+Saitamas+DNS+tunneling+messages/28738/ Travis CI Logs Expose Users to Cyber Attacks https://blog.aquasec.com/travis-ci-security Linux Threat Hunting: "Syslogk" a kernel rootkit found under development in the wild https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/ Mitel Desk Phone Backdoor https://blog.syss.com/posts/rooting-mitel-desk-phones-through-the-backdoor/	Jun 14, 2022
ISC StormCast for Monday, June 13th, 2022 6:21 https://traffic.libsyn.com/securitypodcast/8046.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59665804716 https://traffic.libsyn.com/securitypodcast/8046.mp3 EPSScall: An Exploit Prediction Scoring System App https://isc.sans.edu/forums/diary/EPSScall+An+Exploit+Prediction+Scoring+System+App/28732/ PACMan Attack https://pacmanattack.com https://twitter.com/wdormann/status/1535245913857351680 Carrier LenelS2 HID Mercury access panel vulnerability https://www.cisa.gov/uscert/ics/advisories/icsa-22-153-01 Malicious Python Modules https://www.bleepingcomputer.com/news/security/pypi-package-keep-mistakenly-included-a-password-stealer/	Jun 13, 2022
ISC StormCast for Friday, June 10th, 2022 8:34 https://traffic.libsyn.com/securitypodcast/8044.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59414495589 https://traffic.libsyn.com/securitypodcast/8044.mp3 TA570 QBot attempts to exploit CVE-2022-30190 (Follina) https://isc.sans.edu/forums/diary/TA570+Qakbot+Qbot+tries+CVE202230190+Follina+exploit+msmsdt/28728/ Analysis of a Facebook Phishing Campaign https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/ Zyxel Security Advisory https://www.zyxel.com/support/Zyxel-security-advisory-for-CRLF-injection-vulnerability-in-some-legacy-firewalls.shtml Fujitsu Centricstor Vulnerability https://research.nccgroup.com/2022/05/27/technical-advisory-fujitsu-centricstor-control-center-v8-1-unauthenticated-command-injection/ Meeting Owl Vulnerablities https://www.modzero.com/static/meetingowl/Meeting_Owl_Pro_Security_Disclosure_Report_RELEASE.pdf	Jun 10, 2022
ISC StormCast for Thursday, June 9th, 2022 5:55 https://traffic.libsyn.com/securitypodcast/8042.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59329727159 https://traffic.libsyn.com/securitypodcast/8042.mp3 SANS RSA Panel (sorry, video no longer available) Atlassian Confluence Attacks https://isc.sans.edu/forums/diary/Atlassian+Confluence+Exploits+Seen+By+Our+Honeypots+CVE202226134/28722/ Fake CClenaer Malvertisements https://blog.avast.com/fakecrack-campaign Weakness in Verbatim Keypad Secure USB Drive https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/	Jun 09, 2022
ISC StormCast for Wednesday, June 8th, 2022 5:34 https://traffic.libsyn.com/securitypodcast/8040.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59279522860 https://traffic.libsyn.com/securitypodcast/8040.mp3 The Trouble With Microsoft's Troubleshooters https://irsl.medium.com/the-trouble-with-microsofts-troubleshooters-6e32fc80b8bd QBot Uses Follina https://twitter.com/threatinsight/status/1534227444915482625 Deadbolt Ransomware https://www.trendmicro.com/en_us/research/22/f/closing-the-door-deadbolt-ransomware-locks-out-vendors-with-mult.html Google Android Updates https://source.android.com/security/bulletin/2022-06-01?hl=en	Jun 08, 2022
ISC StormCast for Tuesday, June 7th, 2022 6:18 https://traffic.libsyn.com/securitypodcast/8038.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59176048844 https://traffic.libsyn.com/securitypodcast/8038.mp3 MS-MSDT RTF Maldocs Analysis oledump Plugins https://isc.sans.edu/forums/diary/msmsdt+RTF+Maldoc+Analysis+oledump+Plugins/28718/ Cybercriminals Exploit Reverse Tunnel Services and URL Shorteners https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/ Unpatched Horde Webmail Bug https://blog.sonarsource.com/horde-webmail-rce-via-email/ Clickstudio (Passwordstate) Code Signing Cert Used by Follina Malware https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/	Jun 07, 2022
ISC StormCast for Monday, June 6th, 2022 5:28 https://traffic.libsyn.com/securitypodcast/8036.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 59076837673 https://traffic.libsyn.com/securitypodcast/8036.mp3 Sandbox Evasion... With Just a Filename! https://isc.sans.edu/forums/diary/Sandbox+Evasion+With+Just+a+Filename/28708/ Atlassian Exploit Released https://www.rapid7.com/blog/post/2022/06/02/active-exploitation-of-confluence-cve-2022-26134/ GitLab Critical Security Release https://about.gitlab.com/releases/2022/06/01/critical-security-release-gitlab-15-0-1-released/ U-Boot Vulnerablities https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/ Unisoc Baseband Chip Vulnerability https://research.checkpoint.com/2022/vulnerability-within-the-unisoc-baseband/	Jun 06, 2022
ISC StormCast for Friday, June 3rd, 2022 6:00 https://traffic.libsyn.com/securitypodcast/8034.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58859334367 https://traffic.libsyn.com/securitypodcast/8034.mp3 Quick Answers in Incident Response RECmd.exe https://isc.sans.edu/forums/diary/Quick+Answers+in+Incident+Response+RECmdexe/28706/ Zero-Day Exploitation of Atlassian Confluence https://www.volexity.com/blog/2022/06/02/zero-day-exploitation-of-atlassian-confluence/ https://confluence.atlassian.com/doc/confluence-security-advisory-2022-06-02-1130377146.html Korenix Technology JetPort Backdoor https://sec-consult.com/vulnerability-lab/advisory/backdoor-account-in-korenix-technology-jetport-series/ Elasticsearch Data Wiped https://www.secureworks.com/blog/unsecured-elasticsearch-data-replaced-with-ransom-note	Jun 03, 2022
ISC StormCast for Thursday, June 2nd, 2022 5:55 https://traffic.libsyn.com/securitypodcast/8032.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58766648573 https://traffic.libsyn.com/securitypodcast/8032.mp3 HTML Phishing Attachments - Now With Anti-Analysis Features https://isc.sans.edu/forums/diary/HTML+phishing+attachments+now+with+antianalysis+features/28702/ Unofficial Patch for CVE-2022-30190 (Follina) https://blog.0patch.com/2022/06/free-micropatches-for-follina-microsoft.html Windows Search Vulnerability https://www.bleepingcomputer.com/news/security/new-windows-search-zero-day-added-to-microsoft-protocol-nightmare/ Call Forwarding Used to Compromise WhatsApp Accounts https://www.linkedin.com/posts/fb1h2s_beware-here-is-how-whatsapp-accounts-are-activity-6934386561048264704-NnFf/?utm_source=linkedin_share&utm_medium=member_desktop_web Badkeys in Fuji Xerox and Canon Printers https://fermatattack.secvuln.info	Jun 02, 2022
ISC StormCast for Wednesday, June 1st, 2022 5:18 https://traffic.libsyn.com/securitypodcast/8030.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58649933478 https://traffic.libsyn.com/securitypodcast/8030.mp3 Follina Update https://isc.sans.edu/forums/diary/First+Exploitation+of+Follina+Seen+in+the+Wild/28698/ https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme+CVE202230190/28694/ Open Automation Software Platform Vulnerability https://blog.talosintelligence.com/2022/05/vuln-spotlight-open-automation-platform.html Over 3.6 million MySQL servers found exposed on the Internet https://www.bleepingcomputer.com/news/security/over-36-million-mysql-servers-found-exposed-on-the-internet/	Jun 01, 2022
ISC StormCast for Tuesday, May 31st, 2022 7:47 https://traffic.libsyn.com/securitypodcast/8028.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58540242679 https://traffic.libsyn.com/securitypodcast/8028.mp3 New Microsoft Office Attack Vector via "ms-msdt" Protocol Scheme https://isc.sans.edu/forums/diary/New+Microsoft+Office+Attack+Vector+via+msmsdt+Protocol+Scheme/28694/	May 30, 2022
ISC StormCast for Friday, May 27th, 2022 15:40 https://traffic.libsyn.com/securitypodcast/8026.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58222966405 https://traffic.libsyn.com/securitypodcast/8026.mp3 Huge Signed PE Files https://isc.sans.edu/forums/diary/Huge+Signed+PE+File/28686/ VMWare Authentication Bypass PoC https://www.horizon3.ai/vmware-authentication-bypass-vulnerability-cve-2022-22972-technical-deep-dive/ Quanta Server BMC Vulnerability https://eclypsium.com/2022/05/26/quanta-servers-still-vulnerable-to-pantsdown/ Windows 11 and Server 2022 Update Prevent Trend Micro Ransomware Protection https://success.trendmicro.com/dcx/s/solution/000291066?language=en_US Nate Street: Advancing SIEM Log Management Strategies through Vendor-Agnostic Measurement https://www.sans.edu/cyber-research/38685/	May 27, 2022
ISC StormCast for Thursday, May 26th, 2022 5:09 https://traffic.libsyn.com/securitypodcast/8024.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58136809805 https://traffic.libsyn.com/securitypodcast/8024.mp3 Using NMAP to Assess Hosts in Load Balanced Clusters https://isc.sans.edu/forums/diary/Using+NMAP+to+Assess+Hosts+in+Load+Balanced+Clusters/28682/ Attacker Modifying Libraries Claims "Research" https://www.bleepingcomputer.com/news/security/hacker-says-hijacking-libraries-stealing-aws-keys-was-ethical-research/ Heroku GitHub Integration Re-Enabled Again https://blog.heroku.com/github-integration-update Serious security vulnerablity in Tails 5.0 https://tails.boum.org/security/prototype_pollution/index.en.html Google Chrome Update https://chromereleases.googleblog.com/2022/05/stable-channel-update-for-desktop_24.html	May 26, 2022
ISC StormCast for Wednesday, May 25th, 2022 5:18 https://traffic.libsyn.com/securitypodcast/8022.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 58050261152 https://traffic.libsyn.com/securitypodcast/8022.mp3 ctx Python Library Updated with "Extra" Features https://isc.sans.edu/forums/diary/ctx+Python+Library+Updated+with+Extra+Features/28678/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare Exploit About to Be Released https://twitter.com/Horizon3Attack/status/1528935531333177344 Zyxel Firewalls, AP Controllers, APs Patch https://www.zyxel.com/support/multiple-vulnerabilities-of-firewalls-AP-controllers-and-APs.shtml	May 25, 2022
ISC StormCast for Tuesday, May 24th, 2022 5:26 https://traffic.libsyn.com/securitypodcast/8020.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57961580674 https://traffic.libsyn.com/securitypodcast/8020.mp3 Attacker Scanning for jQuery-File-Upload https://isc.sans.edu/forums/diary/Attacker+Scanning+for+jQueryFileUpload/28674/ Oracle Security Alert Advisory - CVE-2022-21500 https://www.oracle.com/security-alerts/alert-cve-2022-21500.html How to find NPM dependencies vulnerable to account hijacking https://www.theregister.com/2022/05/23/npm_dependencies_vulnerable/ Pre-hijacked accounts https://arxiv.org/pdf/2205.10174.pdf	May 24, 2022
ISC StormCast for Monday, May 23rd, 2022 6:10 https://traffic.libsyn.com/securitypodcast/8018.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57865697224 https://traffic.libsyn.com/securitypodcast/8018.mp3 A "Zip Bomb" to Bypass Security Controls & Sandboxes https://isc.sans.edu/forums/diary/A+Zip+Bomb+to+Bypass+Security+Controls+Sandboxes/28670/ Cisco IOS XR Software Health Check Open Port Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxr-redis-ABJyE5xK pwn2own Vancouver 2022 Results https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results#three Malicious PyPi Packages Drop Cobalt Strike https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux Security Advisory for BR200, BR500 and PSV-2021-0286 https://kb.netgear.com/000064712/Security-Advisory-for-Multiple-Security-Vulnerabilities-on-BR200-and-BR500-PSV-2021-0286	May 23, 2022
ISC StormCast for Friday, May 20th, 2022 6:01 https://traffic.libsyn.com/securitypodcast/8016.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57604620403 https://traffic.libsyn.com/securitypodcast/8016.mp3 Bumblebee Malware from TransferXL URLs https://isc.sans.edu/forums/diary/Bumblebee+Malware+from+TransferXL+URLs/28664/ Microsoft Out-of-Band Update fixes Authentication Issues https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#you-might-see-authentication-failures-on-the-server-or-client-for-services Sonicwall Patch for SMA 1000 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0010 QNAP NAS Deadbolt Ransomware https://www.qnap.com/en/security-news/2022/take-immediate-actions-to-secure-qnap-nas-and-update-qts-to-the-latest-available-version 380,000 open Kubernetes API Servers https://www.shadowserver.org/news/over-380-000-open-kubernetes-api-servers/ Doj Annnounces New Polciy for Charging Cases under the Computer Fraud and Abuse Act https://www.justice.gov/opa/pr/department-justice-announces-new-policy-charging-cases-under-computer-fraud-and-abuse-act	May 20, 2022
ISC StormCast for Thursday, May 19th, 2022 6:48 https://traffic.libsyn.com/securitypodcast/8014.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57524876252 https://traffic.libsyn.com/securitypodcast/8014.mp3 VMWare Flaws https://core.vmware.com/vmsa-2022-0014-questions-answers-faq https://blog.barracuda.com/2022/05/17/threat-spotlight-attempts-to-exploit-new-vmware-vulnerabilities/ Tesla BLE Proximity Authentication Vulnerable to Relay Attacks https://research.nccgroup.com/2022/05/15/technical-advisory-ble-proximity-authentication-vulnerable-to-relay-attacks/ Credit Card Scraping via Malicious PHP Code https://www.ic3.gov/Media/News/2022/220516.pdf Microsoft updating Delegated Admin Privileges https://docs.microsoft.com/en-gb/partner-center/announcements/2022-may#13	May 19, 2022
ISC StormCast for Wednesday, May 18th, 2022 6:09 https://traffic.libsyn.com/securitypodcast/8012.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57521807130 https://traffic.libsyn.com/securitypodcast/8012.mp3 Use Your Browser Internal Password Vault... or Not? https://isc.sans.edu/forums/diary/Use+Your+Browser+Internal+Password+Vault+or+Not/28658/ SQL Server Brute Forcing https://twitter.com/MsftSecIntel/status/1526680337216114693 UpdateAgent Adapts Again https://www.jamf.com/blog/updateagent-adapts-again/ Updated Exploited Vulnerabilities https://www.cisa.gov/uscert/ncas/current-activity/2022/05/10/cisa-adds-one-known-exploited-vulnerability-catalog	May 18, 2022
ISC StormCast for Tuesday, May 17th, 2022 6:18 https://traffic.libsyn.com/securitypodcast/8010.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57521652338 https://traffic.libsyn.com/securitypodcast/8010.mp3 Apple Patches Everything https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28654/ Evil Never Sleeps: When Wireless Malware Stays on After Turning Off iPhones https://arxiv.org/pdf/2205.06114.pdf Third-Party Web Trackers Log What You Type Before Submitting https://homes.esat.kuleuven.be/~asenol/leaky-forms/	May 17, 2022
ISC StormCast for Monday, May 16th, 2022 6:26 https://traffic.libsyn.com/securitypodcast/8008.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57521545055 https://traffic.libsyn.com/securitypodcast/8008.mp3 From 0-Day to Mirai: 7 days of BIG-IP Exploits https://isc.sans.edu/forums/diary/From+0Day+to+Mirai+7+days+of+BIGIP+Exploits/28644/ Sonicwall Vulnerabilities Patched https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0009 Zonealarm Patch https://www.zonealarm.com/software/extreme-security/release-history Taking over npm account https://thehackerblog.com/zero-days-without-incident-compromising-angular-via-expired-npm-publisher-email-domains-7kZplW4x/	May 16, 2022
ISC StormCast for Friday, May 13th, 2022 4:58 https://traffic.libsyn.com/securitypodcast/8006.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57521356452 https://traffic.libsyn.com/securitypodcast/8006.mp3 When Get-WebRequest Fails You https://isc.sans.edu/forums/diary/When+GetWebRequest+Fails+You/28640/ HP PC BIOS Security Updates https://support.hp.com/us-en/document/ish_6184733-6184761-16/hpsbhf03788 INTEL BIOS Advisory https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00601.html Zyxel RCE Vulnerability https://www.rapid7.com/blog/post/2022/05/12/cve-2022-30525-fixed-zyxel-firewall-unauthenticated-remote-command-injection/	May 13, 2022
ISC StormCast for Thursday, May 12th, 2022 5:33 https://traffic.libsyn.com/securitypodcast/8004.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57487118042 https://traffic.libsyn.com/securitypodcast/8004.mp3 TA578 Using Thread-Hijacked Emails to Push ISO Files for Bumblebee Malware https://isc.sans.edu/forums/diary/TA578+using+threadhijacked+emails+to+push+ISO+files+for+Bumblebee+malware/28636/ Google Drive Emerges as Top App for Malware Downloads https://www.helpnetsecurity.com/2022/05/11/malicious-pdf-search-engines/ Vanity URL Abuse https://www.varonis.com/blog/url-spoofing npm Supply Chain Attack Turns Out to be Part of Penetration Test https://jfrog.com/blog/npm-supply-chain-attack-targets-german-based-companies/	May 12, 2022
ISC StormCast for Wednesday, May 11th, 2022 5:32 https://traffic.libsyn.com/securitypodcast/8002.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57384537167 https://traffic.libsyn.com/securitypodcast/8002.mp3 Microsoft May 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2022+Patch+Tuesday/28632/ Adobe Updates https://helpx.adobe.com/security/security-bulletin.html npm "foreach" package domain takeover https://www.theregister.com/2022/05/10/security_npm_email/	May 11, 2022
ISC StormCast for Tuesday, May 10th, 2022 5:51 https://traffic.libsyn.com/securitypodcast/8000.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57277532496 https://traffic.libsyn.com/securitypodcast/8000.mp3 Octopus Backdoor is Back with a New Embedded Obfuscated Bat File https://isc.sans.edu/forums/diary/Octopus+Backdoor+is+Back+with+a+New+Embedded+Obfuscated+Bat+File/28628/#comments CVE-2022-1388 (BIG-IP) Exploits https://twitter.com/sans_isc/status/1523741896707043328 https://github.com/horizon3ai/CVE-2022-1388 Trend Micro False Positive Aftermath https://success.trendmicro.com/dcx/s/solution/000290966?language=en_US Microsoft Azure https://orca.security/resources/blog/azure-synapse-analytics-security-advisory/ https://msrc-blog.microsoft.com/2022/05/09/vulnerability-mitigated-in-the-third-party-data-connector-used-in-azure-synapse-pipelines-and-azure-data-factory-cve-2022-29972/	May 10, 2022
ISC StormCast for Monday, May 9th, 2022 5:53 https://traffic.libsyn.com/securitypodcast/7998.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 57175835789 https://traffic.libsyn.com/securitypodcast/7998.mp3 F5 BIG-IP Unauthenticated RCE Vulnerability (CVE-2022-1388) https://isc.sans.edu/forums/diary/F5+BIGIP+Unauthenticated+RCE+Vulnerability+CVE20221388/28624/ QNAP QVR Update https://www.qnap.com/de-de/security-advisory/qsa-22-07 Raspberry Robin Worm https://redcanary.com/blog/raspberry-robin/ rubygems CVE-2022-29176 explained https://greg.molnar.io/blog/rubygems-cve-2022-29176/ What is the simples malware in the world? https://isc.sans.edu/forums/diary/What+is+the+simplest+malware+in+the+world/28620/	May 09, 2022
ISC StormCast for Friday, May 6th, 2022 5:36 https://traffic.libsyn.com/securitypodcast/7996.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56878603448 https://traffic.libsyn.com/securitypodcast/7996.mp3 Password-protected Excel Spreadsheet Pushes Remcos RAT https://isc.sans.edu/forums/diary/Passwordprotected+Excel+spreadsheet+pushes+Remcos+RAT/28616/ Microsoft, Apple, Google Accelated FIDO Standard Implementation https://www.theregister.com/2022/05/05/microsoft-apple-google-fido/ Heroku Admits Breach https://status.heroku.com/incidents/2413	May 06, 2022
ISC StormCast for Thursday, May 5th, 2022 5:54 https://traffic.libsyn.com/securitypodcast/7994.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56778164477 https://traffic.libsyn.com/securitypodcast/7994.mp3 Finding the Real "Last Patched" Day (Interim Version) https://isc.sans.edu/forums/diary/Finding+the+Real+Last+Patched+Day+Interim+Version/28610/ Fake Windows Updates Install Ransomware https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ Vulnerablities in Ransomware https://www.malvuln.com Heroku Forces Password Reset https://status.heroku.com/incidents/2413 Cisco Patches Enterprise NFV Infrastructure Software https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-NFVIS-MUL-7DySRX9 Big-IP iControl REST Vulnerability https://support.f5.com/csp/article/K23605346	May 05, 2022
ISC StormCast for Wednesday, May 4th, 2022 6:09 https://traffic.libsyn.com/securitypodcast/7992.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56678132275 https://traffic.libsyn.com/securitypodcast/7992.mp3 Some Honeypot Updates https://isc.sans.edu/forums/diary/Some+Honeypot+Updates/28608/ TLStorm 2 - NanoSSL TLS Library Misuse https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/ Unpatched DNS Bug in uClibc and uClibc-ng Library https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-DNS-bug-in-popular-c-standard-library-putting-iot-at-risk/ Abusing Security Software to Sideload PlugX and ShadowPad https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/ Microsoft Edge Update Triggers Trend Micro AV https://success.trendmicro.com/forum/s/question/0D54T00001QDqzgSAD/we-are-getting-this-message-from-every-client-since-several-minutesis-it-a-false-positiv-error-or-do-we-have-a-real-trojaner-problem-	May 04, 2022
ISC StormCast for Tuesday, May 3rd, 2022 5:45 https://traffic.libsyn.com/securitypodcast/7990.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56581649104 https://traffic.libsyn.com/securitypodcast/7990.mp3 Detecting VSTO Office Files with ExifTool https://isc.sans.edu/forums/diary/Detecting+VSTO+Office+Files+With+ExifTool/28604/ The Gmail SMTP Relay Service Exploit https://www.avanan.com/blog/the-gmail-smtp-relay-service-exploit OpenSSF Package Analysis https://openssf.org/blog/2022/04/28/introducing-package-analysis-scanning-open-source-packages-for-malicious-behavior/ M1 Prefetcher Data Leak https://www.prefetchers.info	May 03, 2022
ISC StormCast for Monday, May 2nd, 2022 4:48 https://traffic.libsyn.com/securitypodcast/7988.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56483549013 https://traffic.libsyn.com/securitypodcast/7988.mp3 Using Passive DNS Sources for Reconnaissance and Enumeration https://isc.sans.edu/forums/diary/Using+Passive+DNS+sources+for+Reconnaissance+and+Enumeration/28596/ Microsoft Edge Secure Network https://support.microsoft.com/en-gb/topic/use-the-microsoft-edge-secure-network-to-protect-your-browsing-885472e2-7847-4d89-befb-c80d3dda6318 Sina Weibo Making Users IPs and Location Public https://www.theregister.com/2022/04/29/weibo_location_services_default/ https://weibo.com/u/1934183965?layerid=4763194269108760 SonicWall Global VPN Client DLL Search Order Hijacking https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0036 Zoom Updated https://explore.zoom.us/en/trust/security/security-bulletin/	May 02, 2022
ISC StormCast for Friday, April 29th, 2022 6:18 https://traffic.libsyn.com/securitypodcast/7986.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56191569231 https://traffic.libsyn.com/securitypodcast/7986.mp3 A Day of SMB: What does our SMB/RPC Honeypot see? CVE-2022-26809 https://isc.sans.edu/forums/diary/A+Day+of+SMB+What+does+our+SMBRPC+Honeypot+see+CVE202226809/28594/ Azure PostgreSQL Privilege Escalation https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql/ Security alert: Attack campaign involving stolen OAuth user tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens Netatalk Vulnerability Affecting Synology, QNAP, Others? https://www.synology.com/en-global/security/advisory/Synology_SA_22_06	Apr 29, 2022
ISC StormCast for Thursday, April 28th, 2022 6:07 https://traffic.libsyn.com/securitypodcast/7984.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 56082207634 https://traffic.libsyn.com/securitypodcast/7984.mp3 MITRE ATT&CK v11 https://isc.sans.edu/forums/diary/MITRE+ATTCK+v11+a+small+update+that+can+help+not+just+with+detection+engineering/28590/ Microsoft Special Report: Ukraine https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4Vwwd Linux Privilege Escalation Nimbuspwn https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/ npm Package Planting https://blog.aquasec.com/npm-package-planting	Apr 28, 2022
ISC StormCast for Wednesday, April 27th, 2022 6:22 https://traffic.libsyn.com/securitypodcast/7982.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55984107589 https://traffic.libsyn.com/securitypodcast/7982.mp3 WSO2 Vuln Exploited to Install Crypto Coin Miners https://isc.sans.edu/forums/diary/WSO2+RCE+exploited+in+the+wild/28586/ Core Impact Backdoor Delivered Via VMware Vulnerablity https://blog.morphisec.com/vmware-identity-manager-attack-backdoor VirusTotal Exploit Update https://twitter.com/bquintero/status/1518738072820670464 Emotet Experimenting With New Delivery Techniques https://www.proofpoint.com/us/blog/threat-insight/emotet-tests-new-delivery-techniques	Apr 27, 2022
ISC StormCast for Tuesday, April 26th, 2022 5:59 https://traffic.libsyn.com/securitypodcast/7980.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55880623404 https://traffic.libsyn.com/securitypodcast/7980.mp3 Simple PDF Linking to Malicious Content https://isc.sans.edu/forums/diary/Simple+PDF+Linking+to+Malicious+Content/28582/ VirusTotal Remote Code Execution https://www.cysrc.com/blog/virus-total-blog Apple's Private Relay can Cause the System to Ignore Firewall Rules https://mullvad.net/en/blog/2022/4/25/apples-private-relay-can-cause-the-system-to-ignore-firewall-rules/ Emotet Breaks and Later Fixes Installer https://www.bleepingcomputer.com/news/security/emotet-malware-infects-users-again-after-fixing-broken-installer/	Apr 26, 2022
ISC StormCast for Monday, April 25th, 2022 5:00 https://traffic.libsyn.com/securitypodcast/7978.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55772835669 https://traffic.libsyn.com/securitypodcast/7978.mp3 Analyzing Word Phishing Document https://isc.sans.edu/forums/diary/Analyzing+a+Phishing+Word+Document/28562/ Targeting Roku Streaming Devices https://isc.sans.edu/forums/diary/Are+Roku+Streaming+Devices+Safe+from+Exploitation/28578/ JWT Null Signature Vulnerability PoC https://github.com/DataDog/security-labs-pocs/tree/main/proof-of-concept-exploits/jwt-null-signature-vulnerable-app Expat XML Vulnerabilities https://www.ibm.com/support/pages/node/6573293 Jira Vulnerability https://confluence.atlassian.com/jira/jira-security-advisory-2022-04-20-1115127899.html	Apr 25, 2022
ISC StormCast for Friday, April 22nd, 2022 6:26 https://traffic.libsyn.com/securitypodcast/7976.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55458248855 https://traffic.libsyn.com/securitypodcast/7976.mp3 Multi Cryptocurrency Clipboard Swapper https://isc.sans.edu/forums/diary/MultiCryptocurrency+Clipboard+Swapper/28574/ Amazong Fixes AWS log4j Fix https://aws.amazon.com/security/security-bulletins/AWS-2022-006/ Cisco Fixes https://tools.cisco.com/security/center/publicationListing.x Psychic Signature PoC https://github.com/khalednassar/CVE-2022-21449-TLS-PoC ALAC Audio Decoder Bug https://blog.checkpoint.com/2022/04/21/largest-mobile-chipset-manufacturers-used-vulnerable-audio-decoder-2-3-of-android-users-privacy-around-the-world-were-at-risk/	Apr 22, 2022
ISC StormCast for Thursday, April 21st, 2022 5:45 https://traffic.libsyn.com/securitypodcast/7974.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55349478143 https://traffic.libsyn.com/securitypodcast/7974.mp3 AA Distribution Quakbot (Qbot) infection siwth DarkVNC https://isc.sans.edu/forums/diary/aa+distribution+Qakbot+Qbot+infection+with+DarkVNC+traffic/28568/ Java Psychic Signatures https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/ Snort DoS Vulnerability https://claroty.com/2022/04/14/blog-research-blinding-snort-breaking-the-modbus-ot-preprocessor/	Apr 21, 2022
ISC StormCast for Wednesday, April 20th, 2022 6:15 https://traffic.libsyn.com/securitypodcast/7972.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55238381771 https://traffic.libsyn.com/securitypodcast/7972.mp3 u-boot Password Reset https://isc.sans.edu/forums/diary/Resetting+Linux+Passwords+with+UBoot+Bootloaders/28564/ Oracle CPU https://www.oracle.com/security-alerts/cpuapr2022.html MetaMask iCloud Phishing https://www.bleepingcomputer.com/news/security/hackers-steal-655k-after-picking-metamask-seed-from-icloud-backup/ SMB1 Gone From Windows 11 Home https://techcommunity.microsoft.com/t5/storage-at-microsoft/smb1-now-disabled-by-default-for-windows-11-home-insiders-builds/ba-p/3289473 Lenovo UEFI/BIOS Vulnerability https://support.lenovo.com/us/en/product_security/ps500483-lenovo-system-update-privilege-escalation-vulnerability https://support.lenovo.com/de/de/product_security/LEN-84943	Apr 20, 2022
ISC StormCast for Tuesday, April 19th, 2022 4:56 https://traffic.libsyn.com/securitypodcast/7970.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55128867463 https://traffic.libsyn.com/securitypodcast/7970.mp3 Sysmon's ReigstryEvent (Value Set) and Binary Data https://isc.sans.edu/forums/diary/Sysmons+RegistryEvent+Value+Set/28558/ Ukraine CERT Posts: IcedID and Zimbra Flaw https://cert.gov.ua/article/39606 https://cert.gov.ua/article/39609 New NSO Pegasus Exploit Spotted in the Wild https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/ Unofficial Windows 11 Upgrade Delivers Spyware https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/	Apr 19, 2022
ISC StormCast for Monday, April 18th, 2022 5:36 https://traffic.libsyn.com/securitypodcast/7968.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 55019723441 https://traffic.libsyn.com/securitypodcast/7968.mp3 Office Now Protects You From Malicious ISO Files https://isc.sans.edu/forums/diary/Office+Protects+You+From+Malicious+ISO+Files/28554/ Github Stolen OAUTH User Tokens https://github.blog/2022-04-15-security-alert-stolen-oauth-user-tokens/ Git For Windows Vulnerability https://nvd.nist.gov/vuln/detail/CVE-2022-24765 Cisco Wireless Controller Bug https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-wlc-auth-bypass-JRNhV4fF	Apr 18, 2022
ISC StormCast for Friday, April 15th, 2022 5:28 https://traffic.libsyn.com/securitypodcast/7966.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 54708149132 https://traffic.libsyn.com/securitypodcast/7966.mp3 An Update on CVE-2022-26809 MSRPC Vulnerability - PATCH NOW https://isc.sans.edu/forums/diary/An+Update+on+CVE202226809+MSRPC+Vulnerabliity+PATCH+NOW/28550/ Webcast: https://www.sans.org/webcasts/cve-2022-26809-ms-rpc-vulnerability-analysis/ https://twitter.com/splinter_code/status/1514653941304369153 Google Chrome 0-Day Patch https://chromereleases.googleblog.com/2022/04/stable-channel-update-for-desktop_14.html Cisco Webex Phones Home Audio Telemetry https://wiscprivacy.com/papers/vca_mute.pdf Grafana Enterprise Vulnerabilty https://grafana.com/blog/2022/04/12/grafana-enterprise-8.4.6-released-with-high-severity-security-fix/	Apr 15, 2022
ISC StormCast for Thursday, April 14th, 2022 5:52 https://traffic.libsyn.com/securitypodcast/7964.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 54588683216 https://traffic.libsyn.com/securitypodcast/7964.mp3 How is Ukrainian Internet Holding Up During Russian Invasion https://isc.sans.edu/forums/diary/How+is+Ukrainian+internet+holding+up+during+the+Russian+invasion/28546/ Update on Windows Patches and CVE-2022-26809 https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2022-26809 Adobe Updates https://helpx.adobe.com/security/products/photoshop/apsb22-20.html Apache Struts 2 Update https://cwiki.apache.org/confluence/display/WW/S2-062	Apr 14, 2022
ISC StormCast for Wednesday, April 13th, 2022 6:45 https://traffic.libsyn.com/securitypodcast/7962.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 54489003130 https://traffic.libsyn.com/securitypodcast/7962.mp3 Microsoft April 2022 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2022+Patch+Tuesday/28542/ NGINX Statement To LDAP Weakness https://www.nginx.com/blog/addressing-security-weaknesses-nginx-ldap-reference-implementation/ Attacks on Ukrainian Power Grid https://www.welivesecurity.com/2022/04/12/industroyer2-industroyer-reloaded/	Apr 13, 2022
ISC StormCast for Tuesday, April 12th, 2022 5:59 https://traffic.libsyn.com/securitypodcast/7960.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 54373322536 https://traffic.libsyn.com/securitypodcast/7960.mp3 Spring: It isn't just about Spring4Shell. https://isc.sans.edu/forums/diary/Spring+It+isnt+just+about+Spring4Shell+Spring+Cloud+Function+Vulnerabilities+are+being+probed+too/28538/ Microsoft Windows Autopatch https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-current-and-stay-current-with-windows-autopatch/ba-p/3271839 More npm protestware https://github.com/Yaffle/EventSource/commit/de137927e13d8afac153d2485152ccec48948a7a Raspberry Pi Update https://www.raspberrypi.com/news/raspberry-pi-bullseye-update-april-2022/	Apr 12, 2022
ISC StormCast for Monday, April 11th, 2022 6:15 https://traffic.libsyn.com/securitypodcast/7958.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 54255937336 https://traffic.libsyn.com/securitypodcast/7958.mp3 Misc Spring4Shell Items https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67 https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html https://github.com/AgainstTheWest/NginxDay Russian Certificate Authority Update https://koen.engineer/russias-certificate-authority-for-sanctioned-organizations-645d61af8ac6 Conti Source Code Leak Leads to Copycats https://www.bleepingcomputer.com/news/security/hackers-use-contis-leaked-ransomware-to-attack-russian-companies/	Apr 11, 2022
ISC StormCast for Friday, April 8th, 2022 15:36 https://traffic.libsyn.com/securitypodcast/7956.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53931732619 https://traffic.libsyn.com/securitypodcast/7956.mp3 What is BIMI https://isc.sans.edu/forums/diary/What+is+BIMI+and+how+is+it+supposed+to+help+with+Phishing/28528/ Watchguard Vulnerability behind Cyclops Blink https://techsearch.watchguard.com/KB?type=Article&SFDCID=kA16S000000SOCGSA4&lang=en_US Malware Targeting Amazon Lambdas https://www.cadosecurity.com/cado-discovers-denonia-the-first-malware-specifically-targeting-lambda/ Ashley Taylor: Doppelgaengers: Finding Job Scammers Who Steal Brand Identities https://www.sans.edu/cyber-research/doppelgangers-finding-job-scammers-who-steal-brand-identities/	Apr 08, 2022
ISC StormCast for Thursday, April 7th, 2022 6:18 https://traffic.libsyn.com/securitypodcast/7954.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53821348624 https://traffic.libsyn.com/securitypodcast/7954.mp3 Windows MetaStealer Malware https://isc.sans.edu/forums/diary/Windows+MetaStealer+Malware/28522/ US Justice Depatment Takes Down Cyclops Blink Botnet https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation VMWare Bugs https://www.vmware.com/security/advisories.html Palo Alto CVE-2022-0778 https://security.paloaltonetworks.com/CVE-2022-0778 Unpatched Apple Bug https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/	Apr 07, 2022
ISC StormCast for Wednesday, April 6th, 2022 6:30 https://traffic.libsyn.com/securitypodcast/7952.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53708275865 https://traffic.libsyn.com/securitypodcast/7952.mp3 WebLogic Crypto Miner Malware Disabling Alibaba Cloud Monitoring Tools https://isc.sans.edu/forums/diary/WebLogic+Crypto+Miner+Malware+Disabling+Alibaba+Cloud+Monitoring+Tools/28520/ Cicada: Chinese APT Group Widens Targeting in Recent Espionage Activity https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks New Security Features for Windows 11 https://www.microsoft.com/security/blog/2022/04/05/new-security-features-for-windows-11-will-help-protect-hybrid-work/ Fin7 Power Hour: Adversary Archaeology and Evolution of FIN7 https://www.mandiant.com/resources/evolution-of-fin7	Apr 06, 2022
ISC StormCast for Tuesday, April 5th, 2022 6:13 https://traffic.libsyn.com/securitypodcast/7950.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53597091976 https://traffic.libsyn.com/securitypodcast/7950.mp3 Emptying the Phishtank: Are WordPress Sites the Mosquitoes of the Internet https://isc.sans.edu/forums/diary/Emptying+the+Phishtank+Are+WordPress+sites+the+Mosquitoes+of+the+Internet/28516/ Mailchimp Breach Used to Target Trezor Users https://www.bleepingcomputer.com/news/security/hackers-breach-mailchimps-internal-tools-to-target-crypto-customers/ Proactively Prevent Secret Leaks With GitHub Advanced Security Secret Scanning https://github.blog/2022-04-04-push-protection-github-advanced-security/ TruffleHog v3 https://trufflesecurity.com/blog/introducing-trufflehog-v3 Russian Certificates (chinese article) https://blog.netlab.360.com/review-revoke-russia-ssl-certificates/	Apr 05, 2022
ISC StormCast for Monday, April 4th, 2022 6:19 https://traffic.libsyn.com/securitypodcast/7948.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53488118277 https://traffic.libsyn.com/securitypodcast/7948.mp3 GitLab Critical Security Release https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/ ViaSat KA-SAT Network Cyber Attack https://www.viasat.com/about/newsroom/blog/ka-sat-network-cyber-attack-overview/ MacOS Bug Enables Phishing https://rambo.codes/posts/2022-03-15-how-a-macos-bug-could-have-allowed-for-a-serious-phishing-attack-against-users PHP Supply Chain Attack on PEAR https://blog.sonarsource.com/php-supply-chain-attack-on-pear	Apr 04, 2022
ISC StormCast for Friday, April 1st, 2022 5:35 https://traffic.libsyn.com/securitypodcast/7946.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53177443024 https://traffic.libsyn.com/securitypodcast/7946.mp3 Spring Vulnerability Update - Exploitation Attempts CVE-2022-22965 https://isc.sans.edu/forums/diary/Spring+Vulnerability+Update+Exploitation+Attempts+CVE202222965/28504/ Apple Patches 0 Day Vulnerability https://isc.sans.edu/forums/diary/Apple+Patches+Actively+Exploited+Vulnerability+in+macOS+iOS+and+iPadOS/28506/ Wyze Cam Vulnerabilities https://www.bitdefender.com/files/News/CaseStudies/study/413/Bitdefender-PR-Whitepaper-WCam-creat5991-en-EN.pdf Zyxel Security Advisory https://www.zyxel.com/support/forgery-vulnerabilities-of-select-Armor-home-routers.shtml	Apr 01, 2022
ISC StormCast for Thursday, March 31st, 2022 5:56 https://traffic.libsyn.com/securitypodcast/7944.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 53072542015 https://traffic.libsyn.com/securitypodcast/7944.mp3 Java Springtime Confusion: What Vulnerabilty are We Talking About https://isc.sans.edu/forums/diary/Java+Springtime+Confusion+What+Vulnerability+are+We+Talking+About/28500/ Quickie: Parsing XLSB Documents https://isc.sans.edu/forums/diary/Quickie+Parsing+XLSB+Documents/28496/ Pwning 3CX Phone Management Backends from the Internet https://medium.com/@frycos/pwning-3cx-phone-management-backends-from-the-internet-d0096339dd88	Mar 31, 2022
ISC StormCast for Wednesday, March 30th, 2022 6:44 https://traffic.libsyn.com/securitypodcast/7942.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52969831531 https://traffic.libsyn.com/securitypodcast/7942.mp3 More Fake/Typosquatting Twitter Accounts Asking for Ukraine Cryptocurrency Donations https://isc.sans.edu/forums/diary/More+FakeTyposquatting+Twitter+Accounts+Asking+for+Ukraine+Crytocurrency+Donations/28492/ Mitigating Attacks Against Uninterruptible Power Supply Devices https://www.cisa.gov/sites/default/files/publications/CISA-DOE_Insights-Mitigating_Vulnerabilities_Affecting_Uninterruptible_Power_Supply_Devices_Mar_29.pdf MFA Bypass Attacks https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html Google Advertises Mars Stealer https://blog.morphisec.com/threat-research-mars-stealer Hackers Gaining Power of Subpoena Via Fake "Emergency Data Requests" https://krebsonsecurity.com/2022/03/hackers-gaining-power-of-subpoena-via-fake-emergency-data-requests/	Mar 30, 2022
ISC StormCast for Tuesday, March 29th, 2022 6:04 https://traffic.libsyn.com/securitypodcast/7940.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52862961134 https://traffic.libsyn.com/securitypodcast/7940.mp3 BGP Hijacking of Twitter Prefix by RTComm.ru https://isc.sans.edu/forums/diary/BGP+Hijacking+of+Twitter+Prefix+by+RTCommru/28488/ DDoS Against Sites in Ukraine https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-force-visitors-to-ddos-ukrainian-targets/ Sophos Patches https://www.sophos.com/en-us/security-advisories/sophos-sa-20220325-sfos-rce Sonicwall Patches https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0003 opnsense CARP protocol routing error https://medium.com/sensorfu/firewall-bypass-with-carp-in-packet-filter-c4ed70fb7dd7	Mar 29, 2022
ISC StormCast for Monday, March 28th, 2022 6:16 https://traffic.libsyn.com/securitypodcast/7938.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52762322157 https://traffic.libsyn.com/securitypodcast/7938.mp3 XLSB Files Because Binary is Stealthier Than XML https://isc.sans.edu/forums/diary/XLSB+Files+Because+Binary+is+Stealthier+Than+XML/28476/ Dirty Pipe Container Escape PoC https://www.datadoghq.com/blog/engineering/dirty-pipe-container-escape-poc/ PHP filter_var Shenanigans https://pwning.systems/posts/php_filter_var_shenanigans/ OpenBSD slaacd vuln https://blog.quarkslab.com/heap-overflow-in-openbsds-slaacd-via-router-advertisement.html Google Chrome Update https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop_25.html	Mar 28, 2022
ISC StormCast for Friday, March 25th, 2022 5:56 https://traffic.libsyn.com/securitypodcast/7936.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52454447096 https://traffic.libsyn.com/securitypodcast/7936.mp3 Malware Delivered Through Free Sharing Tool https://isc.sans.edu/forums/diary/Malware+Delivered+Through+Free+Sharing+Tool/28474/ Western Digital PR4100 NAS Vulnerabilty https://research.nccgroup.com/2022/03/24/remote-code-execution-on-western-digital-pr4100-nas-cve-2022-23121/ Crypto malware in patched wallets targeting Android and iOS devices https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/ Lapsus$ Arrest https://www.bbc.com/news/technology-60864283 https://www.bloomberg.com/news/articles/2022-03-23/teen-suspected-by-cyber-researchers-of-being-lapsus-mastermind?sref=ylv224K8 Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide https://www.justice.gov/opa/pr/four-russian-government-employees-charged-two-historical-hacking-campaigns-targeting-critical	Mar 25, 2022
ISC StormCast for Thursday, March 24th, 2022 6:18 https://traffic.libsyn.com/securitypodcast/7934.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52350135884 https://traffic.libsyn.com/securitypodcast/7934.mp3 Mars Stealer https://isc.sans.edu/forums/diary/Arkei+Variants+From+Vidar+to+Mars+Stealer/28468/ Okta Update https://www.okta.com/blog/2022/03/oktas-investigation-of-the-january-2022-compromise/ Microsoft Lapsus$ Update https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/ npm Attack Targeting Azure Developers https://jfrog.com/blog/large-scale-npm-attack-targets-azure-developers-with-malicious-packages/	Mar 24, 2022
ISC StormCast for Wednesday, March 23rd, 2022 7:18 https://traffic.libsyn.com/securitypodcast/7932.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52239068471 https://traffic.libsyn.com/securitypodcast/7932.mp3 Statement by President Biden: What you need to do (or not do) https://isc.sans.edu/forums/diary/Statement+by+President+Biden+What+you+need+to+do+or+not+do/28466/ ASUS Cyclops Blink Advisory https://www.asus.com/content/ASUS-Product-Security-Advisory/ HP Vulnerabilities https://support.hp.com/us-en/document/ish_5948778-5949142-16/hpsbpi03780 Sophos UTM Updates https://www.sophos.com/en-us/security-advisories/sophos-sa-20220321-utm-9710 MacOS GIMMICK Malware https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/ Octa Breached By Lapsus https://www.okta.com/blog/2022/03/updated-okta-statement-on-lapsus/ https://twitter.com/BillDemirkapi/status/1506107157124722690	Mar 23, 2022
ISC StormCast for Tuesday, March 22nd, 2022 7:35 https://traffic.libsyn.com/securitypodcast/7930.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52136350366 https://traffic.libsyn.com/securitypodcast/7930.mp3 Maldoc Cleaned by Anti-Virus https://isc.sans.edu/forums/diary/Maldoc+Cleaned+by+AntiVirus/28460/ Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain IBM Spectrum Protect Update https://www.ibm.com/support/pages/node/6564745 Lapsus$ May have Breached Microsoft https://www.theregister.com/2022/03/21/microsoft_lapsus_breach_probe/ Statement by President Biden on our Nation's Cybersecurity https://www.whitehouse.gov/briefing-room/statements-releases/2022/03/21/statement-by-president-biden-on-our-nations-cybersecurity/	Mar 22, 2022
ISC StormCast for Monday, March 21st, 2022 6:06 https://traffic.libsyn.com/securitypodcast/7928.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 52021617605 https://traffic.libsyn.com/securitypodcast/7928.mp3 Scans for Movable Type Vulnerability (CVE-2021-20837) https://isc.sans.edu/forums/diary/Scans+for+Movable+Type+Vulnerability+CVE202120837/28454/ SolarWinds Advisory: Unauahtneticated Access in Web Help Desk (12.7.5) https://isc.sans.edu/forums/diary/SolarWinds+Advisory+Unauthenticated+Access+in+Web+Help+Desk+1275/28456/ MGLNDD_* Scans https://isc.sans.edu/forums/diary/MGLNDD+Scans/28458/ CAPTCHA Phishing https://www.avanan.com/blog/using-captcha-forms-to-bypass-filters Browser in the Browser Templates https://mrd0x.com/browser-in-the-browser-phishing-attack/	Mar 21, 2022
ISC StormCast for Friday, March 18th, 2022 14:33 https://traffic.libsyn.com/securitypodcast/7926.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 51688661086 https://traffic.libsyn.com/securitypodcast/7926.mp3 npm Package Sabotaged for Belarus/Russian Users https://snyk.io/blog/peacenotwar-malicious-npm-node-ipc-package-vulnerability/ President Zelensky Deepfakes https://twitter.com/ngleicher/status/1504186935291506693 ATM Rootkit https://www.mandiant.com/resources/unc2891-overview Scanner for Backdoored Mikrotik Routers https://github.com/microsoft/routeros-scanner SANS.edu Student: Ron Grohman; Network Access Control and ICS: A Practical Guide https://www.sans.edu/cyber-research/network-access-control-and-ics-a-practical-guide/	Mar 18, 2022
ISC StormCast for Thursday, March 17th, 2022 5:32 https://traffic.libsyn.com/securitypodcast/7924.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 51555783187 https://traffic.libsyn.com/securitypodcast/7924.mp3 Qakbot Infection With Cobalt Strike and VNC Activity https://isc.sans.edu/forums/diary/Qakbot+infection+with+Cobalt+Strike+and+VNC+activity/28448/ Gh0stCringe RAT Being Distributed to Vulnerable Database Servers https://asec.ahnlab.com/en/32572/ dompdf 0 day https://positive.security/blog/dompdf-rce OpenSSL DoS Vulnerability https://www.openssl.org/news/secadv/20220315.txt	Mar 17, 2022
ISC StormCast for Wednesday, March 16th, 2022 5:06 https://traffic.libsyn.com/securitypodcast/7922.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 51439680084 https://traffic.libsyn.com/securitypodcast/7922.mp3 Clean Binaries with Suspicious Behaviour https://isc.sans.edu/forums/diary/Clean+Binaries+with+Suspicious+Behaviour/28444/ Misconfigured Multi-Factor Authentication Abused https://www.cisa.gov/uscert/ncas/alerts/aa22-074a German Office of Information Security Warns Kaspersky Users https://www.bsi.bund.de/DE/Service-Navi/Presse/Pressemitteilungen/Presse2022/220315_Kaspersky-Warnung.html Caddy Wiper Targeting Ukraine https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/ Fake Antivirus Targeting Ukraine https://twitter.com/malwrhunterteam/status/1502302718140035080 B1txor20 DNS Tunnel Backdoor https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/	Mar 16, 2022
ISC StormCast for Tuesday, March 15th, 2022 5:40 https://traffic.libsyn.com/securitypodcast/7920.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 51333269760 https://traffic.libsyn.com/securitypodcast/7920.mp3 Apple Updates Everything https://isc.sans.edu/forums/diary/Apple+Updates+Everything+MacOS+123+XCode+133+tvOS+154+watchOS+85+iPadOS+154+and+more/28438/ Look Alike Accounts Used in Ukraine Dontation Scam Impersonating Olena Zelenska https://isc.sans.edu/forums/diary/Look+Alike+Accounts+Used+in+Ukraine+Donation+Scam+impersonating+Olena+Zelenska/28440/ Curl on Windows https://isc.sans.edu/forums/diary/Curl+on+Windows/28436/ Veeam Vulnerabilities https://www.veeam.com/kb4288 Linux Netfilter Privilege Escalation https://nickgregory.me/linux/security/2022/03/12/cve-2022-25636/	Mar 15, 2022
ISC StormCast for Monday, March 14th, 2022 5:27 https://traffic.libsyn.com/securitypodcast/7918.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 51213980509 https://traffic.libsyn.com/securitypodcast/7918.mp3 Malware Using WebSockets For C&C https://isc.sans.edu/forums/diary/Keep+an+Eye+on+WebSockets/28430/ Racoon Stealer leverages Telegram https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/ USAHERDS Hack https://www.wired.com/story/china-apt41-hacking-usaherds-log4j/ YARA 4.2.0 Released https://isc.sans.edu/forums/diary/YARA+420+Released/28432/	Mar 14, 2022
ISC StormCast for Friday, March 11th, 2022 5:32 https://traffic.libsyn.com/securitypodcast/7916.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50873260248 https://traffic.libsyn.com/securitypodcast/7916.mp3 Credential Leaks on Virustotal https://isc.sans.edu/forums/diary/Credentials+Leaks+on+VirusTotal/28426/ GPS Issues Around Finish Rusian Border https://www.straitstimes.com/world/europe/finland-detects-gps-disturbance-near-russias-kaliningrad Russia Considering Internal Certificate Authority https://www.gosuslugi.ru/tls https://www.bleepingcomputer.com/news/security/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions/ New Spectre Variant https://www.vusec.net/projects/bhi-spectre-bhb/ Package Manager Vulnerabilities (yarn, pip, composer...) https://blog.sonarsource.com/securing-developer-tools-package-managers	Mar 11, 2022
ISC StormCast for Thursday, March 10th, 2022 6:15 https://traffic.libsyn.com/securitypodcast/7914.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50752001821 https://traffic.libsyn.com/securitypodcast/7914.mp3 Infostealer in a Batch File https://isc.sans.edu/forums/diary/Infostealer+in+a+Batch+File/28422/ TP240PhoneHome reflection/amplification DDoS Attack Vector https://blog.cloudflare.com/cve-2022-26143/ Malware Disguises as Pro Ukrainian Cybertools https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html#more Russian Government Sites Hacked in Supply Chain Attack https://www.bleepingcomputer.com/news/security/russian-government-sites-hacked-in-supply-chain-attack/ Third Party Vulnerabilities in RUGGEDCOM ROS https://cert-portal.siemens.com/productcert/pdf/ssa-256353.pdf Adobe Bulletins https://helpx.adobe.com/security/security-bulletin.html	Mar 10, 2022
ISC StormCast for Wednesday, March 9th, 2022 5:32 https://traffic.libsyn.com/securitypodcast/7912.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50640979483 https://traffic.libsyn.com/securitypodcast/7912.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+March+2022+Patch+Tuesday/28418/ Critical APC UPS Vulnerability https://www.armis.com/research/tlstorm/ Vulnerabilities in Firmware Affecting HP Devices https://www.binarly.io/news/BinarlyDiscovers16NewHighImpactVulnerabilitiesinFirmwareAffectingHPEnterpriseDevices/index.html	Mar 09, 2022
ISC StormCast for Tuesday, March 8th, 2022 5:46 https://traffic.libsyn.com/securitypodcast/7910.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50506989385 https://traffic.libsyn.com/securitypodcast/7910.mp3 Ukraine Scam Followup https://isc.sans.edu/forums/diary/No+Bitcoin+No+Problem+Follow+Up+to+Last+Weeks+Donation+Scam/28412/ Dirty Pipe Linux Vulnerability https://dirtypipe.cm4all.com Mozilla Firefox and Thunderbird Vulnerability https://www.mozilla.org/en-US/security/advisories/mfsa2022-09/ Azure AutoWarp https://orca.security/resources/blog/autowarp-microsoft-azure-automation-service-vulnerability/ Terramaster TOS Vulnerability https://octagon.net/blog/2022/03/07/cve-2022-24990-terrmaster-tos-unauthenticated-remote-command-execution-via-php-object-instantiation/ https://forum.terra-master.com/en/viewtopic.php?f=28&t=3030	Mar 07, 2022
ISC StormCast for Monday, March 7th, 2022 6:44 https://traffic.libsyn.com/securitypodcast/7908.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50404885627 https://traffic.libsyn.com/securitypodcast/7908.mp3 Ukraine Dontation Scam https://isc.sans.edu/forums/diary/Scam+EMail+Impersonating+Red+Cross/28404/ Cogent Disconnects Russia https://www.washingtonpost.com/technology/2022/03/04/russia-ukraine-internet-cogent-cutoff/ Russia DDoS Lists https://safe-surf.ru/upload/ALRT/proxies.txt https://safe-surf.ru/upload/ALRT/referer_http_header.txt NVidia Stolen Certificates https://www.theregister.com/2022/03/05/nvidia_stolen_certificate/ https://twitter.com/cyb3rops/status/1499514240008437762 GitLab Vulnerabilities https://about.gitlab.com/releases/2022/02/25/critical-security-release-gitlab-14-8-2-released/#unauthenticated-user-enumeration-on-graphql-api Cisco Patches https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-expressway-filewrite-87Q5YRk	Mar 07, 2022
ISC StormCast for Friday, March 4th, 2022 7:07 https://traffic.libsyn.com/securitypodcast/7906.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 50092064566 https://traffic.libsyn.com/securitypodcast/7906.mp3 Attackers Search For Exosed "LuCI" Folders https://isc.sans.edu/diary/28400 Alexa Versus Alexa https://arxiv.org/abs/2202.08619 Bypassing Google Cloud Armor https://kloudle.com/blog/piercing-the-cloud-armor-the-8kb-bypass-in-google-cloud-platform-waf Ukraine Updates https://www.golem.de/news/ausfall-angriff-auf-ka-sat-satellit-ueber-gatewaystation-in-ukraine-2203-163614.html https://www.crowdstrike.com/blog/how-to-decrypt-the-partyticket-ransomware-targeting-ukraine/ https://www.bleepingcomputer.com/news/security/ukraine-says-local-govt-sites-hacked-to-push-fake-capitulation-news/	Mar 04, 2022
ISC StormCast for Thursday, March 3rd, 2022 5:28 https://traffic.libsyn.com/securitypodcast/7904.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49983459112 https://traffic.libsyn.com/securitypodcast/7904.mp3 The More Often Something is Repeated, the More True it Becomes https://isc.sans.edu/forums/diary/The+More+Often+Something+is+Repeated+the+More+True+It+Becomes+Dealing+with+Social+Media/28396/ Fortinet Bug https://www.fortiguard.com/psirt/FG-IR-21-028 IBM Updates https://www.ibm.com/blogs/psirt/ Google Updates https://chromereleases.googleblog.com/2022/03/stable-channel-update-for-desktop.html Conti Ransomware Leak https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/ Middle Box DDoS Attacks https://www.akamai.com/blog/security/tcp-middlebox-reflection	Mar 03, 2022
ISC StormCast for Wednesday, March 2nd, 2022 6:02 https://traffic.libsyn.com/securitypodcast/7902.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49883415453 https://traffic.libsyn.com/securitypodcast/7902.mp3 Geoblocking when you can't Geoblock https://isc.sans.edu/forums/diary/Geoblocking+when+you+cant+Geoblock/28392/ IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/ Memory Corruption Vulnerabilities in PJSIP https://jfrog.com/blog/jfrog-discloses-5-memory-corruption-vulnerabilities-in-pjsip-a-popular-multimedia-library/ Octa Patch for Advanced Server Access Client https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 ViaSat Outage https://www.reuters.com/business/aerospace-defense/satellite-firm-viasat-probes-suspected-cyberattack-ukraine-elsewhere-2022-02-28/	Mar 02, 2022
ISC StormCast for Tuesday, March 1st, 2022 6:46 https://traffic.libsyn.com/securitypodcast/7900.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49771945496 https://traffic.libsyn.com/securitypodcast/7900.mp3 PHP Patches Code Injection Flaw https://nvd.nist.gov/vuln/detail/CVE-2021-21708 https://bugs.php.net/bug.php?id=81708 Mozilla VPN Local Privilege Escalation https://www.mozilla.org/en-US/security/advisories/mfsa2022-08/ Google Captcha Breaking https://east-ee.com/2022/02/28/1367/ Samsung Encryption Vulnerability https://eprint.iacr.org/2022/208.pdf tshark Multiple IPs https://isc.sans.edu/forums/diary/TShark+Multiple+IP+Addresses/28386/	Mar 01, 2022
ISC StormCast for Monday, February 28th, 2022 5:35 https://traffic.libsyn.com/securitypodcast/7898.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49658692966 https://traffic.libsyn.com/securitypodcast/7898.mp3 Ukraine Update https://www.bleepingcomputer.com/news/security/ransomware-gangs-hackers-pick-sides-over-russia-invading-ukraine/ https://ddosecrets.com/wiki/Tetraedr https://twitter.com/YourAnonOne/status/1496965766435926039 https://www.wired.com/story/ukraine-it-army-russia-war-cyberattacks-ddos/ Odd Windows Behaviour with Fixed Addresses https://isc.sans.edu/forums/diary/Windows+Fixed+IPv4+Addresses+and+APIPA/28380/ Using Snort IDS Rules in NetWitness Packet Decoder https://isc.sans.edu/forums/diary/Using+Snort+IDS+Rules+with+NetWitness+PacketDecoder/28382/ NVidia Breach https://www.bloomberg.com/news/articles/2022-02-25/nvidia-is-investigating-cyber-attack-but-business-uninterrupted Windows 11 Reset Not Removing All Data https://docs.microsoft.com/en-us/windows/release-health/status-windows-11-21h2#2783msgdesc	Feb 28, 2022
ISC StormCast for Friday, February 25th, 2022 6:42 https://traffic.libsyn.com/securitypodcast/7896.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49338169341 https://traffic.libsyn.com/securitypodcast/7896.mp3 Ukraine Update: Webcast https://www.sans.org/webcasts/russian-cyber-attack-escalation-in-ukraine/ Other Ukraine Related Stories https://isc.sans.edu/forums/diary/Ukraine+Russia+Situation+From+a+Domain+Names+Perspective/28376/ https://detection.watchguard.com Zabbix Vulnerablity Exploited https://www.cisa.gov/uscert/ncas/current-activity/2022/02/22/cisa-adds-two-known-exploited-vulnerabilities-catalog https://support.zabbix.com/browse/ZBX-20350 Asustore Victim of Deadbolt Ransomware https://forum.asustor.com/viewtopic.php?f=45&t=12630 Firepower Rule Update Failure After March 5th 2022 https://www.cisco.com/c/en/us/support/docs/field-notices/723/fn72332.html?emailclick=CNSemail Social Media Takeover Malware Distrubeted Via Microsoft App Store https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/	Feb 25, 2022
ISC StormCast for Thursday, February 24th, 2022 6:58 https://traffic.libsyn.com/securitypodcast/7894.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49222635510 https://traffic.libsyn.com/securitypodcast/7894.mp3 New Sandworm Malware Cyclops Blink Replaces VPNFilter https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter Wiper Malware Seen Deployed Against Targets in the Ukraine https://twitter.com/juanandres_gs/status/1496581710368358400 https://twitter.com/ESETresearch/status/1496581903205511181 The Rise and Fall of log4shell https://isc.sans.edu/forums/diary/The+Rise+and+Fall+of+log4shell/28372/ pfsense authenticated RCE https://www.shielder.it/advisories/pfsense-remote-command-execution/ BVP47 Backdoor https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf	Feb 24, 2022
ISC StormCast for Wednesday, February 23rd, 2022 6:30 https://traffic.libsyn.com/securitypodcast/7892.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 49100168910 https://traffic.libsyn.com/securitypodcast/7892.mp3 A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/	Feb 23, 2022
ISC StormCast for Tuesday, February 22nd, 2022 5:55 https://traffic.libsyn.com/securitypodcast/7890.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48980831068 https://traffic.libsyn.com/securitypodcast/7890.mp3 Sending an Email to an IPv4 Address https://isc.sans.edu/forums/diary/Sending+an+Email+to+an+IPv4+Address/28362/ SMS Phone-Verified Account Services https://www.trendmicro.com/en_us/research/22/b/sms-pva-services-use-of-infected-android-phones-reveals-flaws-in-sms-verification.html Xenomorph Android Banking Trojan https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html Modified CryptBot Infostealer Going After Crypto Wallets https://asec.ahnlab.com/en/31802/ Clarification for Adobe Magento Vulnerabilties https://helpx.adobe.com/security/products/magento/apsb22-12.html	Feb 22, 2022
ISC StormCast for Monday, February 21st, 2022 5:04 https://traffic.libsyn.com/securitypodcast/7888.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48875600334 https://traffic.libsyn.com/securitypodcast/7888.mp3 Remcos RAT Delivered Through Doube Compressed Archive https://isc.sans.edu/forums/diary/Remcos+RAT+Delivered+Through+Double+Compressed+Archive/28354/ Cassandra User-Defined Functions Remote Code Execution https://jfrog.com/blog/cve-2021-44521-exploiting-apache-cassandra-user-defined-functions-for-remote-code-execution/ Apple T2 Weakness https://www.forensicfocus.com/news/passware-kit-forensic-t2-add-on-the-first-password-recovery-tool-for-macs-with-t2-chips/ snap priviledge escalation https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt	Feb 21, 2022
ISC StormCast for Friday, February 18th, 2022 5:17 https://traffic.libsyn.com/securitypodcast/7886.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48542126202 https://traffic.libsyn.com/securitypodcast/7886.mp3 Hackers Attach Malicious .exe Files to Teams Conversations https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations Thunderbird Patches https://www.mozilla.org/en-US/security/advisories/mfsa2022-07/ Cisco Secure Email Gateway Update https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-esa-dos-MxZvGtgU GitHub Code Scanning Finds More Vulnerabilities Using Machine Learning https://github.blog/2022-02-17-code-scanning-finds-vulnerabilities-using-machine-learning/ Exploit for Magento Vulnerability (CVE-2022-24086) Available https://twitter.com/ptswarm/status/1494240197915123713 More Packet Fu With Zeek https://isc.sans.edu/forums/diary/More+packet+fu+with+zeek/28350/	Feb 18, 2022
ISC StormCast for Thursday, February 17th, 2022 5:31 https://traffic.libsyn.com/securitypodcast/7884.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48421975882 https://traffic.libsyn.com/securitypodcast/7884.mp3 Astaroth (Guildma) Infection https://isc.sans.edu/forums/diary/Astaroth+Guildma+infection/28346/ Atlassian Jira Updates https://jira.atlassian.com/browse/CONFSERVER-66550 VMWare Updates https://www.vmware.com/security/advisories/VMSA-2022-0004.html FBI Warns of BEC Using Virtual Meeting Platforms https://www.ic3.gov/Media/Y2022/PSA220216	Feb 17, 2022
ISC StormCast for Wednesday, February 16th, 2022 5:42 https://traffic.libsyn.com/securitypodcast/7882.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48309621390 https://traffic.libsyn.com/securitypodcast/7882.mp3 Who Are Those Bots? https://isc.sans.edu/forums/diary/Who+Are+Those+Bots/28342/ SquirrelWaffle Adds a Twist of Fraud to Exchange Server Malspamming https://news.sophos.com/en-us/2022/02/15/vulnerable-exchange-server-hit-by-squirrelwaffle-and-financial-fraud/ Details About Western Digital MyCloud Flaw https://www.iot-inspector.com/blog/advisory-western-digital-my-cloud-pro-series-pr4100-rce/ Nooie Baby Monitor Vulnerabilities https://www.bitdefender.com/blog/labs/vulnerabilities-identified-in-nooie-baby-monitor/	Feb 16, 2022
ISC StormCast for Tuesday, February 15th, 2022 5:40 https://traffic.libsyn.com/securitypodcast/7880.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48255252625 https://traffic.libsyn.com/securitypodcast/7880.mp3 Reminder: Decoding TLS Client Hello to Non TLS Servers https://isc.sans.edu/forums/diary/Reminder+Decoding+TLS+Client+Hellos+to+non+TLS+servers/28338/ Magento 2 Critical Vulnerability https://sansec.io/research/magento-2-cve-2022-24086 BigSur/Catalina Mystery Update https://support.apple.com/en-us/HT201222 MacOS Monterey Patch and Microsoft Defender https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mde-apparently-blocks-macos-monterey-12-1-12-2-upgrades/m-p/3078793 Google Chrome 0-Day Fixed https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop_14.html Moxa MXview Vulnerabilities and Patch https://www.claroty.com/2022/02/10/blog-research-securing-network-management-systems-moxa-mxview/	Feb 15, 2022
ISC StormCast for Monday, February 14th, 2022 5:03 https://traffic.libsyn.com/securitypodcast/7878.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 48073228229 https://traffic.libsyn.com/securitypodcast/7878.mp3 CinaRAT Delivered Through HTML ID Attributes https://isc.sans.edu/forums/diary/CinaRAT+Delivered+Through+HTML+ID+Attributes/28330/ Windows Defender ASR Blocks LSASS Credential Stealing https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/attack-surface-reduction-rules-reference?view=o365-worldwide#block-credential-stealing-from-the-windows-local-security-authority-subsystem Brave Blocking Credential Leaking Extension https://www.theregister.com/2022/02/12/facebook_god_mode/ Project Zero Summary of Zero Day Bugs https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html	Feb 14, 2022
ISC StormCast for Friday, February 11th, 2022 6:02 https://traffic.libsyn.com/securitypodcast/7876.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47739323660 https://traffic.libsyn.com/securitypodcast/7876.mp3 iOS/iPadOS/macOS/Safari 0-Day Vulnerability in WebKit https://support.apple.com/en-us/HT213091 Zyxel Network Storage Devics Hunted By Mirai Variant https://isc.sans.edu/forums/diary/Zyxel+Network+Storage+Devices+Hunted+By+Mirai+Variant/28324/ WMIC Removal https://docs.microsoft.com/en-us/windows/deployment/planning/windows-10-deprecated-features Zoom Uses Microphone after Meeting is Over https://community.zoom.com/t5/Meetings/Why-is-the-Zoom-app-listening-on-my-microphone-when-not-in-a/td-p/29019 Evidence Planted to Implicate Innocent Activists https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/	Feb 11, 2022
ISC StormCast for Thursday, February 10th, 2022 6:23 https://traffic.libsyn.com/securitypodcast/7874.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47626329445 https://traffic.libsyn.com/securitypodcast/7874.mp3 Example of Cobalt Strike form Emotet Infection https://isc.sans.edu/forums/diary/Example+of+Cobalt+Strike+from+Emotet+infection/28318/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html Intel Updates https://www.intel.com/content/www/us/en/security-center/default.html NaturalFreshMall: A Mass Store Attack https://sansec.io/research/naturalfreshmall-mass-hack	Feb 10, 2022
ISC StormCast for Wednesday, February 9th, 2022 5:46 https://traffic.libsyn.com/securitypodcast/7872.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47517240609 https://traffic.libsyn.com/securitypodcast/7872.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+February+2022+Patch+Tuesday/28316/ Google Cloud Virtual Machine Threat Detection https://cloud.google.com/security-command-center/docs/concepts-vm-threat-detection-overview Android Patches https://source.android.com/security/bulletin/2022-02-01 SAP Patches https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+February+2022 Podcast 13 Year Anniversary https://isc.sans.edu/podcastdetail.html?id=25	Feb 09, 2022
ISC StormCast for Tuesday, February 8th, 2022 5:41 https://traffic.libsyn.com/securitypodcast/7870.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47396037309 https://traffic.libsyn.com/securitypodcast/7870.mp3 web3 phishing via self-customizign landing pages https://isc.sans.edu/forums/diary/web3+phishing+via+selfcustomizing+landing+pages/28312/ MSFT Blocking Office VBA Malcros https://www.theverge.com/2022/2/7/22922032/microsoft-block-office-vba-macros-default-change https://techcommunity.microsoft.com/t5/microsoft-365-blog/helping-users-stay-safe-blocking-internet-macros-by-default-in/ba-p/3071805 Acronis True Image Update https://security-advisory.acronis.com/updates/UPD-2201-f76f-838c Lockbit 2 IoCs https://www.ic3.gov/Media/News/2022/220204.pdf	Feb 08, 2022
ISC StormCast for Monday, February 7th, 2022 6:16 https://traffic.libsyn.com/securitypodcast/7868.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47297620897 https://traffic.libsyn.com/securitypodcast/7868.mp3 Intuit warns of new phishing scams https://security.intuit.com/security-notices IRS working with ID.me https://www.irs.gov/newsroom/new-identity-verification-process-to-access-certain-irs-online-tools-and-services Argo CD Vulnerability https://apiiro.com/blog/malicious-kubernetes-helm-charts-can-be-used-to-steal-sensitive-information-from-argo-cd-deployments/ https://github.com/argoproj/argo-cd/security/advisories/GHSA-63qx-x74g-jcr7 Thermal Imaging of PoE Devices https://isc.sans.edu/forums/diary/Power+over+Ethernet+and+Thermal+Imaging/28308/	Feb 07, 2022
ISC StormCast for Friday, February 4th, 2022 5:20 https://traffic.libsyn.com/securitypodcast/7866.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 47027841235 https://traffic.libsyn.com/securitypodcast/7866.mp3 Attack Surface Detection https://isc.sans.edu/forums/diary/Keeping+Track+of+Your+Attack+Surface+for+Cheap/28304/ MFA News https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my https://news.microsoft.com/wp-content/uploads/prod/sites/626/2022/02/Cyber-Signals-E-1.pdf Zimbra Webmail 0-Day Exploited https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/ Cisco RV Series Routers Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-smb-mult-vuln-KA9PK6D	Feb 04, 2022
ISC StormCast for Thursday, February 3rd, 2022 5:31 https://traffic.libsyn.com/securitypodcast/7864.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46931214128 https://traffic.libsyn.com/securitypodcast/7864.mp3 Finding elFinder: Who is looking for your files? https://isc.sans.edu/forums/diary/Finding+elFinder+Who+is+looking+for+your+files/28300/ IBM Spectrum Protect Plus Container Backup Vulnerabilities https://www.ibm.com/support/pages/node/6540860 https://www.ibm.com/support/pages/node/6552188 Microsoft Update Connectivity https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356 UEFI Bios Vulnerabilities https://www.insyde.com/security-pledge	Feb 03, 2022
ISC StormCast for Wednesday, February 2nd, 2022 5:59 https://traffic.libsyn.com/securitypodcast/7862.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46836542292 https://traffic.libsyn.com/securitypodcast/7862.mp3 Windows Privilege Escalation Exploit CVE-2022-21882 https://github.com/KaLendsi/CVE-2022-21882 Fingerprinting Devices Via GPU https://arxiv.org/pdf/2201.09956.pdf SolarMarker Campaign used novel registry changes to establish persistence https://news.sophos.com/en-us/2022/02/01/solarmarker-campaign-used-novel-registry-changes-to-establish-persistence/ Fake Job Ads https://www.ic3.gov/Media/Y2022/PSA220201 Automation is Nice But Don't Replace Your Knowledge https://isc.sans.edu/forums/diary/Automation+is+Nice+But+Dont+Replace+Your+Knowledge/28296/	Feb 02, 2022
ISC StormCast for Tuesday, February 1st, 2022 5:18 https://traffic.libsyn.com/securitypodcast/7860.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46743304118 https://traffic.libsyn.com/securitypodcast/7860.mp3 Be Careful with RPMSG Files https://isc.sans.edu/forums/diary/Be+careful+with+RPMSG+files/28292/ QNAP Auto Update Clarification https://www.qnap.com/en/security-news/2022/descriptions-and-explanations-of-the-qts-quts-hero-recommended-version-feature Samba Vulnerability https://kb.cert.org/vuls/id/119678 Exposed Datacenter Management https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/ Expat Vulnerability https://github.com/libexpat/libexpat/blob/master/expat/Changes	Feb 01, 2022
ISC StormCast for Monday, January 31st, 2022 6:12 https://traffic.libsyn.com/securitypodcast/7858.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46653564214 https://traffic.libsyn.com/securitypodcast/7858.mp3 Malicious ISO Embedded in an HTML Page https://isc.sans.edu/forums/diary/Malicious+ISO+Embedded+in+an+HTML+Page/28282/ YARA Console Module https://isc.sans.edu/forums/diary/YARAs+Console+Module/28288/ Attackers Attaching Devices to Azure AD https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ QNAP Forced Updates https://www.reddit.com/r/qnap/comments/sdsf02/i_just_suffered_what_i_believe_to_be_a_forced/huhfmjc/	Jan 31, 2022
ISC StormCast for Friday, January 28th, 2022 16:00 https://traffic.libsyn.com/securitypodcast/7856.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46369647397 https://traffic.libsyn.com/securitypodcast/7856.mp3 Technical Analysis of CVE-2022-22583 https://perception-point.io/technical-analysis-of-cve-2022-22583-bypassing-macos-system-integrity-protection/ https://isc.sans.edu/forums/diary/Apple+Patches+Everything/28280/ Little Snitch Firewall Bypass https://rhinosecuritylabs.com/network-security/bypassing-little-snitch-firewall/ DazzleSpy Malware https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/ Geoffrey Parker: Building an Intelligent, Automated Tiered Phishing System https://www.sans.edu/cyber-research/building-an-intelligent-automated-tiered-phishing-system-matching-the-message-level-to-user-ability/	Jan 28, 2022
ISC StormCast for Thursday, January 27th, 2022 6:22 https://traffic.libsyn.com/securitypodcast/7854.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46281599836 https://traffic.libsyn.com/securitypodcast/7854.mp3 Over 20 Thousand Servers Have Their iLO Interfaces exposed to the Internet https://isc.sans.edu/forums/diary/Over+20+thousand+servers+have+their+iLO+interfaces+exposed+to+the+internet+many+with+outdated+and+vulnerable+versions+of+FW/28276/ Apple Patches and Exploits https://support.apple.com/en-us/HT201222 https://www.ryanpickren.com/safari-uxss Let's Encrypt Fixes Problems and Revoces Certificates https://community.letsencrypt.org/t/changes-to-tls-alpn-01-challenge-validation/170427	Jan 27, 2022
ISC StormCast for Wednesday, January 26th, 2022 5:17 https://traffic.libsyn.com/securitypodcast/7852.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46257132498 https://traffic.libsyn.com/securitypodcast/7852.mp3 Local Privilege Escalation Vulnerablity in Polkit's pkexec (CVE-2021-4034) https://isc.sans.edu/forums/diary/Local+privilege+escalation+vulnerability+in+polkits+pkexec+CVE20214034/28272/ Emotet Stops Using 0.0.0.0 in Spambot Traffic https://isc.sans.edu/forums/diary/Emotet+Stops+Using+0000+in+Spambot+Traffic/28270/ VMWare Warns of Log4j Exploitation https://www.vmware.com/security/advisories/VMSA-2021-0028.html https://www.cynet.com/attack-techniques-hands-on/threats-looming-over-the-horizon/	Jan 26, 2022
ISC StormCast for Tuesday, January 25th, 2022 6:08 https://traffic.libsyn.com/securitypodcast/7850.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46163146211 https://traffic.libsyn.com/securitypodcast/7850.mp3 Moonbound UEFI Malware https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/ Exploit of Sonicwall CVE-2021-20038 https://twitter.com/buffaloverflow/status/1485671824725786633 Dell EMC AppSync Vulnerability https://www.dell.com/support/kbdoc/de-de/000195377/dsa-2022-003-dell-emc-appsync-security-update-for-multiple-vulnerabilities Twitter API Keys Leaked in GitHub https://incognitatech.medium.com/using-twitter-to-notify-careless-developers-the-unorthodox-way-d71478ad367a	Jan 25, 2022
ISC StormCast for Monday, January 24th, 2022 6:12 https://traffic.libsyn.com/securitypodcast/7848.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 46056658159 https://traffic.libsyn.com/securitypodcast/7848.mp3 Obscure Wininet.dll Feature https://isc.sans.edu/forums/diary/Obscure+Wininetdll+Feature/28262/ Mixed VBA and Excel 4 Macro in Targeted Excel Sheet https://isc.sans.edu/forums/diary/Mixed+VBA+Excel4+Macro+In+a+Targeted+Excel+Sheet/28264/ https://techcommunity.microsoft.com/t5/excel-blog/excel-4-0-xlm-macros-now-restricted-by-default-for-customer/ba-p/3057905 F5 January 2022 Patches https://support.f5.com/csp/article/K40084114 McAfee Privilege Escalation https://kc.mcafee.com/corporate/index?page=content&id=SB10378	Jan 24, 2022
ISC StormCast for Friday, January 21st, 2022 6:14 https://traffic.libsyn.com/securitypodcast/7846.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 45735337038 https://traffic.libsyn.com/securitypodcast/7846.mp3 RedLine Stealer Delivered Through FTP https://isc.sans.edu/forums/diary/RedLine+Stealer+Delivered+Through+FTP/28258/ Google Camera Alters QR Codes https://www.heise.de/hintergrund/Googles-Kamera-verfaelscht-Links-in-QR-Codes-6332669.html https://www.androidpolice.com/google-camera-randomly-changes-some-qr-code-urls-on-android-12/ Linux Kernel Privilege Escalation / Container Escape https://seclists.org/oss-sec/2022/q1/54 https://access.redhat.com/security/cve/cve-2022-0185 Crypto.com 2FA Bypass https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/ Windows Policies to Avoid https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178	Jan 21, 2022
ISC StormCast for Thursday, January 20th, 2022 6:13 https://traffic.libsyn.com/securitypodcast/7844.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 45619669550 https://traffic.libsyn.com/securitypodcast/7844.mp3 0.0.0.0 in Emotet Spambot Traffic https://isc.sans.edu/forums/diary/0000+in+Emotet+Spambot+Traffic/28254/ Linux Patch to Make 0.0.0.0/8 Routable https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=96125bf9985a WebKit Patch for Cross Origin Database Name Leak https://trac.webkit.org/changeset/288078/webkit ACER Care Center Privilege Escalation https://aptw.tf/2022/01/20/acer-care-center-privesc.html Imporper Input Validation Vulnerability in Serv-U https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35247	Jan 20, 2022
ISC StormCast for Wednesday, January 19th, 2022 5:30 https://traffic.libsyn.com/securitypodcast/7842.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 45491427918 https://traffic.libsyn.com/securitypodcast/7842.mp3 Phishing E-Mail With an Advertisement https://isc.sans.edu/forums/diary/Phishing+email+withan+advertisement/28250/ Virustotal Credential https://www.safebreach.com/blog/2022/the-perfect-cyber-crime/ Oracle Quarterly Critical Patch Update https://www.oracle.com/security-alerts/cpujan2022.html Box MFA Bypass https://www.varonis.com/blog/box-mfa-bypass-sms	Jan 19, 2022
ISC StormCast for Tuesday, January 18th, 2022 5:26 https://traffic.libsyn.com/securitypodcast/7840.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 45377479603 https://traffic.libsyn.com/securitypodcast/7840.mp3 Log4Shell Attacks Getting Smarter https://isc.sans.edu/forums/diary/Log4Shell+Attacks+Getting+Smarter/28246/ Microsoft Releases Special Update to Deal with January Update Fail https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-oob-updates-for-january-windows-update-issues/ Cisco Unified Contact Center Management Portal and Unifed Contact Center Domain Manager Privilege Escalation Vulnerablity https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ccmp-priv-esc-JzhTFLm4 Zoho Critical Security Patch Released in Desktop Central and Desktop Central MSP https://pitstop.manageengine.com/portal/en/community/topic/a-critical-security-patch-released-in-desktop-central-and-desktop-central-msp-for-cve-2021-44757-17-1-2022 Google Chrome Restricting Private Network Access https://developer.chrome.com/blog/private-network-access-preflight/	Jan 18, 2022
ISC StormCast for Monday, January 17th, 2022 5:17 https://traffic.libsyn.com/securitypodcast/7838.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 45257105400 https://traffic.libsyn.com/securitypodcast/7838.mp3 Use of Alternate Data Streams in Research Scans https://isc.sans.edu/forums/diary/Use+of+Alternate+Data+Streams+in+Research+Scans+for+indexjsp/28240/ Microsoft Resumes Windows Server 2019 Cumulative Updates https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-january-windows-server-updates/ Safari Index DB Leak https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/	Jan 17, 2022
ISC StormCast for Friday, January 14th, 2022 5:31 https://traffic.libsyn.com/securitypodcast/7836.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44916218798 https://traffic.libsyn.com/securitypodcast/7836.mp3 MSFT Patch Issues https://borncity.com/win/2022/01/12/patchday-windows-8-1-server-2012-r2-updates-11-januar-2022-mgliche-boot-probleme/ https://support.microsoft.com/en-us/topic/january-11-2022-kb5009624-monthly-rollup-23f4910b-6bdd-475c-bb4d-c0e961aff0bc https://support.microsoft.com/en-us/topic/january-11-2022-kb5009595-security-only-update-060870c2-ad08-40e5-b000-a9f6d40c0831 Jenkins Security Advisory 2022-01-1 https://www.jenkins.io/security/advisory/2022-01-12/ Qakbot Configuration Decryptor https://github.com/drole/qakbot-registry-decrypt Android allows Disabling 2G https://www.bleepingcomputer.com/news/security/android-users-can-now-disable-2g-to-block-stingray-attacks/ Weakness in Microsoft Defender https://twitter.com/splinter_code/status/1481073265380581381	Jan 14, 2022
ISC StormCast for Thursday, January 13th, 2022 5:31 https://traffic.libsyn.com/securitypodcast/7834.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44804371254 https://traffic.libsyn.com/securitypodcast/7834.mp3 A Quick CVE-2022-21907 FAQ https://isc.sans.edu/forums/diary/A+Quick+CVE202221907+FAQ+work+in+progress/28234/ Details Released Regarding Patched Sonicwall Vulnerabilities https://www.rapid7.com/blog/post/2022/01/11/cve-2021-20038-42-sonicwall-sma-100-multiple-vulnerabilities-fixed-2/ iOS/iPad OS Fixing HomeKit Vulnerability / Private Relay issues https://support.apple.com/en-us/HT201222 https://www.macrumors.com/2022/01/12/apple-icloud-private-relay-ios-15-2/ Atticking RDP From Inside https://www.cyberark.com/resources/threat-research-blog/attacking-rdp-from-inside Nanocore, Netwire and AsyncRAT Spreading Campaign Uses Public Cloud Infrastructre https://blog.talosintelligence.com/2022/01/nanocore-netwire-and-asyncrat-spreading.html	Jan 13, 2022
ISC StormCast for Wednesday, January 12th, 2022 6:32 https://traffic.libsyn.com/securitypodcast/7832.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44688483940 https://traffic.libsyn.com/securitypodcast/7832.mp3 Microsoft Patch Tuesday - January 2022 https://isc.sans.edu/forums/diary/Microsoft+Patch+Tuesday+January+2022/28230/ Adobe Updates https://helpx.adobe.com/security.html	Jan 12, 2022
ISC StormCast for Tuesday, January 11th, 2022 5:39 https://traffic.libsyn.com/securitypodcast/7830.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44567883044 https://traffic.libsyn.com/securitypodcast/7830.mp3 New MacOS Vulnerability Could Lead to Unauthorized User Data Access https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access Exploiting URL Parsers https://claroty.com/wp-content/uploads/2022/01/Exploiting-URL-Parsing-Confusion.pdf NPM libs "colors" and "faker" sabotaged by developer https://www.bleepingcomputer.com/news/security/dev-corrupts-npm-libs-colors-and-faker-breaking-thousands-of-apps/	Jan 11, 2022
ISC StormCast for Monday, January 10th, 2022 5:31 https://traffic.libsyn.com/securitypodcast/7828.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44446363276 https://traffic.libsyn.com/securitypodcast/7828.mp3 Extracting Cobalt Strike Beacons from MSBuild Scripts https://isc.sans.edu/forums/diary/Extracting+Cobalt+Strike+Beacons+from+MSBuild+Scripts/28200/ The JNDI Strikes Back: Unauthenticated RCE in H2 Database Console https://jfrog.com/blog/the-jndi-strikes-back-unauthenticated-rce-in-h2-database-console/ Trojanized dnSpy app drops malware cocktail https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/ FIN7 Attackers Sending Malicious USB Sticks https://www.bleepingcomputer.com/news/security/fbi-hackers-use-badusb-to-target-defense-firms-with-ransomware/	Jan 10, 2022
ISC StormCast for Friday, January 7th, 2022 5:28 https://traffic.libsyn.com/securitypodcast/7826.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 44117362562 https://traffic.libsyn.com/securitypodcast/7826.mp3 Malicious Python Script Targeting Chinese People https://isc.sans.edu/forums/diary/Malicious+Python+Script+Targeting+Chinese+People/28220/ Google Docs Comment Exploit Allows for Distribution of Phishing and Malware https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malware Google Voice Authentication Scams https://www.fbi.gov/contact-us/field-offices/portland/news/press-releases/oregon-fbi-tech-tuesday-building-a-digital-defense-against-google-voice-authentication-scams Norton Crypto Miner https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx	Jan 07, 2022
ISC StormCast for Thursday, January 6th, 2022 5:29 https://traffic.libsyn.com/securitypodcast/7824.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43985228166 https://traffic.libsyn.com/securitypodcast/7824.mp3 Code Reuse in the Malware Landscape https://isc.sans.edu/forums/diary/Code+Reuse+In+the+Malware+Landscape/28216/ ZLoader Campaign Exploiting Signature Verification Bug https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/ VMWare Virtual CD-Rom Vulnerability https://www.vmware.com/security/advisories/VMSA-2022-0001.html Honda Y2k22 Bug https://www.bleepingcomputer.com/news/technology/honda-acura-cars-hit-by-y2k22-bug-that-rolls-back-clocks-to-2002/	Jan 06, 2022
ISC StormCast for Wednesday, January 5th, 2022 5:20 https://traffic.libsyn.com/securitypodcast/7822.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43855024997 https://traffic.libsyn.com/securitypodcast/7822.mp3 A Simple Batch File That Blocks People https://isc.sans.edu/forums/diary/A+Simple+Batch+File+That+Blocks+People/28212/ Windows Server Remote Desktop Emergency Update https://docs.microsoft.com/en-us/windows/release-health/windows-message-center#2772 Malicious Telegram Installer Includes Purple Fox Rootkit https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit Web Skimmer Campaign Targets Real Estate Websites https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/	Jan 05, 2022
ISC StormCast for Tuesday, January 4th, 2022 5:38 https://traffic.libsyn.com/securitypodcast/7820.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43741554718 https://traffic.libsyn.com/securitypodcast/7820.mp3 McAfee Phishing Campaign with a Nice Fake Scan https://isc.sans.edu/forums/diary/McAfee+Phishing+Campaign+with+a+Nice+Fake+Scan/28208/ Trend Micro Apex One Patch https://success.trendmicro.com/solution/000289996 E-commerce Bots Using Cheap Domain Registration Services https://threatpost.com/ecommerce-bots-domain-registration-account-fraud/177305/ iOS Homekit DoS Vulnerability https://trevorspiniolas.com/doorlock/doorlock.html	Jan 04, 2022
ISC StormCast for Monday, January 3rd, 2022 7:35 https://traffic.libsyn.com/securitypodcast/7818.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43628681154 https://traffic.libsyn.com/securitypodcast/7818.mp3 Exchange Server Year 2022 Bug https://isc.sans.edu/forums/diary/Exchange+Server+Email+Trapped+in+Transport+Queues/28204/ https://techcommunity.microsoft.com/t5/exchange-team-blog/email-stuck-in-exchange-on-premises-transport-queues/ba-p/3049447 Agent Tesla Updates https://isc.sans.edu/forums/diary/Agent+Tesla+Updates+SMTP+Data+Exfiltration+Technique/28190/ https://isc.sans.edu/forums/diary/Do+you+want+your+Agent+Tesla+in+the+300+MB+or+8+kB+package/28202/ Forensics Issues and Techniques to Improve Security in SSD with Flex Capacity Feature https://arxiv.org/ftp/arxiv/papers/2112/2112.13923.pdf iLO Bleed Attack https://threats.amnpardaz.com/en/2021/12/28/implant-arm-ilobleed-a/	Jan 03, 2022
ISC StormCast for Thursday, December 30th, 2021 4:10 https://traffic.libsyn.com/securitypodcast/7816.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43217514929 https://traffic.libsyn.com/securitypodcast/7816.mp3 Log4j 2 Security Vulnerabilities Update Guide https://isc.sans.edu/forums/diary/Log4j+2+Security+Vulnerabilities+Update+Guide/28188/ Microsoft Defender Log4j False Positives https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-log4j-scanner-triggers-false-positive-alerts/ T-Mobile SIM Swapping Alerts https://www.bleepingcomputer.com/news/security/t-mobile-says-new-data-breach-caused-by-sim-swap-attacks/ Fisher Price Bluetooth Phone Privcy Flaw https://www.pentestpartners.com/security-blog/audio-bugging-with-the-fisher-price-chatter-bluetooth-telephone/	Dec 30, 2021
ISC StormCast for Wednesday, December 29th, 2021 4:54 https://traffic.libsyn.com/securitypodcast/7814.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 43106359836 https://traffic.libsyn.com/securitypodcast/7814.mp3 Log4j Vulnerablity CVE-2021-44832 https://logging.apache.org/log4j/2.x/security.html#CVE-2021-44832 LotL Classifiers https://isc.sans.edu/forums/diary/LotL+Classifier+tests+for+shells+exfil+and+miners/28184/ LastPass Credential Stuffing https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/	Dec 29, 2021
ISC StormCast for Tuesday, December 28th, 2021 4:41 https://traffic.libsyn.com/securitypodcast/7812.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42996606352 https://traffic.libsyn.com/securitypodcast/7812.mp3 Attackers are Abusing MSBuild to Evade Defenses and Implant Cobalt Strike Beacons https://isc.sans.edu/forums/diary/Attackers+are+abusing+MSBuild+to+evade+defenses+and+implant+Cobalt+Strike+beacons/28180/ Bypassing File Quarantine, Gatekeeper and Notarization Requirements https://objective-see.com/blog/blog_0x6A.html Spider-Miner: Trojanized Version of Spiderman No Way Home https://blog.reasonlabs.com/2021/12/23/spider-miner-with-great-power-comes-great-problems/	Dec 28, 2021
ISC StormCast for Monday, December 27th, 2021 5:46 https://traffic.libsyn.com/securitypodcast/7810.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42893688609 https://traffic.libsyn.com/securitypodcast/7810.mp3 Log4j/Log4Shell and Cloud Internal Meta Data Services https://isc.sans.edu/forums/diary/log4shell+and+cloud+provider+internal+meta+data+services+IMDS/28168/ https://isc.sans.edu/forums/diary/Defending+Cloud+IMDS+Against+log4shell+and+more/28170/ Log4j/Log4Shell Pushing Crypto Miner https://isc.sans.edu/forums/diary/Example+of+how+attackers+are+trying+to+push+crypto+miners+via+Log4Shell/28172/ Microsoft Vulnerable and Malicious Driver Reporting Center https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/ Azure Source Code Leak https://blog.wiz.io/azure-app-service-source-code-leak/	Dec 27, 2021
ISC StormCast for Thursday, December 23rd, 2021 4:00 https://traffic.libsyn.com/securitypodcast/7808.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42504175440 https://traffic.libsyn.com/securitypodcast/7808.mp3 Forensics Challenge Solution https://isc.sans.edu/forums/diary/December+2021+Forensic+Contest+Answers+and+Analysis/28160/ CAB-less 40444 https://news.sophos.com/en-us/2021/12/21/attackers-test-cab-less-40444-exploit-in-a-dry-run/ Ellume COVID Home Test Weakness https://github.com/FSecureLABS/Ellume-COVID-Test_Research-Files	Dec 23, 2021
ISC StormCast for Wednesday, December 22nd, 2021 4:59 https://traffic.libsyn.com/securitypodcast/7806.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42385682824 https://traffic.libsyn.com/securitypodcast/7806.mp3 More Undetected PowerShell Droppers https://isc.sans.edu/forums/diary/More+Undetected+PowerShell+Dropper/28158/ Apache Patches https://httpd.apache.org/security/vulnerabilities_24.html Auerswald COMpact Multiple Backdoors https://www.redteam-pentesting.de/en/advisories/rt-sa-2021-007/-auerswald-compact-multiple-backdoors Vulnerabilities in Garrett Metal Detectors https://blog.talosintelligence.com/2021/12/vuln-spotlight-garrett-metal-detector.html#more	Dec 22, 2021
ISC StormCast for Tuesday, December 21st, 2021 5:55 https://traffic.libsyn.com/securitypodcast/7804.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42278771289 https://traffic.libsyn.com/securitypodcast/7804.mp3 PowerPoint Atachments: Agent Tesla and Code Reuse in Malware https://isc.sans.edu/forums/diary/PowerPoint+attachments+Agent+Tesla+and+code+reuse+in+malware/28154/ VMWare Workspace ONE Patch / log4j status https://www.vmware.com/security/advisories.html Attacks Against Building Automation https://limessecurity.com/en/knxlock/	Dec 21, 2021
ISC StormCast for Monday, December 20th, 2021 6:31 https://traffic.libsyn.com/securitypodcast/7802.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 42168028063 https://traffic.libsyn.com/securitypodcast/7802.mp3 Disaster Recovery Automation Using Public DNS APIs https://isc.sans.edu/forums/diary/DR+Automation+Using+Public+DNS+APIs/28146/ Office 2021: VBA Project Version https://isc.sans.edu/forums/diary/Office+2021+VBA+Project+Version/28150/ Log4j Updates https://www.blumira.com/analysis-log4shell-local-trigger/ https://logging.apache.org/log4j/2.x/security.html	Dec 20, 2021
ISC StormCast for Friday, December 17th, 2021 7:42 https://traffic.libsyn.com/securitypodcast/7800.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41875380859 https://traffic.libsyn.com/securitypodcast/7800.mp3 How the "Contact Forms" Campaign Tricks People https://isc.sans.edu/forums/diary/How+the+Contact+Forms+campaign+tricks+people/28142/ Bluetooth Used to Extract WiFi Secrets https://arxiv.org/pdf/2112.05719.pdf Lenovo Privilege Escalation Vulnerability https://support.lenovo.com/cy/en/product_security/len-75210 https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/ Log4j Updates https://github.com/cisagov/log4j-affected-db https://wiki.scn.sap.com/wiki/display/PSR/SAP+Security+Patch+Day+-+December+2021 https://twitter.com/sans_isc/status/1471611522694717445	Dec 17, 2021
ISC StormCast for Thursday, December 16th, 2021 5:45 https://traffic.libsyn.com/securitypodcast/7798.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41775140711 https://traffic.libsyn.com/securitypodcast/7798.mp3 Undetected Powershell Backdoor https://isc.sans.edu/forums/diary/Simple+but+Undetected+PowerShell+Backdoor/28138/ Adobe Security Updates https://helpx.adobe.com/security.html Remote Deserialization Bug in Microsoft RDP Client Through Smart Card Extension https://thalium.github.io/blog/posts/deserialization-bug-through-rdp-smart-card-extension/ Webkit Bug Exploitable in PS4 https://arstechnica.com/gaming/2021/12/new-ps4-homebrew-exploit-points-to-similar-ps5-hacks-to-come/	Dec 16, 2021
ISC StormCast for Wednesday, December 15th, 2021 5:20 https://traffic.libsyn.com/securitypodcast/7796.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41669214387 https://traffic.libsyn.com/securitypodcast/7796.mp3 Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+December+2021+Patch+Tuesday/28132/ Log4j Updates https://isc.sans.edu/forums/diary/Log4j+2150+and+previously+suggested+mitigations+may+not+be+enough/28134/ Log4j Scanner https://github.com/dtact/divd-2021-00038--log4j-scanner Apple Updates https://support.apple.com/en-us/HT201222	Dec 15, 2021
ISC StormCast for Tuesday, December 14th, 2021 5:07 https://traffic.libsyn.com/securitypodcast/7794.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41565363858 https://traffic.libsyn.com/securitypodcast/7794.mp3 Log4Shell Becoming Part of the Day to Day Grind https://isc.sans.edu/forums/diary/Log4Shell+exploited+to+implant+coin+miners/28124/ https://www.youtube.com/watch?v=oC2PZB5D3Ys Google Chrome Update https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop_13.html Malicious PyPi Packages https://medium.com/ochrona/3-new-malicious-packages-found-on-pypi-a6bbb14b5e2	Dec 14, 2021
ISC StormCast for Monday, December 13th, 2021 7:44 https://traffic.libsyn.com/securitypodcast/7792.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41459956868 https://traffic.libsyn.com/securitypodcast/7792.mp3 Remote Code Execution in log4j2 https://isc.sans.edu/forums/diary/RCE+in+log4j+Log4Shell+or+how+things+can+get+bad+quickly/28120/ Log4j Zero Day https://www.lunasec.io/docs/blog/log4j-zero-day/ Log4j2/Log4Shell Followup: What we see and how to defend and how to access our data https://isc.sans.edu/forums/diary/Log4j+Log4Shell+Followup+What+we+see+and+how+to+defend+and+how+to+access+our+data/28122/ Log4Shell Vendor Bulletins https://gist.github.com/SwitHak/b66db3a06c2955a9cb71a8718970c592	Dec 13, 2021
ISC StormCast for Friday, December 10th, 2021 6:30 https://traffic.libsyn.com/securitypodcast/7790.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41158055958 https://traffic.libsyn.com/securitypodcast/7790.mp3 Phishing Direct Messages via Discord https://isc.sans.edu/forums/diary/Phishing+Direct+Messages+via+Discord/28114/ Vulnerable Microtik Routers https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/ log4j RCE 0-day https://www.lunasec.io/docs/blog/log4j-zero-day/ Sonicwall SMA 100 Patch https://www.sonicwall.com/support/product-notification/product-security-notice-sma-100-series-vulnerability-patches-q4-2021/211201154715443/	Dec 10, 2021
ISC StormCast for Thursday, December 9th, 2021 5:30 https://traffic.libsyn.com/securitypodcast/7788.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 41056160927 https://traffic.libsyn.com/securitypodcast/7788.mp3 December 2021 Forensic Challenge https://isc.sans.edu/forums/diary/December+2021+Forensic+Challenge/28108/ Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection Android Patch Day https://source.android.com/security/bulletin/2021-12-01?hl=en	Dec 09, 2021
ISC StormCast for Wednesday, December 8th, 2021 5:37 https://traffic.libsyn.com/securitypodcast/7786.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40939195556 https://traffic.libsyn.com/securitypodcast/7786.mp3 Webshells, Webshells everywhere! https://isc.sans.edu/forums/diary/Webshells+Webshells+everywhere/28106/ AWS Outage https://status.aws.amazon.com Misconfigured Kafdrop Puts Companies' Apache Kafka Completely Exposed https://spectralops.io/blog/misconfigured-kafdrop-puts-companies-apache-kafka-completely-exposed/ Windows 10 RCE: The exploit is in the link https://positive.security/blog/ms-officecmd-rce XSinator.com: From a Formal Model to the Automatic Evaluation of Cross-Site Leaks in Web Browsers https://xsinator.com/paper.pdf	Dec 08, 2021
ISC StormCast for Tuesday, December 7th, 2021 5:30 https://traffic.libsyn.com/securitypodcast/7784.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40820731103 https://traffic.libsyn.com/securitypodcast/7784.mp3 The Importance of Out of Band Networks https://isc.sans.edu/forums/diary/The+Importance+of+OutofBand+Networks/28102/ Kaseya Unitrends Backup Appliance Updates https://helpdesk.kaseya.com/hc/en-gb/articles/4412762258961 Is KAX17 Performing De-Anonymization Attacks Against Tor Users? https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8 Google Chrome Update No 0-Days https://chromereleases.googleblog.com/2021/12/stable-channel-update-for-desktop.html	Dec 07, 2021
ISC StormCast for Monday, December 6th, 2021 5:22 https://traffic.libsyn.com/securitypodcast/7782.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40714081232 https://traffic.libsyn.com/securitypodcast/7782.mp3 The UPX Packer will never die https://isc.sans.edu/forums/diary/The+UPX+Packer+Will+Never+Die/28096/ Survey of Airgap Attacks https://www.welivesecurity.com/2021/12/01/jumping-air-gap-15-years-nation-state-effort/ Ubiquity Victim of Insider Extortion https://www.justice.gov/usao-sdny/pr/former-employee-technology-company-charged-stealing-confidential-data-and-extorting	Dec 06, 2021
ISC StormCast for Friday, December 3rd, 2021 14:23 https://traffic.libsyn.com/securitypodcast/7780.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40396463471 https://traffic.libsyn.com/securitypodcast/7780.mp3 TA551 (Shathak) Pushes IcedID (Bokbot) https://isc.sans.edu/forums/diary/TA551+Shathak+pushes+IcedID+Bokbot/28092/ pip-audit scanning Python packages for known vulnerabilities https://pypi.org/project/pip-audit/ Wifi Router Flaws https://www.iot-inspector.com/blog/router-security-check-2021/ SANS Holiday Hack Challenge https://www.sans.org/mlp/holiday-hack-challenge/	Dec 03, 2021
ISC StormCast for Thursday, December 2nd, 2021 6:15 https://traffic.libsyn.com/securitypodcast/7778.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40284033698 https://traffic.libsyn.com/securitypodcast/7778.mp3 Info-Stealer Using webhook.site to Exfiltrate Data https://isc.sans.edu/forums/diary/InfoStealer+Using+webhooksite+to+Exfiltrate+Data/28088/ Mozilla NSS Library Vulnerability https://bugs.chromium.org/p/project-zero/issues/detail?id=2237 EwDoor Botnet is Attacking AT&T Customers https://blog.netlab.360.com/warning-ewdoor-botnet-is-attacking-att-customers/ JAMF Pro 10.32 Patch https://community.jamf.com/t5/jamf-pro/what-s-new-in-jamf-pro-10-32-release/m-p/246505	Dec 02, 2021
ISC StormCast for Wednesday, December 1st, 2021 6:24 https://traffic.libsyn.com/securitypodcast/7776.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40175677902 https://traffic.libsyn.com/securitypodcast/7776.mp3 Hunting for PHPUnit Installed via Composer https://isc.sans.edu/forums/diary/Hunting+for+PHPUnit+Installed+via+Composer/28084/ Microsoft Defender Scares Admins with Emotet False Positivies https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-scares-admins-with-emotet-false-positives/ Printing Shellz HP Printer Vulnerabilities https://blog.f-secure.com/hp-printer-vulnerabilities/?_ga=2.125707850.1160056027.1638325485-2056233716.1638325485 Unpatched Local Privilege Escalation in Mobile Device Management Service https://blog.0patch.com/2021/11/micropatching-unpatched-local-privilege.html	Dec 01, 2021
ISC StormCast for Tuesday, November 30th, 2021 5:25 https://traffic.libsyn.com/securitypodcast/7774.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 40069896351 https://traffic.libsyn.com/securitypodcast/7774.mp3 Wireshark 3.6.0 Released https://isc.sans.edu/forums/diary/Wireshark+360+Released/28076/ Google Cloud Security Report https://services.google.com/fh/files/misc/gcat_threathorizons_full_nov2021.pdf Zoom Patch https://explore.zoom.us/en/trust/security/security-bulletin/ Slack DNSSEC Experience Reports https://slack.engineering/what-happened-during-slacks-dnssec-rollout/	Nov 30, 2021
ISC StormCast for Monday, November 29th, 2021 6:04 https://traffic.libsyn.com/securitypodcast/7772.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 39964866435 https://traffic.libsyn.com/securitypodcast/7772.mp3 Phishing Pages Hiding Itself Using Dynamically Adjusted IP Based Allow List https://isc.sans.edu/forums/diary/Phishing+page+hiding+itself+using+dynamically+adjusted+IPbased+allow+list/28070/ Trickbot Phishing Checks Screen Resolution to Evade Researchers https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/ QNAP QVR Patch https://www.qnap.com/de-de/security-advisory/qsa-21-51 CronRAT Malware Hiding in cron https://sansec.io/research/cronrat	Nov 29, 2021
ISC StormCast for Wednesday, November 24th, 2021 3:13 https://traffic.libsyn.com/securitypodcast/7770.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 39446948115 https://traffic.libsyn.com/securitypodcast/7770.mp3 YARA Rule for OOXML Maldocs: Less False Positives https://isc.sans.edu/forums/diary/YARA+Rule+for+OOXML+Maldocs+Less+False+Positives/28066/ Zero-Day Windows Installer Exploit https://www.bleepingcomputer.com/news/security/malware-now-trying-to-exploit-new-windows-installer-zero-day/ VMWare VCenter Vulnerability and Patch https://www.vmware.com/security/advisories/VMSA-2021-0027.html	Nov 24, 2021
ISC StormCast for Tuesday, November 23rd, 2021 4:25 https://traffic.libsyn.com/securitypodcast/7768.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 39342020581 https://traffic.libsyn.com/securitypodcast/7768.mp3 Simple YARA Rules for Office Maldocs https://isc.sans.edu/forums/diary/Simple+YARA+Rules+for+Office+Maldocs/28062/ Retailers Urged to Patch Magento https://www.theregister.com/2021/11/22/ncsc_magento_updates_black_friday_reminder/ PoC of CVE-2021-42321: pop mspaint.exe on the target https://gist.github.com/testanull/0188c1ae847f37a70fe536123d14f398 BeC Via Exchange Flaws https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html Windows Priv. Escalation PoC https://github.com/klinix5/InstallerFileTakeOver PHP deserialize vulnerablity in CloudLinux Imunity360 https://blog.talosintelligence.com/2021/11/vulnerability-spotlight-php-deserialize.html	Nov 23, 2021
ISC StormCast for Monday, November 22nd, 2021 5:00 https://traffic.libsyn.com/securitypodcast/7766.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 39234619426 https://traffic.libsyn.com/securitypodcast/7766.mp3 Hikvision Security Cameras Potentially Exposed to Remote Code Execution https://isc.sans.edu/forums/diary/Hikvision+Security+Cameras+Potentially+Exposed+to+Remote+Code+Execution/28056/ Detecting PAM Backdoors https://isc.sans.edu/forums/diary/Backdooring+PAM/28058/ Rusted Anchors: A National Client-Side View of Hidden Root CAs in the Web PKI Ecosystem https://dl.acm.org/doi/pdf/10.1145/3460120.3484768 CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory https://www.netspi.com/blog/technical/cloud-penetration-testing/azure-cloud-vulnerability-credmanifest/	Nov 22, 2021
ISC StormCast for Friday, November 19th, 2021 6:42 https://traffic.libsyn.com/securitypodcast/7764.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38934399053 https://traffic.libsyn.com/securitypodcast/7764.mp3 JavaScript Downloader Delivers Agent Tesla Trojan https://isc.sans.edu/forums/diary/JavaScript+Downloader+Delivers+Agent+Tesla+Trojan/28050/ Exposed Firefox cookies.sqlite Databases https://www.theregister.com/2021/11/18/firefox_cookies_github/ FBI Warns of Fatpipe VPN Exploits https://www.ic3.gov/Media/News/2021/211117-2.pdf Abusing ClouDNS https://blog.netlab.360.com/the-pitfall-of-threat-intelligence-whitelisting-specter-botnet-is-taking-over-top-legit-dns-domains-by-using-cloudns-service/	Nov 19, 2021
ISC StormCast for Thursday, November 18th, 2021 4:35 https://traffic.libsyn.com/securitypodcast/7762.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38817671827 https://traffic.libsyn.com/securitypodcast/7762.mp3 DDS Protocol Implementation Vulnerabilities https://us-cert.cisa.gov/ics/advisories/icsa-21-315-02 Siemens TCP/IP Flaws https://www.forescout.com/blog/new-critical-vulnerabilities-found-on-nucleus-tcp-ip-stack/ Netgear UPNP Stack Based Buffer Overflow https://blog.grimm-co.com/2021/11/seamlessly-discovering-netgear.html	Nov 18, 2021
ISC StormCast for Wednesday, November 17th, 2021 6:43 https://traffic.libsyn.com/securitypodcast/7760.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38705913941 https://traffic.libsyn.com/securitypodcast/7760.mp3 Emotet Returns https://isc.sans.edu/forums/diary/Emotet+Returns/28044/ GitHub Improves npm Security https://github.blog/2021-11-15-githubs-commitment-to-npm-ecosystem-security/ Intel CPU Debug Vulnerability https://www.ptsecurity.com/ww-en/about/news/positive-technologies-discovers-vulnerability-in-intel-processors-used-in-laptops-cars-and-other-devices/ https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00528.html Home Router Vulnerability Listing https://modemly.com/m1/pulse	Nov 17, 2021
ISC StormCast for Tuesday, November 16th, 2021 6:41 https://traffic.libsyn.com/securitypodcast/7758.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38609051175 https://traffic.libsyn.com/securitypodcast/7758.mp3 Microsoft Emergency Update fixes AD Authentication Problems https://support.microsoft.com/en-us/topic/november-14-2021-kb5008601-os-build-14393-4771-out-of-band-c8cd33ce-3d40-4853-bee4-a7cc943582b9 Using Copy Paste to Change Microsoft AD Password https://isc.sans.edu/forums/diary/Changing+your+AD+Password+Using+the+Clipboard+Not+as+Easy+as+Youd+Think/28036/ Parking Pages Used to Distrbute Malware https://blog.netlab.360.com/zhatuniubility-malware-uses-namesilo-parking-pages-and-googles-custom-pages-to-spread/ Blacksmith Revives Rowhamer https://comsec.ethz.ch/research/dram/blacksmith/	Nov 16, 2021
ISC StormCast for Monday, November 15th, 2021 5:45 https://traffic.libsyn.com/securitypodcast/7756.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38500655493 https://traffic.libsyn.com/securitypodcast/7756.mp3 Not So Fake FBI E-Mails https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails https://isc.sans.edu/forums/diary/External+Email+System+FBI+Compromised+Sending+Out+Fake+Warnings/28034/ https://twitter.com/spamhaus/status/1459450061696417792 Reversing Obfuscated Maldoc with BASE64 https://isc.sans.edu/forums/diary/Obfuscated+Maldoc+Reversed+BASE64/28030/ Zoom Updates https://explore.zoom.us/en/trust/security/security-bulletin/ VMWare VCenter Update https://www.vmware.com/security/advisories/VMSA-2021-0025.html Windows User Profile 0-Day LPE https://halove23.blogspot.com/2021/10/windows-user-profile-service-0day.html	Nov 15, 2021
ISC StormCast for Friday, November 12th, 2021 3:00 https://traffic.libsyn.com/securitypodcast/7754.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38216335324 https://traffic.libsyn.com/securitypodcast/7754.mp3 In Memory of Alan Paller. Cyber Security Industry Titan and SANS Institute Founder https://www.sans.org/press/announcements/alan-paller-cyber-security-industry-titan-and-sans-institute-founder-passes-away/ https://isc.sans.edu/forums/diary/In+Memory+of+Alan+Paller/28026/	Nov 12, 2021
ISC StormCast for Thursday, November 11th, 2021 6:35 https://traffic.libsyn.com/securitypodcast/7752.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 38108578071 https://traffic.libsyn.com/securitypodcast/7752.mp3 Shadow IT Makes People More Vulnerable to Phishing https://isc.sans.edu/forums/diary/Shadow+IT+Makes+People+More+Vulnerable+to+Phishing/28022/ PaloAlto Networks GlobalProtect VPN CVE-2021-3064 https://www.randori.com/blog/cve-2021-3064/?i=2 Citrix ADC/Gateway/SD-WAN WANOP Patch https://support.citrix.com/article/CTX330728 HPE Aruba Breach https://www.arubanetworks.com/support-services/security-bulletins/central-incident-faq/ LiveStream: Application Security; Web Apps, APIs & Microservices youtu.be/6gGB7skXvpg 2pm ET Today (not 1pm as mentioned in the podcast	Nov 11, 2021
ISC StormCast for Wednesday, November 10th, 2021 6:35 https://traffic.libsyn.com/securitypodcast/7750.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37995191944 https://traffic.libsyn.com/securitypodcast/7750.mp3 Microsoft November 2021 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+November+2021+Patch+Tuesday/28018/ Adobe Patches https://helpx.adobe.com/security.html BusyBox Vulnerabilities https://jfrog.com/blog/unboxing-busybox-14-new-vulnerabilities-uncovered-by-claroty-and-jfrog/	Nov 10, 2021
ISC StormCast for Tuesday, November 9th, 2021 7:15 https://traffic.libsyn.com/securitypodcast/7748.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37875169721 https://traffic.libsyn.com/securitypodcast/7748.mp3 (Ab)Using Security Tools & Controls for the Bad https://isc.sans.edu/forums/diary/AbUsing+Security+Tools+Controls+for+the+Bad/28014/ Targeted Attack Campaign Against ManageEngine ADSelfService Plus https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/ Image-Scaling Attacks in Machine Learning https://www.usenix.org/system/files/sec20fall_quiring_prepub.pdf	Nov 09, 2021
ISC StormCast for Monday, November 8th, 2021 5:11 https://traffic.libsyn.com/securitypodcast/7746.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37755519703 https://traffic.libsyn.com/securitypodcast/7746.mp3 Decyprting Cobalt Strike Traffic With Keys Extracted From Process Memory https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+Keys+Extracted+From+Process+Memory/28006/ XMount for Disk Images https://isc.sans.edu/forums/diary/Xmount+for+Disk+Images/28002/ More Proactive SIMs https://medium.com/telecom-expert/more-proactive-sims-f8da2ef8b189 Thunderbird Update https://www.mozilla.org/en-US/security/advisories/mfsa2021-50/	Nov 08, 2021
ISC StormCast for Friday, November 5th, 2021 7:03 https://traffic.libsyn.com/securitypodcast/7744.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37406816508 https://traffic.libsyn.com/securitypodcast/7744.mp3 October 2021 Forensic Contest Answers and Analysis https://isc.sans.edu/forums/diary/October+2021+Forensic+Contest+Answers+and+Analysis/27998/ CVE-2021-43267: Remote Linux Kernel Heap Overflow in TIPC Module https://www.sentinelone.com/labs/tipc-remote-linux-kernel-heap-overflow-allows-arbitrary-code-execution/ Cisco Patches https://tools.cisco.com/security/center/publicationListing.x The Security Risk of Lacking Compiler Protection in WebAssembly https://arxiv.org/abs/2111.01421	Nov 05, 2021
ISC StormCast for Thursday, November 4th, 2021 5:11 https://traffic.libsyn.com/securitypodcast/7742.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37278429338 https://traffic.libsyn.com/securitypodcast/7742.mp3 Gitlab CVE-2021-22205 Exploited (and often not patched) https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/ New Proxy Shell Exploits Seen Against Exchange https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html Blackmatter Shutting Down Again https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-moves-victims-to-lockbit-after-shutdown/ Android 0-Day Patched https://source.android.com/security/bulletin/2021-11-01	Nov 04, 2021
ISC StormCast for Wednesday, November 3rd, 2021 5:41 https://traffic.libsyn.com/securitypodcast/7740.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37154893295 https://traffic.libsyn.com/securitypodcast/7740.mp3 Revisiting BrakTooth: Two Months Later https://isc.sans.edu/forums/diary/Revisiting+BrakTooth+Two+Months+Later/27992/ Escalating XSS to Sainthood with Nagios https://blog.grimm-co.com/2021/11/escalating-xss-to-sainthood-with-nagios.html Pentaho Business Analytics Vulnerablity https://hawsec.com/publications/pentaho/HVPENT210401-Pentaho-BA-Security-Assessment-Report-v1_1.pdf	Nov 03, 2021
ISC StormCast for Tuesday, November 2nd, 2021 7:03 https://traffic.libsyn.com/securitypodcast/7738.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 37045770159 https://traffic.libsyn.com/securitypodcast/7738.mp3 Trojan Source: Invisible Vulnerabilities https://www.trojansource.codes/trojan-source.pdf Detecting HTTP Header Smuggling Vulnerabilities https://www.darkreading.com/application-security/free-tool-scans-web-servers-for-vulnerability-to-http-header-smuggling-attacks Kaspersky Lost Amazon Simple Email Service Token https://support.kaspersky.com/general/vulnerability.aspx?el=12430#01112021_phishing	Nov 02, 2021
ISC StormCast for Monday, November 1st, 2021 5:22 https://traffic.libsyn.com/securitypodcast/7736.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36923955805 https://traffic.libsyn.com/securitypodcast/7736.mp3 Remote Desktop Protocol RDP Discovery https://isc.sans.edu/forums/diary/Remote+Desktop+Protocol+RDP+Discovery/27984/ Sysmon Update https://isc.sans.edu/forums/diary/Sysinternals+Autoruns+and+Sysmon+updates/27986/ Google Chrome Updates https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html AbstractEmu Malware Roots Android https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign Microsoft Defender For Endpoint Web Content Filtering https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/web-content-filtering-now-generally-available-on-windows/ba-p/2893357	Nov 01, 2021
ISC StormCast for Friday, October 29th, 2021 5:36 https://traffic.libsyn.com/securitypodcast/7734.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36589305625 https://traffic.libsyn.com/securitypodcast/7734.mp3 Critical Hikvision Patch https://watchfulip.github.io/2021/09/18/Hikvision-IP-Camera-Unauthenticated-RCE.html https://www.hikvision.com/en/support/cybersecurity/security-advisory/security-notification-command-injection-vulnerability-in-some-hikvision-products/ Shrootless Vulnerability in MacOS https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ More Malicious NPM Libraries https://www.theregister.com/2021/10/27/npm_roblox_ransomware/	Oct 29, 2021
ISC StormCast for Thursday, October 28th, 2021 5:09 https://traffic.libsyn.com/securitypodcast/7732.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36455299181 https://traffic.libsyn.com/securitypodcast/7732.mp3 Outlook Web Access Phishing https://isc.sans.edu/forums/diary/Hunting+for+Phishing+Sites+Masquerading+as+Outlook+Web+Access/27974/ Apple Security Updates Details Available https://support.apple.com/en-us/HT201222 Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PinkBot Botnet Uses DoH https://blog.netlab.360.com/pinkbot/ Jira Insight Patch https://confluence.atlassian.com/adminjiraserver/jira-service-management-security-advisory-2021-10-20-1085186548.html	Oct 28, 2021
ISC StormCast for Wednesday, October 27th, 2021 5:35 https://traffic.libsyn.com/securitypodcast/7730.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36329028953 https://traffic.libsyn.com/securitypodcast/7730.mp3 Apple Updates Everything (but no details yet) https://support.apple.com/en-sa/HT201222 Craigslist E-Mail Hijack https://www.inky.com/blog/urgency-mail-relay-serve-phishers-well-on-craigslist UltimaSMS Android Malware https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast Firefox Proxy Malware https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/	Oct 27, 2021
ISC StormCast for Tuesday, October 26th, 2021 4:44 https://traffic.libsyn.com/securitypodcast/7728.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36207759115 https://traffic.libsyn.com/securitypodcast/7728.mp3 Decrypting Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decrypting+Cobalt+Strike+Traffic+With+a+Leaked+Private+Key/27968/ Critical Discourse Vulnerability https://us-cert.cisa.gov/ncas/current-activity/2021/10/24/critical-rce-vulnerability-discourse Discourse Discussion Platform RCE https://github.com/discourse/discourse/security/advisories/GHSA-jcjx-pvpc-qgwq https://0day.click/recipe/discourse-sns-rce/ ua-parser-js malware https://github.com/advisories/GHSA-pjwm-rvh2-c87w Vulnerable Billing Software BillQuick Web Used to Deploy Ransomware https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware	Oct 26, 2021
ISC StormCast for Monday, October 25th, 2021 5:35 https://traffic.libsyn.com/securitypodcast/7726.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 36092793886 https://traffic.libsyn.com/securitypodcast/7726.mp3 Malware Quiz https://isc.sans.edu/forums/diary/October+2021+Contest+Forensic+Challenge/27960/ Odd Zip Files https://isc.sans.edu/forums/diary/Phishing+ZIP+With+Malformed+Filename/27966/ Decrypting Cobalt Strike Configurations Using Known Secret Keys https://blog.nviso.eu/2021/10/21/cobalt-strike-using-known-private-keys-to-decrypt-traffic-part-1/ Tracking BLE Fingerprints https://cseweb.ucsd.edu/~nibhaska/papers/sp22_paper.pdf GPS Software Bug https://us-cert.cisa.gov/ncas/current-activity/2021/10/21/gps-daemon-gpsd-rollover-bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/	Oct 25, 2021
ISC StormCast for Friday, October 22nd, 2021 6:18 https://traffic.libsyn.com/securitypodcast/7724.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 35740504731 https://traffic.libsyn.com/securitypodcast/7724.mp3 Stolen Images Evidence Campaign Pushes Sliver Based Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+campaign+pushes+Sliverbased+malware/27954/ FiveSys Rootkit Signed By Microsoft https://www.bitdefender.com/files/News/CaseStudies/study/405/Bitdefender-DT-Whitepaper-Fivesys-creat5699-en-EN.pdf Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpuoct2021.html WinRAR Vulnerability https://swarm.ptsecurity.com/winrars-vulnerable-trialware-when-free-software-isnt-free/ Crypto Mining npm Libraries https://blog.sonatype.com/newly-found-npm-malware-mines-cryptocurrency-on-windows-linux-macos-devices	Oct 22, 2021
ISC StormCast for Thursday, October 21st, 2021 5:38 https://traffic.libsyn.com/securitypodcast/7722.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 35620588228 https://traffic.libsyn.com/securitypodcast/7722.mp3 Thanks to Covid 19: New Types of Documents are Lost in the Wild https://isc.sans.edu/forums/diary/Thanks+to+COVID19+New+Types+of+Documents+are+Lost+in+The+Wild/27952/ Google Chrome 95 Released https://chromestatus.com/roadmap Squirrel VM Bug https://thehackernews.com/2021/10/squirrel-engine-bug-could-let-attackers.html BlackByte Decryptor Released https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/ https://github.com/SpiderLabs/BlackByteDecryptor	Oct 21, 2021
ISC StormCast for Wednesday, October 20th, 2021 4:45 https://traffic.libsyn.com/securitypodcast/7720.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 35493452525 https://traffic.libsyn.com/securitypodcast/7720.mp3 Can You Make the Great Chinese Firewall Work For You https://isc.sans.edu/forums/diary/Can+you+make+the+Great+Chinese+Firewall+work+for+you/27948/ Fake Government Assistance Websites https://www.ic3.gov/Media/Y2021/PSA211015 TA505 Coming Back https://www.proofpoint.com/us/blog/threat-insight/whatta-ta-ta505-ramps-activity-delivers-new-flawedgrace-variant BlackMatter Ransomware https://us-cert.cisa.gov/ncas/alerts/aa21-291a	Oct 20, 2021
ISC StormCast for Tuesday, October 19th, 2021 5:06 https://traffic.libsyn.com/securitypodcast/7718.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 35375880241 https://traffic.libsyn.com/securitypodcast/7718.mp3 Malcious PowerShell Script Using Client Certificate Authentication https://isc.sans.edu/forums/diary/Malicious+PowerShell+Using+Client+Certificate+Authentication/27944/ PowerShell Updates https://github.com/PowerShell/Announcements/issues/27 Juniper JunOS Patches https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES TianFu Cup https://tianfucup.com/en/#canjia	Oct 19, 2021
ISC StormCast for Monday, October 18th, 2021 5:34 https://traffic.libsyn.com/securitypodcast/7716.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 35263615195 https://traffic.libsyn.com/securitypodcast/7716.mp3 Active Scanning for Apache Vulnerabilities CVE-2021-41773 and 42013 https://isc.sans.edu/forums/diary/Apache+is+Actively+Scan+for+CVE202141773+CVE202142013/27940/ Warranty Repairs and Non Removable Storage Risks https://isc.sans.edu/forums/diary/Warranty+Repairs+and+NonRemovable+Storage+Risks/27938/ Crypto Wallet Compromised on OpenSea NFT Marketplace https://blog.checkpoint.com/2021/10/13/check-point-software-prevents-theft-of-crypto-wallets-on-opensea-the-worlds-largest-nft-marketplace/ $5.2 Billion worth of Bitcoin Transactions Linked to Ransomware https://www.fincen.gov/sites/default/files/shared/Financial%20Trend%20Analysis_Ransomeware%20508%20FINAL.pdf	Oct 18, 2021
ISC StormCast for Friday, October 15th, 2021 6:32 https://traffic.libsyn.com/securitypodcast/7714.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34938663433 https://traffic.libsyn.com/securitypodcast/7714.mp3 Port Forwarding with Windows for the Win https://isc.sans.edu/forums/diary/PortForwarding+with+Windows+for+the+Win/27934/ Please Fix Your E-Mail Brute Forcing Tool https://isc.sans.edu/forums/diary/Please+fix+your+EMail+Brute+forcing+tool/27930/ Ad Blocker Injects Ads https://www.imperva.com/blog/the-ad-blocker-that-injects-ads/ Romance Scams Go After Crypto Currency https://nakedsecurity.sophos.com/2021/10/13/romance-scams-with-a-cryptocurrency-twist-new-research-from-sophoslabs/ Sysmon For Linux https://github.com/Sysinternals/SysmonForLinux Foxit Updates https://www.foxit.com/support/security-bulletins.html VMWare Updates https://www.vmware.com/security/advisories/VMSA-2021-0023.html	Oct 15, 2021
ISC StormCast for Wednesday, October 13th, 2021 5:54 https://traffic.libsyn.com/securitypodcast/7712.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34702495773 https://traffic.libsyn.com/securitypodcast/7712.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+October+2021+Patch+Tuesday/27928/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html PyPi Remove mitmproxy2 Module https://twitter.com/maximilianhils/status/1447525552370458625 https://web.archive.org/web/20211012105244/https://gist.github.com/mhils/7ff29d50b25a1c99e06834cf95684333	Oct 13, 2021
ISC StormCast for Tuesday, October 12th, 2021 5:04 https://traffic.libsyn.com/securitypodcast/7710.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34585588150 https://traffic.libsyn.com/securitypodcast/7710.mp3 Non HTTP Requests Hitting Web Server https://isc.sans.edu/forums/diary/Things+that+go+Bump+in+the+Night+Non+HTTP+Requests+Hitting+Web+Servers/27924/ Apple Updates iOS/iPadOS to 15.0.2 https://saaramar.github.io/IOMFB_integer_overflow_poc/ https://support.apple.com/en-us/HT212846 Weak SSH Keys Used with GitKraken https://github.blog/2021-10-11-github-security-update-revoking-weakly-generated-ssh-keys/ Let's Encrypt Outage https://letsencrypt.status.io/pages/incident/55957a99e800baa4470002da/6164b5af714e1f053880ba0c	Oct 12, 2021
ISC StormCast for Monday, October 11th, 2021 5:24 https://traffic.libsyn.com/securitypodcast/7708.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34475427020 https://traffic.libsyn.com/securitypodcast/7708.mp3 Scanning for Previous Oracle WebLogic Vulnerabilities https://isc.sans.edu/forums/diary/Scanning+for+Previous+Oracle+WebLogic+Vulnerabilities/27918/ Sorting Things Out - Sorting Data by IP Address https://isc.sans.edu/forums/diary/Sorting+Things+Out+Sorting+Data+by+IP+Address/27916/ https://gitlab.com/slackermedia/bashcrawl Telegram Does Not Remove Auto-Deleted Messages from Cache https://habr.com/en/post/580582/ Microsoft To Disable Excel 4.0 Macros By Default https://twitter.com/GelosSnake/status/1446192775087722497 https://m365admin.handsontek.net/macro-settings-update-to-disable-excel-4-0-macros-by-default/	Oct 11, 2021
ISC StormCast for Friday, October 8th, 2021 6:21 https://traffic.libsyn.com/securitypodcast/7706.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34156123725 https://traffic.libsyn.com/securitypodcast/7706.mp3 Who is Hunting For Your IPTV Set-Top Box? https://isc.sans.edu/forums/diary/Who+Is+Hunting+For+Your+IPTV+SetTop+Box/27912/ Another Update For Apache https://httpd.apache.org Font on Lake Rootkit https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/ osquery 5 with macOS Endpoint Security https://www.trailofbits.com/post/announcing-osquery-5-now-with-endpointsecurity-on-macos	Oct 08, 2021
ISC StormCast for Thursday, October 7th, 2021 5:19 https://traffic.libsyn.com/securitypodcast/7704.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 34046290508 https://traffic.libsyn.com/securitypodcast/7704.mp3 Apache 2.4.49 Directory Traversal Vulnerability https://isc.sans.edu/forums/diary/Apache+2449+Directory+Traversal+Vulnerability+CVE202141773/27908/ Python Ransomware Targeting ESXi Server https://www.sophos.com/en-us/press-office/press-releases/2021/10/sophos-researchers-uncover-new-python-ransomware-targeting-an-esxi-server-and-virtual-machines.aspx AT&T SIM Forensics https://medium.com/telecom-expert/what-is-at-t-doing-at-1111340002-c418876c212c Google Making Additional 2FA Push https://blog.google/technology/safety-security/making-sign-safer-and-more-convenient/	Oct 07, 2021
ISC StormCast for Wednesday, October 6th, 2021 5:40 https://traffic.libsyn.com/securitypodcast/7702.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33933531749 https://traffic.libsyn.com/securitypodcast/7702.mp3 Looking Glass Sites https://isc.sans.edu/forums/diary/Looking+Glasses+Debugging+Network+Connectivity+Issues/27904/ Facebook Postmortem https://engineering.fb.com/2021/10/05/networking-traffic/outage-details/ Apache 2.4.49 Directory Traversal Vulnerability https://blog.sonatype.com/apache-servers-actively-exploited-in-wild-importance-of-prompt-patching Windows 11 Released https://www.microsoft.com/security/blog/2021/10/04/windows-11-offers-chip-to-cloud-protection-to-meet-the-new-security-challenges-of-hybrid-work/ https://www.microsoft.com/en-us/download/details.aspx?id=55319	Oct 06, 2021
ISC StormCast for Tuesday, October 5th, 2021 5:47 https://traffic.libsyn.com/securitypodcast/7700.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33828726321 https://traffic.libsyn.com/securitypodcast/7700.mp3 Facebook Outage https://isc.sans.edu/forums/diary/Facebook+Outage+Yes+its+DNS+sort+of+A+super+quick+analysis+of+what+is+going+on/27900/ Boutique "Dark" Botnet Hunting for Crumbs https://isc.sans.edu/forums/diary/Boutique+Dark+Botnet+Hunting+for+Crumbs/27898/ Apache Airflow May Leak Credentials https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/	Oct 05, 2021
ISC StormCast for Monday, October 4th, 2021 5:51 https://traffic.libsyn.com/securitypodcast/7698.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33718107800 https://traffic.libsyn.com/securitypodcast/7698.mp3 A New Tool To Add to Your LOLBAS List: cvtres.exe https://isc.sans.edu/forums/diary/New+Tool+to+Add+to+Your+LOLBAS+List+cvtresexe/27892/ Google Chrome Continuing Updates https://support.google.com/chrome/answer/95414?hl=en&co=GENIE.Platform%3DDesktop Cyber Security Awareness Month https://www.sans.org/security-awareness-training/resources/ https://isc.sans.edu/tag.html?tag=csam FCC Attempts to Fight SIM Swapping https://docs.fcc.gov/public/attachments/DOC-376199A1.pdf MacOS Gatekeeper Bypass https://labs.f-secure.com/blog/the-discovery-of-cve-2021-1810/	Oct 04, 2021
ISC StormCast for Friday, October 1st, 2021 14:59 https://traffic.libsyn.com/securitypodcast/7696.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33395284672 https://traffic.libsyn.com/securitypodcast/7696.mp3 Visa/Apple Express Transit Relay Attack https://www.bbc.com/news/technology-58719891 FluBot Offering Fake FlutBot Protection https://twitter.com/CERTNZ/status/1443701853665980440 Undetected Azure Active Directory Brute-Force Attacks https://www.secureworks.com/research/undetected-azure-active-directory-brute-force-attacks SANS.edu Student Christopher DeWees: Expired Domain Dumpster Diving https://www.sans.edu/cyber-research/40505/	Oct 01, 2021
ISC StormCast for Thursday, September 30th, 2021 5:28 https://traffic.libsyn.com/securitypodcast/7694.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33274518752 https://traffic.libsyn.com/securitypodcast/7694.mp3 Keeping Track of Time: Network Time Protocol and GPSD Bug https://isc.sans.edu/forums/diary/Keeping+Track+of+Time+Network+Time+Protocol+and+a+GPSD+Bug/27886/ Apple Airtags Stored XSS https://medium.com/@bobbyrsec/zero-day-hijacking-icloud-credentials-with-apple-airtags-stored-xss-6997da43a216 CISA/NSA Guidance To Configure VPNs https://media.defense.gov/2021/Sep/28/2002863184/-1/-1/0/CSI_SELECTING-HARDENING-REMOTE-ACCESS-VPNS-20210928.PDF Facebook Open Sourcing "Mariana Trench" Tool To Analyze Android and Java Apps https://engineering.fb.com/2021/09/29/security/mariana-trench/	Sep 30, 2021
ISC StormCast for Wednesday, September 29th, 2021 5:39 https://traffic.libsyn.com/securitypodcast/7692.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33158315200 https://traffic.libsyn.com/securitypodcast/7692.mp3 TLS 1.3 and SSL: The Current State of Affairs https://isc.sans.edu/forums/diary/TLS+13+and+SSL+the+current+state+of+affairs/27882/ EFF Discontinues HTTPS Everywhere Plugin https://www.eff.org/deeplinks/2021/09/https-actually-everywhere Malicious CryptoCoin Wallet https://discourse.mozilla.org/t/got-hacked-by-the-add-on-called-safepal-wallet/85797 Microsoft Automates Exchange Mitigations https://techcommunity.microsoft.com/t5/exchange-team-blog/new-security-feature-in-september-2021-cumulative-update-for/ba-p/2783155	Sep 29, 2021
ISC StormCast for Tuesday, September 28th, 2021 5:47 https://traffic.libsyn.com/securitypodcast/7690.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 33039623192 https://traffic.libsyn.com/securitypodcast/7690.mp3 Trend Micro ServerProtect Authentication Bypass Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-21-1115/ Let's Encrypt Root CA Expiration https://community.letsencrypt.org/t/production-chain-changes/150739 ERMAC Android Malware https://www.threatfabric.com/blogs/ermac-another-cerberus-reborn.html QNAP Vulnerabilities https://www.qnap.com/en/security-advisory/QSA-21-35	Sep 28, 2021
ISC StormCast for Monday, September 27th, 2021 6:13 https://traffic.libsyn.com/securitypodcast/7688.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32933256747 https://traffic.libsyn.com/securitypodcast/7688.mp3 Mobile Device Inventory via Active Sync https://isc.sans.edu/forums/diary/Keep+an+Eye+on+Your+Users+Mobile+Devices+Simple+Inventory/27868/ Autodiscover Attacks https://autodiscover-vulnerable-tlds.com https://wiki.mozilla.org/Public_Suffix_List https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Three More 0-Day Vulnerabilities in iOS https://habr.com/en/post/579714/ original russian version: https://habr.com/en/post/579716/ Cisco CAPWAP Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf Sonicwall SMA 100 Series Vulnerablity https://www.sonicwall.com/support/product-notification/security-notice-critical-arbitrary-file-delete-vulnerability-in-sonicwall-sma-100-series-appliances/210819124854603/	Sep 27, 2021
ISC StormCast for Friday, September 24th, 2021 5:31 https://traffic.libsyn.com/securitypodcast/7686.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32605459605 https://traffic.libsyn.com/securitypodcast/7686.mp3 Excel Recipe: Some VBA Code with a Touch of Excel4 Macro https://isc.sans.edu/forums/diary/Excel+Recipe+Some+VBA+Code+with+a+Touch+of+Excel4+Macro/27864/ Windows Platform Binary Table Weakness https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/ Apple Patches Older iOS/MacOS Versions https://support.apple.com/en-us/HT201222 Broken Digital Signatures Used to Foil Malware Detection https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/	Sep 24, 2021
ISC StormCast for Thursday, September 23rd, 2021 6:53 https://traffic.libsyn.com/securitypodcast/7684.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32535262335 https://traffic.libsyn.com/securitypodcast/7684.mp3 An XML-Obfustcated Office Document (CVE-2021-40444) https://isc.sans.edu/forums/diary/An+XMLObfuscated+Office+Document+CVE202140444/27860/ Exchange Autodiscovering Leaks Credentials https://www.guardicore.com/labs/autodiscovering-the-great-leak/ Nagios Vulnerabilities https://claroty.com/2021/09/21/blog-research-securing-network-management-systems-nagios-xi/ Apple Deprecating TLS 1.0/1.1 https://developer.apple.com/news/?id=bv8ur34d	Sep 23, 2021
ISC StormCast for Wednesday, September 22nd, 2021 5:40 https://traffic.libsyn.com/securitypodcast/7682.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32392878265 https://traffic.libsyn.com/securitypodcast/7682.mp3 A First Look at Apple's iOS 15 "Private Relay" feature https://isc.sans.edu/forums/diary/A+First+Look+at+Apples+iOS+15+Private+Relay+feature/27858/ macOS Finder Security Feature Bypass Leads to Possible RCE https://ssd-disclosure.com/ssd-advisory-macos-finder-rce/ VMWare vCenter Advisory https://blogs.vmware.com/vsphere/2021/09/vmsa-2021-0020-what-you-need-to-know.html NetGear Circle Parental Control Vulnerablity https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html	Sep 22, 2021
ISC StormCast for Tuesday, September 21st, 2021 6:24 https://traffic.libsyn.com/securitypodcast/7680.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32289466952 https://traffic.libsyn.com/securitypodcast/7680.mp3 OMIGOD Exploits Captured in the Wild. https://isc.sans.edu/forums/diary/OMIGOD+Exploits+Captured+in+the+Wild+Researchers+responsible+for+half+of+scans+for+related+ports/27852/ Apple iOS/iPadOS/tvOS 15 Updates (and WatchOS, Xcode, Safari) https://support.apple.com/en-us/HT201222 ManageEngine ADSelfService Plus Exploited https://us-cert.cisa.gov/ncas/alerts/aa21-259a	Sep 21, 2021
ISC StormCast for Monday, September 20th, 2021 5:47 https://traffic.libsyn.com/securitypodcast/7678.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 32189958292 https://traffic.libsyn.com/securitypodcast/7678.mp3 Malicious Calendar Subscriptions Are Back https://isc.sans.edu/forums/diary/Malicious+Calendar+Subscriptions+Are+Back/27846/ Simple Analysis of a CVE-2021-40444 (MSHTML) Document https://isc.sans.edu/forums/diary/Simple+Analysis+Of+A+CVE202140444+docx+Document/27848/ Mirai Botnet Hunting OMIGOD https://twitter.com/1ZRR4H/status/1438580885142507528 https://isc.sans.edu/port.html?port=1270 Exploit for Netgear Flaws Available https://gynvael.coldwind.pl/?id=742	Sep 20, 2021
ISC StormCast for Friday, September 17th, 2021 6:30 https://traffic.libsyn.com/securitypodcast/7676.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31955414653 https://traffic.libsyn.com/securitypodcast/7676.mp3 Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/ Travis CI Patch https://travis-ci.community/t/security-bulletin/12081 IBM System x IMM Vulnerability https://support.lenovo.com/es/en/product_security/len-66347 Fake iTerm installing Malware on OS X https://objective-see.com/blog/blog_0x66.html	Sep 17, 2021
ISC StormCast for Thursday, September 16th, 2021 5:29 https://traffic.libsyn.com/securitypodcast/7674.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31848751675 https://traffic.libsyn.com/securitypodcast/7674.mp3 Hancitor Campaign Abusing Microsoft's OneDrive https://isc.sans.edu/forums/diary/Hancitor+campaign+abusing+Microsofts+OneDrive/27838/ "Secret"Agent Exposes Azure Customers To Unauthorized Code Execution https://www.wiz.io/blog/secret-agent-exposes-azure-customers-to-unauthorized-code-execution	Sep 16, 2021
ISC StormCast for Wednesday, September 15th, 2021 5:22 https://traffic.libsyn.com/securitypodcast/7672.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31745181920 https://traffic.libsyn.com/securitypodcast/7672.mp3 Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+September+2021+Patch+Tuesday/27834/ Adobe Patches https://helpx.adobe.com/security/security-bulletin.html	Sep 15, 2021
ISC StormCast for Tuesday, September 14th, 2021 5:08 https://traffic.libsyn.com/securitypodcast/7670.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31644541878 https://traffic.libsyn.com/securitypodcast/7670.mp3 Apple Updates Everything https://support.apple.com/en-us/HT201222 Citizenlab Discloses NSO Exploit Details https://citizenlab.ca/2021/09/forcedentry-nso-group-imessage-zero-click-exploit-captured-in-the-wild/ Google Chrome Update https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop.html WooCommerce Multi Currency Plugin Vulnerablity https://blog.nintechnet.com/vulnerability-fixed-in-wordpress-woocommerce-multi-currency-plugin/	Sep 14, 2021
ISC StormCast for Monday, September 13th, 2021 5:33 https://traffic.libsyn.com/securitypodcast/7668.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31529385608 https://traffic.libsyn.com/securitypodcast/7668.mp3 Shipping Microsoft DNS Logs to Elasticsearch https://isc.sans.edu/forums/diary/Shipping+to+Elasticsearch+Microsoft+DNS+Logs/27828/ Exploit Generator for CVE-2021-40444 https://github.com/lockedbyte/CVE-2021-40444 Windows Lock Screen Bypass https://halove23.blogspot.com/2021/09/zdi-21-1053-bypassing-windows-lock.html Citrix Hypervisor Update https://support.citrix.com/article/CTX325319 GitHub Identifies Vulnerable node.js Packages https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/	Sep 13, 2021
ISC StormCast for Friday, September 10th, 2021 6:30 https://traffic.libsyn.com/securitypodcast/7666.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31211078579 https://traffic.libsyn.com/securitypodcast/7666.mp3 ISC/DShield API Updates https://isc.sans.edu/forums/diary/Updates+to+Our+DatafeedsAPI/27824/ Update on Windows MSHTML Vulnerability https://www.bleepingcomputer.com/news/microsoft/windows-mshtml-zero-day-defenses-bypassed-as-new-info-emerges/ GitHub Actions check-spelling community workflow GITHUB_TOKEN leakage https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md	Sep 10, 2021
ISC StormCast for Thursday, September 9th, 2021 5:39 https://traffic.libsyn.com/securitypodcast/7664.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 31102138639 https://traffic.libsyn.com/securitypodcast/7664.mp3 Protonmail Correction https://protonmail.com/blog/climate-activist-arrest/ https://protonmail.com/privacy-policy "Stolen Images Evidence" Campaign Continues Pushing BazarLoader Malware https://isc.sans.edu/forums/diary/Stolen+Images+Evidence+Campaign+Continues+Pushing+BazarLoader+Malware/27816/ Thyotic Secret Server Critical Update https://docs.thycotic.com/ss/11.0.0/release-notes/ss-rn-11-0-000007.md Zoho Vulnerablity Exploited https://www.manageengine.com/products/self-service-password/kb/how-to-fix-authentication-bypass-vulnerability-in-REST-API.html	Sep 09, 2021
ISC StormCast for Wednesday, September 8th, 2021 5:43 https://traffic.libsyn.com/securitypodcast/7662.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30996639177 https://traffic.libsyn.com/securitypodcast/7662.mp3 Microsoft MSHTML Remote Code Execution Vulnerability CVE-2021-40444 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-40444 ProntonMail/VPN Releasing User's IP Address https://protonmail.com/blog/climate-activist-arrest/ What's App End To End Encryption Questioned (but upheld) https://twitter.com/evacide/status/1435288900587589632?s=20 PRIVATELOG and STASHLOG Malware Store Payload in Common Log File System (CLFS) https://www.fireeye.com/blog/threat-research/2021/09/unknown-actor-using-clfs-log-files-for-stealth.html	Sep 08, 2021
ISC StormCast for Tuesday, September 7th, 2021 5:25 https://traffic.libsyn.com/securitypodcast/7660.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30880665932 https://traffic.libsyn.com/securitypodcast/7660.mp3 Confluence Update https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html https://www.jenkins.io/blog/2021/09/04/wiki-attacked/ ProxyShell Update https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/ RCE-0-Day for GhostScript 9.50 https://github.com/duc-nt/RCE-0-day-for-GhostScript-9.50 Netgear Switch Auth Bypass https://kb.netgear.com/000063978/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Smart-Switches-PSV-2021-0140-PSV-2021-0144-PSV-2021-0145	Sep 07, 2021
ISC StormCast for Friday, September 3rd, 2021 14:10 https://traffic.libsyn.com/securitypodcast/7658.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30470608681 https://traffic.libsyn.com/securitypodcast/7658.mp3 Attackers Will Always Abuse Major Events in our Lifes https://isc.sans.edu/forums/diary/Attackers+Will+Always+Abuse+Major+Events+in+our+Lifes/27808/ Active Exploitation of Confluence Server CVE-2021-26084 https://www.rapid7.com/blog/post/2021/09/02/active-exploitation-of-confluence-server-cve-2021-26084/ GitHub Removing old Ciphers / Keys https://github.blog/2021-09-01-improving-git-protocol-security-github/ Cisco Enterprise NFV Infrastructure Software Authentication Bypass https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nfvis-g2DMVVh Hackers are Selling Tool to Hide Malware in GPUs https://www.ehackingnews.com/2021/09/hackers-are-selling-tool-to-hide.html Michael Beck: Cloud Forensics Triage Framework (CFTF) https://www.sans.org/white-papers/40415/	Sep 03, 2021
ISC StormCast for Thursday, September 2nd, 2021 6:00 https://traffic.libsyn.com/securitypodcast/7656.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30356181511 https://traffic.libsyn.com/securitypodcast/7656.mp3 STRRAT: A Java Based RAT That Doesn't Care if You Have Java https://isc.sans.edu/forums/diary/STRRAT+a+Javabased+RAT+that+doesnt+care+if+you+have+Java/27798/ IPC360 Baby Monitor Vulnerability https://www.bitdefender.com/files/News/CaseStudies/study/402/Bitdefender-PR-Whitepaper-VictureIPC-creat5590-en-EN.pdf Annke Network Video Recorder Vulnerability https://us-cert.cisa.gov/ics/advisories/icsa-21-238-02 ProxyWare Abuse https://blog.talosintelligence.com/2021/08/proxyware-abuse.html	Sep 02, 2021
ISC StormCast for Wednesday, September 1st, 2021 5:27 https://traffic.libsyn.com/securitypodcast/7654.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30250317117 https://traffic.libsyn.com/securitypodcast/7654.mp3 BrakTooth: Impacts, Implications and Next Steps https://isc.sans.edu/forums/diary/BrakTooth+Impacts+Implications+and+Next+Steps/27802/ Fortress Home Security System Weakness https://threatpost.com/fortress-home-security-remote-disarmament/169069/ PostgreSQL set_user Module Vulnerability https://www.postgresql.org/about/news/set_user-201-released-2279/	Sep 01, 2021
ISC StormCast for Tuesday, August 31st, 2021 5:54 https://traffic.libsyn.com/securitypodcast/7652.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30132031086 https://traffic.libsyn.com/securitypodcast/7652.mp3 Cryptocurrency Clipboard Swapper Delivered With Love https://isc.sans.edu/forums/diary/Cryptocurrency+Clipboard+Swapper+Delivered+With+Love/27794/ ProxyToken Vulnerability in Exchange https://www.zerodayinitiative.com/blog/2021/8/30/proxytoken-an-authentication-bypass-in-microsoft-exchange-server LockFile Ransomware Evasion Tricks https://thehackernews.com/2021/08/lockfile-ransomware-bypasses-protection.html	Aug 31, 2021
ISC StormCast for Monday, August 30th, 2021 5:04 https://traffic.libsyn.com/securitypodcast/7650.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 30059040436 https://traffic.libsyn.com/securitypodcast/7650.mp3 ChaosDB: Azure Cosmos Database Vulnerability https://chaosdb.wiz.io Phishing via Open Redirects https://www.microsoft.com/security/blog/2021/08/26/widespread-credential-phishing-campaign-abuses-open-redirector-links/ Parallels Vulnerability https://exchange.xforce.ibmcloud.com/vulnerabilities/208188 https://www.zerodayinitiative.com/advisories/ZDI-21-1000/	Aug 30, 2021
ISC StormCast for Friday, August 27th, 2021 5:44 https://traffic.libsyn.com/securitypodcast/7648.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29737270564 https://traffic.libsyn.com/securitypodcast/7648.mp3 Cisco Advisories https://tools.cisco.com/security/center/publicationListing.x GETH DoS Vulnerability https://github.com/ethereum/go-ethereum/releases/tag/v1.10.8 Confluence Security Advisory https://confluence.atlassian.com/doc/confluence-security-advisory-2021-08-25-1077906215.html VMWare Updates https://www.vmware.com/security/advisories.html	Aug 27, 2021
ISC StormCast for Thursday, August 26th, 2021 5:44 https://traffic.libsyn.com/securitypodcast/7646.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29659181980 https://traffic.libsyn.com/securitypodcast/7646.mp3 There May Be Many More SPF Records Than We Might Expect https://isc.sans.edu/forums/diary/There+may+be+many+more+SPF+records+than+we+might+expect/27786/ OpenSSL Update https://www.openssl.org/news/vulnerabilities.html F5 Update https://support.f5.com/csp/article/K50974556 https://support.f5.com/csp/article/K41351250 SideWalk Backdoor https://www.welivesecurity.com/2021/08/24/sidewalk-may-be-as-dangerous-as-crosswalk/	Aug 26, 2021
ISC StormCast for Wednesday, August 25th, 2021 5:21 https://traffic.libsyn.com/securitypodcast/7644.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29543820263 https://traffic.libsyn.com/securitypodcast/7644.mp3 Attackers Hunting for Twilio Credentials https://isc.sans.edu/forums/diary/Attackers+Hunting+For+Twilio+Credentials/27782/ Modified WhatsApp Spreading Malware https://securelist.com/triada-trojan-in-whatsapp-mod/103679/ Privilege Escalation without Pluggin in Device http://0xsp.com/security%20research%20&%20development%20(SRD)/local-administrator-is-not-just-with-razer-it-is-possible-for-all	Aug 25, 2021
ISC StormCast for Tuesday, August 24th, 2021 5:41 https://traffic.libsyn.com/securitypodcast/7642.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29429942266 https://traffic.libsyn.com/securitypodcast/7642.mp3 Out of Band Phishing Using SMS Messages to Evade Network Detection https://isc.sans.edu/forums/diary/Out+of+Band+Phishing+Using+SMS+messages+to+Evade+Network+Detection/27768/ Elevate Priviledges with Razer Mouse https://twitter.com/j0nh4t/status/1429049506021138437 Realtek Vulnerabilites Exploited https://securingsam.com/realtek-vulnerabilities-weaponized/ Exposed Microsoft Power Apps https://www.upguard.com/breaches/power-apps	Aug 24, 2021
ISC StormCast for Monday, August 23rd, 2021 5:10 https://traffic.libsyn.com/securitypodcast/7640.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29318367551 https://traffic.libsyn.com/securitypodcast/7640.mp3 Waiting for the C2 to Show Up https://isc.sans.edu/forums/diary/Waiting+for+the+C2+to+Show+Up/27772/ DOCX with Embdedded EXE https://isc.sans.edu/forums/diary/docx+With+Embedded+EXE/27776/ Securing Your Windows 365 Cloud PCs https://techcommunity.microsoft.com/t5/windows-it-pro-blog/securing-your-windows-365-cloud-pcs/ba-p/2663129 Pegasus Fraud Scam https://www.ehackingnews.com/2021/08/pegasus-iphone-hacks-used-as-bait-in.html Proper Audit Logging for Office 365 https://zolder.io/office-365-audit-logging/	Aug 23, 2021
ISC StormCast for Friday, August 20th, 2021 15:17 https://traffic.libsyn.com/securitypodcast/7638.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 29016959181 https://traffic.libsyn.com/securitypodcast/7638.mp3 When Lightning Strikes: What works and doesn't work https://isc.sans.edu/forums/diary/When+Lightning+Strikes+What+works+and+doesnt+work/27766/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cisco-sb-rv-overflow-htpymMB5 Blackberry QNX Products Vulnerability https://support.blackberry.com/kb/articleDetail?articleNumber=000082334 SANS.edu Student: Mark Morowcynzski; Decreasing Attacker Dwell Time in Azure Active Directory https://www.sans.org/white-papers/40390/	Aug 20, 2021
ISC StormCast for Thursday, August 19th, 2021 4:52 https://traffic.libsyn.com/securitypodcast/7636.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28906547880 https://traffic.libsyn.com/securitypodcast/7636.mp3 5 Things to Consider Before Moving Back to the Office https://isc.sans.edu/forums/diary/5+Things+to+Consider+Before+Moving+Back+to+the+Office/27762/ Adobe Patches https://helpx.adobe.com/security.html Several Web Sites Infected with Chinese Spyware https://imp0rtp3.wordpress.com/2021/08/12/tetris/ Trickbot Tricks Users with 1Password https://www.ehackingnews.com/2021/08/trickbot-employs-bogus-1password.html	Aug 19, 2021
ISC StormCast for Wednesday, August 18th, 2021 6:14 https://traffic.libsyn.com/securitypodcast/7634.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28810146072 https://traffic.libsyn.com/securitypodcast/7634.mp3 Laravel Exploit Attempts Tageting Vulnerability in "Ignition" https://isc.sans.edu/forums/diary/Laravel+v842+exploit+attempts+for+CVE20213129+debug+mode+Remote+code+execution/27758/ ThroughTek "Kaley" Protocol Vulnerability https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html Fortinet FortiWeb Vulnerability https://www.rapid7.com/blog/post/2021/08/17/fortinet-fortiweb-os-command-injection/	Aug 18, 2021
ISC StormCast for Tuesday, August 17th, 2021 5:19 https://traffic.libsyn.com/securitypodcast/7632.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28699618664 https://traffic.libsyn.com/securitypodcast/7632.mp3 Triage of Malware Bazaar's Daily Malware Batches https://isc.sans.edu/forums/diary/Extra+Tip+For+Triage+Of+MALWARE+Bazaars+Daily+Malware+Batches/27754/ Realtek SDK Vulnerability https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/ https://www.realtek.com/images/safe-report/Realtek_APRouter_SDK_Advisory-CVE-2021-35392_35395.pdf STARTTLS Vulnerabilities https://www.usenix.org/conference/usenixsecurity21/presentation/poddebniak Racoon Infostealer Self Infection https://mobile.twitter.com/HRock/status/1427259563363950596	Aug 17, 2021
ISC StormCast for Monday, August 16th, 2021 5:49 https://traffic.libsyn.com/securitypodcast/7630.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28594725337 https://traffic.libsyn.com/securitypodcast/7630.mp3 Exchange E-Discovery Scans https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Exchange+eDiscovery/27748/ Danabot Distributed Through Malspam https://isc.sans.edu/forums/diary/Example+of+Danabot+distributed+through+malspam/27744/ Weaponizing Middleboxes https://geneva.cs.umd.edu/posts/usenix21-weaponizing-censors/ https://www.usenix.org/conference/usenixsecurity21/presentation/bock Deep Blue Magic Ransomware https://www.ehackingnews.com/2021/08/deepbluemagic-newly-discovered.html	Aug 16, 2021
ISC StormCast for Friday, August 13th, 2021 3:11 https://traffic.libsyn.com/securitypodcast/7628.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28304653268 https://traffic.libsyn.com/securitypodcast/7628.mp3 Print Nightmare Continues: CVE-2021-36958 https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958 Print Nightmare Abused by Ransomware Gangs https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/ PolyNetwork Attack https://www.theregister.com/2021/08/10/poly_networks_cryptocurrency_theft/	Aug 13, 2021
ISC StormCast for Thursday, August 12th, 2021 5:55 https://traffic.libsyn.com/securitypodcast/7626.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28208365458 https://traffic.libsyn.com/securitypodcast/7626.mp3 TA551 Shathak Continues Pushing BazarLoader Leading to Cobalt Strike https://isc.sans.edu/forums/diary/TA551+Shathak+continues+pushing+BazarLoader+infections+lead+to+Cobalt+Strike/27738/ New AdLoad Campaign Goes Undetected by XProtect https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/ Android FlyTrap Malware Hitting Facebook Users https://www.ehackingnews.com/2021/08/android-malware-flytrap-hacks-facebook.html 5G Shortcuts allow Evesdropping https://www.wired.com/story/5g-network-stingray-surveillance-non-standalone/ Cloud DNS Service Weeknesses https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain	Aug 12, 2021
ISC StormCast for Wednesday, August 11th, 2021 5:24 https://traffic.libsyn.com/securitypodcast/7624.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28111249724 https://traffic.libsyn.com/securitypodcast/7624.mp3 Microsoft Patches https://isc.sans.edu/forums/diary/Microsoft+August+2021+Patch+Tuesday/27736/ Adobe Patches https://helpx.adobe.com/security.html cPanel/WHM Vulnerabilities https://www.fortbridge.co.uk/research/multiple-vulnerabilities-in-cpanel-whm/ Firefox Update Released https://www.mozilla.org/en-US/firefox/91.0/releasenotes/	Aug 11, 2021
ISC StormCast for Tuesday, August 10th, 2021 5:50 https://traffic.libsyn.com/securitypodcast/7622.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 28029708252 https://traffic.libsyn.com/securitypodcast/7622.mp3 Microsoft Exchange ProxyShell https://isc.sans.edu/forums/diary/ProxyShell+how+many+Exchange+servers+are+affected+and+where+are+they/27732/ Synology Warns of Brute Force Attacks https://www.synology.com/en-global/company/news/article/BruteForce/Synology %20Investigates%20Ongoing%20Brute-Force%20Attacks%20From%20Botnet Router Auth Bypass https://threatpost.com/auth-bypass-bug-routers-exploited/168491/ Firefox Version 100 Experiment https://bugzilla.mozilla.org/show_bug.cgi?id=1719070 Interaction Less Vulnerabilities in Messaging Apps https://www.ehackingnews.com/2021/08/the-interaction-less-flaws-in-messaging.html HTTP2 Vulnerabilities https://portswigger.net/research/http2#conclusion	Aug 10, 2021
ISC StormCast for Monday, August 9th, 2021 5:23 https://traffic.libsyn.com/securitypodcast/7620.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27940254606 https://traffic.libsyn.com/securitypodcast/7620.mp3 Malicious Microsoft Word Remains A Key Infection Vector https://isc.sans.edu/forums/diary/Malicious+Microsoft+Word+Remains+A+Key+Infection+Vector/27716/ Malware Bazaar Daily Download https://isc.sans.edu/forums/diary/MALWARE+Bazaar+Download+daily+malware+batches/27728/ Go/Rust IP Address Validation Vulnerability https://github.com/rust-lang/rust/pull/83652 Facial Recognition "Master Keys" https://arxiv.org/pdf/2108.01077.pdf Pulse Secure Patch Bypass https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44858 Hadoop ResourceManager Vulnerability Exploited https://blog.netlab.360.com/wei-xie-kuai-xun-teamtntxin-huo-dong-tong-guo-gan-ran-wang-ye-wen-jian-ti-gao-chuan-bo-neng-li/	Aug 09, 2021
ISC StormCast for Friday, August 6th, 2021 15:26 https://traffic.libsyn.com/securitypodcast/7618.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27697528877 https://traffic.libsyn.com/securitypodcast/7618.mp3 Cisco Patches Unauthencticated RCE in RV340/345 devices https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv340-cmdinj-rcedos-pY8J3qfy Telegram Flawed Self Destruct in MacOS https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/telegram-self-destruct-not-always/ Significant Vulnerabilities in MacOS Privacy Protections https://www.darkreading.com/application-security/researchers-find-significant-vulnerabilities-in-mac-os-privacy-protections Windows Hello Bypass https://threatpost.com/microsofts-patch-windows-hello-faulty/168392/ STI Student: James Casteel; Content Security Policy Bypass: Exploiting Misconfigurations https://www.sans.org/white-papers/40380	Aug 06, 2021
ISC StormCast for Thursday, August 5th, 2021 5:53 https://traffic.libsyn.com/securitypodcast/7616.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27625697172 https://traffic.libsyn.com/securitypodcast/7616.mp3 Pivoting and Hunting for Shenanigans from a Reported Phishing Domain https://isc.sans.edu/forums/diary/Pivoting+and+Hunting+for+Shenanigans+from+a+Reported+Phishing+Domain/27710/ NichStack TCP/IP Vulnerabilities https://jfrog.com/blog/infrahalt-14-new-security-vulnerabilities-found-in-nichestack/ Securing the Cloud https://www.sans.org/newsletters/ouch/securely-using-the-cloud/ Lockbit Recruiting Insiders https://www.bleepingcomputer.com/news/security/lockbit-ransomware-recruiting-insiders-to-breach-corporate-networks/ Sneaky Phishing Hittin Office 365 Users https://www.ehackingnews.com/2021/08/microsoft-warns-office-365-users-of.html	Aug 05, 2021
ISC StormCast for Wednesday, August 4th, 2021 5:10 https://traffic.libsyn.com/securitypodcast/7614.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27503046955 https://traffic.libsyn.com/securitypodcast/7614.mp3 2FA Issues https://isc.sans.edu/forums/diary/Three+Problems+with+Two+Factor+Authentication/27704/ Crazy Smishing https://isc.sans.edu/forums/diary/Is+this+the+Weirdest+Phishing+SMishing+Attempt+Ever/27706/ Google Chrome Update https://chromereleases.googleblog.com/2021/08/the-stable-channel-has-been-updated-to.html https://www.bleepingcomputer.com/news/google/google-chrome-to-no-longer-show-secure-website-indicators/ Google Android Update https://source.android.com/security/bulletin/2021-08-01?hl=en DoD/NSA Publichses Kubernetes Hardening Guides https://media.defense.gov/2021/Aug/03/2002820425/-1/-1/1/CTR_KUBERNETES%20HARDENING%20GUIDANCE.PDF	Aug 03, 2021
ISC StormCast for Tuesday, August 3rd, 2021 6:12 https://traffic.libsyn.com/securitypodcast/7612.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27436214865 https://traffic.libsyn.com/securitypodcast/7612.mp3 Unsolicited DNS Queries https://isc.sans.edu/forums/diary/Unsolicited+DNS+Queries/27694/ Changing BAT Files on the Fly https://isc.sans.edu/forums/diary/Changing+BAT+Files+On+The+Fly/27700/ Empty NPM Package has Over 700,000 Downloads https://www.bleepingcomputer.com/news/software/empty-npm-package-has-over-700-000-downloads-heres-why/ Blocking PetitPotam with netsh RPC Filters https://twitter.com/gentilkiwi/status/1421949715986403329 Pneumatic Tube Vulnerabilities https://www.blackhat.com/us-21/briefings/schedule/index.html#a-hole-in-the-tube-uncovering-vulnerabilities-in-critical-infrastructure-of-healthcare-facilities-23546	Aug 03, 2021
ISC StormCast for Sunday, August 1st, 2021 5:26 https://traffic.libsyn.com/securitypodcast/7610.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27320428970 https://traffic.libsyn.com/securitypodcast/7610.mp3 Infected With a .reg File https://isc.sans.edu/forums/diary/Infected+With+a+reg+File/27692/ Excessive Exchange Permissions (Patched) https://bugs.chromium.org/p/project-zero/issues/detail?id=2186 Node.JS July 2021 Security Releases https://nodejs.org/en/blog/vulnerability/july-2021-security-releases-2/ Malicious PyPi Packages https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/ REvil / Darkside May be Back as Blackmatter https://www.bleepingcomputer.com/news/security/darkside-ransomware-gang-returns-as-new-blackmatter-operation/	Aug 01, 2021
ISC StormCast for Friday, July 30th, 2021 5:31 https://traffic.libsyn.com/securitypodcast/7608.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27091925790 https://traffic.libsyn.com/securitypodcast/7608.mp3 Malicious Content Delivered Trhough archive.org https://isc.sans.edu/forums/diary/Malicious+Content+Delivered+Through+archiveorg/27688/ A Large-Scale Security-Oriented Static Analysis of Python Packages in PyPI https://arxiv.org/abs/2107.12699 Crimea "manifesto" deploys VBA Rat using double attack vectors https://blog.malwarebytes.com/threat-intelligence/2021/07/crimea-manifesto-deploys-vba-rat-using-double-attack-vectors/	Jul 30, 2021
ISC StormCast for Thursday, July 29th, 2021 8:32 https://traffic.libsyn.com/securitypodcast/7606.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 27004204564 https://traffic.libsyn.com/securitypodcast/7606.mp3 A Sextortion E-Mail From ... IT Support?! https://isc.sans.edu/forums/diary/A+sextortion+email+fromIT+support/27682/ AV-Test Compares Android Anti-Virus Software https://www.av-test.org/en/news/15-security-apps-for-android-in-an-endurance-test/ Oscorp evolves into UBEL: Advanced Android Malware https://www.cleafy.com/cleafy-labs/ubel-oscorp-evolution QOMPLX Reboots Punkspider https://www.globenewswire.com/da/news-release/2021/07/20/2265860/0/en/QOMPLX-Reboots-Punkspider.html AFRINIC IPv4 Address Heist https://lists.afrinic.net/pipermail/community-discuss/2021-July/004122.html	Jul 29, 2021
ISC StormCast for Wednesday, July 28th, 2021 6:42 https://traffic.libsyn.com/securitypodcast/7604.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26923236275 https://traffic.libsyn.com/securitypodcast/7604.mp3 Details about CVE-2021-30807. (Patch released Monday for MacOS/iOS) https://saaramar.github.io/IOMobileFrameBuffer_LPE_POC/ Zimbra 8.8.15 XSS and SSRF Vulnerability https://blog.sonarsource.com/zimbra-webmail-compromise-via-email LockBit Ransomware Uses Group Policies https://www.bleepingcomputer.com/news/security/lockbit-ransomware-automates-windows-domain-encryption-via-group-policies/ Microsoft Extending SafeLinks to Teams https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/microsoft-teams-gets-more-phishing-protection/ba-p/2585559	Jul 28, 2021
ISC StormCast for Tuesday, July 27th, 2021 6:07 https://traffic.libsyn.com/securitypodcast/7602.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26841785353 https://traffic.libsyn.com/securitypodcast/7602.mp3 Recovering Malspam Password https://isc.sans.edu/forums/diary/Failed+Malspam+Recovering+The+Password/27674/ Apple Patches 0-Day https://support.apple.com/en-us/HT201222 Attackers Adopt Exotic Programming Languages https://blogs.blackberry.com/en/2021/07/old-dogs-new-tricks-attackers-adopt-exotic-programming-languages LemonDuck/LemonCat Coinminers Going Multi-OS https://www.microsoft.com/security/blog/2021/07/22/when-coin-miners-evolve-part-1-exposing-lemonduck-and-lemoncat-modern-mining-malware-infrastructure/ GitHub Expending Supply Chain Security Support to Go https://github.blog/2021-07-22-github-supply-chain-security-features-go-community/	Jul 27, 2021
ISC StormCast for Monday, July 26th, 2021 6:26 https://traffic.libsyn.com/securitypodcast/7600.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26758334405 https://traffic.libsyn.com/securitypodcast/7600.mp3 PetitPotam ADCS Domain Admin Vulnerability https://isc.sans.edu/forums/diary/Active+Directory+Certificate+Services+ADCS+PKI+domain+admin+vulnerability/27668/ XCSSET Mac Malware Target Google Chrome / Telegram https://thehackernews.com/2021/07/nasty-macos-malware-xcsset-now-targets.html Defunct Video Hosting Site Flooding Normal Websites With Porn https://www.vice.com/en/article/qj8xz3/a-defunct-video-hosting-site-is-flooding-normal-websites-with-hardcore-porn	Jul 26, 2021
ISC StormCast for Friday, July 23rd, 2021 6:28 https://traffic.libsyn.com/securitypodcast/7598.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26542993330 https://traffic.libsyn.com/securitypodcast/7598.mp3 Akamai Outage https://isc.sans.edu/forums/diary/Lost+in+the+Cloud+Akamai+DNS+Outage/27660/ "Summer of SAM" Continues https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Oracle Critical Patch Update https://www.oracle.com/security-alerts/cpujul2021.html Kaseya Decryptor Available https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Jira Data Center and Jira Service Management Data Center Security Advisory https://confluence.atlassian.com/adminjiraserver/jira-data-center-and-jira-service-management-data-center-security-advisory-2021-07-21-1063571388.html Forgot password? Taking over user accounts Kaminsky style https://sec-consult.com/blog/detail/forgot-password-taking-over-user-accounts-kaminsky-style/	Jul 23, 2021
ISC StormCast for Thursday, July 22nd, 2021 6:34 https://traffic.libsyn.com/securitypodcast/7596.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26465227097 https://traffic.libsyn.com/securitypodcast/7596.mp3 Microsoft Published Summer of SAM Guidance https://isc.sans.edu/forums/diary/Summer+of+SAM+Microsoft+Releases+Guidance+for+CVE202136934/27656/ Apple Patches Everything https://support.apple.com/en-us/HT201222 Formbook/XLoader Malware Ported to Mac https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/ Pulse Secure Backdoors https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices	Jul 22, 2021
ISC StormCast for Wednesday, July 21st, 2021 7:00 https://traffic.libsyn.com/securitypodcast/7594.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26383766416 https://traffic.libsyn.com/securitypodcast/7594.mp3 Windows Registry Hives Permission Problem https://isc.sans.edu/forums/diary/Summer+of+SAM+incorrect+permissions+on+Windows+1011+hives/27652/ HP Printer Drivers Allows Privilege Escalation https://labs.sentinelone.com/cve-2021-3438-16-years-in-hiding-millions-of-printers-worldwide-vulnerable/ Linux Local Privilege Escalation in Filesystem Layer https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909 FortiManager and FortiAnalyzer Vulnerability https://www.fortiguard.com/psirt/FG-IR-21-067	Jul 21, 2021
ISC StormCast for Tuesday, July 20th, 2021 5:44 https://traffic.libsyn.com/securitypodcast/7592.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26306127421 https://traffic.libsyn.com/securitypodcast/7592.mp3 New Windows Print Spooler Vulnerability - CVE-2021-34481 https://isc.sans.edu/forums/diary/New+Windows+Print+Spooler+Vulnerability+CVE202134481/27648/ iOS/WatchOS/tvOS/Safari Updates https://support.apple.com/en-us/HT201222 iOS Format String Vulnerability Exploitable as RCE https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/ Surfside Condo Collapse Scams https://threatpost.com/attackers-target-florida-condo-collapse-victims/167917/	Jul 20, 2021
ISC StormCast for Monday, July 19th, 2021 6:11 https://traffic.libsyn.com/securitypodcast/7590.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26223703752 https://traffic.libsyn.com/securitypodcast/7590.mp3 Multiple BaseXX Obfuscations https://isc.sans.edu/forums/diary/Multiple+BaseXX+Obfuscations/27640/ Juniper Patches: Radius Vulnerability https://kb.juniper.net/InfoCenter/index?page=content&id=JSA11180&cat=SIRT_1&actp=LIST fail2ban vulnerability https://github.com/fail2ban/fail2ban/security/advisories/GHSA-m985-3f3v-cwmm NSO Group Victims Leaked https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/ Dangers of Autofilling Passwords https://marektoth.com/blog/password-managers-autofill/#analysis	Jul 19, 2021
ISC StormCast for Friday, July 16th, 2021 5:58 https://traffic.libsyn.com/securitypodcast/7588.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 26011093405 https://traffic.libsyn.com/securitypodcast/7588.mp3 USPS Phishing Kit Reporting Data Back Via Telegram https://isc.sans.edu/forums/diary/USPS+Phishing+Using+Telegram+to+Collect+Data/27630/ Sonicwall Warns of Ransomware https://www.sonicwall.com/support/product-notification/urgent-security-notice-critical-risk-to-unpatched-end-of-life-sra-sma-8-x-remote-access-devices/210713105333210/ WooCommerce Flaw Exploited https://www.wordfence.com/blog/2021/07/critical-sql-injection-vulnerability-patched-in-woocommerce/ KiwiSDR Backdoor https://www.bleepingcomputer.com/news/security/software-maker-removes-backdoor-giving-root-access-to-radio-devices/	Jul 16, 2021
ISC StormCast for Thursday, July 15th, 2021 5:38 https://traffic.libsyn.com/securitypodcast/7586.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25928214271 https://traffic.libsyn.com/securitypodcast/7586.mp3 One way to fail at malspam - give reipients the wrong password https://isc.sans.edu/forums/diary/One+way+to+fail+at+malspam+give+recipients+the+wrong+password+for+an+encrypted+attachment/27634/ Firefox Updates https://www.mozilla.org/en-US/security/advisories/mfsa2021-28/ SAP Netweaver Vulnerabilities https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=580617506 Joker Android Fleezware https://blog.zimperium.com/joker-is-still-no-laughing-matter/ less.js RCE https://www.softwaresecured.com/exploiting-less-js	Jul 15, 2021
ISC StormCast for Wednesday, July 14th, 2021 6:32 https://traffic.libsyn.com/securitypodcast/7584.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25849282211 https://traffic.libsyn.com/securitypodcast/7584.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+July+2021+Patch+Tuesday/27628/ Adobe Patch Tuesday https://helpx.adobe.com/security/products/acrobat/apsb21-51.html ForgeRock OpenAM Vulnerability https://backstage.forgerock.com/knowledge/kb/article/a47894244 GMail Supporting BIMI https://cloud.google.com/blog/products/identity-security/bringing-bimi-to-gmail-in-google-workspace	Jul 14, 2021
ISC StormCast for Tuesday, July 13th, 2021 6:04 https://traffic.libsyn.com/securitypodcast/7582.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25849282212 https://traffic.libsyn.com/securitypodcast/7582.mp3 Kaseya Releases Patch and Hardening Guide https://helpdesk.kaseya.com/hc/en-gb/articles/4403760102417 Solarwinds Advisory CVE-2021-35211 https://www.solarwinds.com/trust-center/security-advisories/cve-2021-35211 Mint Mobile Breach and Porting https://www.bleepingcomputer.com/news/security/mint-mobile-hit-by-a-data-breach-after-numbers-ported-data-accessed/ Twitter Verified Account Mistake https://twitter.com/conspirator0/status/1414475519609999366	Jul 13, 2021
ISC StormCast for Monday, July 12th, 2021 5:36 https://traffic.libsyn.com/securitypodcast/7580.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25849282213 https://traffic.libsyn.com/securitypodcast/7580.mp3 Scanning for Microsoft Secure Socket Tunneling Protocol https://isc.sans.edu/forums/diary/Scanning+for+Microsoft+Secure+Socket+Tunneling+Protocol/27622/ Hancitor tries XLL as Initial Malware File https://isc.sans.edu/forums/diary/Hancitor+tries+XLL+as+initial+malware+file/27618/ Android Updates https://source.android.com/security/bulletin/2021-07-01 Cisco Updates https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-bpa-priv-esc-dgubwbH4 Job Seekers Attacked with Malicious Documents https://www.ehackingnews.com/2021/07/job-seeking-engineers-have-become.html	Jul 12, 2021
ISC StormCast for Friday, July 9th, 2021 5:33 https://traffic.libsyn.com/securitypodcast/7578.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25733426524 https://traffic.libsyn.com/securitypodcast/7578.mp3 Using Sudo With Python For More Security Controls https://isc.sans.edu/forums/diary/Using+Sudo+with+Python+For+More+Security+Controls/27614/ Fake Kaseya Updates Include CobaltStrike Payload https://www.theregister.com/2021/07/07/kaseya_malware_patches_/ WildPressure macOS Trojan https://www.kaspersky.com/about/press-releases/2021_wildpressures-multi-platform-malware-hits-macos-in-the-middle-east https://www.patreon.com/posts/53462690 iCloud Password Reset Weaknesss https://thezerohack.com/apple-vulnerability-bug-bounty	Jul 09, 2021
ISC StormCast for Thursday, July 8th, 2021 5:55 https://traffic.libsyn.com/securitypodcast/7576.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25677932189 https://traffic.libsyn.com/securitypodcast/7576.mp3 Microsoft Releases Patches for CVE-2021-34527 UPDATED https://isc.sans.edu/forums/diary/Microsoft+Releases+Patches+for+CVE202134527/27610/ GitLab Update https://www.ehackingnews.com/2021/07/gitlab-fixes-several-vulnerabilities.html Vulnerable NuGet Packages https://blog.secure.software/third-party-code-comes-with-some-baggage	Jul 08, 2021
ISC StormCast for Wednesday, July 7th, 2021 8:34 https://traffic.libsyn.com/securitypodcast/7574.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25599167610 https://traffic.libsyn.com/securitypodcast/7574.mp3 Microsoft Releases Printnightmare Patch https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 Kaseya Update https://www.kaseya.com/potential-attack-on-kaseya-vsa/ Kaspersky Password Manager https://donjon.ledger.com/kaspersky-password-manager/ Amazon Echo Dot After Reset Artifacts https://dl.acm.org/doi/pdf/10.1145/3448300.3467820	Jul 07, 2021
ISC StormCast for Tuesday, July 6th, 2021 6:39 https://traffic.libsyn.com/securitypodcast/7572.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25523839807 https://traffic.libsyn.com/securitypodcast/7572.mp3 Kaseya REvil Update https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/ Printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675 Expired RPM Key Problem https://github.com/rpm-software-management/rpm/issues/1598 Node.JS Update https://nodejs.org/en/blog/vulnerability/july-2021-security-releases/	Jul 06, 2021
ISC StormCast for Monday, July 5th, 2021 5:14 https://traffic.libsyn.com/securitypodcast/7570.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25432232356 https://traffic.libsyn.com/securitypodcast/7570.mp3 Kaseya VSA REvil Ransomware Incident https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689 https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident https://doublepulsar.com/kaseya-supply-chain-attack-delivers-mass-ransomware-event-to-us-companies-76e4ec6ec64b https://csirt.divd.nl/2021/07/03/Kaseya-Case-Update/	Jul 04, 2021
ISC StormCast for Friday, July 2nd, 2021 7:42 https://traffic.libsyn.com/securitypodcast/7568.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25275166183 https://traffic.libsyn.com/securitypodcast/7568.mp3 Print Spooler printnightmare Update https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-34527 https://doublepulsar.com/zero-day-for-every-supported-windows-os-version-in-the-wild-printnightmare-b3fdb82f840c https://blog.truesec.com/2021/06/30/fix-for-printnightmare-cve-2021-1675-exploit-to-keep-your-print-servers-running-while-a-patch-is-not-available/ https://github.com/LaresLLC/CVE-2021-1675	Jul 02, 2021
ISC StormCast for Thursday, July 1st, 2021 6:57 https://traffic.libsyn.com/securitypodcast/7566.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25149037025 https://traffic.libsyn.com/securitypodcast/7566.mp3 CVE-2021-1675 Incomplete Patch - Printnightmware https://isc.sans.edu/forums/diary/CVE20211675+Incomplete+Patch+and+Leaked+RCE+Exploit/27588/ Internet Explorer PDF Update https://support.microsoft.com/en-us/topic/june-29-2021-kb5004760-os-builds-19041-1082-19042-1082-and-19043-1082-out-of-band-9508f7a2-0713-432f-b06c-1ae6d802a2f7 NETGEAR Router Vulnerabilities (DGN-2200v1) https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/	Jul 01, 2021
ISC StormCast for Wednesday, June 30th, 2021 5:53 https://traffic.libsyn.com/securitypodcast/7564.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 25063049353 https://traffic.libsyn.com/securitypodcast/7564.mp3 Google "Sweepstake" Phish Withouth Link https://isc.sans.edu/forums/diary/Diving+into+a+Google+Sweepstakes+Phishing+Email/27578/ Forensics Contest Solution / Winner https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest+Answers+and+Analysis/27582/ WD MyBook Details https://arstechnica.com/gadgets/2021/06/hackers-exploited-0-day-not-2018-bug-to-mass-wipe-my-book-live-devices/ Adobe Experience Manager PoC https://labs.detectify.com/2021/06/28/aem-crx-bypass-0day-control-over-some-enterprise-aem-crx-package-manager/	Jun 30, 2021
ISC StormCast for Monday, June 28th, 2021 6:13 https://traffic.libsyn.com/securitypodcast/7560.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24899021685 https://traffic.libsyn.com/securitypodcast/7560.mp3 Increase in UDP Port 389 Scans (LDAP/AD) https://isc.sans.edu/forums/diary/Is+this+traffic+bAD/27566/ CD/DVD Destruction https://isc.sans.edu/forums/diary/DIY+CDDVD+Destruction/27572/ Zyxel Exploits https://twitter.com/JAMESWT_MHT/status/1407987022170578946 https://kb.zyxel.com/KB/searchArticle!viewDetail.action?articleOid=018137&lang=EN Cisco Vulnerability Exploited https://threatpost.com/cisco-asa-bug-exploited-poc/167274/ Microsoft Signs Netfilter Rootkit https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit	Jun 28, 2021
ISC StormCast for Friday, June 25th, 2021 6:20 https://traffic.libsyn.com/securitypodcast/7558.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24678075618 https://traffic.libsyn.com/securitypodcast/7558.mp3 Do You Like Cookies? Some are for sale! https://isc.sans.edu/forums/diary/Do+you+Like+Cookies+Some+are+for+sale/27558/ A supply-chain breach: Taking over an Atlassian account https://media.threatpost.com/wp-content/uploads/sites/103/2021/06/23175805/Atlassian-ATO-CPR-blog-FINAL.pdf Dell Bios Connect Vulnerability https://eclypsium.com/2021/06/24/biosdisconnect/ ATM Jackpotting via NFC https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/	Jun 25, 2021
ISC StormCast for Thursday, June 24th, 2021 6:28 https://traffic.libsyn.com/securitypodcast/7556.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24591153937 https://traffic.libsyn.com/securitypodcast/7556.mp3 DNS Name Server Hijack Attack https://www.darkreading.com/vulnerabilities---threats/new-dns-name-server-hijack-attack-exposes-businesses-government-agencies/d/d-id/1341377 Paloalto Cortex XSOAR Vulnerablity https://security.paloaltonetworks.com/CVE-2021-3044 VMWare Carbon Black App Control Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0012.html? Standing With Security Researchers Against Misuse of the DMCA https://www.eff.org/deeplinks/2021/06/dmca-security-researcher-statement	Jun 24, 2021
ISC StormCast for Wednesday, June 23rd, 2021 6:10 https://traffic.libsyn.com/securitypodcast/7554.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24502723830 https://traffic.libsyn.com/securitypodcast/7554.mp3 Phishing asking recipients not to report abuse https://isc.sans.edu/forums/diary/Phishing+asking+recipients+not+to+report+abuse/27556/ PyPi Cryptomining Malware https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection Dovecot TLS Implementation Vulnerability https://hackerone.com/reports/1204962 (see the link to the PDF for more details) Sonicwall Patch Incomplete https://www.tripwire.com/state-of-security/featured/analyzing-sonicwalls-unsuccessful-fix-for-cve-2020-5135/	Jun 23, 2021
ISC StormCast for Tuesday, June 22nd, 2021 5:28 https://traffic.libsyn.com/securitypodcast/7552.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24419694343 https://traffic.libsyn.com/securitypodcast/7552.mp3 Attack and Defend: Distributed Web Applications (free Webcast) https://www.sans.org/webcasts/attack-defend-modern-distributed-applications-119610 Darkside Impersonators https://www.helpnetsecurity.com/2021/06/21/impersonating-darkside/ Tesla RAT COVID-19 Vaccination Phish https://threatpost.com/agent-tesla-covid-vax-phish/167082/ Tor Browser Update https://www.bleepingcomputer.com/news/security/tor-browser-fixes-vulnerability-that-tracks-you-using-installed-apps/ Schneider PowerLogic Vulnerabilities https://www.ehackingnews.com/2021/06/six-major-flaws-identified-in-schneider.html AutoCAD Update https://www.autodesk.com/trust/security-advisories/adsk-sa-2021-0004	Jun 22, 2021
ISC StormCast for Monday, June 21st, 2021 5:40 https://traffic.libsyn.com/securitypodcast/7550.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24341410408 https://traffic.libsyn.com/securitypodcast/7550.mp3 Network Forensics on Azure VMs (Part #2) https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+2/27538/ Google Open Redirect Being Abused https://isc.sans.edu/forums/diary/Open+redirects+and+why+Phishers+love+them/27542/ Easy Access to the NIST RDS Database https://isc.sans.edu/forums/diary/Easy+Access+to+the+NIST+RDS+Database/27544/ iOS Wifi Bug https://blog.chichou.me/2021/06/20/quick-analysis-wifid/ NSA VoIP Security Guide https://media.defense.gov/2021/Jun/17/2002744054/-1/-1/1/CTR_DEPLOYING%20SECURE%20VVOIP%20SYSTEMS.PDF	Jun 21, 2021
ISC StormCast for Friday, June 18th, 2021 5:48 https://traffic.libsyn.com/securitypodcast/7548.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24128771138 https://traffic.libsyn.com/securitypodcast/7548.mp3 Network Forensics on Azure VMs https://isc.sans.edu/forums/diary/Network+Forensics+on+Azure+VMs+Part+1/27536/ Fake Ledger Hardware Wallets https://www.ledger.com/phishing-campaigns-status#phishing-campaigns https://www.reddit.com/r/ledgerwallet/comments/o154gz/package_from_ledger_is_this_legit/ Zoll Defibrilator Dashboard Vulnerability https://us-cert.cisa.gov/ics/advisories/icsma-21-161-01 Akamai Prolexic Outage https://threatpost.com/hiccup-akamais-ddos-outages/167004/	Jun 18, 2021
ISC StormCast for Thursday, June 17th, 2021 5:26 https://traffic.libsyn.com/securitypodcast/7546.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 24049289280 https://traffic.libsyn.com/securitypodcast/7546.mp3 June 2021 Forensic Quiz https://isc.sans.edu/forums/diary/June+2021+Forensic+Contest/27532/ ThroughTek IP Camera SDK Vulnerability https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/ Peleoton Insecure Boot Vulnerability https://www.mcafee.com/blogs/other-blogs/mcafee-labs/a-new-program-for-your-peloton-whether-you-like-it-or-not/ Microsoft Defender for Endpoint Detecting Jailbroken Devices https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/announcing-new-capabilities-on-android-and-ios/ba-p/2442730	Jun 17, 2021
ISC StormCast for Wednesday, June 16th, 2021 6:06 https://traffic.libsyn.com/securitypodcast/7544.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23965871625 https://traffic.libsyn.com/securitypodcast/7544.mp3 Multi Perimeter Device Exploit Mirai Version Hunting For Sonicwall, DLink, Cisco and more https://isc.sans.edu/forums/diary/Multi+Perimeter+Device+Exploit+Mirai+Version+Hunting+For+Sonicwall+DLink+Cisco+and+more/27528/ Google Open Sourcing Homomorphic Encrypion Libraries https://developers.googleblog.com/2021/06/our-latest-updates-on-fully-homomorphic-encryption.html Stealing Tokens, emails, files and more in Microsoft Teams https://medium.com/tenable-techblog/stealing-tokens-emails-files-and-more-in-microsoft-teams-through-malicious-tabs-a7e5ff07b138	Jun 16, 2021
ISC StormCast for Tuesday, June 15th, 2021 5:38 https://traffic.libsyn.com/securitypodcast/7542.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23886796722 https://traffic.libsyn.com/securitypodcast/7542.mp3 Apple iOS 12.5.4 Security Update https://support.apple.com/en-us/HT212548 NIST.gov DNS Issues https://puck.nether.net/pipermail/outages/2021-June/013670.html Akkadian Provisioning Manager Multiple Vulnerabilities https://www.rapid7.com/blog/post/2021/06/08/akkadian-provisioning-manager-multiple-vulnerabilities-disclosure/ Bypassing MFA in Exchange Online https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/	Jun 15, 2021
ISC StormCast for Monday, June 14th, 2021 6:31 https://traffic.libsyn.com/securitypodcast/7540.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23797264221 https://traffic.libsyn.com/securitypodcast/7540.mp3 EoL SonicWall SRA 4600 VPN Gateways Exploited in Current Attacks https://isc.sans.edu/forums/diary/Sonicwall+SRA+4600+Targeted+By+an+Old+Vulnerability/27518/ Older Fortinet Vulnerability Still Exploited https://isc.sans.edu/forums/diary/Fortinet+Targeted+for+Unpatched+SSL+VPN+Discovery+Activity/27520/ PrivacyMic: Utlizing Inaudible Frequencies for Privacy Preserving Daily Activity Recognition http://alansonsample.com/publications/docs/2021%20-%20CHI%20-%20PrivacyMic-%20Utilizing%20Inaudible%20Frequencies%20for%20Privacy%20Preserving%20Daily%20Activity%20Recognition.pdf Linux Vulnerability in polkit https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/	Jun 14, 2021
ISC StormCast for Friday, June 11th, 2021 6:39 https://traffic.libsyn.com/securitypodcast/7538.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23567068901 https://traffic.libsyn.com/securitypodcast/7538.mp3 Are Cookie Banners a Waste of Time or a Complete Waste of Time? https://isc.sans.edu/forums/diary/Are+Cookie+Banners+a+Waste+of+Time+or+a+Complete+Waste+of+Time/27436/ Citrix Application Delivery Controller Vulnerability https://support.citrix.com/article/CTX297155 VoIP Monitor GUI XSS https://www.rtcsec.com/post/2021/06/abusing-sip-for-cross-site-scripting-most-definitely/ Denial of Service Vulnerabilitiesin RabbitMQ, EMQ X,and VeneMQ https://www.synopsys.com/blogs/software-security/cyrc-advisory-rabbitmq-emqx-vernemq/	Jun 11, 2021
ISC StormCast for Thursday, June 10th, 2021 5:45 https://traffic.libsyn.com/securitypodcast/7536.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23478619461 https://traffic.libsyn.com/securitypodcast/7536.mp3 Architecture, Compilers and Black Magic https://isc.sans.edu/forums/diary/Architecture+compilers+and+black+magic+or+what+else+affects+the+ability+of+AVs+to+detect+malicious+files/27510/ ALPACA TLS Attack https://alpaca-attack.com/ALPACA.pdf Google Chrome Update https://chromereleases.googleblog.com/2021/06/stable-channel-update-for-desktop.html	Jun 10, 2021
ISC StormCast for Wednesday, June 9th, 2021 6:42 https://traffic.libsyn.com/securitypodcast/7534.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23396762650 https://traffic.libsyn.com/securitypodcast/7534.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2021+Patch+Tuesday/27506/ PuzzleMaker Attacks With Chrome Zero-Day Exploit Chain https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ Intel Patches https://www.intel.com/content/www/us/en/security-center/default.html Adobe Updates https://helpx.adobe.com/security.html Let's Encrypt and CentOS 7 https://blog.devgenius.io/lets-encrypt-change-affects-openssl-1-0-x-and-centos-7-49bd66016af3	Jun 09, 2021
ISC StormCast for Tuesday, June 8th, 2021 5:56 https://traffic.libsyn.com/securitypodcast/7532.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23309563680 https://traffic.libsyn.com/securitypodcast/7532.mp3 Amazon Sidewalk https://isc.sans.edu/forums/diary/Amazon+Sidewalk+Cutting+Through+the+Hype/27502/ Windows Container Malware https://unit42.paloaltonetworks.com/siloscape/ Darkside Ransom Confiscated https://www.documentcloud.org/documents/20799023-affidavit-1-in-application-by-the-united-states-for-a-seizure-warrant-for-one-account-for-investigation-of-18-usc-ss-981a1a-and-other-offenses-nd-cal-321-mj-70945	Jun 08, 2021
ISC StormCast for Monday, June 7th, 2021 4:57 https://traffic.libsyn.com/securitypodcast/7530.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23225721545 https://traffic.libsyn.com/securitypodcast/7530.mp3 Strange Goings on With Port 37 https://isc.sans.edu/forums/diary/Strange+goings+on+with+port+37/27496/ QNAP Video Station RCE Vulnerability https://www.qnap.com/de-de/security-advisory/qsa-21-21 Updated GitHub Policy https://github.blog/2021-06-04-updates-to-our-policies-regarding-exploits-malware-and-vulnerability-research/ Cisco WebEx Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-player-kOf8zVT VMWare vCenter Server Vulnerability Actively Exploited https://thehackernews.com/2021/06/alert-critical-rce-bug-in-vmware.html	Jun 07, 2021
ISC StormCast for Friday, June 4th, 2021 6:01 https://traffic.libsyn.com/securitypodcast/7528.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 23001194381 https://traffic.libsyn.com/securitypodcast/7528.mp3 Script to Test CIS Zoom Benchmark https://github.com/turbot/steampipe-mod-zoom-compliance F5 BIG-IP Edge Client for Windows Vulnerability https://support.f5.com/csp/article/K20346072 Fancy Product Designer Wordpress Plugin Vulnerability https://www.welivesecurity.com/2021/06/03/zero-day-popular-wordpress-plugin-exploited-take-over-websites/ WordPress Pushes Jetpack Plugin Patch https://www.bleepingcomputer.com/news/security/wordpress-force-installs-jetpack-security-update-on-5-million-sites/ We.Lock Vulnerability https://github.com/CriticalSecurity/welock	Jun 04, 2021
ISC StormCast for Thursday, June 3rd, 2021 5:28 https://traffic.libsyn.com/securitypodcast/7526.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22917165691 https://traffic.libsyn.com/securitypodcast/7526.mp3 Realtek RTL8170C Vulnerabilities https://www.vdoo.com/blog/realtek-wifi-vulnerabilities-zero-day Huawei LTE USB Stick E3372 Vulnerablity https://www.theregister.com/2021/06/02/huawei_lte_usb_stick_vulnerability/ NortonLifeLock Crypto https://investor.nortonlifelock.com/About/Investors/press-releases/press-release-details/2021/NortonLifeLock-Unveils-Norton-Crypto/default.aspx OpenPGP RNP Patch https://www.rnpgp.org/advisories/ri-2021-001/	Jun 03, 2021
ISC StormCast for Wednesday, June 2nd, 2021 6:12 https://traffic.libsyn.com/securitypodcast/7524.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22833548599 https://traffic.libsyn.com/securitypodcast/7524.mp3 Guildma is now using Finger and Signed Binary Proxy Execution to Evade Defenses https://isc.sans.edu/forums/diary/Guildma+is+now+using+Finger+and+Signed+Binary+Proxy+Execution+to+evade+defenses/27482/ Bypassing Protected Folders Protections https://dl.acm.org/doi/10.1145/3431286 Firefox 89 Released https://www.mozilla.org/en-US/security/advisories/mfsa2021-23/ Microsoft Edge Will make https default https://blogs.windows.com/msedgedev/2021/06/01/available-for-preview-automatic-https-helps-keep-your-browsing-more-secure/	Jun 02, 2021
ISC StormCast for Tuesday, June 1st, 2021 4:59 https://traffic.libsyn.com/securitypodcast/7522.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22755174492 https://traffic.libsyn.com/securitypodcast/7522.mp3 Malicious PowerShell Hosted on script.google.com https://isc.sans.edu/forums/diary/Malicious+PowerShell+Hosted+on+scriptgooglecom/27468/ Sonicwall Advisory https://www.sonicwall.com/support/product-notification/security-advisory-on-prem-sonicwall-network-security-manager-nsm-command-injection-vulnerability/210525121534120/ Hewlett Packard Enterprise Systems Insight Manger (SIM) Advisory https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=hpesbgn04068en_us Memory Protection Bypass in Siemens PLCs https://claroty.com/2021/05/28/blog-research-race-to-native-code-execution-in-plcs/	Jun 01, 2021
ISC StormCast for Friday, May 28th, 2021 6:58 https://traffic.libsyn.com/securitypodcast/7520.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22458272222 https://traffic.libsyn.com/securitypodcast/7520.mp3 AV evasion with 64-bit Executables https://isc.sans.edu/forums/diary/All+your+Base+arenearly+equal+when+it+comes+to+AV+evasion+but+64bit+executables+are+not/27466/ Unpatches WebKit Vulnerablity in iOS/macOS https://blog.theori.io/research/webkit-type-confusion/ VSCode Extension Vulnerabilities https://snyk.io/blog/visual-studio-code-extension-security-vulnerabilities-deep-dive/ M1RACLES https://m1racles.com	May 28, 2021
ISC StormCast for Thursday, May 27th, 2021 5:57 https://traffic.libsyn.com/securitypodcast/7518.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22374385261 https://traffic.libsyn.com/securitypodcast/7518.mp3 A Survey of Bluetooth Vulnerabilities https://isc.sans.edu/forums/diary/A+Survey+of+Bluetooth+Vulnerabilities+Trends/27460/ Google Chrome Update https://chromereleases.googleblog.com/2021/05/stable-channel-update-for-desktop_25.html Attacks on PDF Certification https://www.pdf-insecurity.org nginx vulnerability https://x41-dsec.de/lab/advisories/x41-2021-002-nginx-resolver-copy/	May 27, 2021
ISC StormCast for Wednesday, May 26th, 2021 4:59 https://traffic.libsyn.com/securitypodcast/7516.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22297076850 https://traffic.libsyn.com/securitypodcast/7516.mp3 Uncovering Shenenigans in an IP Address Block via Hurricane Electic's BGP Toolkit https://isc.sans.edu/forums/diary/Uncovering+Shenanigans+in+an+IP+Address+Block+via+Hurricane+Electrics+BGP+Toolkit/27456/ VMware Advisory https://www.vmware.com/security/advisories/VMSA-2021-0010.html Trend Micro Bugs https://blog.talosintelligence.com/2021/05/vuln-spotlight-trend-i.html	May 26, 2021
ISC StormCast for Tuesday, May 25th, 2021 4:56 https://traffic.libsyn.com/securitypodcast/7514.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22220832164 https://traffic.libsyn.com/securitypodcast/7514.mp3 Apple Patches 0-Days https://www.jamf.com/blog/zero-day-tcc-bypass-discovered-in-xcsset-malware/ https://support.apple.com/en-us/HT201222 Bluetooth Vulnerabilities https://kb.cert.org/vuls/id/799380 https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf NAGIOS Vulnerabilities https://skylightcyber.com/2021/05/20/13-nagios-vulnerabilities-7-will-shock-you/	May 25, 2021
ISC StormCast for Monday, May 24th, 2021 6:25 https://traffic.libsyn.com/securitypodcast/7512.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 22147949208 https://traffic.libsyn.com/securitypodcast/7512.mp3 Serverless Phishing Campaign https://isc.sans.edu/forums/diary/Serverless+Phishing+Campaign/27446/ Locking Kernel32.dll As Anti-Debugging Technique https://isc.sans.edu/forums/diary/Locking+Kernel32dll+As+AntiDebugging+Technique/27444/ WinRM Vulnerable to http.sys Vulnerability https://twitter.com/JimDinMN/status/1395071966487269376 Mozilla Firefox "Content-Type Confusion" Unsafe Code Execution https://besteffortteam.it/mozilla-firefox-content-type-confusion-unsafe-code-execution/	May 24, 2021
ISC StormCast for Friday, May 21st, 2021 19:50 https://traffic.libsyn.com/securitypodcast/7510.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21948411106 https://traffic.libsyn.com/securitypodcast/7510.mp3 New YouTube Video Series: Everything you ever wanted to know about DNS and more https://isc.sans.edu/forums/diary/New+YouTube+Video+Series+Everything+you+ever+wanted+to+know+about+DNS+and+more/27440/ And Ransomware Just Got a Bit Meaner https://isc.sans.edu/forums/diary/And+Ransomware+Just+Got+a+Bit+Meaner+yes+it+is+possible/27438/ Attackers Scanned for Exchange Servers Five Minutes after Patch Release https://www.ehackingnews.com/2021/05/microsoft-exchange-bug-report-allowed.html GPS For Authentication: Is the Juice Worth the Squeeze @sans_edu https://www.sans.org/reading-room/whitepapers/authentication/gps-authentication-juice-worth-squeeze-40270	May 21, 2021
ISC StormCast for Thursday, May 20th, 2021 6:07 https://traffic.libsyn.com/securitypodcast/7508.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21874460761 https://traffic.libsyn.com/securitypodcast/7508.mp3 May 2021 Forensic Contest: Answers and Analysis https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest+Answers+and+Analysis/27430/ CIS Controls V8 https://www.cisecurity.org/controls/v8/ Dell iDRAC 9 Security Update https://www.dell.com/support/kbdoc/en-us/000186420/dsa-2021-082-dell-emc-idrac-9-security-update-for-improper-authentication-vulnerability QNAP Pre-Auth Remote Code Execution in MuscStation/MalwareRemover https://www.shielder.it/advisories/qnap-musicstation-malwareremover-pre-auth-remote-code-execution/	May 20, 2021
ISC StormCast for Wednesday, May 19th, 2021 5:21 https://traffic.libsyn.com/securitypodcast/7506.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21800294472 https://traffic.libsyn.com/securitypodcast/7506.mp3 From RunDLL32 to JavaScript then PowerShell https://isc.sans.edu/forums/diary/From+RunDLL32+to+JavaScript+then+PowerShell/27428/ New Pulse Secure VPN Advisory https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44800/ Android Stalkerware Vulnerabilities https://www.welivesecurity.com/2021/05/17/android-stalkerware-threatens-victims-further-exposes-snoopers-themselves/ Double Encrypting Ransomware https://www.wired.com/story/ransomware-double-encryption/	May 19, 2021
ISC StormCast for Tuesday, May 18th, 2021 6:08 https://traffic.libsyn.com/securitypodcast/7504.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21724801273 https://traffic.libsyn.com/securitypodcast/7504.mp3 Ransomware Defenses https://isc.sans.edu/forums/diary/Ransomware+Defenses/27420/ AXA Stops Ransomware Payments https://www.insurancejournal.com/news/international/2021/05/09/613255.htm http.sys Proof of Concept https://github.com/0vercl0k/CVE-2021-31166 Google/Mozilla colaborating on HTML Sanitizer API https://wicg.github.io/sanitizer-api/#sanitizer-api SANS Technology Institute Research Journal https://www.sans.edu/cyber-research	May 18, 2021
ISC StormCast for Monday, May 17th, 2021 5:41 https://traffic.libsyn.com/securitypodcast/7502.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21648276959 https://traffic.libsyn.com/securitypodcast/7502.mp3 "Open" Access to Industrial Systems Interfaces is Also Far From Zero https://isc.sans.edu/forums/diary/Open+Access+to+Industrial+Systems+Interface+is+Also+Far+From+Zero/27418/ Malicious Rust Macro for VSCode https://github.com/lucky/bad_actor_poc Exim PoC Released https://adepts.of0x.cc/exim-cve-2020-28018/ Newly Observed PHP-based skimmmer shows ongoing Magecart Group 12 activity https://blog.malwarebytes.com/cybercrime/2021/05/newly-observed-php-based-skimmer-shows-ongoing-magecart-group-12-activity/	May 17, 2021
ISC StormCast for Friday, May 14th, 2021 6:48 https://traffic.libsyn.com/securitypodcast/7500.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21453645245 https://traffic.libsyn.com/securitypodcast/7500.mp3 Cross Browser Tracking with Schemeflood https://fingerprintjs.com/blog/external-protocol-flooding/ Cisco AnyConnect Secure Mobility Client Patch https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-anyconnect-ipc-KfQO9QhK MSBuild Abused By Attackers https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly	May 14, 2021
ISC StormCast for Thursday, May 13th, 2021 5:51 https://traffic.libsyn.com/securitypodcast/7498.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21377225626 https://traffic.libsyn.com/securitypodcast/7498.mp3 Number of industrial control systems on the internet is lower then in 2020...but still far from zero https://isc.sans.edu/forums/diary/Number+of+industrial+control+systems+on+the+internet+is+lower+then+in+2020but+still+far+from+zero/27412/ Webcast: Ransoming Critical Infrastructure https://www.sans.org/webcasts/119775 Links to FragAttacks Vendor Bulletins (in German) https://www.heise.de/news/WLAN-Sicherheitsluecken-FragAttacks-Erste-Updates-6045116.html Adobe Acrobat Patches https://helpx.adobe.com/security/products/acrobat/apsb21-29.html Sending Arbitrary Messages via FindMy https://positive.security/blog/send-my	May 13, 2021
ISC StormCast for Wednesday, May 12th, 2021 6:30 https://traffic.libsyn.com/securitypodcast/7496.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21301788003 https://traffic.libsyn.com/securitypodcast/7496.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+May+2021+Patch+Tuesday/27408 WiFi Fragmentation Attacks https://www.fragattacks.com	May 12, 2021
ISC StormCast for Tuesday, May 11th, 2021 5:27 https://traffic.libsyn.com/securitypodcast/7494.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21229439455 https://traffic.libsyn.com/securitypodcast/7494.mp3 Validating IP Addresses: Why Encoding Matters https://isc.sans.edu/forums/diary/Correctly+Validating+IP+Addresses+Why+encoding+matters+for+input+validation/27404/ Jail Breaking AirTags https://twitter.com/ghidraninja/status/1391148503196438529 Malicious Tor Exit Relay Activities https://nusenu.medium.com/tracking-one-year-of-malicious-tor-exit-relay-activities-part-ii-85c80875c5df	May 11, 2021
ISC StormCast for Monday, May 10th, 2021 5:22 https://traffic.libsyn.com/securitypodcast/7492.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 21162552568 https://traffic.libsyn.com/securitypodcast/7492.mp3 Who is Probing the Internet for Research Purposes https://isc.sans.edu/forums/diary/Who+is+Probing+the+Internet+for+Research+Purposes/27400/ Cycle Hunter and tsuNAME DDoS Attack https://github.com/SIDN/CycleHunter https://tsuname.io/tech_report.pdf Foxit Reader / Phantom PDF Vulnerabilities https://www.foxitsoftware.com/support/security-bulletins.html?Security+updates+available+in+Foxit+Reader+10.1.4+and+Foxit+PhantomPDF+10.1.42021-05-06 Hypocrit Patches Reviewed By Linux Foundation https://lore.kernel.org/lkml/202104221451.292A6ED4@keescook/	May 10, 2021
ISC StormCast for Friday, May 7th, 2021 5:36 https://traffic.libsyn.com/securitypodcast/7490.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20968983924 https://traffic.libsyn.com/securitypodcast/7490.mp3 Scans for Exposed Azure Storage Containers https://isc.sans.edu/forums/diary/Exposed+Azure+Storage+Containers/27396/ Qualcomm MSM Vulnerability https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/ Google to Automatically enroll users in 2SF https://blog.google/technology/safety-security/a-simpler-and-safer-future-without-passwords/ New Cellebrite Vulnerabilities Announced https://www.ehackingnews.com/2021/05/new-vulnerabilities-in-cellebrites.html	May 07, 2021
ISC StormCast for Thursday, May 6th, 2021 6:17 https://traffic.libsyn.com/securitypodcast/7488.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20900187574 https://traffic.libsyn.com/securitypodcast/7488.mp3 May 2021 Forensic Contest https://isc.sans.edu/forums/diary/May+2021+Forensic+Contest/27386/ Windows Defender Bug Fills Windows 10 Boot Drive with thousands of files https://www.bleepingcomputer.com/news/microsoft/windows-defender-bug-fills-windows-10-boot-drive-with-thousands-of-files/ VMWare vRealize Business for Cloud Patch https://kb.vmware.com/s/article/83475 Cisco Updates SD-WAN vManager / HyperFlex HX https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir&limit=100#~Vulnerabilities Security and Privacy Risks of Number Recycling at Mobile Carriers in the US https://recyclednumbers.cs.princeton.edu	May 06, 2021
ISC StormCast for Wednesday, May 5th, 2021 5:31 https://traffic.libsyn.com/securitypodcast/7486.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20829360777 https://traffic.libsyn.com/securitypodcast/7486.mp3 Android Update https://source.android.com/security/bulletin/2021-05-01?hl=en Dell Privilege Escalation Vulnerability https://www.dell.com/support/kbdoc/en-us/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/ Exim Mail Server Vulnerabilities https://www.qualys.com/2021/05/04/21nails/21nails.txt Quick and Dirty Python: masscan https://isc.sans.edu/forums/diary/Quick+and+dirty+Python+masscan/27384/ ICMP Tunnel Backdoor https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/	May 05, 2021
ISC StormCast for Tuesday, May 4th, 2021 4:42 https://traffic.libsyn.com/securitypodcast/7484.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20759096817 https://traffic.libsyn.com/securitypodcast/7484.mp3 Apple Patches 2 0-Day Flaws in WebKit affecting iOS/MacOS/WatchOS https://support.apple.com/en-us/HT201222 PoC Exploit for CVE-2021-28482 (Microsoft Exchange) https://gist.github.com/testanull/9ebbd6830f7a501e35e67f2fcaa57bda https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f Yet Another Processor Side-Channel: Micro-Ops Caches http://www.cs.virginia.edu/venkat/papers/isca2021a.pdf Pulse Secure Update https://blog.pulsesecure.net/pulse-connect-secure-patch-availability-sa44784/	May 04, 2021
ISC StormCast for Monday, May 3rd, 2021 5:31 https://traffic.libsyn.com/securitypodcast/7482.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20688201528 https://traffic.libsyn.com/securitypodcast/7482.mp3 Qiling: A true instrumentable binary emulation framework https://isc.sans.edu/forums/diary/Qiling+A+true+instrumentable+binary+emulation+framework/27372/ Python "ipaddress" improper input validation https://sick.codes/sick-2021-014/ EXIF Tool Vulnerabilities https://twitter.com/wcbowling/status/1385803927321415687 ABUS Secvest Internet Connected Alarm Systems https://eye.security/nl/blog/breaking-abus-secvest-internet-connected-alarm-systems-cve-2020-28973 FiveHands Ransomware Installed via SonicWall Flaw https://thehackernews.com/2021/04/hackers-exploit-sonicwall-zero-day-bug.html	May 03, 2021
ISC StormCast for Friday, April 30th, 2021 5:19 https://traffic.libsyn.com/securitypodcast/7480.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20487532711 https://traffic.libsyn.com/securitypodcast/7480.mp3 From Python to .Net https://isc.sans.edu/forums/diary/From+Python+to+Net/27366/ PHP Composer Vulnerability https://blog.sonarsource.com/php-supply-chain-attack-on-composer Microsoft Identifies Several Integer Overflow Vulnerablities https://us-cert.cisa.gov/ics/advisories/icsa-21-119-04	Apr 30, 2021
ISC StormCast for Thursday, April 29th, 2021 5:14 https://traffic.libsyn.com/securitypodcast/7478.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20408770634 https://traffic.libsyn.com/securitypodcast/7478.mp3 Stopping Google FLoC https://github.blog/changelog/2021-04-27-github-pages-permissions-policy-interest-cohort-header-added-to-all-pages-sites/ https://amifloced.org RotaJakiro Backdoor https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/ F5 Big IP Kerberos Spoofing Vulnerablity https://support.f5.com/csp/article/K51213246	Apr 29, 2021
ISC StormCast for Wednesday, April 28th, 2021 4:25 https://traffic.libsyn.com/securitypodcast/7476.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20333115587 https://traffic.libsyn.com/securitypodcast/7476.mp3 Diving into a Singapore Post Phihsing E-Mail https://isc.sans.edu/forums/diary/Diving+into+a+Singapore+Post+Phishing+Email/27356/ Two in Five Victims of Online Scam Adverts Do Not Report to Host Platforms https://www.which.co.uk/news/2021/04/two-in-five-victims-of-online-scam-adverts-dont-report-to-host-platforms/ Microsoft Defender Blocks Cryptojacking Malware https://www.microsoft.com/security/blog/2021/04/26/defending-against-cryptojacking-with-microsoft-defender-for-endpoint-and-intel-tdt/ Linux Privilege Escalation Vulnerability https://talosintelligence.com/vulnerability_reports/TALOS-2020-1211	Apr 28, 2021
ISC StormCast for Tuesday, April 27th, 2021 7:23 https://traffic.libsyn.com/securitypodcast/7474.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20257019463 https://traffic.libsyn.com/securitypodcast/7474.mp3 CAD: .DGN and .MVBA Files analyzed with oledump https://isc.sans.edu/forums/diary/CAD+DGN+and+MVBA+Files/27354/ MacOS 0-Day Bug Patched https://objective-see.com/blog/blog_0x64.html https://support.apple.com/en-us/HT201222 Emotet Uninstaller Triggered https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/ HashiCorp Code Signing Key Exposed By Codecov Compromise https://www.theregister.com/2021/04/26/hashicorp_reveals_exposure_of_private/	Apr 27, 2021
ISC StormCast for Monday, April 26th, 2021 5:46 https://traffic.libsyn.com/securitypodcast/7472.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 20177243808 https://traffic.libsyn.com/securitypodcast/7472.mp3 Compact VBA Macros https://isc.sans.edu/forums/diary/Malicious+PowerPoint+AddOn+Small+Is+Beautiful/27342/ Base64 Strings Used in Web Scanning https://isc.sans.edu/forums/diary/Base64+Hashes+Used+in+Web+Scanning/27346/ Clickstudios Password Manager Compromise https://www.csis.dk/newsroom-blog-overview/2021/moserpass-supply-chain/ Homebrew Code Execution Vulnerability https://brew.sh/2021/04/21/security-incident-disclosure/ Apple AirDrop Shares Personal Data https://www.informatik.tu-darmstadt.de/fb20/ueber_uns_details_231616.en.jsp	Apr 26, 2021
ISC StormCast for Friday, April 23rd, 2021 5:51 https://traffic.libsyn.com/securitypodcast/7470.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19999188174 https://traffic.libsyn.com/securitypodcast/7470.mp3 How Safe are Your Docker Images https://isc.sans.edu/forums/diary/How+Safe+Are+Your+Docker+Images/27340/ Additional SolarWinds Infrastructure https://www.riskiq.com/blog/external-threat-management/solarwinds-c2-servers-new-tactics/ Cellebrite Exploit https://signal.org/blog/cellebrite-vulnerabilities/ Duo 2FA Bypass https://sensepost.com/blog/2021/duo-two-factor-authentication-bypass/	Apr 23, 2021
ISC StormCast for Thursday, April 22nd, 2021 6:25 https://traffic.libsyn.com/securitypodcast/7468.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19890679582 https://traffic.libsyn.com/securitypodcast/7468.mp3 Linux Kernel Maintainer Calls Out "hypocrite commits" by University of Minnesota https://lore.kernel.org/lkml/20210421130105.1226686-38-gregkh@linuxfoundation.org/ https://github.com/QiushiWu/QiushiWu.github.io/blob/main/papers/OpenSourceInsecurity.pdf https://www-users.cs.umn.edu/~kjlu/papers/clarifications-hc.pdf QNAP QLocker uses 7-Zip https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/ Chrome O-Day Fixed https://thehackernews.com/2021/04/update-your-chrome-browser-immediately.html	Apr 22, 2021
ISC StormCast for Wednesday, April 21st, 2021 6:15 https://traffic.libsyn.com/securitypodcast/7466.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19810324498 https://traffic.libsyn.com/securitypodcast/7466.mp3 Pulse Secure VPN 0-Day Exploited https://www.fireeye.com/blog/threat-research/2021/04/suspected-apt-actors-leverage-bypass-techniques-pulse-secure-zero-day.html https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44784/ SonicWall Vulnerabilities https://www.sonicwall.com/support/product-notification/security-notice-sonicwall-email-security-zero-day-vulnerabilities/210416112932360/ Synology Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-synology-dsm.html#more Air Fryer Vulnerability https://blog.talosintelligence.com/2021/04/vuln-spotlight-co.html	Apr 21, 2021
ISC StormCast for Tuesday, April 20th, 2021 5:03 https://traffic.libsyn.com/securitypodcast/7464.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19733330615 https://traffic.libsyn.com/securitypodcast/7464.mp3 Hunting Phishing Websites with Favicon Hashes https://isc.sans.edu/forums/diary/Hunting+phishing+websites+with+favicon+hashes/27326/ Nagios XI Vulnerability Exploited by Cryptominers https://unit42.paloaltonetworks.com/nagios-xi-vulnerability-cryptomining/ XCSSET Malware Adapting to MacOS 11 and M1 https://www.trendmicro.com/en_us/research/21/d/xcsset-quickly-adapts-to-macos-11-and-m1-based-macs.html QNAP Patches https://www.qnap.com/de-de/security-advisories?ref=security_advisory_details Juniper Updates https://kb.juniper.net/InfoCenter/index?page=content&channel=SECURITY_ADVISORIES	Apr 20, 2021
ISC StormCast for Monday, April 19th, 2021 5:36 https://traffic.libsyn.com/securitypodcast/7462.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19654603567 https://traffic.libsyn.com/securitypodcast/7462.mp3 Decoding Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Decoding+Cobalt+Strike+Traffic/27322/ Codecov Breach https://about.codecov.io/security-update/ Google Project Zero Tweaks Disclosure Rules https://googleprojectzero.blogspot.com EIPStackGroup OpENer Ethernet/IP https://us-cert.cisa.gov/ics/advisories/icsa-21-105-02 DNS Problems with Windows 10 Security Update https://www.bleepingcomputer.com/news/microsoft/mandatory-windows-10-update-causing-dns-and-shared-folder-issues/	Apr 19, 2021
ISC StormCast for Friday, April 16th, 2021 14:20 https://traffic.libsyn.com/securitypodcast/7460.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19404431094 https://traffic.libsyn.com/securitypodcast/7460.mp3 Why and How You Should be Using an Internal Certificate Authority https://isc.sans.edu/forums/diary/Why+and+How+You+Should+be+Using+an+Internal+Certificate+Authority/27314/ Vulnerabilities Used By Russian Foreign Intelligence Service https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2573391/russian-foreign-intelligence-service-exploiting-five-publicly-known-vulnerabili/ Insecurity URL Handling https://positive.security/blog/url-open-rce SANS Research Paper: Bryan Scarbrough; Malware Detection in Encrypted TLS Traffic Through Machine Learning https://www.sans.org/reading-room/whitepapers/artificialintelligence/malware-detection-encrypted-tls-traffic-machine-learning-40185	Apr 16, 2021
ISC StormCast for Thursday, April 15th, 2021 6:09 https://traffic.libsyn.com/securitypodcast/7458.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19328671380 https://traffic.libsyn.com/securitypodcast/7458.mp3 April 2021 Forensics Quiz Solution https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz+Answers+and+Analysis/27308/ Adobe Patch Tuesday https://helpx.adobe.com/security.html Chrome 90 Released (and 0-Day Exploits) https://chromereleases.googleblog.com/2021/04/stable-channel-update-for-desktop_14.html https://github.com/avboy1337/1195777-chrome0day https://github.com/r4j0x00/exploits/tree/master/chrome-0day SAP Updates https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=573801649 Linux/Mac Malware included in npm Module https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt Congratulations to the SANS.edu National Cyber League Teams! https://twitter.com/SANS_EDU/status/1382453652602941440	Apr 15, 2021
ISC StormCast for Wednesday, April 14th, 2021 5:43 https://traffic.libsyn.com/securitypodcast/7456.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19254246387 https://traffic.libsyn.com/securitypodcast/7456.mp3 Microsoft Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+April+2021+Patch+Tuesday/27306/ NAME:WRECK DNS Vulnerabilities https://www.forescout.com/research-labs/namewreck/	Apr 14, 2021
ISC StormCast for Tuesday, April 13th, 2021 6:04 https://traffic.libsyn.com/securitypodcast/7454.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19171466756 https://traffic.libsyn.com/securitypodcast/7454.mp3 Example of Cleartext Cobalt Strike Traffic https://isc.sans.edu/forums/diary/Example+of+Cleartext+Cobalt+Strike+Traffic+Thanks+Brad/27300/ ASA 5506 Series Security Appliances Field Notice https://www.cisco.com/c/en/us/support/docs/field-notices/720/fn72019.html Expired Certificate for PulseSecure VPN Devices https://kb.pulsesecure.net/articles/Pulse_Secure_Article/KB44781/?kA13Z000000fzbR Pwn2Own Summary https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html Tesla Exploited Via Google Chrome Vulnerability https://leethax0.rs/2021/04/ElectricChrome/	Apr 13, 2021
ISC StormCast for Monday, April 12th, 2021 6:48 https://traffic.libsyn.com/securitypodcast/7452.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 19086722990 https://traffic.libsyn.com/securitypodcast/7452.mp3 No Python Interpreter? This Simple RAT Installs Its Own Copy https://isc.sans.edu/forums/diary/No+Python+Interpreter+This+Simple+RAT+Installs+Its+Own+Copy/27292/ Facebook Mistakingly Suggests Adding Domains To Public Suffix List will Ease Tracking https://publicsuffix.org https://www.facebook.com/business/help/331612538028890?id=428636648170202 Facebook Ads Used to Push Clubhouse Related Malware https://www.ehackingnews.com/2021/04/cybercriminals-used-facebook-ads-to.html Identifying Cobalt Strike DNS Intrastructure https://labs.f-secure.com/blog/detecting-exposed-cobalt-strike-dns-redirectors	Apr 12, 2021
ISC StormCast for Friday, April 9th, 2021 5:42 https://traffic.libsyn.com/securitypodcast/7450.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18836848014 https://traffic.libsyn.com/securitypodcast/7450.mp3 Simple Powershell Ransomware Creating a 7Z Archive of your Files https://isc.sans.edu/forums/diary/Simple+Powershell+Ransomware+Creating+a+7Z+Archive+of+your+Files/27286/ HTML Lego: Hidden Phishing at Free JavaScript Site https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/ Royal FLush: Privilege Escalation Vulnerability in Azure Functions https://www.intezer.com/blog/cloud-security/royal-flush-privilege-escalation-vulnerability-in-azure-functions/ Cisco Small Business Router Vulnerabilities https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-rv-rce-q3rxHnvm Google Chrome Blocking Port 10080 https://github.com/whatwg/fetch/issues/1191#issuecomment-797659444	Apr 09, 2021
ISC StormCast for Thursday, April 8th, 2021 6:44 https://traffic.libsyn.com/securitypodcast/7448.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18751914120 https://traffic.libsyn.com/securitypodcast/7448.mp3 WiFi IDS's and Private MAC Addresses https://isc.sans.edu/forums/diary/WiFi+IDS+and+Private+MAC+Addresses/27288/ Update on PHP Incident https://externals.io/message/113981 Details about Linux Kernel Bluetooth Vulnerabilities https://google.github.io/security-research/pocs/linux/bleedingtooth/writeup.html LinkedIn Leak https://www.ehackingnews.com/2021/04/data-stolen-from-500-million-linkedin.html VMWare Carbon Black Cloud Workload Applicatnce Authentication Bypass https://www.vmware.com/security/advisories/VMSA-2021-0005.html Cisco SD-WAN vManage Software Vulnerability https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-vmanage-YuTVWqy	Apr 08, 2021
ISC StormCast for Wednesday, April 7th, 2021 5:48 https://traffic.libsyn.com/securitypodcast/7446.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18664617844 https://traffic.libsyn.com/securitypodcast/7446.mp3 Malspam with Lokibot vs. Outlook and RFCs https://isc.sans.edu/forums/diary/Malspam+with+Lokibot+vs+Outlook+and+RFCs/27282/ SAP Attacks https://us-cert.cisa.gov/ncas/current-activity/2021/04/06/malicious-cyber-activity-targeting-critical-sap-applications QNAP Upates Older EOL Devices https://www.qnap.com/de-de/release-notes/qts/4.3.6.1620/20210322 GIGASET Android Phones Infected by Compromised Update Server https://www.heise.de/news/Gigaset-Malware-Befall-von-Android-Geraeten-des-Herstellers-gibt-Raetsel-auf-6006464.html	Apr 07, 2021
ISC StormCast for Tuesday, April 6th, 2021 5:45 https://traffic.libsyn.com/securitypodcast/7444.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18576369626 https://traffic.libsyn.com/securitypodcast/7444.mp3 LinkedIn Spear-Phishing Campaign Targets Job Hunters https://threatpost.com/linkedin-spear-phishing-job-hunters/165240/ Malicious Text Files (CVE-2019-8761) https://www.paulosyibelo.com/2021/04/this-man-thought-opening-txt-file-is.html Rust Privacy Concerns https://www.bleepingcomputer.com/news/security/most-loved-programming-language-rust-sparks-privacy-concerns/	Apr 06, 2021
ISC StormCast for Monday, April 5th, 2021 5:57 https://traffic.libsyn.com/securitypodcast/7442.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18488707477 https://traffic.libsyn.com/securitypodcast/7442.mp3 C2 Activity: Sandboxes or Real Victims https://isc.sans.edu/forums/diary/C2+Activity+Sandboxes+or+Real+Victims/27272/ Exploitation of Fortinet FortiOS Vulnerabilities https://us-cert.cisa.gov/ncas/current-activity/2021/04/02/fbi-cisa-joint-advisory-exploitation-fortinet-fortios https://www.ic3.gov/Media/News/2021/210402.pdf GitHub Actions Used to Mine Crypto https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/ Large Facebook Leak https://thehackernews.com/2021/04/533-million-facebook-users-phone.html	Apr 05, 2021
ISC StormCast for Friday, April 2nd, 2021 6:16 https://traffic.libsyn.com/securitypodcast/7440.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18235083415 https://traffic.libsyn.com/securitypodcast/7440.mp3 April 2021 Forensic Quiz https://isc.sans.edu/forums/diary/April+2021+Forensic+Quiz/27266/ Coinhive Domains Used to Warn Victims https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/ Detecting Attacker's BITS Utility Use https://www.fireeye.com/blog/threat-research/2021/03/attacker-use-of-windows-background-intelligent-transfer-service.html Kansas Man Indicted For Tampering With Public Water System https://www.justice.gov/usao-ks/pr/indictment-kansas-man-indicted-tampering-public-water-system Older QNAP Devices Vulnerable And No Longer Patched https://securingsam.com/new-vulnerabilities-allow-complete-takeover/	Apr 02, 2021
ISC StormCast for Thursday, April 1st, 2021 4:53 https://traffic.libsyn.com/securitypodcast/7438.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18147231101 https://traffic.libsyn.com/securitypodcast/7438.mp3 Quick Analysis of a Modular InfoStealer https://isc.sans.edu/forums/diary/Quick+Analysis+of+a+Modular+InfoStealer/27264/ Google Chrome Update / DoH on Linux https://chromereleases.googleblog.com/2021/03/stable-channel-update-for-desktop_30.html https://docs.google.com/document/d/1zAdSK393IznaLKQ0ItOmwLBy59fIq9ydxBRJQX-2ntQ/edit# Chinese Tax Authority Facial Recognition System Fooled https://www.scmp.com/tech/tech-trends/article/3127645/chinese-government-run-facial-recognition-system-hacked-tax	Apr 01, 2021
ISC StormCast for Wednesday, March 31st, 2021 5:37 https://traffic.libsyn.com/securitypodcast/7436.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 18059695726 https://traffic.libsyn.com/securitypodcast/7436.mp3 Old TLS Versions: Gone but not Forgotten https://isc.sans.edu/forums/diary/Old+TLS+versions+gone+but+not+forgotten+well+not+really+gone+either/27260/ Perl Netmask Vulnerability https://blog.urth.org/2021/03/29/security-issues-in-perl-ip-address-distros/ VMWare vRealize Vulnerability https://www.vmware.com/security/advisories/VMSA-2021-0004.html Pre-P0wned Docker Containers https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/	Mar 31, 2021
ISC StormCast for Tuesday, March 30th, 2021 6:54 https://traffic.libsyn.com/securitypodcast/7434.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 17973153680 https://traffic.libsyn.com/securitypodcast/7434.mp3 Jumping Into Shellcode https://isc.sans.edu/forums/diary/Jumping+into+Shellcode/27256/ PHP git repo compromised https://news-web.php.net/php.internals/113838 npm "netmask" package vulnerability https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/	Mar 30, 2021
ISC StormCast for Friday, March 19th, 2021 6:04 https://traffic.libsyn.com/securitypodcast/7420.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 17034488977 https://traffic.libsyn.com/securitypodcast/7420.mp3 A Simple Python Keylogger https://isc.sans.edu/forums/diary/Simple+Python+Keylogger/27216/ New macOS Malware XcodeSpy Targets Xcode Developers with EggShell Backdoor https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/ Zoom Screen Sharing Leak https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2020-044.txt MyBB Remote Code Execution https://blog.mybb.com/2021/03/10/mybb-1-8-26-released-security-release/	Mar 19, 2021
ISC StormCast for Thursday, March 18th, 2021 5:52 https://traffic.libsyn.com/securitypodcast/7418.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 16959321451 https://traffic.libsyn.com/securitypodcast/7418.mp3 "American Rescue Plan" Used as Theme in Phishing Lures Dropping Dridex https://cofense.com/blog/american-rescue-plan-phish/ Apple May Split Security Updates from Other Updates https://9to5mac.com/2021/03/15/ios-security-fixes-could-soon-be-delivered-separately-from-other-updates-beta-code-suggests/ Polyglot Images on Twitter https://twitter.com/David3141593/status/1371978592679309315 Magento 2 PHP Credit Card Skimmer Saves to JPG https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html	Mar 18, 2021
ISC StormCast for Wednesday, March 17th, 2021 5:55 https://traffic.libsyn.com/securitypodcast/7416.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 16896936158 https://traffic.libsyn.com/securitypodcast/7416.mp3 One-Click Microsoft Exchange On-Premises Mitigation Tool https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/ Microsoft Explains Authentication Issues with Azure Active Directory https://www.documentcloud.org/documents/20515443-authentication-errors-across-multiple-microsoft-services-tracking-id-ln01-p8z JavaScript Less Side-Channel Exploits https://arxiv.org/abs/2103.04952	Mar 17, 2021
ISC StormCast for Tuesday, March 16th, 2021 5:02 https://traffic.libsyn.com/securitypodcast/7414.mp3 https://images.podcastrepublic.net/podcast/304863991hd.jpg 16842661961 https://traffic.libsyn.com/securitypodcast/7414.mp3 NimzaLoader Malware Written in "nim" https://www.proofpoint.com/uk/blog/threat-insight/nimzaloader-ta800s-new-initial-access-malware Windows 10 Emergency Update to Fix Printing Crashes https://www.bleepingcomputer.com/news/microsoft/windows-10-emergency-updates-released-to-fix-printing-crashes/ Windows Azure AD Outage https://status.azure.com/status IBM DB2 Patch https://www.ibm.com/support/pages/node/6427855	Mar 16, 2021
ISC StormCast for Monday, March 15th, 2021